Johannes Gutenberg University Mainz (JGU) takes the protection of personal data very seriously. We collect and process the personal data of visitors to our websites in compliance with the European General Data Protection Regulation (GDPR), the State Data Protection Act (LDSG) and, where applicable, the Federal Data Protection Act (BDSG).
Your data will neither be published by us nor passed on to third parties without authorization. The following text explains which data is collected during your visit to our websites and how exactly it is used.
Responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other clauses of data protection law is:
Johannes Gutenberg University Mainz (JGU)
substituted by the President
Prof. Dr. Georg Krausch
Saarstr. 21
55122 Mainz
Tel.: 06131 39-0
Fax: 06131 39-22919
E-mail: praesident@uni-mainz.de
http://www.uni-mainz.de
JGU Data Protection Officer
Phone: +49 6131 39-20065
Fax: +49 6131 39-52202
Email: datenschutz@uni-mainz.de
https://organisation.uni-mainz.de/datenschutzbeauftragter/ (in German)
Scope of the processing of personal data
As a matter of principle, we only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with their consent or if permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which JGU is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, Art. 6 para. 1 lit. e) GDPR serves as the legal basis.
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was stored has been achieved. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.
Links to websites of other providers
This data protection statement applies to the websites of the “uni-mainz.de” domain if JGU is the controller in terms of data protection. Where reference is made to the content of other providers via links, their data collection and use may be based on principles other than those described here. Such cross-references within the uni-mainz.de domain are generally marked with the tooltip “External link” and/or a trailing arrow symbol.
Instructions on responsibility for the content provided on a website can be found in the website’s legal notice.
Transfer of personal data to third parties
As a matter of principle, we do not transfer personal data processed in the course of using the JGU website to third parties. In individual cases, this may be done on the basis of legal permission.
In principle, no personal data is transferred to countries outside the European Economic Area (EEA) and associated countries (no “third country transfer”). If this should be necessary, we will inform you separately.
Notification obligation pursuant to Art. 13 para. 2 lit. e) GDPR
In principle, there is no contractual or legal obligation to provide personal data on the JGU websites. However, if certain data is not provided, the websites can only be used to a limited extent or not at all.
Description and scope of data processing
When you visit our websites, our web servers temporarily store every access in a log file. The following data is recorded and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name, URL and transferred data volume of the retrieved file
- Access status (file transferred, file not found, etc.)
- Recognition data of the browser and operating system used
- Web page from which the access was made;
- Log-in name for JGU-internal web pages if the user is logged in.
Legal basis
The data processing is carried out in order to inform the public about the fulfillment of JGU’s public tasks in accordance with Art. 6 para. 1 lit. e), para. 3 GDPR in conjunction with § 2 para. 11 University Act Rhineland-Palatinate (HochSchG).
Purpose of data processing
This data is processed to enable the use of our websites (connection establishment), to guarantee system security, the technical administration of the network infrastructure and the optimization of the Internet offering (error analysis). IP addresses are only analyzed in the event of attacks on JGU’s network infrastructure.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The log files (connection data) are stored for one year so that appropriate identification measures can be taken in the event of an attack. If the prosecution of attacks and disruptions goes beyond this, the data from the access will be stored until the respective procedure has been completed.
Appeal and removal options
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for its operation. Consequently, users do not have the option of objecting to this.
Description and scope of data processing
Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
In addition, so-called temporary cookies are used when individual web pages are accessed. These session cookies contain the following personal data:
- Language settings
- Log-in information
and are for the most part automatically deleted at the end of the session when you close your browser. Only the language settings are transmitted again the next time you visit the website.
Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(e) GDPR in conjunction with Section 2(8) of the Rhineland-Palatinate University Act (HochschG).
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be offered without the use of cookies.
We need cookies for the following applications:
- Transfer of language settings
- Log-in to JGU internal web pages.
In principle, we do not use analysis cookies or programs that are used to create user profiles by tracking specific surfing behavior on individual pages.
If necessary, the web analysis service Matomo (formerly Piwik) may be used to collect statistics on the use of the website. The service is hosted on the Data Center’s (ZDV) own servers. If a recognition cookie is used, it is stored for 7 days. No personal data is collected when statistics are transmitted. Nevertheless, you have the option of objecting to the recording of your – already anonymized – usage behavior. To do so, please follow this link to switch the analysis service off or on. This will save or delete a Matomo deactivation cookie.
Please note that the Matomo deactivation cookie will also be deleted if you clean up the cookies stored in your browser. You will also need to repeat the deactivation procedure if you use a different computer or web browser.
The websites of other JGU departments (faculties, institutes, student councils, central institutions, etc.) may be subject to their own regulations. These are explained in the respective data protection statements of the individual websites, as no analysis of user behavior is initially carried out by default.
Duration of storage, appeal and removal options
Cookies are stored on the user’s computer and transmitted by it to our websites. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions of the websites to their full extent.
Description and scope of data processing
You can subscribe to our newsletter free of charge on our website. To do this, we need your e-mail address to which the newsletter is to be sent. With regard to the press distribution list, you must contact the Press and Public Relations staff unit. An e-mail address is also required in order to send the press releases.
Legal basis for data processing
By providing the data requested and sending it during registration, you consent to its processing, so that this is lawful in accordance with Art. 6 para. 1 lit. a) GDPR.
Purpose of data processing
The purpose of collecting the user’s address data is to send the newsletter and/or press releases.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The address data is therefore stored for as long as the subscription to the newsletter and/or press releases is active.
Appeal and removal options
The subscription to the newsletter and/or press releases can be noticed by the user concerned at any time.
Scope of the processing of personal data
In the case of access-protected internal web pages of JGU, which only concern information platforms accessible to university members and staff, the following personal data is collected from logged-in, registered users (students, staff, university members with user accounts) during their visit to these pages:
- Name of the user
- the e-mail address assigned to the account.
Legal basis for the processing of personal data
By providing the data requested and sending it during registration, you consent to its processing, so that this is lawful in accordance with Art. 6 para. 1 lit. a) GDPR.
Purpose of data processing
The collection of the data serves to enable the use of the restricted-access web pages (connection establishment and authentication), as well as for the purposes of system security, technical administration of the network infrastructure and optimization of the offers.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case after logging out or closing the web browser.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information Art. 15 para. 1 GDPR
You can request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing has taken place, you can request the following information from the controller:
| a) | the purposes for which the personal data are processed; |
| b) | the categories of personal data that are processed; |
| c) | the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; |
| d) | the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period; |
| e) | the passing of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; |
| f) | the passing of a right of appeal to a supervisory authority; |
| g) | all available information on the origin of the data if the personal data is not collected from the data subject. |
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the realization of the research or statistical purposes and the restriction is necessary for the fulfillment of the research and statistical purposes.
Right to rectification Art. 16 GDPR
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the realization of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.
Right to restriction of processing Art. 18 GDPR
Under the following conditions, you can renew the restriction of the processing of your personal data:
| a) | if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; |
| b) | if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; |
| c) | if the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or |
| d) | if you have lodged an appeal against the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons. |
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.
Right to erasure Art. 17 GDPR
A) Obligation to delete
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
| (1) | The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. |
| (2) | You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) GDPR and there is no other legal basis for the processing. |
| (3) | Pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 para. 2 GDPR to appeal against the processing. |
| (4) | The personal data concerning you has been processed unlawfully. |
| (5) | The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject |
B) Exceptions
The right to erasure does not pass if the processing is necessary
| (1) | to exercise the right to freedom of expression and information; |
| (2) | for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; |
| (3) | for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right referred to in section A) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or |
| (4) | for the assertion, exercise or defense of legal claims. |
Right to information Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
Right to data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
- the processing is based on consent pursuant to Art. Art. 6 para. 1 Lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. Art. 6 para. 1 Lit. b) GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to appeal at any time against the processing that is carried out on the basis of Art. 6 para. 1 lit. e) GDPR; this also applies to profiling based on these clauses.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the realization of the research and statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.
Right to withdraw consent under data protection law Art. 7 (3) GDPR
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with the supervisory authority Art. 13 para. 2 lit. d) GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The competent supervisory authority is the
State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz
Tel.: 06131 8920-0
Fax: 06131 8920-299
E-Mail: poststelle@datenschutz.rlp.de
This data protection statement is currently valid and dated October 21, 2021.
Due to the further development of our websites or the implementation of new technologies, it may become necessary to amend this data protection statement. JGU reserves the right to change the data protection statement at any time with effect for the future. We recommend that you re-read the current data protection statement from time to time.
Please note:
The websites of other JGU faculties, institutes, student councils, central institutions, etc. may have their own regulations. These are explained in the respective data protection statements of the individual websites.
