As of: 01/08/2018
I. Name and address of the data protection officer
The university’s data protection officer is:
Website: Data protection officer
II. Name and address of the responsible institution
The responsible institution as per the General Data Protection Regulation (GDPR), other national data protection laws of the member states as well as additional data protection regulations is the:
University of Konstanz
represented by its rector, Professor Kerstin Krieglstein
Phone: +49 7531 88-0
Responsible for content:
Julia Wandt, Director of Communications and Marketing, Press Officer
Phone: +49 7531 88-0
III. Providing access to the website and creation of log files
1. Description and scope of the processing of data
Every time a user accesses a University of Konstanz web page, file or other resource, the following data related to this process is stored in a log file:
- date and time of request
- address and file size (in bytes) of the resource requested and/or accessed
- the visitor’s IP address
- server response (HTTP status code, e.g. “file sent”, “file not found”, etc.)
- connection information from the browser and operating system used, if available
- referrer website visited prior to the university web page as well as the search terms entered, if available
2. Legal basis:
The legal basis for storing logfiles is Art. 6 para 1. lit e) in connection with Art. 3 GDPR in connection with § 4 Landesdatenschutzgesetz (LDSG, law for the protection of personal data)
in the version coming into effect on 6 June 2018.
3. Purpose of processing data
The logged information is used to identify, isolate and fix disruptions or errors in the systems needed to operate the University of Konstanz web pages. These may also include disruptions or errors that lead to the restricted availability of information and communication services or allow unauthorised access to the systems.
4. Storage duration
Information regarding the IP address is deleted after two weeks so that any other data collected in the process can no longer be associated with a particular person.
The anonymised information is used for statistical purposes in order to continually improve the quality of the web services provided.
IV. Using cookies
When a page is visited, the browser will save a so-called “session cookie” to the end device in use. The cookie will be deleted as soon as the browser is closed. The “session cookies” do not contain personal information. It is not intended nor possible to use the session ID to identify a user. The temporary logging of these cookies can be disabled by changing the appropriate settings of the internet browser. This does not affect the access or use of the page, but disabling cookies may increase the server’s response time slightly.
This does not apply to session cookies saved in connection with a one-time authentication process required to access protected areas of the website. The purpose here is to recognise multiple related requests from the same user, which preserves the user's authentification status while using the website. Blocking these cookies can impair access to and utilisation of the website.
Using particular services such as registering for events or filling out contact forms may require collecting, processing, and using personal information. The same applies to personal data transmitted to the email address provided on the respective website (as an alternative to the online form). Information about the legal basis, the purpose of processing and use of the data as well as deletion deadlines is provided on the form pages.
Information about the data entered by the users themselves, the user's browser as well as the date, time and duration of the entry is saved (spam protection).
VI. Web analysis using Matomo (formerly PIWIK)
We use the open source software tool Matomo (formerly PIWIK) to analyse our users’ browsing behaviour. The software saves a cookie to the user’s computer (for information on cookies, please see above). When individual university web pages are accessed, the following information is stored:
- the first two bytes of the IP address of the user’s system
- the page visited
- the referrer website that the user accessed before visiting the university website
- the sub-pages accessed
- the duration of the visit
- how often the user accesses the web page
- browser recognition
- the user’s device type (smartphone, tablet, etc.)
The software runs exclusively on our servers. User data is only saved to our servers. It is not passed on to third parties.
The software has been configured to mask two bytes of the IP address (e.g.: 192.168.xxx.xxx). That way, it is impossible to associate the IP address with the device used to access the website.
You can deactivate or restrict cookies by changing the settings of your internet browser. Saved cookies can be deleted at any time, even automatically, if you wish. If you disable cookies for our website, you may experience difficulties when accessing some if its functions.
VII. Rights of the parties involved
- In accordance with Art. 15 GDPR, you have the right to request information from the University of Konstanz about any data it saves that is related to your person and/or to have incorrect data corrected as per Art. 16 GDPR.
- You also have the right to demand that your data be deleted (Art. 17 GDPR) or that the processing and use thereof be restricted (Art. 18 GDPR), as well as to object to the processing and use of your data (Art. 21 GDPR).
- If you raise an objection while in a contractual relationship with the university, it may no longer be possible to fulfil the contract.
- You can withdraw your consent regarding the processing and use of your data at any time. The fact that all data processed between the point in time that consent was given and it being withdrawn was processed lawfully remains untouched.
- To better understand and exercise your rights, please contact our data protection officer by emailing firstname.lastname@example.org.
- You also have the right to file a complaint with the regulating authority if you believe that the processing and use of your personal data is in violation of the law (Art. 77 GDPR). The responsible contact person at the regulating authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (state commissioner for data protection and the freedom of information in Baden-Württemberg) (https://www.baden-wuerttemberg.datenschutz.de).
VIII. Social media
The university uses various social media channels to keep visitors informed about its activities and appreciates the lively exchange that this enables.
When engaging with the University of Konstanz using social media, please note that we have no way of influencing if and how data is collected and processed by the social media services used. Please check the personal data you make available to social media outlets carefully. We cannot accept liability for the conduct of the operating companies or third parties.
We wish to draw your attention to the fact that Facebook, Google and YouTube store and utilise user data (e.g. personal data, IP address, etc.) in line with their own data processing guidelines. The university has no way of determining to what extent the way personal data is evaluated, linked or passed on to third parties is in accordance with the European data protection regulations. You can learn more about data processing in social media by visiting the following pages: