Go to content

Data protection policy for Universität Regensburg's websites and web applications

Scope of application

Universität Regensburg offers an extensive range of online platforms, providing a large number of sources of information and services, in particular to support research and teaching.

Personal data or data which might relate to individuals is generally collected and processed when the web platforms are used. The type and extent of the data depends on the individual platform providing the information or service.

In order to provide you with meaningful information, this document gives a general description of what data accumulates as standard via the use of the Universität Regensburg web platforms and how this is processed.

In addition, you can find all the relevant information for contacting the regulatory agencies and on your rights in respect to data protection.

Where further data is compiled and processed by specific platforms, you will find the relevant information detailed alongside the relevant platform.

General information on the intended purpose and the legal basis

All data processing is covered by the principle of necessity and the linking of information to specific aims. It is also covered by the principles of data minimization and the protection of data in accordance with the relevant state of the art.

Universität Regensburg only collects the amount of data necessary for fulfilling the task in question, uses it only for this purpose and saves it only for so long as the relevant laws allow.

The legal basis for the processing of personal data is always a lawful authority (e.g. higher education law, BayEGovG) or the consent of the person concerned. You can find the relevant information in detail alongside the relevant platform.

Your rights

You have the right to information on your personal data we have stored.

Upon request, you will receive information about

  • the aims of the processing,
  • the categories of the personal data,
  • the recipient (categories) to whom this data has been or will be made available in the future,
  • the length of time the data will be saved or the criteria which this period is based upon,
  • the source of the data, in so far as it has not been directly obtained from you.

Further, you have a right to the correction of your data. You can refuse the processing of your data, or restrict it and have your data deleted, in so far as the data, due to legal requirements (e.g. from university law, examination law, archive law), must, in individual cases, continue to be processed.

In case of contraventions, you have the right to lodge a complaint with the competent regulating authority (see below).

Competent regulating authority

The competent regulating authority is:

Der Bayerische Landesbeauftragte für den Datenschutz
Postfach 22 12 19
80502 München
poststelle@datenschutz-bayern.de
https://www.datenschutz-bayern.de/

Please speak initially to the data protection officer at Universität Regensburg (see below). In most cases, questions can be answered and problems solved in this way.

General information on data acquisition on online platforms, forms and contacting us

When you contact us via email or by using a contact form, the data you communicate (your email address, perhaps your name and telephone number) will be saved by us in order to answer your questions. When saving it is no longer necessary, we delete the data accrued in this way or restrict its processing if there are statutory storage obligations.

Cookies

Universität Regensburg's central platforms for providing information (www.uni-regensburg.de or http://www.ur.de) use no cookies.

We use the sessionStorage mechanism from the DOM storage standard to enable returning to a page with an expanded menu. This involves storing the menu of the page called up, its status and title (e.g.: "http://www.uni-regensburg.de/studies/", "10,-1,-1", "Studies") during the browser session. In contrast to cookies, the data is not persistent and will be automatically deleted when the browser window is closed. This information is not available for future browser sessions. The way the user has accessed the site cannot be traced in this way. Similarly, no reference can be made to a user's personal information using this technique. Using the website without this technology is possible at any time.

Services provided by Universität Regensburg which require a login generally use session cookies which are saved on the user's computer for the duration of the session. When the browser is closed or when the user logs out, these session cookies are deleted.

If other cookies are used when providing information or services, then information about them is detailed alongside the relevant platform.

Web server logs

The following data is stored in the web server logs for Universität Regensburg websites:

  • the IP address of the computer requesting the data (e.g. 123.156.97.36)
  • the date and time of the request ([05/Apr/2010:00:00:01 +0200])
  • the type of request (GET)
  • the path and name of the data retrieved (/images/home/siegelaktuell.gif)
  • the transfer protocol used (HTTP/1.1)
  • the access status (200)
  • the size of the data transmitted (2057)
  • the address (URL) of the website from which the data has been requested
  • the description of the web browser and operating system used and their compatibility modes ("Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)")
  • additional request parameters (get parameters or query strings) which are added to the path, separated by a "?", for example search queries or settings (/pfad/zum/veranstaltungskalender?veranstaltung=vorlesung&jahr=2018)

An entry in the web server log may, for example, look something like this:
123.456.97.36 - - [05/Apr/2010:00:00:01 +0200] "GET /images/home/siegelaktuell.gif?variante=druckversion HTTP/1.1" 200 2057 "http://www.uni-regensburg.de/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)"

The data saved is evaluated solely for technical or statistical purposes, for example to resolve errors and improve the performance of the web server or to detect attacks on the web server.

The web server log data is kept for a maximum of 31 days and then automatically deleted unless a web attack is recognized, leading to a civil or criminal prosecution.

If other web server logging procedures are used when providing information or services, then information about them is detailed alongside the relevant platform.

Web analytics and tracking

In order to be able to customize the structure of the content and navigation mechanisms of the website, the page requests and the elements that have been clicked on within pages are documented and analyzed. To do this, the software Matomo (previously PIWIK (http://de.piwik.org/)) is used.

The data is collected and saved on the Universität Regensburg servers. It is made anonymous by removing the last two bytes of the IP address. This makes it no longer possible to relate the data to individuals. Universität Regensburg dispenses with the use of what is known as "tracking cookies". This means that no cookies are saved in the browser and no documentation is made of repeated visits to a page.

The following data is logged by Matomo:

  • IP address made anonymous by abridging
  • previously visited URL (referrer) in so far as the browser send the data
  • name and version of the operating system
  • name, version and language setting of the browser
  • URLs visited on this website
  • time the page is accessed
  • type of HTML request
  • screen resolution and color depth
  • the technology and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)

Technical opt-outs for Matomo web statistics

Universität Regensburg supports the Tracking Preference Expression (http://www.w3.org/TR/tracking-dnt/), also known as "Do not Track" (DNT).

If you have activated "Do not Track" in your browser, your visit to the Universität Regensburg website will not be tracked. Information on how you can activate this setting can be found, for example in Firefox under https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature or for Chrome at https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en or for IE at https://support.microsoft.com/en-au/help/17288/windows-internet-explorer-11-use-do-not-track

Links to external websites

The Universität Regensburg websites contain links which are labeled in this way:

With these external links, Universität Regensburg facilitates access to the contents of these sites (§ 8 German Telemedia Act (Telemediengesetz)). Universität Regensburg is not responsible for the contents of these external websites because it does not arrange for the transmission of the information, does not select the addressee of the information transmitted nor select or alter the information transmitted. There is also no automatic short-term interim storage of such “external information” due to the call-up and linking methods used by Universität Regensburg, so no liability for such external content arises on this basis either.

Responsibility and points of contact

The President of Universität Regensburg is responsible in accordance with Art. 4 Para. 7 EU General Data Protection Regulation:

Universität Regensburg
93040 Regensburg
kontakt@ur.de.

Your point of contact is the Official Data Protection Officer of Universität Regensburg:

Universität Regensburg
Der Datenschutzbeauftragte
93040 Regensburg
datenschutzbeauftragter@ur.de
https://www.uni-regensburg.de/informationssicherheit/datenschutz/ansprechpartner

Other information on our data protection policy

We reserve the right to make changes to this data protection policy so that it continues to conform to the current legal requirements or to implement changes to our services in the data protection policy, for example with the introduction of new services. When you visit our site again, the new data protection policy will then be valid.

Appendix on social media

The data protection policy is valid for the university's online platforms which are operated by the university itself and additionally insofar as we process personal data on our own responsibility for our presence on

https://www.facebook.com/

https://www.twitter.com/

https://www.google.com/

https://www.youtube.com/

https://www.instagram.com/

It is currently assumed that we are not subject to any responsibility for data protection insofar as your data is processed by these providers for purposes determined by them.

Aims and legal basis for the processing

Our social media presence is a part of our public relations activities. Our aim is to provide information appropriate to the target audience and to exchange ideas with them (Art. 2 Para. 6 Bavarian Higher Education Act (BayHSchG)). We make it possible to make contact quickly by electronic means and communicate directly via the media of their choice (§ 5 Para. 1 No. 2 German Telemedia Act (TMG)).

We will disclose to the relevant authorities and/or social media operators any content and contributions which infringe the rights of third parties or which fulfill the elements of an offense or administrative offense, or fail to comply with statutory or contractual obligations, and block or delete it.

We use the social media providers' cookies, log data and statistics to create business statistics, to carry out organizational reviews, to test and maintain our web services and to guarantee the security of the network and information in accordance with Art. 6 Para. 1 of the Bavarian Data Protection Act (BayDSG), § 13 Para. 7 of the German Telemedia Act (TMG), Art 11 Para. 1 Electronic Administration in Bavaria Act (BayEGovG). Insofar as it is possible for us and the purpose of the processing is not affected, we make this personal data anonymous or use pseudonymization.

Recipients or categories of recipients of personal data

Insofar as you use our social media channels and pages, their operators will process your personal data.

Our IT service providers may also be recipients of your personal data, as part of fulfilling orders that have been contractually agreed. In order to guarantee the security of our data processing equipment, however, we do not disclose our service providers.

Transfer of personal data to foreign countries or international organizations

All of our social media providers are certified by the EU-US Privacy Shield, and the certificates can be viewed by anyone, so that there is a legally reasonable level of protection for personal data:

Facebook, Inc.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Twitter Inc.

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Youtube (Youtube LLC) and Google+ under Google LLC

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The duration of the storage of personal data

Communications, post, emails, and social media contributions and messages are deleted six years after the end of the year in which the relevant process takes place.


  1. HOMEPAGE UR

Privacy

 

Privacy