NAME AND ADDRESS OF THE DATA CONTROLLER
Within the meaning of the General Data Protection Regulation (GDPR) and other German national data protection laws and regulations, the data controller is:
Gottfried Wilhelm Leibniz Universität Hannover
Tel. +49 511 762 – 0
Fax +49 511 762 – 3456
Leibniz Universität Hannover is a corporation under public law and is legally represented by its President, Prof. Dr. iur. Volker Epping.
NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
Data protection officer of Leibniz University Hannover is:
Gottfried Wilhelm Leibniz Universität Hannover
– Datenschutzbeauftragter –
Königsworther Platz 1
D – 30167 Hannover
Tel. +49 511 762-8132
Fax +49 511 762-8258
GENERAL INFORMATION ON DATA PROCESSING
We process our users’ personal data only insofar as is necessary to provide a functioning website as well as our content and services.
If individual websites or functions implement processes departing from this privacy statement, information regarding this will be provided in a separate privacy statement.
PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- information about the browser type and version used
- the user’s operating system
- the user’s internet service provider
- the IP address of the user
- the date and time of access
- the website, from which the user’s system reaches our website
- websites accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for temporary storage of data and log files is Article 6 (1) (e) and Article (3) GDPR in conjunction with section 3 of the Lower Saxony Data Protection Act (NDSG) and section 3 of the Lower Saxony Higher Education Act (NHG).
Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the IP address of the user must remain stored for the duration of the session. The data is stored in the log files to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our IT systems. Analysis of the data for marketing purposes does not take place in this context.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With respect to collection of data for the provision of the website, this is the case once the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Data may be stored for a longer period of time. In this case, the IP address of the user is deleted or anonymised, so that the accessing client can no longer be assigned to the user.
For technical reasons, collection of data for the provision of the website and storage of data in log files is essential for the operation of the website.
It is possible to contact us via the provided e-mail address. In this case, the user’s personal data that is transmitted via email will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for processing data is Article 6 (1) (a) GDPR provided that the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (e) and Article (3) GDPR in conjunction with section 3 of the Lower Saxony Data Protection Act (NDSG) and section 3 of the Lower Saxony Higher Education Act (NHG). If email contact is undertaken with the purpose of concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.
The other personal data that is processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data that was sent via email, this is the case when the respective conversation with the user is finished, unless statutory retention periods apply that would prevent erasure. The conversation is terminated when it can be deduced from the circumstances that the facts in question have been conclusively clarified.
Additional personal data that is collected during the sending process will be deleted after a period of seven days at the latest.
The user can revoke consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of personal data at any time. In such a case, the conversation will be terminated and all personal data collected during the conversation will be erased unless statutory retention periods apply that would prevent erasure.
RIGHTS OF THE DATA SUBJECT
If your personal data is processed, you are a data subject in the context of the GDPR and you have the following rights towards the data controller if the legal requirements are met:
- Right of access to information according to Article 15 GDPR
- Right to rectification according to Article 16 GDPR
- Right to restrict processing according to Article 18 GDPR
- Right to erasure according to Article 17 GDPR
- Right to be informed according to Article 19 GDPR
- Right to data portability according to Article 20 GDPR
- Right to object according to Article 21 GDPR
You also have the right to object to data processing at any time. We will then stop processing your data, unless legitimate grounds exist to continue or where processing serves to assert, exercise or defend legal claims. Should you exercise any of the above-mentioned rights, the data controller will assess whether the legal requirements are met.
- Right to revoke the data protection declaration of consent as per Article 7 (3) GDPR
You have the right to revoke your data protection declaration of consent at any time. Revocation of consent will not affect the lawfulness of processing of data carried out on the basis of consent until its revocation.
- Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
Die Landesbeauftragte für den Datenschutz in Niedersachsen
Tel. +49 511 120 – 4500
Fax +49 511 120 – 4599