1. Scope of application
This Privacy Notice applies to the use of the publicly accessible area of our website https://portal.ucc.ovgu.de. Different privacy polices apply when you access the private area of the website via a user account following successful registration.
2. Controller; Data Protection Officer
2.1
The Controller within the meaning of the General Data Protection Regulation and national data protection laws of the Member States and other data protection provisions applicable to processing your Personal Data is us, Otto von Guericke University Magdeburg, SAP University Competence Center Magdeburg, Universitätsplatz 2, 39106 Magdeburg. We are serious about protecting your privacy.
2.2
You can contact our Data Protection Officer by e-mail at datenschutz@ovgu.de or by writing to our mailing address “attn. data protection officer”.
3. Definitions
Browser Data
Personal Data that your browser transmits to our web server when you visit our website and that our web server stores at least for the duration of your visit, namely your IP address, date and time of your visit, origin county of the inquiry, time zone difference to Greenwich Mean Time (GMT), pages visited on our website, access status/HTTP status code, the website from which you accessed our website, the operating system you are using, host name, the browser you are using including version and language, the amount of data transferred in each case and, if JavaScript is enabled in your browser, also your screen resolution, colour depth and the size of the browser window;
Cookie
A text file that is temporarily or permanently stored on your device and through which we (“first-party cookies”) or other Recipients (Third-Party Cookies) receive certain information. This text file cannot execute programs or transfer viruses to your computer;
Third Country
A country outside the European Union or a country that is not a Contracting Party to the Agreement on the European Economic Area;
Voluntary Information
Personal Data that we request from you that is not Mandatory Information but that facilitates processing;
Institution
Our client who grants you access to the non-public area of the website https://portal.ucc.ovgu.de and the ordering and administrative platform located there (i.e. for example, the university or other educational institution where you study or teach);
Contact and Inquiry Data
Personal Data that you provide when using the contact form, contacting us by e-mail or when you contact us by other means and/or submit an inquiry that does not involve the conclusion of a contract;
Log File
File stored on a web server in which Browser Data is logged;
Usage Data
Personal Data about your use of our website that is collected automatically whilst you use the website, in particular as Browser Data, as well as by Cookies and Local Storage;
Mandatory Information
Personal Data that we request from you that is absolutely necessary in relation to the purposes for which such data is processed. Mandatory Information is marked separately when collected;
Registration Data
Personal Data collected when creating a user account, in particular name, title, e-mail address, telephone, institution, IP address; the creation of a user account can take place by means of self-registration, registration by an authorized employee of your Institution or by us after prior communication of your data by the Institution to us;
Local Storage
A technique for web applications to store data (locally) in your web browser;
TLE
SAP-based teaching and learning environment including the supplied teaching and learning content as well as instructional materials and, if applicable, a model enterprise;
In addition, this Privacy Notice uses the terms Processor, Third Party, Recipient and Personal Data and Controller which are legally defined in the General Data Protection Regulation (“GDPR”). You may view these definitions (Art. 4 GDPR) online, for example at https://dejure.org/gesetze/DSGVO/4.html.
4. Contact and Inquiry Data
4.1
We process your Contact and Inquiry Data, which may include both Mandatory Information and Voluntary Information (e.g., to address you personally and to better clarify any queries), in order to respond to your inquiry in accordance with Art. 6(1)(a) GDPR and only to the extent necessary to process your inquiry.
4.2
We have commissioned third-party Processor in4MD Service GmbH, Universitätsplatz 12, 39104 Magdeburg, Germany, to maintain our webserver and to perform the associated processing of Contact and Inquiry Data. Contact and Inquiry Data is not shared with other Recipients, including without limitation, Third Parties. The transfer of your Contact and Inquiry Data to a Third Country or an international organisation is not planned.
4.3
Your Contact and Inquiry Data will be erased immediately after we have completely addressed your inquiry, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g., to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
5. Registration Data
5.1
Creating a user account is required in order to access the private portions of the website. We process Registration Data, which may include both Mandatory Information and Voluntary Information, on the basis of Art. 6(1)(b) and (f) GDPR. Processing your Registration Data is required by our contractual agreement with the Institution that allows you to use the TLEs.
5.2
We have commissioned third-party Processor in4MD Service GmbH, Universitätsplatz 12, 39104 Magdeburg, Germany, to maintain our webserver and to perform the associated processing of Registration Data. Registration Data is not shared with other Recipients, including without limitation, Third Parties. The transfer of your Registration Data to a Third Country or an international organisation is not planned.
5.3
Your Registration Data will be stored for the duration of the performance of the contract, or six months in the even that you have registered as a potential customer and no contract is concluded, and will be erased immediately thereafter, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g., to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
6. HubSpot
6.1
We use a contact form provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA on this website to communicate with you and to determine which products and services are of interest to you. The following technically necessary Personal Data is collected for us as part of this process: E-mail address, name, institution.In addition, we use email marketing services provided by HubSpot, Inc. By registering, you agree to be added to a mailing list that will send you interesting product information about our company. For more information about how HubSpot, Inc. processes your Personal data Please see Section 6.4 and visit https://legal.hubspot.com/de/privacy-policy.
6.2
We process your Personal Data, which may include both Mandatory Information and Voluntary Information, in order to communicate with you and to send you interesting information about us on the basis of Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR
6.3
HubSpot, Inc.’s software is cloud-based, i.e. your Personal Data is stored on servers operated by HubSpot in the United States. There is currently no adequacy decision from the EU Commission within the meaning of Art. 45 GDPR in place for the United States, i.e. no determination has been made that the country-specific level of data protection prevailing in the United States corresponds to that of the European Union. In order to protect your data, we have therefore entered into an agreement with HubSpot, Inc. that includes EU standard contractual clauses. You may review this agreement online at https://legal.hubspot.com/dpa. Your Personal Data is not shared with other Recipients, including without limitation, Third Parties. Under no circumstances will we disclose your Personal Data to Third Parties for advertising or marketing purposes unless you have expressly consented to disclosure for this purpose. The transfer of your Personal Data to a Third Country or an international organisation is not planned.
6.4
You can prevent us from sending you interesting product information at any time by withdrawing your consent; there are no associated costs. To do so, you can either send us an informal e-mail to customer-relations@ucc.ovgu.de or use the link at the end of our e-mails. This has no effect on any other rights you have as described in Section 11.
6.5
Your Personal Data will be stored until you withdraw your consent (Section 6.5) and erased immediately after that, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g. to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
7. Browser Data
7.1
We collect Browser Data each time you visit our website. We do not associate such Browser Data with your other Personal Data.
7.2
We use this Browser Data in order to display our website to you and to ensure the stability and security of our website in accordance with Art. 6(1)(f) GDPR. In particular, we need the Browser Data in order to detect and remedy or prevent malfunctions and attacks on our information technology systems.
7.3
We have commissioned third-party Processor in4MD Service GmbH, Universitätsplatz 12, 39104 Magdeburg, Germany, to maintain our webserver and to perform the associated processing of Browser Data. Browser Data is not shared with other Recipients, including without limitation, Third Parties. However, Browser Data may be shared with state investigation bodies in the event that investigative measures are initiated due to an attack on our information technology systems. The foregoing applies in like manner if the relevant authorities or courts address enquiries to us and we are obliged to comply with these enquiries. No transfer of your Browser Data to a Third Country or an international organisation is currently contemplated.
7.4
Browser Data including, if applicable, the IP address, will be stored in a Log File and will not be used for any other purpose. Log Files are deleted after three months. Log Files may only be retained for longer periods after deletion or abbreviation of the IP address and anonymization of the Log File.
8. First-Party Cookies
8.1
We use our own (first-party), purely technically necessary Cookies. Technically necessary Cookies are used on the basis of Art. 6(1)(f) GDPR so that your use of our services proceeds smoothly. Technically necessary Cookies are automatically deleted at the end of the session, i.e. when you leave our site and close the corresponding browser window.
8.2
We have commissioned third-party Processor in4MD Service GmbH, Universitätsplatz 12, 39104 Magdeburg, Germany, to maintain our webserver and to perform the associated processing of your Usage Data collected via First-Party Cookies. Your Usage Data collected by our First-Party Cookies is not shared with other Recipients, including without limitation, Third Parties. The transfer of your Usage Data to a Third Country or an international organisation is not planned.
8.3
You can prevent the installation of Cookies and delete previously installed Cookies at any time using your browser settings. You can configure your browser settings according to your wishes and reject certain Cookies or reject all Cookies in general. Please note that if you refuse to accept our First-Party Cookies, you may not be able to use all of the functions of our website.
9. Local Storage
9.1
We use Local Storage. You can view the Local Storage we use, its retention period, the function, and the purpose of the respective Local Storage as well as the Usage Data collected by it at https://portal.ucc.ovgu.de/web-storage-and-cookies.
9.2
Technically necessary Local Storage is used on the basis of Art. 6(1)(f) GDPR so that your use of our services proceeds smoothly.
9.3
Local Storage that is not technically necessary is only used with your express consent. The legal basis for the use of Local Storage that is not technically necessary comprises Art. 6(1)(a) GDPR in conjunction with. Art. 7 GDPR.
9.4
We have commissioned third-party Processor in4MD Service GmbH, Universitätsplatz 12, 39104 Magdeburg, Germany, to maintain our webserver and to perform the associated processing of your Usage Data collected via Local Storage. Your Usage data collected via Local Storage is not shared with other Recipients, including without limitation, Third Parties. We have no plans to transfer your Usage Data collected via Local Storage to a Third Country or an international organisation.
9.5
You can prevent the installation of Local Storage and delete previously installed Local Storage at any time using your browser settings. You can configure your browser settings according to your wishes and reject Local Storage entirely. Please note that if you refuse to accept Local Storage, you may not be able to use all of the functions of our website.
10. Use of Friendly Captcha
10.1
We have integrated the “Friendly Captcha” widget provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany into our website. Friendly Captcha protects websites from abusive requests from so-called bots, especially against spam attacks, overload and server failures. Friendly Captcha collects your Usage Data (anonymized IP address, user agent, origin and referer, widget version, timestamp) and presents a cryptographic puzzle, invisible to the user, to the terminal, the solution of which is verified by the user. The widget does not use cookies and tracking technologies. For more information on how Friendly Captcha works and the Usage Data it collects, please visit https://friendlycaptcha.com/legal/privacy-end-users.
10.2
Protecting our website against bots or automated spying and spam attacks is in the interest of our customers and our own security. The legal basis for using Friendly Captcha is Art. 6(1)(f) GDPR.
10.3
Friendly Captcha is a global service that maintains data centres around the world and routes each request to the data centre closest to the requesting party. It is therefore possible that your Usage Data may be processed outside of the European Union when using Friendly Captcha. There is currently no adequacy decision from the EU Commission within the meaning of Art. 45 GDPR in place for some countries, i.e. no determination has been made that the country-specific level of data protection corresponds to that of the European Union. This applies in particular to the United States. You can view more information about data protection at Friendly Captcha GmbH by visiting https://friendlycaptcha.com/legal/privacy-end-users.
10.4
We do not store any Usage Data collected via Friendly Captcha.
11. Your rights
11.1
In the event you have consented to our use of your Personal Data, you may withdraw such consent in whole or in part at any time with prospective effect.
11.2
In the case of processing personal data to perform tasks in the public interest (Art. 6(1)(e) GDPR) or to safeguard legitimate interests (Art. 6(1)(f) GDPR), you can object to the processing of personal data concerning you on grounds that relate to your particular situation at any time with prospective effect. In the event of an objection, we shall refrain from any further processing of your data for the aforementioned purposes, unless:
- There are compelling legitimate grounds for such processing which override your interests, rights, and freedoms; or
- Processing is necessary for the establishment, exercise, or defence of legal claims.
11.3
You also have the right to lodge a complaint with a supervisory authority concerning any data protection issues.
11.4
In addition, you have the following rights with regard to your Personal Data:
- Right to information;
- Right to rectification or erasure;
- Right to restriction of processing;
- Right to data portability.
12. Analysis tools and advertising with Matomo
12.1
With your consent, we use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information about website usage obtained in this way is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to Third Parties.
12.2
The IP addresses are anonymized (IP masking), so that an assignment to individual users is not possible. The processing of the data is based on Art. 6(1)(a) GDPR.
12.3
We thereby pursue our legitimate interest in optimizing our website for our external presentation. You can withdraw your consent at any time by deleting the cookies in your browser or changing your privacy settings.
