Johannes Gutenberg University Mainz (JGU) takes the protection of personal data very seriously. We collect and process our website users’ personal data according to the EU General Data Protection Regulation (GDPR), the State Data Protection Act (Landesdatenschutzgesetz, LDSG), and, if applicable, according to the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
We neither publish your data nor pass them on to third parties without authorisation. The following text will explain which data are collected during your visit to our website and how the data are used.
The controller, in accordance with the definition of the General Data Protection Regulation (GDPR), national data protection laws of the Member States, and other provisions of data protection law, is:
Johannes Gutenberg University Mainz (JGU)
represented by the President
Professor Georg Krausch
Saarstraße 21
55122 Mainz
Phone: +49 6131 39-0
Fax: +49 6131 39-22919
Email: praesident@uni-mainz.de
http://www.uni-mainz.de/en/
JGU Data Protection Officer
Phone: +49 6131 39-20065
Fax: +49 6131 39-52202
Email: datenschutz@uni-mainz.de
https://organisation.uni-mainz.de/datenschutzbeauftragter/ (in German)
Extend and processing of personal data
In principle, we process personal data only to the extent necessary to provide a functional website as well as our content and services. We process users’ personal data only with their consent or if processing is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, serves Art. 6 para. 1 Lit. a) GDPR serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a person concerned, serves Art. 6 para. 1 Lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which JGU is subject, serves Art. 6 para. 1 Lit. c) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, serves Art. 6 para. 1 Lit. e) GDPR serves as the legal basis.
Erasure of data and storage period
The subject’s personal data will be erased or made unavailable once the purpose for which they were collected and stored ceases to apply. Personal data may be stored beyond that period if such storage has been designated by European or national legislators in EU regulations, laws, or other rules the controller is subject to.
Links to other providers’ websites
This JGU Privacy Policy is valid for the websites of the “uni-mainz.de” domain wherever JGU is responsible for matters of data protection. If cross-references (links) are made to content from other providers, their data collection and data use may be based on principles other than those laid out here. Such cross-references within the uni-mainz.de domain are marked with the “external link” (“Externer Link”) tooltip and/or an external link symbol.
You can find information on who is responsible for the provided information of a website in the relevant website’s legal notice.
Transfer of personal data to third parties
Personal data processed based on use of the websites of JGU are, as a rule, not transferred to third parties. The transfer of personal data might take place in individual cases on the basis of legal permission.
As a rule, no personal data are transferred to countries outside of the European Economic Area (EEA) and associated countries (no “third-country transfer”). If such a transfer should become necessary, we will inform you.
Information to be provided according to Art. 13 Subsection 2 lit. e GDPR
As a rule, you are neither contractually nor legally obligated to share personal data on JGU websites. However, if you do not share certain data, the websites may only serve limited or no use.
Description and extend of data processing
Every time a user accesses our website, our system automatically collects data in the form of a log file. The following data are collected and stored until they are automatically deleted:
- the user’s IP address
- the date and time of access
- the name, URL and transferred data volume of the accessed file
- the access status (file transferred, file not found, etc.)
- information on the user’s browser type and operating system
- Web page from which the access was made;
- Log-in-Name bei JGU-internen Webseiten, wenn die Nutzerin / der Nutzer angemeldet ist.
Legal basis
Data processing is necessary for informing the public of the public tasks performed by JGU according to Art. 6 Subsection 1 Lit. e and Subsection 3 GDPR in conjunction with § 2 Subsection 11 Rhineland-Palatinate University Act (Hochschulgesetz Rheinland-Pfalz, HochSchG).
Purpose of data processing
The collected data is processed to guarantee the use of our website (connection establishment), system security, and the technical administration of the network infrastructure, and to optimize our website (error analysis). IP addresses are evaluated only if the JGU network infrastructure is being or has been attacked.
Storage period
The data will be deleted once the purpose for which they were collected and stored ceases to apply. IP addresses are stored for one year for identification purposes in case of a cyber attack. If attacks and malfunctions are pursued beyond that period, the data resulting from access will be stored until the relevant procedure is completed.
Right of object and erasure of data
The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, users do not have the option to object.
Description and extend of data processing
Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. Ruft ein Nutzer eine Webseite auf, so kann ein Cookie auf dem Betriebssystem des Nutzers gespeichert werden. Dieses Cookie enthält eine charakteristische Zeichenfolge, die eine eindeutige Identifizierung des Browsers beim erneuten Aufrufen der Webseite ermöglicht.
Darüber hinaus werden beim Aufruf einzelner Webseiten sogenannte temporäre Cookies verwendet. These session cookies contain the following personal data:
- language settings
- login information
These are usually automatically deleted at the end of the session when you close your browser. Only the language settings are transmitted again the next time you access the website.
Legal basis for data processing
The legal basis for the processing of personal data using cookies for technical reasons is Art. 6 Subsection 1 Lit. e GDPR in conjunction with § 2 Subsection 8 Rhineland-Palatinate University Act (HochschG).
Purpose of data processing
The purpose of using cookies for technical reasons is to simplify the use of websites for users. Some features of our websites cannot be run properly without the use of cookies.
We need cookies for the following applications:
- transfer of language settings
- Log-in auf JGU-internen Webseiten.
As a rule, we do not use analysis cookies or programs that are used to generate user profiles by tracing the actual surfing habits on the individual pages.
If necessary, the web analysis service Matomo (formerly Piwik) may be used to collect statistical data regarding use of the web content provided by JGU. The service will be hosted on the JGU Data Center (ZDV) servers. If a persistent cookie is used, it is stored for 7 days. No personal data will be collected when transmitting the statistical data. Nevertheless, you have the option to decline the collection of your (already anonymized) user behavior. Please follow this link in order to turn the analysis service on or off. By doing so, a Matomo deactivation cookie will be stored or deleted.
Please note that the Matomo deactivation cookie will also be deleted when you clear the cookies stored in your browser. You will also need to repeat the deactivation procedure if you use a different computer or browser.
For other JGU websites (faculties, departments, institutes, student councils, central institutions, facilities, etc.), different regulations may apply. These are explained in the privacy policies of the individual websites, as we do not carry out any analysis of user habits by default.
Storage period, right to object, and deletion of cookies
Cookies are stored on the user’s computer and from there transmitted to our websites. Consequently, the user has full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies. You can also delete cookies at any time. This can also be done automatically. If you deactivate cookies for our website, you may no longer be able to use the full range of site features.
Description and extend of data processing
On our website, you may subscribe to free newsletters. For this, we require the email address the relevant newsletter should be sent to. If you, as a media representative, would like to be added to the central JGU press mailing list, please contact our Press and Public Relations Office. You will need to provide your email address so we can send you our JGU press information via email.
Legal basis for data processing
By providing the requested data and submitting them when registering, you consent to their processing. The legal basis is Art. 6 Subsection 1 Lit. a GDPR.
Purpose of data processing
By providing your personal data and allowing its subsequent transfer when signing up for a newsletter or the press mailing list, you consent to its processing.
Storage period
The data will be deleted once the purpose for which they were collected and stored ceases to apply. The user’s email address will be stored until the user unsubscribes from the relevant newsletter or the press mailing list.
Right of object and erasure of data
You can unsubscribe from all newsletters and/or the press mailing list at any time.
Extend and processing of personal data
In the case of access-protected internal web pages of JGU, which only concern information platforms accessible to university members and staff, the following personal data is collected from logged-in, registered users (students, staff, university members with user accounts) during their visit to these pages:
- the user’s name
- the email address associated with the user’s account.
Legal basis for the processing of personal data
By providing the requested data and submitting them when registering, you consent to their processing. The legal basis is Art. 6 Subsection 1 Lit. a GDPR.
Purpose of data processing
Die Erhebung der Daten dient dazu, die Nutzung der zugangsbeschränkten Webseiten zu ermöglichen (Verbindungsaufbau und Authentifizierung), sowie den Zwecken der Systemsicherheit, der technischen Administration der Netzinfrastruktur und zur Optimierung der Angebote.
Storage period
The data will be deleted once the purpose for which they were collected and stored ceases to apply. This is the case when the user logs out or closes their web browser.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information Art. 15 Subsection 1 GDPR
You have the right to obtain confirmation from the controller regarding whether or not your personal data is being processed.
If it is, you have the right to obtain the following information:
| a) | the purposes of the processing |
| b) | the categories of personal data concerned |
| c) | the recipients or categories of recipient to whom the personal data have been or will be disclosed |
| d) | the envisaged period of time for which the personal data will be stored, or, if a period of time cannot be determined, the criteria used to determine that period |
| e) | the existence of the right to request rectification or erasure of your personal data or restriction of processing of personal data or to object to such processing |
| f) | the right to lodge a complaint with a supervisory authority |
| g) | where the personal data were not collected from you directly, any available information as to their source |
This right to access may be restricted if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary to achieve these purposes.
Right to rectification Art. 16 GDPR
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction immediately.
This right may be restricted if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary to achieve these purposes.
Right to restriction of processing Art. 18 GDPR
You have the right to obtain from the controller restriction of processing of your personal data when one of the following applies:
| a) | You contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data. |
| b) | The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead. |
| c) | The controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise, or defense of legal claims. |
| d) | if you appeal against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the controller outweigh your reasons. |
Where processing of your personal data has been restricted, such personal data can only be processed with your consent or for the establishment, exercise, or defense of the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. The data will still be stored.
If the processing of your personal data was restricted according to the above-mentioned conditions, you will be informed by the controller before the restriction of processing is lifted.
This right may be restricted if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary to achieve these purposes.
Right to erasure Art. 17 GDPR
A) Obligation to erase data
You have the right to demand that the controller erases your personal data without undue delay. The controller is obligated to erase the data without undue delay when one of the following grounds applies:
| (1) | The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. |
| (2) | You revoke your consent on which the processing is based in accordance with. Art. 6 para. 1 Lit. a) GDPR and there is no other legal basis for the processing. |
| (3) | Pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 para. 2 GDPR to appeal against the processing. |
| (4) | Your personal data have been unlawfully processed. |
| (5) | Your personal data must be erased to comply with a legal obligation in European Union or Member State law to which the controller is subject. |
B) Exceptions
The right to erasure does not apply where the processing is necessary
| (1) | for exercising the right of freedom of expression and information; |
| (2) | to comply with a legal obligation which requires processing by European Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; |
| (3) | for archiving purposes in the public interest, academic or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section A) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or |
| (4) | for the establishment, exercise, or defense of legal claims. |
Notification obligation Art. 19 GDPR
If you asserted your right to rectification or erasure of personal data or restriction of processing vis-à-vis the controller, the controller is obligated to inform each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the controller.
Right to data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, where
- the processing is based on consent pursuant to Art. Art. 6 para. 1 Lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. Art. 6 para. 1 Lit. b) GDPR and
- the processing is carried out by automated means.
Furthermore, in exercising the right to data portability, you have the right to have your personal data transferred directly from one controller to another, where technically feasible. The rights and freedoms of other persons shall not be adversely affected by such a transfer.
The right to data portability does not apply to the processing of personal data necessary for carrying out a task in the public interest or in the exercise of official authority vested in the controller.
Right to object Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is carried out on the basis of Art. 6 para. 1 Lit. e) GDPR; this also applies to profiling based on these clauses.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
You also have the right, on grounds pertaining to your particular situation, to object to the processing of personal data concerning you for academic or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR.
Your right to object may be restricted if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary to achieve these purposes.
Right to withdraw consent under data protection law Art. 7 para. 3 GDPR
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
Right to lodge a complaint with the supervisory authority Art. 13 para. 2 lit. d) GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The responsible supervisory authority is
The Rhineland-Palatinate State Commissioner for Data Protection and Freedom of Information
(Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
Hintere Bleiche 34
55116 Mainz
Phone: +49 6131 8920-0
Fax: +49 6131 8920-299
Email: poststelle@datenschutz.rlp.de
This JGU Privacy Policy is currently valid and dated October 21, 2021.
Due to the further development of our websites or the implementation of new technologies, it may become necessary to amend this data protection statement. JGU reserves the right to change the data protection statement at any time with effect for the future. We recommend that you re-read the current data protection statement from time to time.
Please note:
The websites of other JGU faculties, institutes, student bodies, central institutions, etc. may be subject to their own regulations. These are explained in the respective data protection declarations on the individual websites.
