Data protection policy

1. Name and address of the responsible controller

The responsible controller as defined in the EU General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection-related provisions is:

Westfälische Wilhelms-Universität Münster (WWU) / University of Münster (WWU)
represented by its Rector, Prof Dr Johannes Wessels,
Schlossplatz 2, 48149 Münster
Tel.: + 49 251 83-0
Email: verwaltung@uni-muenster.de

2. Name and address of the data protection officer

The data protection officer appointed by the responsible controller is:

Nina Meyer-Pachur
Schlossplatz 2, 48149 Münster
Tel.: + 49 251 83-22446
Email: datenschutz@uni-muenster.de

3. General information on data processing

We collect and use the personal data of our users insofar as necessary for operating a functional website and delivering our content and services, and to the extent to which the law permits.

Legal basis for processing personal data

Whenever we obtain the consent from a data subject to process personal data, Art. 6 (1 a) GDPR serves as the legal basis for processing this personal data.

Whenever processing such data is necessary for compliance with a legal regulation, to which the University of Münster is subject, Art. 6 (1 c) GDPR serves as the legal basis.

In cases for which processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6 (1 d) GDPR serves as the legal basis.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Münster, Art. 6 (1 e) GDPR serves as the legal basis for processing this data.

If processing is necessary for safeguarding the legitimate interests of the University of Münster or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1 f) GDPR serves as the legal basis for processing this data. This does not apply to processing tasks which the University of Münster is obliged to perform as a public authority.

Duration of storage of personal data

We reserve the right to retain the data subject’s personal data for as long as the purpose of such storage exists. If processing is permitted on the basis of the subject’s consent, his/her personal data is only stored until the data subject withdraws his/her consent, except in cases where processing is governed by a different legal basis.

Right to rectification and erasure of personal data

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The data subject also has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay as soon as the purpose of storage is no longer necessary. In cases where data processing is performed on the basis of consent, the right to erasure exists if the data subject withdraws his/her consent and no other legal grounds exist for processing the data.

Personal data must be erased if the data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or if the personal data has been unlawfully processed, or if the personal data must be erased in order to comply with a legal requirement mandated by an EU or member state law, to which the University of Münster is subject.

The right to erasure as put forth in the cases stated above does not apply, however, if it would prevent compliance with a legal obligation which requires processing by European Union or member state law, to which the University of Münster is subject, or hinder the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Münster, or if extended storage is necessary for the establishment, exercise or defence of legal claims.

Right to withdrawal

If permission to process personal data was granted by the consent of the data subject, he or she may withdraw his/her consent at any time. All processing of personal data performed prior to withdrawal remains lawful irrespective of the subject’s withdrawal.

Right to information

The data subject has the right to obtain confirmation from the University of Münster whether it is processing any personal data concerning him or her. If such is the case, the data subject has a right to information regarding the type of personal data and the purpose for which it is being processed. The data subject also has the right to obtain information on the duration of the planned storage of his/her data, or on the criteria for determining how long his/her data is to be stored.

4. Provision of the website and creation of log files

Scope of data processing

For every access query to our website, our server automatically collects data and information from the querying computer system.
The following data is collected in this process:

  1. information on the browser type and version
  2. the user's operating system
  3. the user’s Internet service provider
  4. the user’s IP address
  5. the date and time of the query
  6. websites from which the user’s system was directed to our website
  7. websites which the user’s system accesses via our website

This data is compiled in log files and saved on our server. No further personal data is stored together with the log file data.

Legal basis for processing

The legal basis for temporarily processing data and log files is provided in Art. 6 (1 f) GDPR.

Purpose of processing

The temporary storage of the IP address on our server is necessary for granting the user’s system access to our website. For this purpose, the user’s IP address must remain stored on our server for the duration of the session.

Data storage in log files is required to ensure the functionality of the website. Furthermore, the data enables us to optimise the website and guarantee the security of our IT systems. Data analysis for marketing-related purposes is not performed in this context.

These purposes correspond to the legitimate interests of data processing as indicated in Art. 6 (1 f) GDPR.

Duration of storage of personal data

The data is erased at the conclusion of the respective session.

All data stored in log files is erased within seven days. A longer period of data storage is possible. In such cases, the user’s IP address is erased or anonymised in such a way that renders it impossible to identify the querying client.

5. Use of cookies

Scope of data processing

Our website uses cookies. Cookies are small text files saved on or by the web browser, installed on the user’s computer system. Cookies are often saved on the user’s operating system whenever a user accesses a website. The file contains a distinctive sequence of characters which enables the browser to correctly identify a website when it is visited again.

We use cookies to improve the user friendliness of our website. Some elements on our website make it necessary to identify a querying browser after a page change. The following data is saved and transmitted through and by cookies:

  1. login information
  2. session settings

In cooperation with VariFast GmbH, advertising banners are integrated into some web pages of the University of Münster using the ad server provided by Adition AG. These banners also use cookies, or more specifically “session cookies” and temporary cookies, which serve to statistically analyse how many readers/visitors use the site and to quantitatively restrict the delivery of advertisements. The server only collects technical data, i.e. no data that can be used to identify the user. The data is anonymised and analysed for purely statistical purposes. For more information, please read the data protection policies of VariFast GmbH and Adition AG.

By clicking on the following link, you may withdraw your consent to having your anonymised data analysed by our advertising partners. In this case, Adition replaces your current cookie with a new opt-out cookie. This opt-out cookie deletes all previously collected data and prevents it from gathering any further anonymised information. If the opt-out cookie is deleted, Adition will no longer be aware of your wish to opt-out. In this case, you will have to repeat the opt-out procedure.
I withdraw my consent to have my data analysed by advertisers (opt-out)

Legal basis for processing

The legal basis for processing personal data using technically necessary cookies is provided in Art. 6 (1 f) GDPR. The legal basis for processing personal data using cookies for other purposes for which respective consent is granted by the user is provided in Art. 6 (1 a) GDPR.

Purpose of processing

The purpose of using technically necessary cookies is to make it easier for the client to use the website. Some functions on our website cannot be offered without cookies. Such functions require the browser to identify the user after a page change. These purposes correspond to the legitimate interests of processing personal data in accordance with Art. 6 (1 f) GDPR.

Cookies are required for the following applications:

  1. single sign-on
  2. assigning login sessions to specific servers (“sticky sessions”)

The user data collected with technically necessary cookies is not used for creating user profiles.

Duration of storage of personal data

Cookies are saved on the user’s computer which transfers them to our server. Consequently, as the user, you have complete control over how cookies are used by your system. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies to external websites. You can also delete all saved cookies on your system at any time. Restrictions on cookie usage can be managed automatically by your browser. If you choose to deactivate cookies for our website, it may prevent you from taking full advantage of all the features offered on this website.

6. Matomo web analysis (formerly PIWIK)

Scope of data processing

Our website uses the open-source software tool Matomo (formerly PIWIK) for analysing the browsing behaviour of our users. The software saves cookies onto the user’s computer (for more on cookies, see above). When the user accesses a page on our website, Matomo saves the following data:

  1. two bytes of the user’s IP address
  2. the accessed webpage
  3. the website from which the user is directed to the accessed page (referrer)
  4. the sub-pages to which the user is directed from the accessed page
  5. the length of time the user remains on the page
  6. the frequency the page is accessed

The software runs exclusively on the servers of our website. Any storage of the user’s personal data only takes place there. No data is shared with third parties.

The software is configured in such a way that it does not store full IP addresses, but only two bytes of the user’s IP address. This renders it impossible to attribute the abbreviated IP address to the querying computer.

If you do not wish to have your data saved and analysed, you can withdraw your consent on cookie storage and usage with a mouse click at any time. In such cases, Matomo places an “opt-out cookie” onto your browser which prevents it from collecting any data during your visit to our website. Please note: If you choose to delete the cookies in your browser, the opt-out cookie will also be erased, which means you will have to reactivate the opt-out cookie during your next visit.

If you have activated the "Do not track" option in your browser, you do not require an opt-out cookie.

Legal basis for processing

The legal basis for processing the user’s personal data is provided in Art. 6 (1 f) GDPR.

Purpose of processing

Processing the user's personal data allows us to analyse the browsing behaviour of our users. The analysis of the collected data permits us to generate information about how certain components of our website are used. This helps us to improve our website and enhance user friendliness on a continual basis. This corresponds to the legitimate interests of processing personal data in accordance with Art. 6 (1 f) GDPR.

Duration of storage of personal data

All personal data is deleted as soon as it is no longer required for purposes of documenting the user’s visit.

Cookies are saved on the user’s computer which transfers them to our server. Consequently, as the user, you have complete control over how cookies are used by your system. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies to external websites. You can also delete all saved cookies on your system at any time. Restrictions on cookie usage can be managed automatically by your browser. If you choose to deactivate cookies for our website, it may prevent you from taking full advantage of all the features offered on this website.

7. Newsletter

Scope of data processing

The users of our website have the possibility of subscribing to a free University newsletter. When registering for the newsletter, the user is asked to provide information via an input mask which is then transferred to our server. This includes the following information:

  1. user’s email address
  2. user’s name
  3. password
  4. desired language
  5. desired form of delivery
  6. number of recognised deliverability issues

The following information is also collected at registration:

  1. IP address of the querying computer
  2. date and time of registration

As part of the registration process, the user is asked to consent to have his/her data processed and is informed of this data protection policy.

All personal data processed in connection with newsletter delivery is not shared with third parties. This data is exclusively used for delivering the newsletter.

Legal basis for processing

The legal basis for processing the user’s personal data after registering and granting his/her consent is provided in accordance with Art. 6 (1 a) GDPR.

Purpose of processing

The user’s email address is processed for the purpose of delivering the newsletter. Other personal data collected during registration is processed in order to prevent the improper use of our services or the provided email address.

Duration of storage of personal data

Your email address is saved on our server for as long as your newsletter subscription is active. Other personal data collected during the registration process is normally erased within seven days.

The newsletter subscription can be cancelled by the user at any time. For this purpose, a cancellation link is embedded in every newsletter. When cancelling the subscription, the user can also withdraw his/her consent to having his/her personal data collected during the registration process saved on the University’s server.

8. Email contact

Scope of data processing

On our website, users can personally contact the University via email by using the email address provided for such purposes. In this case, the email together with the user’s personal data is saved on our server.

The user’s personal data is not shared with third parties in this context. The data is exclusively used for purposes of establishing and maintaining contact with the user.

Legal basis for processing

The legal basis for processing the user’s personal data, acquired as a result of the user sending an email, is provided in accordance with Art. 6 (1 f) GDPR.

Purpose of processing

The user’s personal data is processed only for the purpose of establishing and maintaining contact with the user. This corresponds to the legitimate interests of processing personal data in accordance with Art. 6 (1 f) GDPR.

Duration of storage of personal data

All personal data sent to us via email is deleted as soon as the respective dialogue with the user is concluded. The dialogue is deemed concluded when circumstances indicate that the issue in question has been clarified to the satisfaction of all parties.

9. Campus map/Google Maps

Scope of data processing

Our website uses Google Maps API, an online interactive map service provided by Google Inc. (“Google”). By using Google Maps, information about your usage of this website (along with your IP address) can be transmitted to and stored on a Google server in the USA.

For more information, please read Google’s terms of service and privacy policy.

Google forwards collected data to third parties insofar as is required by law or if third parties are commissioned to process this data on behalf of Google.
It is technically possible for Google to identify individual users on the basis of the data it receives. It is likewise possible to process personal data and the personal profiles of users on Google’s website for other purposes over which we have no control.

Legal basis for processing

The legal basis for processing the user’s personal data is provided in Art. 6 (1 a) GDPR.

Purpose of processing

The use of Google Maps enables users to more easily locate specific places indicated on our website.

10. Use of social media plugins

Scope of data processing

Our website uses social media plugins of various providers. When you access a page from our website which contains such a plugin, your browser establishes a direct connection to the servers of the respective provider. The content of the plugin is directly transmitted to your browser which integrates it into the website.

Plugins enable the providers to know that you have accessed the respective page on our website. If you are logged in with the corresponding provider, the provider has the ability to assign this information to your account.

Legal basis for processing

The legal basis for processing the user’s personal data is provided in Art. 6 (1 a) GDPR.