Data Protection

Privacy Statement

NAME AND ADDRESS OF THE DATA CONTROLLER

Within the meaning of the General Data Protection Regulation (GDPR) and other German national data protection laws and regulations, the data controller is:

Gottfried Wilhelm Leibniz Universität Hannover
Welfengarten 1
30167 Hannover

Tel. +49 511 762 - 0
Fax +49 511 762 - 3456
www.uni-hannover.de

Leibniz University Hannover is a corporation under public law and is legally represented by its President, Prof. Dr. iur. Volker Epping.

NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

Data protection officer of Leibniz University Hannover is:

Gottfried Wilhelm Leibniz Universität Hannover
- Datenschutzbeauftragter -
Welfengarten 1
30167 Hannover

Tel. +49 511 762-0
Fax +49 511 762-8258
Email: datenschutz@uni-hannover.de

Website

GENERAL INFORMATION ON DATA PROCESSING

We process our users' personal data only insofar as is necessary to provide a functioning website as well as our content and services.

If individual websites or functions implement processes departing from this privacy statement, information regarding this will be provided in a separate privacy statement.

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • information about the browser type and version used
  • the user's operating system
  • the user's internet service provider
  • the IP address of the user
  • the date and time of access
  • the website, from which the user's system reaches our website
  • websites accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for temporary storage of data and log files is Article 6 (1) (e) and Article (3) GDPR in conjunction with section 3 of the Lower Saxony Data Protection Act (NDSG) and section 3 of the Lower Saxony Higher Education Act (NHG).

Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session. The data is stored in the log files to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our IT systems. Analysis of the data for marketing purposes does not take place in this context.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With respect to collection of data for the provision of the website, this is the case once the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Data may be stored for a longer period of time. In this case, the IP address of the user is deleted or anonymised, so that the accessing client can no longer be assigned to the user.

For technical reasons, collection of data for the provision of the website and storage of data in log files is essential for the operation of the website.

CONTACT FORM AND EMAIL CONTACT

There is a contact form on our website that can be used for electronic contact. If a user utilises this function, the data entered in the form will be transmitted to us and stored. Within the scope of the sending process, your consent will be obtained to process the data and reference is made to this privacy statement. Alternatively, you can contact us via the email address provided. In this case, the user's personal data that is transmitted via email will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for processing data is Article 6 (1) (a) GDPR provided that the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (e) and Article (3) GDPR in conjunction with section 3 of the Lower Saxony Data Protection Act (NDSG) and section 3 of the Lower Saxony Higher Education Act (NHG). If email contact is undertaken with the purpose of concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

Personal data that is entered in the input mask is processed solely for the purpose of establishing contact.

The other personal data that is processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data that was entered in the input mask of the contact form or sent via email, this is the case when the respective conversation with the user is finished, unless statutory retention periods apply that would prevent erasure. The conversation is terminated when it can be deduced from the circumstances that the facts in question have been conclusively clarified.

Additional personal data that is collected during the sending process will be deleted after a period of seven days at the latest.

The user can revoke consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of personal data at any time. In such a case, the conversation will be terminated and all personal data collected during the conversation will be erased unless statutory retention periods apply that would prevent erasure.

NEWSLETTER SUBSCRIPTION

On some Leibniz University Hannover websites it is possible to subscribe to a free newsletter using an online form. When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the IP address of the accessing computer as well as the date and time of registration are collected and processed. In the course of the registration process, your consent will be obtained in order to process the data and reference is made to this privacy statement.

No data is disclosed to third parties in connection with data processing to deliver the newsletter. The data will be used solely for sending the newsletter.

The legal basis for processing data after the user has registered for the newsletter is Article 6 (1) (a) GDPR.

Collection of the user's email address serves the purpose of sending the newsletter. Collection of other personal data as part of the registration process serves to provide proof of registration for the newsletter and, if necessary, to prevent misuse of the services or the email address used. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, unless statutory retention periods apply that would prevent erasure.

Consent to delivery of the newsletter can be revoked by the user at any time and the newsletter will be cancelled. For this purpose, there is a corresponding link in every newsletter.

FORM ENTRIES

Where internet services allow personal or business data (e.g. email addresses, names, addresses) to be entered, disclosure of such data by the user shall take place on an explicitly voluntary basis. Unless indicated or unless information on a separate privacy statement is provided, the legal basis for such processing is Article 6 (1) (a) GDPR. The collection and processing of data serves only the purpose stated in the respective online form. Unless indicated, divulgence or disclosure to third parties shall not occur. It is possible to use and pay for all offered services - insofar as this is technically possible and reasonable - without disclosure of such data or through the use of anonymised data or a pseudonym.

COOKIES

This website does not use cookies.

WEBSITE STATISTICS

We compile anonymous statistics and analysis of access to our websites.

The open-source software tool Matomo (formerly PIWIK) is used to compile anonymous website statistics. Thus, no personal data is processed. The use of cookies is deactivated in the Matomo web analytics software.

The last two octets are not processed upon storing the IP address of the user. The function to collect the user ID is deactivated. In addition to data regarding access to our website and your anonymised IP address, the following data is collected: The date and time of the request, page accessed, URL of the previously accessed page (referrer URL), screen resolution of the client's system, local time zone, URL of clicked and downloaded files, URL of clicked external domains, geolocation of the client (country, region, city), main language used by the browser, user agent of the browser used.

EMBEDDING SOCIAL MEDIA

In some instances on the Leibniz University Hannover website, videos from external providers such as YouTube or Vimeo are embedded or the option is given to share individual pages on social networks by means of share buttons. Via these plugins, data (including personal data) can reach external providers such as Facebook, Google, Vimeo and Twitter and can be used by them. The legal basis for the use of plugins is Article 6 (1) (a) GDPR.

Leibniz University Hannover itself does not use videos embedded from third parties or social media plugins to collect personal data or information about the use thereof. To prevent data reaching network providers without the deliberate action of the user, Leibniz University Hannover uses "Shariff", a data-protection-friendly solution, on its website (for further information visit: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html).

Using this technology, a direct link between the user and external social media will only occur when the user actively clicks on one of these buttons. Only then, can data be transferred to the external provider and stored there. A similar technology is used to embed videos from external providers.

The external provider will then receive information that the corresponding subpage of our website has been accessed. For this, the user needs neither to have an account with the external provider nor to be logged in there. If the user is logged in with the external provider, this data is directly assigned to their user account with the external provider. If one of our pages is shared, the external provider will also generally store this information in the user account.

Leibniz University Hannover has no influence on whether, to what extent, for how long and for what purpose external providers collect personal data. However, it can be assumed that at least the IP address and device-related information are collected and used.

Further information on the data protection policies of external social media platforms can be found on their respective websites:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
http://www.facebook.com/policy.php

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA
https://www.google.com/policies/privacy/partners/ 

c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
https://twitter.com/privacy

d) Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://www.instagram.com/legal/privacy/

e) WhatsApp Inc, 650 Castro Street, Suite 120-219, Mountain View, California, 94041, USA
http://www.whatsapp.com/legal/ 

f) Vimeo, Inc., 555 West 18th Street, New York, New York 10011
https://vimeo.com/privacy 

RIGHTS OF THE DATA SUBJECT

If your personal data is processed, you are a data subject in the context of the GDPR and you have the following rights towards the data controller if the legal requirements are met:

  • Right of access to information according to Article 15 GDPR
  • Right to rectification according to Article 16 GDPR
  • Right to restrict processing according to Article 18 GDPR
  • Right to erasure according to Article 17 GDPR
  • Right to be informed according to Article 19 GDPR
  • Right to data portability according to Article 20 GDPR

  • Right to object according to Article 21 GDPR
    You also have the right to object to data processing at any time. We will then stop processing your data, unless legitimate grounds exist to continue or where processing serves to assert, exercise or defend legal claims. Should you exercise any of the above-mentioned rights, the data controller will assess whether the legal requirements are met.

  • Right to revoke the data protection declaration of consent as per Article 7 (3) GDPR
    You have the right to revoke your data protection declaration of consent at any time. Revocation of consent will not affect the lawfulness of processing of data carried out on the basis of consent until its revocation.

  • Right to lodge a complaint with a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

    Supervisory authority responsible for Leibniz University Hannover:

    Die Landesbeauftragte für den Datenschutz in Niedersachsen
    Prinzenstr. 5
    30159 Hannover
    Tel. +49 511 120 - 4500
    Fax +49 511 120 - 4599
    E-Mail: poststelle@lfd.niedersachsen.de