Johannes Gutenberg University Mainz (JGU) takes the protection of personal data very seriously. We collect and process personal data of visitors to our websites in compliance with the European General Data Protection Regulation (GDPR), the State Data Protection Act (LDSG), and, where applicable, the Federal Data Protection Act (BDSG).
Your data will neither be published by us nor unlawfully disclosed to third parties. The following text explains what data is collected during your visit to our websites and how exactly it is used.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions, is:
Johannes Gutenberg University Mainz (JGU)
represented by the President
Prof. Dr. Georg Krausch
Saarstr. 21
55122 Mainz
Phone: 06131 39-0
Fax: 06131 39-22919
Email: praesident@uni-mainz.de
http://www.uni-mainz.de
JGU’s Data Protection Officer
Phone: 06131 39-20065
Fax: 06131 39-52202
Email: datenschutz@uni-mainz.de
https://www.verwaltung.uni-mainz.de/#beauftragter-fur-den-datenschutz
Scope of Processing of Personal Data
We generally process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of our users’ personal data usually only takes place with their consent or if legal regulations permit it.
Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
When processing personal data necessary for the fulfillment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which the JGU is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, Art. 6 para. 1 lit. e) GDPR serves as the legal basis.
Data Deletion and Storage Period
The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored has been achieved. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject.
Links to Websites of Other Providers
This data protection statement applies to websites within the domain “uni-mainz.de” if the JGU is the controller within the meaning of data protection law. Insofar as cross-references (links) refer to content from other providers, their data collection and data use may take place according to principles other than those presented here. Such cross-references within the uni-mainz.de domain are usually marked with the tooltip “External Link” and/or a trailing arrow symbol.
Information on responsibility for the provided content of a website can be found in the respective imprint of the website.
Transfer of Personal Data to Third Parties
We generally do not transfer personal data processed in the context of using the JGU’s web offering to third parties. In individual cases, this may occur based on legal permission.
Generally, no personal data is transferred to countries outside the European Economic Area (EEA) and associated countries (no “third country transfer”). Should this be necessary, we will inform you separately.
Notification Obligation pursuant to Art. 13 para. 2 lit. e) GDPR
Generally, there is neither a contractual nor a legal obligation to disclose personal data on the JGU’s websites. However, if certain data is not disclosed, the websites can only be used to a limited extent or not at all.
Description and Scope of Data Processing
When you visit our websites, our web servers temporarily store every access in a log file. The following data is collected and stored until automated deletion:
- IP address of the requesting computer
- Date and time of access
- Name, URL, and amount of data transferred for the retrieved file
- Access status (file transferred, file not found, etc.)
- Identification data of the browser and operating system used
- Web page from which access was made;
- Login name for JGU internal web pages, if the user is logged in.
Legal Basis
Data processing is carried out to inform the public about the fulfillment of the JGU’s public duties pursuant to Art. 6 para. 1 lit. e), para. 3 GDPR in conjunction with § 2 para. 11 University Act of Rhineland-Palatinate (HochSchG).
Purpose of Data Processing
The processing of this data is carried out to enable the use of our websites (connection establishment), to guarantee system security, the technical administration of the network infrastructure, and the optimization of the internet offering (error analysis). IP addresses are only evaluated in the event of attacks on the JGU’s network infrastructure.
Duration of Storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose for which it was collected. The log files (connection data) are stored for one year so that appropriate identification measures can be taken in the event of an attack. If there is a further prosecution of attacks and disruptions, the data will be stored from access until the completion of the respective procedure.
Right to Object and Option for Removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for operation. Consequently, users have no right to object.
Description and Scope of Data Processing
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.
Furthermore, so-called temporary cookies are used when individual web pages are accessed. These session cookies contain the following personal data:
- Language settings
- Login information
and are, for the most part, automatically deleted after the session expires when you close your browser. Only the language settings are transmitted again on a subsequent visit.
Legal Basis for Data Processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. e) GDPR in conjunction with § 2 para. 8 University Act of Rhineland-Palatinate (HochschG).
Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be offered without the use of cookies.
For the following applications, we require cookies:
- Adoption of language settings
- Login on JGU internal web pages.
Generally, we do not use analysis cookies or programs that are used to create user profiles by tracking specific browsing behavior on individual pages.
If applicable, the web analytics service Matomo (formerly Piwik) can be used to collect statistical data about the use of the internet offering. The service is hosted on the own servers of the Center for Data Processing (ZDV). If a recognition cookie is used, it is stored for 7 days. No personal data is collected during the transmission of statistical data. Nevertheless, you have the option to object to the collection of your – already anonymized – user behavior. To do so, please follow this link to switch the analytics service off or on. This will store or delete a Matomo deactivation cookie.
Please note that the Matomo deactivation cookie will also be deleted if you clear the cookies stored in your browser. Furthermore, you must perform the deactivation procedure again if you use a different computer or a different web browser.
For the internet presences of other areas of the JGU (faculties, institutes, student councils, central institutions, etc.), separate regulations may apply. These are explained in the respective data protection statements of the individual internet presences, as no analysis of user behavior is performed by default.
Duration of Storage, Right to Object and Option for Removal
Cookies are stored on the user’s computer and transmitted by it to our websites. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, not all functions of the websites may be fully utilized.
Description and Scope of Data Processing
On our internet pages, it is possible to subscribe to newsletters free of charge. For this, we require your email address to which the newsletter is to be sent. Regarding the press distribution list, contact must be made with the Press and Public Relations staff unit. An email address is also required here to send the press information.
Legal Basis for Data Processing
By providing the requested data and submitting it during registration, you consent to its processing, so that it is lawful pursuant to Art. 6 para. 1 lit. a) GDPR.
Purpose of Data Processing
The collection of the user’s address data serves to deliver the newsletter and/or press information.
Duration of Storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose for which it was collected. The address data will therefore be stored as long as the subscription to the newsletter and/or press information is active.
Right to Object and Option for Removal
The subscription to the newsletter and/or press information can be canceled by the affected user at any time.
Scope of Processing of Personal Data
For access-protected internal web pages of the JGU, which concern information platforms accessible only to university members and affiliates, the following personal data is collected from logged-in, registered users (students, employees, university affiliates with user accounts) during their stay on these pages:
- Name of the user
- the email address associated with the account.
Legal Basis for the Processing of Personal Data
By providing the requested data and submitting it during registration, you consent to its processing, so that it is lawful pursuant to Art. 6 para. 1 lit. a) GDPR.
Purpose of Data Processing
The collection of data serves to enable the use of access-restricted web pages (connection establishment and authentication), as well as for the purposes of system security, technical administration of the network infrastructure, and optimization of the offerings.
Duration of Storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose for which it was collected. This is the case after logging out or closing the web browser.
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:
Right of Access Art. 15 para. 1 GDPR
You can request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing exists, you can request information from the controller about the following:
| a) | the purposes for which the personal data are processed; |
| b) | the categories of personal data that are processed; |
| c) | the recipients or categories of recipients to whom your personal data has been or will be disclosed; |
| d) | the envisaged period for which your personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period; |
| e) | the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing; |
| f) | the existence of a right to lodge a complaint with a supervisory authority; |
| g) | any available information as to their source where the personal data are not collected from the data subject. |
This right of access may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistics purposes and the restriction is necessary for the fulfillment of the research and statistics purposes.
Right to Rectification Art. 16 GDPR
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.
Your right to rectification may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistics purposes and the restriction is necessary for the fulfillment of the research and statistics purposes.
Right to Restriction of Processing Art. 18 GDPR
Under the following conditions, you can request the restriction of the processing of your personal data:
| a) | if you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data; |
| b) | if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; |
| c) | if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or |
| d) | if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds. |
If the processing of your personal data has been restricted, these data may – apart from their storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistics purposes and the restriction is necessary for the fulfillment of the research and statistics purposes.
Right to Erasure Art. 17 GDPR
A) Obligation to Erase
You can request that the controller erase your personal data without undue delay, and the controller is obliged to erase these data without undue delay if one of the following grounds applies:
| (1) | Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. |
| (2) | You withdraw your consent, on which the processing was based pursuant to Art. 6(1)(a) GDPR, and no other legal basis for the processing exists. |
| (3) | Pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 para. 2 GDPR to appeal against the processing. |
| (4) | Your personal data has been unlawfully processed. |
| (5) | The erasure of your personal data is necessary for compliance with a legal obligation under Union law or Member State law to which the controller is subject |
B) Exceptions
The right to erasure does not apply insofar as processing is necessary
| (1) | for exercising the right of freedom of expression and information; |
| (2) | for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; |
| (3) | for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section A) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or |
| (4) | for the establishment, exercise or defense of legal claims. |
Right to Information Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
Right to Data Portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
- the processing is based on consent pursuant to Art. Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. Art. 6 para. 1 lit. b) GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons shall not be adversely affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing based on Article 6(1)(e) of the GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research and statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.
Right to withdraw data protection consent Art. 7(3) GDPR
You have the right to withdraw your declaration of data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority Art. 13(2)(d) GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
The competent supervisory authority is the
State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz
Tel.: 06131 8920-0
Fax: 06131 8920-299
E-Mail: poststelle@datenschutz.rlp.de
The present data protection statement is currently valid and dated October 21, 2021.
Due to the further development of our websites or the implementation of new technologies, it may become necessary to amend this data protection statement. JGU reserves the right to amend the data protection statement at any time with effect for the future. We recommend that you reread the current data protection statement from time to time.
Please note:
For the internet presences of other areas of JGU (faculties, institutes, student councils, central institutions, etc.), separate regulations may apply. These are explained in the respective data protection statements of the individual internet presences.
