Data protection policy

1. Contact data of the responsible controller

The responsible controller as defined in the EU General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection-related provisions is:

Universität Münster / University of Münster (WWU),
represented by its Rector,
Schlossplatz 2, 48149 Münster, Germany
tel.: + 49 251 83-0
email: verwaltung(at)uni-muenster(dot)de

2. Contact data of the Data Protection Officer

Schlossplatz 2, 48149 Münster, Germany
tel.: + 49 251 83-22446
email: datenschutz(at)uni-muenster(dot)de

3. General information on data processing

3.1 Personal data (Art. 4 (1) GDPR)

The purpose of data protection is to safeguard one’s personal data (hereafter also referred to as “data”). This includes all information which could be linked to an identified or identifiable natural person, e.g. their name, address, profession, email address, health condition, income, familial status, genetic traits, phone number and if applicable, user data such as an IP address. We only collect and process the personal data of our users insofar as is necessary for the provision and functionality of our website, content and services, and for which a legal basis exists for us to do so.

3.2 Right to objection

Should you object to the processing of your data by the operators of this website in part or whole in accordance with this data protection policy, you may notify us to this effect via the contact data provided in the Legal Notice. Please note that your objection could limit or prevent your ability to use our website or take advantage of the services provided therein.

4. Scope and purposes of data processing, legal basis, provision of data and duration of storage

4.1 Legal basis for processing personal data

If the operator obtains your explicit consent to process your personal data, Art. 6 (1 a) GDPR serves as the legal basis for the processing of this data. If the processing of your personal data is necessary for complying with legal obligations to which the operator is subject, Art. 6 (1 c) GDPR serves as the legal basis.

If processing is necessary to serve the vital interest of the data subject or another natural person, Art. 6 (1 d) GDPR serves as the legal basis.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the operator, Art. 6 (1 e) GDPR serves as the legal basis for processing.

If processing is necessary to safeguard the legitimate interests of the operator or third party and does not outweigh the interests, basic rights or basic freedoms of the user, Art. 6 (1 f) GDPR serves as the legal basis for processing. This does not apply if the operator conducts sovereign activities in connection with this processing.

4.2 Access and usage of the website

Whenever the website or any of its subpages are accessed, user data is transmitted by the corresponding Internet browser and saved in server log files. The saved datasets contain the following data:

  • date and time of the query
  • name of the accessed subpage
  • IP address (abbreviated IP address)
  • referrer URL (i.e. previously visited page)
  • transmitted amount of data
  • product information and version of the user’s browser

The system temporarily stores the user’s IP address in order to render the website on the user’s computer. For this purpose, the user’s IP address must be saved for the duration of the session.

The storage of information in log files is necessary to ensure the functionality of the website.

The log files are analysed by the operator in anonymised form so as to improve the website, make it more user friendly, locate and fix errors more promptly and manage server capacities more efficiently. The information can reveal, for example, at which times traffic on the website is the heaviest and enable the operator to make greater data volume available.

The permissibility of this type of processing is stipulated in Art. 6 (1 f) GDPR, whereby processing is legal if it is required to secure the legitimate interests of the responsible operator or a third party, insofar as these are not outweighed by the interests, basic rights and basic freedoms of the data subject whose personal data require protection. The legitimate interests of the operator constitute providing information via the website, offering services to its customers, and optimising the operation of the website. The provision of data is neither legally nor contractually mandated. Failure to provide this data will result in the operator’s inability to use the data to optimise the website.

The user’s IP address is either erased or anonymised after usage of the website has ended. In the case of anonymisation, IP addresses are altered to such an extent that they cannot be traced to a specific or identifiable natural person without an unreasonable amount of time, expense and effort.

5. Use of cookies

The operator of the website uses so-called “cookies”. These are small data packages normally comprised of letters and numbers and which are saved on the user’s browser after visiting certain websites. Cookies allow the website to recognise the user’s browser, to track the user’s navigation through the various sections of the website and identify the user when he/she returns to the website at a later time. Cookies do not contain data which can identify the user. However, any personal data stored by the operator can be assigned to these cookies and the data saved inside them.

The information obtained by the operator through the use of cookies can be used for the following purposes:

  • recognising the user’s computer during his/her visit to the website
  • tracking the user’s navigation on the website
  • improving the user friendliness of the website
  • analysing the usage of the website
  • operating the website
  • preventing fraudulent behaviour and improving the security of the website
  • individually designing the website to address the needs of the user

Cookies cause no harm to the user’s browser. They do not contain viruses and do not permit the operator to spy on the user. There are two types of cookies:

  • temporary cookies (session cookies) which are automatically deleted when the browser is closed,
  • and permanent cookies which are saved on one’s browser for up to 20 days. This type of cookie allows the website to recognise users when they visit the site at a later time.

Using cookies enables the operator to better understand the user’s behaviour on the website in connection to the abovementioned purposes and corresponding scope. They also provide users an optimised experience while navigating the operator’s website. This data is collected by the operator in anonymised form. The permissibility of this type of processing is stipulated in Art. 6 (1 f) GDPR, whereby processing is legal if it is required to secure the legitimate interests of the responsible operator or a third party, insofar as these are not outweighed by the interests, basic rights and basic freedoms of the data subject whose personal data require protection. The legitimate interests of the operator constitute the optimised presentation of its website. The provision of the data is required to ensure error-free access to the operator’s website. Opting out of cookies or erasing saved cookies can result in limitations to the functionality of the website.

The provision of data is neither legally nor contractually mandated. Failure to provide this data may result in the user not being able to take advantage of all functions on the website.

6. Right to information, rectification, erasure, restriction, objection and data portability

6.1 Right to information (Art. 15 GDPR)

The operator shall inform you upon request if it possesses data regarding your person. The operator shall make every effort to respond to queries for information without undue delay.

6.2 Right to rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data rectified by the operator without undue delay.

6.3 Right to erasure (Art. 17 GDPR)

You have the right to have your personal data erased by the operator without undue delay. The operator is obliged to erase your personal data as soon as the purposes of storage provided in Art. 17 (1 a-f) are no longer necessary.

6.4 Right to restriction (Art. 18 GDPR)

You have the right to have the operator restrict the processing of your personal data if one of the conditions provided in Art. 18 (1 a - d) is given.

6.5 Right to objection (Art. 21 GDPR)

You have the right to object to the processing of your personal data in connection to Art. 6 (1 e, f) GDPR at any time for reasons related to your particular situation. This also applies to profiling activities based on these provisions. The operator is required to cease processing of your personal data unless it can substantiate pressing legitimate interests which outweigh your interests, rights and freedoms, or that such processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct advertisement, you have the right to object to the processing of your personal data for such advertising purposes. This also applies to profiling activities conducted in connection to these.

You have the right to object to the processing of your personal data conducted for academic, historical research or statistical purposes in accordance with Art. 89 (1) GDPR at any time for reasons related to your particular situation unless such processing is required to perform tasks of public interest.

Please indicate your wish by notifying us via the contact data provided in the Legal Notice

6.6 Right to data portability (Art. 20 GDPR)

You have the right to obtain all personal data you have provided to the operator in a structured, accessible and machine-readable format. You also have the right to transmit this data to third parties without impediment by the operator insofar as such processing was based on your provided consent in accordance with Art. 6 (1 a) GDPR, Art. 9 (2 a) GDPR, or by contractual agreement in accordance with Art. 6 (1 b) and such processing is conducted by means of automated methods.

7. Withdrawal of consent

If you grant and later withdraw your consent to the processing of your personal data, the legality of data processing conducted until the withdrawal of consent remains unaffected.

8. Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with the supervisory authority at any time. The responsible supervisory authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, tel: +49 211 38424-0, email: poststelle(at)ldi(dot)nrw(dot)de.

9. Recipients

All data gathered during access and usage of the website or provided by you when engaging in contact with us is transmitted to and stored on the operator’s server. Moreover, your data may be forwarded to one or more of the following recipient categories:

  • Supervisory staff responsible for processing (e.g. personnel management, head office)
  • Contract processors (e.g. computing centre, IT service providers, software support)

10. Links to third-party websites

During your visit to our website, third-party content may be displayed with links to external websites. The operator cannot access third-party cookies or other functions used by third-party websites, nor can the operator exert any control over these. Such third-party websites are subject to the data protection policies of their respective operators.