Data Protection Declaration of the University of Bremen

Name and Address of the Controller:

University of Bremen
President Prof. Dr. Jutta Günther
Bibliothekstrasse 1-3
28359 Bremen, Germany
Phone.: +49 421 218-1
E-Mail: web@uni-bremen.de
Webseite: www.uni-bremen.de/en/

Name and Address of the Data Protection Officer:

University of Bremen
Katja Losch-Kremer
Administrative Unit 06
Bibliothekstrasse 1-3
28359 Bremen, Germany
E-Mail: datenschutz@uni-bremen.de
Webseite: www.uni-bremen.de/infoportal-datenschutz (only available in German)

General Information on Data Processing

(1) The University of Bremen takes the protection of personal data very seriously. We process personal data collected during visits to our websites in compliance with the applicable data protection regulations. In particular, the EU General Data Protection Regulation (GDPR), the Bremen Implementation Act for the EU General Data Protection Regulation (BremDSGVOAG), the Higher Education Act of the State of Bremen (§ 11 BremHG), and the Telecommunications Digital Services Data Protection Act (TDDDG) apply.

(2) We process personal data of our users only to the extent necessary to provide a functional website and our content and services (see points 6 and 7). The processing of personal data of our users takes place regularly only with the consent of the users. An exception applies in cases where prior consent is not possible for practical reasons and the processing of the data is permitted by law. Your personal data will only be used for the stated purposes and to the extent necessary to achieve these purposes.

(3) Your data will neither be published by us nor passed on to third parties without authorization. However, we would like to point out that we are entitled to provide information about data in individual cases by order of the competent authorities, insofar as this is necessary for the purposes of criminal prosecution, for averting danger by the police authorities of the federal states, for fulfilling the legal tasks of the federal and state constitutional protection authorities and of the Federal Intelligence Service (legal basis Art. 6 para. 1 lit. c GDPR).

In the following, we will inform you about the type, scope, and purpose of the collection and use of personal data.

1. Data Collection and Processing for Internet Access

   (1) The processing in connection with accessing our website is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR, § 3 BremDSGVOAG, § 4 para. 9 BremHG in our information interest for the benefit of the public.
   The following personal data is processed

   • The IP address of the requesting computer
   • Date and time of access
   • Access method/function requested by the inquiring computer
   • Name and URL of the retrieved file
   • Amount of data transferred
   • Access status of the web server (file transferred, file not found, command not executed, etc.)
   • URL from which the access was made

   (2) The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user does not have the right to object.

    

2. Cookies

   No cookies are used when you visit our website.

    

3. Data Security

   (1) Our technical and organizational security measures, with which we protect all data from unauthorized access, are always kept up to date. If your data is collected and recorded by us, it is stored on specially protected servers. These are protected by technical and organizational measures against loss, destruction, access, modification or dissemination by unauthorized persons. Access to your data is only possible for a few authorized persons. All our employees are obliged to maintain confidentiality. Personal information is always transmitted in encrypted form. The transmitted data is stored in a data base that is only accessible to administrators.

   (2) We would like to point out that data transmission on the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

    

4. Links to Third-Party Websites

   Our website contains links (references) to external third-party websites. Our website may also contain links to external social networks; however, no plug-ins from these networks are used. These websites are subject to the liability of the respective operators. Therefore, we cannot accept any liability for this third-party content. At the time the links were included, there was no illegal content on the respective pages. However, we have no influence on the current and future design and content of the linked pages. We cannot reasonably be expected to permanently monitor these third-party sites. Should we become aware of an infringement, we will remove the link immediately. When you leave this website, we recommend that you first read the privacy policy of each website carefully.

    

5. Contact

   You have the option of contacting us. The personal data you provide will only be processed to respond to your request. We will delete your data if it is no longer required and there are no legal obligations to retain it. This is usually the case 90 days after processing the request.
   The legal basis for responding to inquiries is Art. 6 para. 1 sentence 1 lit. e GDPR, § 3 BremDSGVOAG, § 4 para. 9 BremHG. If the email contact has the aim of entering into a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR. To contact the Carl von Ossietzky University of Oldenburg, please refer to their data protection information, which is available at https://uol.de/en/data-privacy-statement.

    

6. SSL Encryption

   This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, it is virtually impossible for third parties to read the data you transmit to us.

    

Rights of the Data Subject

If the University of Bremen processes your personal data, you have the following rights as a data subject as defined by the GDPR:

1. Right of Access (Art. 15 GDPR)

   You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

    

2. Right to Rectification (Art. 16 GDPR)

   You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.

    

3. Right to Restriction of Processing (Art. 18 GDPR)

   You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, for example if you have lodged an objection to the processing, for the duration of the examination by the controller.

    

4. Right to Erasure (Art. 17 GDPR)

   You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.

    

5. Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing (Art. 19 GDPR)

   If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, or erasure of the data, or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

    

6. Right to Data Portability (Art. 20 GDPR)

   In certain cases, which are listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format or to request the transmission of this data to a third party.

    

7. Right to Object (Art. 21 GDPR)

   If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

    

8. Right to Withdraw Consent under Data Protection Law (Art. 7 para. 3 GDPR)

   If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. You can contact us at the above addresses and by email at the following address if you have any further questions on the subject of personal data: content@uni-bremen.de.

    

9. Automated Individual Decision-Making, including Profiling (Art. 22 GDPR)

   You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
   (1) is necessary for entering into, or performance of, a contract between you and the controller,
   (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
   (3) is based on your explicit consent.
   However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
   However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

    

10. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

    In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

     

11. Assertion of Your Rights

    Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.

     

Processing of Personal Data on Internal Access-Protected Websites

(1) In the case of access-protected internal websites of the University of Bremen, which only concern information platforms accessible to university members and staff, the following personal data is collected from logged-in, registered users (students, staff, university members with a user account) during their visit to these pages:
(a) the name of the user,
(b) the email address assigned to the account,
(c) if applicable, the user’s membership of a specific user group.
(2) The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR if the user has given their consent. The collection of the data serves to enable the use of the access-restricted websites (connection establishment), as well as for the purposes of system security, technical administration, network infrastructure, and optimization of the offers. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case after logging out or closing the web browser.
(2) The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR if the user has given their consent. The collection of the data serves to enable the use of the access-restricted websites (connection establishment), as well as for the purposes of system security, technical administration, network infrastructure, and optimization of the offers. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case after logging out or closing the web browser.

Validity and Up-to-Dateness of the Privacy Policy (as of January 2025)

By using our website, you consent to the use of your data as described above. This data protection declaration is immediately valid and replaces all previous declarations. This statement will be updated as necessary in order to adapt it to the content of the website and to legal changes in general.