Data Privacy

I. General Preliminary Remarks

The cen­tral web serv­er www.uni-bremen.de togeth­er with the indi­vid­ual sites belong­ing to the Uni­ver­si­ty of Bre­men present the Uni­ver­si­ty inter­nal­ly and exter­nal­ly, dis­sem­i­nate infor­ma­tion and sup­port the tasks of the uni­ver­si­ty. The web pres­ence has an inde­pen­dent, uni­form design. How­ev­er, the uni­ver­si­ty insti­tutes and Fac­ul­ties have a cer­tain free­dom when it comes to the indi­vid­ual design of their home­pages and in this con­text also bear their own responsibility.

II. Responsibilities and Competences

No guar­an­tee is giv­en for the oper­a­tion or for the cor­rect­ness and top­i­cal­i­ty of the infor­ma­tion con­tained in the web pres­ence. The Cen­ter for Net­works at the Uni­ver­si­ty of Bre­men is respon­si­ble for the oper­a­tion of the serv­er. The respec­tive edi­tors are respon­si­ble for the orga­ni­za­tion in the indi­vid­ual Fac­ul­ties. The Uni­ver­si­ty Exec­u­tive Board has gen­er­al respon­si­bil­i­ty for con­tent and decides in case of doubt about the admis­si­bil­i­ty of the data. The Con­tent Man­age­ment (Unit 03, Uni­ver­si­ty Com­mu­ni­ca­tion and Mar­ket­ing) main­tains the land­ing pages of the cen­tral web­site at www.uni-bremen.de. Oth­er­wise, the depart­ments, units, Fac­ul­ties and insti­tu­tions of the Uni­ver­si­ty are respon­si­ble for the con­tents they present.

I. Name and address of the per­son legal­ly respon­si­ble
Uni­ver­si­ty of Bre­men
The Uni­ver­si­ty Pres­i­dent, Prof. Dr.-Ing. Bernd Scholz-Reit­er
Bib­lio­thek­strasse 1–3
28359 Bre­men, Ger­many
Phone: +49 421 218–1
Email: webuni-bremen.de
Web­site: www.uni-bremen.de

II. Name and address of the data pro­tec­tion offi­cer:
Uni­ver­si­ty of Bre­men
Petra Banik
Refer­at 06
Bib­lio­thek­strasse 1–3
28359 Bre­men, Ger­many
Phone: +49 421 218–60211
Fax: +49 421 218–60210
Email: pbanik@uni-bremen.de

III. General Information about Data Processing

(1) The Uni­ver­si­ty of Bre­men takes data pri­va­cy very seri­ous­ly. We process the per­son­al data col­lect­ed when vis­it­ing our web­sites in full com­pli­ance with the applic­a­ble data pri­va­cy reg­u­la­tions. These include, in par­tic­u­lar, the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (DS-GVO), the Bre­men Imple­men­ta­tion Act on the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (BremDS­GVOAG) and the Bre­men Uni­ver­si­ty Law (Sec­tion 11 BremHG) and the Tele­me­dia Act (TMG) apply.

(2) In prin­ci­ple, we process per­son­al data of our users only inso­far as this is nec­es­sary to pro­vide a func­tion­ing web­site and present con­tent and ser­vices (see points 6 and 7). The pro­cess­ing of our users’ per­son­al data takes place only after obtain­ing their con­sent. An excep­tion applies in cas­es where pri­or con­sent is de fac­to not pos­si­ble and the sub­se­quent pro­cess­ing is per­mit­ted by law. Any use of your per­son­al data takes place sole­ly for the stat­ed pur­pos­es and to the extent nec­es­sary to serve these pur­pos­es.

(3) Your data will nei­ther be pub­lished by us nor with­out autho­riza­tion passed on to third par­ties. We point out, how­ev­er, that we are enti­tled in indi­vid­ual cas­es and on the order of the com­pe­tent bod­ies to pro­vide infor­ma­tion on col­lect­ed data for law enforce­ment pur­pos­es, to aid the police forces of the Län­der in the pre­ven­tion of risks and the Fed­er­al Intel­li­gence Ser­vice in ful­fill­ing the statu­to­ry duties of the con­sti­tu­tion­al pro­tec­tion author­i­ties of the Fed­er­al Gov­ern­ment and the Län­der (legal basis Arti­cle 6 sec­tion 1 item c DS-GVO).
In the fol­low­ing, we wish to inform you about the nature, scope and pur­pose of the col­lec­tion and use of per­son­al data.

1. Data collection and processing when accessing from the Internet

(1) When you vis­it our web­site, our web servers auto­mat­i­cal­ly save each access in a log file.

(2) This data is stored sep­a­rate­ly from oth­er data that you enter when using the web­site. It is not pos­si­ble for us to assign this data to a spe­cif­ic per­son. No stor­age of this data or oth­er per­son­al data of the user takes place. The stor­age in log files serves to ensure the func­tion­al­i­ty of the web­site. In addi­tion, the data is used to opti­mize the web­site and to ensure the secu­ri­ty of our IT sys­tems. This data is used in anonymized form for the sta­tis­ti­cal eval­u­a­tion of our web­site with AWStats and sub­se­quent­ly delet­ed. The legal basis for the tem­po­rary stor­age of data and log files is Arti­cle 6 sec­tion (1) item (f) DS-GVO.

The fol­low­ing data is recorded:

  • The IP address of the request­ing computer
  • Date and time of access
  • Access method /​ func­tion desired by the request­ing computer
  • Name and URL of the retrieved file
  • Trans­mit­ted amount of data
  • Access sta­tus of the web serv­er (file trans­fer, file not found, com­mand not exe­cut­ed, etc.)
  • The URL from which access is acquired

(3) The login for access to pro­tect­ed areas is par­tial­ly logged in order to detect attempts at abuse and pass­word attacks. There­by, no data is stored with the help of which per­son­al pro­files could be cre­at­ed about the user’s behav­ior.

(4) The col­lec­tion of such data and the stor­age of the data in log files is essen­tial for the pro­vi­sion and the oper­a­tion of the web­site. There is con­se­quent­ly no pos­si­bil­i­ty for users to protest such use.

2. Cookies

(1) Our web­sites use cook­ies in sev­er­al places. They serve to make our offer more user-friend­ly and effec­tive. Cook­ies are small text files that are stored by the brows­er on your com­put­er. Most of the cook­ies we use are so-called ses­sion cook­ies (legal basis, Arti­cle 6 sec­tion 1 item f DS-GVO), which are delet­ed when you end your brows­er ses­sion.

The fol­low­ing cook­ies are set:

  • ses­sion cook­ies (for ses­sion detec­tion, dura­tion: one session)
  • TYPO3 ses­sion cook­ie (for ses­sion detec­tion, dura­tion, one session)
  • JavaScript cook­ie for sound (for audio on /​ off, dura­tion: one session)
  • Mato­mo Cook­ies for web ana­lyt­ics (see sec­tion Analy­sis Services)

(2) In your brows­er set­tings, you can spec­i­fy whether cook­ies may be set or not.

3. Web analysis by Matomo (formerly PIWIK)

(1) Our web­site uses Mato­mo, which is a so-called web analy­sis ser­vice. Mato­mo uses so-called cook­ies, i.e. text files that are stored on your com­put­er and that enable us to ana­lyze the use of the web­site.

(2) For this pur­pose, the usage infor­ma­tion gen­er­at­ed by means of the cook­ie (includ­ing your short­ened IP address) is trans­mit­ted to our serv­er and stored for usage analy­sis pur­pos­es. With the aid of these sta­tis­tics we can improve our offer and make it more inter­est­ing for you as a user. Your IP address will be imme­di­ate­ly anonymized dur­ing this process so that you remain anony­mous to us as a user. The anonymiza­tion of the IP address suf­fi­cient­ly takes into account the inter­est of users in the pro­tec­tion of their per­son­al data. The infor­ma­tion gen­er­at­ed by the cook­ie about your use of this web­site will not be dis­closed to third par­ties. You may refuse the use of cook­ies by select­ing the appro­pri­ate set­tings on your brows­er. How­ev­er, in that case you may not be able to use the full func­tion­al­i­ty of the web­site.

(3) The legal basis for the use of Mato­mo is Arti­cle 6 (1) item f DS-GVO.

(4) If you do not agree with the stor­age and eval­u­a­tion of data from your vis­it, then you can object to the stor­age with a mouse click at any time. In this case, a so-called opt-out cook­ie is stored in your brows­er, with the result that Mato­mo is no longer able to col­lect any ses­sion data. N.B. If you delete your cook­ies, this also means that the opt-out cook­ie will also be delet­ed and may need to be reac­ti­vat­ed. More infor­ma­tion about the pri­va­cy set­tings of the Mato­mo soft­ware can be found at the fol­low­ing link: https://matomo.org/docs/privacy/. Cook­ie settings

4. Data security

(1) Our tech­ni­cal-orga­ni­za­tion­al secu­ri­ty mea­sures, with which we pro­tect all data from the access of unau­tho­rized per­sons, are always kept up-to-date. As far as your data is col­lect­ed and record­ed by us, it is stored on spe­cial­ly pro­tect­ed servers. These are pro­tect­ed by tech­ni­cal and orga­ni­za­tion­al mea­sures against loss, destruc­tion, access, mod­i­fi­ca­tion or dis­tri­b­u­tion by unau­tho­rized per­sons. Access to your data is only pos­si­ble for a lim­it­ed num­ber of autho­rized per­sons. All our employ­ees are sworn to con­fi­den­tial­i­ty. Per­son­al infor­ma­tion is always trans­mit­ted in encrypt­ed form. The trans­mit­ted data is stored in a data­base that is only acces­si­ble to administrators.

(2) We point out, how­ev­er, that data trans­mis­sion via the Inter­net (for exam­ple, when com­mu­ni­cat­ing by email) may be vul­ner­a­ble secu­ri­ty wise. There is no com­plete pro­tec­tion from the data being accessed by third parties.

5. Links to websites of other providers

Our Inter­net pages con­tain links (ref­er­ences) to exter­nal web­sites of third par­ties. Our web­sites may also con­tain links to exter­nal social net­works; how­ev­er, no plug-ins belong­ing to these net­works are used. These web­sites are sub­ject to the lia­bil­i­ty of the respec­tive oper­a­tor. There­fore, we can­not assume any lia­bil­i­ty for these exter­nal con­tents. At the time the links are includ­ed, there is no evi­dence of ille­gal con­tents on the respec­tive pages. How­ev­er, we have no influ­ence on the cur­rent and future design and con­tent of the linked sites. A per­ma­nent con­trol of these third par­ty sites would be unrea­son­able. If we become aware of a vio­la­tion, we will remove the link imme­di­ate­ly. When you leave this site, it is rec­om­mend­ed that you care­ful­ly read the pri­va­cy pol­i­cy of each web­site first.

6. YouTube

Our web­sites use an iFrame of the Google Inc. pow­ered YouTube site. The oper­a­tor of these pages is YouTube, LLC, 901 Cher­ry Ave., San Bruno, CA 94066, USA. When you vis­it one of our YouTube iFrame-equipped sites, you will be con­nect­ed to the servers of YouTube. It tells the YouTube serv­er which of our pages you’ve vis­it­ed. If you’re logged into your YouTube account, you allow YouTube to asso­ciate your brows­ing behav­ior direct­ly with your per­son­al pro­file. You can pre­vent this by log­ging out of your YouTube account. The legal basis is Arti­cle 6 sec­tion 1 item f). For more infor­ma­tion on how user data is han­dled, please refer to the YouTube Pri­va­cy Pol­i­cy at https.//www.google.de/intl/depolicies/privacy

7. Integrated Maps from Google Maps

The web­site con­tains embed­ded maps from Google Maps to illus­trate the university’s loca­tions. The maps from Google Maps are a prod­uct of Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. When you vis­it a page with an embed­ded map, your brows­er usu­al­ly con­nects direct­ly to Google’s servers. By doing so, Google receives the infor­ma­tion that your com­put­er has called up the cor­re­spond­ing page of our web­site. This will also give Google your computer’s IP address and infor­ma­tion about your brows­er. Google will receive this infor­ma­tion even if you do not have a Google account. If you are logged in to your Google account when you vis­it the site, it is pos­si­ble that Google may asso­ciate this direct­ly with your account. If you use cer­tain ser­vices of Google on the device used for retrieval and have not object­ed to access to your loca­tion data, pro­cess­ing of your loca­tion data may also occur in con­nec­tion with access­ing the page with the map. It is to be assumed that Google will use your data men­tioned for com­mer­cial pur­pos­es in addi­tion to enabling use, opti­miza­tion, and pre­ven­tion of mis­use. For more infor­ma­tion on data pro­tec­tion at Google, please vis­it policies.google.com/privacy. There you will also find infor­ma­tion on how you can restrict the pro­cess­ing of your data at Google. The uni­ver­si­ty has no influ­ence on the pro­cess­ing of data at Google.

8. Contact form

(1) If you send us inquiries via the con­tact form, your details from the appli­ca­tion form, includ­ing the con­tact details you pro­vid­ed there, will be stored in order to process the request and in case of fol­low-up ques­tions. We do not share this data. In order to answer your ques­tions, though, pro­vi­sion of your name and your email address is manda­to­ry.

(2) In case of your con­sent, the legal basis is Arti­cle 6 (1) item a DS-GVO.

(3) The grant­ed con­sent to the stor­age of the email address can be revoked at any time. In order to do so, you can con­tact the above men­tioned address­es or send an email to the fol­low­ing address: content@uni-bremen.de. In this case, all the per­son­al data stored in the course of mak­ing the con­tact will be deleted.

9. Newsletter data

(1) If you would like to receive newslet­ters that may be offered on the web­site, we need an email address from you, as well as infor­ma­tion that allows you to ver­i­fy that you are the own­er of the email address pro­vid­ed and that you agree to the receipt of the newslet­ter. Fur­ther data is not col­lect­ed. We use this data exclu­sive­ly for the deliv­ery of the request­ed infor­ma­tion and do not pass it on to third parties.

(2) You may revoke your con­sent to the stor­age of the data, the email address and its use for send­ing the newslet­ter at any time, for exam­ple via the “unsub­scribe” link in the newsletter.

(3) Legal basis for the pro­cess­ing of the data after reg­is­tra­tion for the newslet­ter is in the case of the user’s con­sent Arti­cle 6 sec­tion (1) item a DS-GVO.

(4) The data will be delet­ed as soon as they are no longer nec­es­sary for the achieve­ment of the pur­pose. The user’s email address is stored only as long as the sub­scrip­tion to the newslet­ter is active.

10. SSL encryption

This site uses SSL encryp­tion for secu­ri­ty rea­sons and to pro­tect the trans­mis­sion of sen­si­tive con­tent, such as the requests you send to us as the site oper­a­tor. You can rec­og­nize an encrypt­ed con­nec­tion when the address line of the brows­er changes from “http: /​/​” to “https: /​/​” and the lock sym­bol appears in your brows­er line. When SSL encryp­tion is enabled, it is vir­tu­al­ly impos­si­ble for third par­ties to read the data you trans­mit to us.

IV. Rights of the Data Subject

Inso­far as the Uni­ver­si­ty of Bre­men process­es the per­son­al data you pro­vide, you, as the per­son affect­ed, are enti­tled in accor­dance with DS-GVO to the fol­low­ing rights:

1. Right to information (Article 15 of the DS-GVO)

You may request con­fir­ma­tion as to whether per­son­al infor­ma­tion con­cern­ing you is being processed by us. If such pro­cess­ing is under­tak­en, you can request the fol­low­ing infor­ma­tion on:
(1) the pur­pos­es for which the per­son­al data are processed;

(2) the cat­e­gories of per­son­al data being processed;

(3) the recip­i­ents or the cat­e­gories of recip­i­ents to whom per­son­al data con­cern­ing you have been dis­closed or are still being dis­closed;

(4) the planned dura­tion of the stor­age of your per­son­al data or, if spe­cif­ic infor­ma­tion is not avail­able, cri­te­ria for deter­min­ing the dura­tion;

(5) the exis­tence of a right to rec­ti­fi­ca­tion or era­sure of per­son­al data con­cern­ing you (right to be for­got­ten), a right to restric­tion of pro­cess­ing by the con­troller or a right to object to such pro­cess­ing;

(6) the exis­tence of a right of appeal to a super­vi­so­ry author­i­ty;

(7) all avail­able infor­ma­tion on the source of the data if the per­son­al data is not col­lect­ed from the data sub­ject;

(8) the exis­tence of auto­mat­ed deci­sion-mak­ing includ­ing pro­fil­ing under Arti­cle 22 (1) and (4) of the DS-GVO Reg­u­la­tion and, at least in such cas­es, mean­ing­ful infor­ma­tion on the log­ic involved and the scope and intend­ed impact of such pro­cess­ing on the data sub­ject.
You have the right to request infor­ma­tion about whether your per­son­al infor­ma­tion has been com­mu­ni­cat­ed to a third coun­try or an inter­na­tion­al orga­ni­za­tion. In this con­nec­tion, based on the guar­an­tees con­tained in Arti­cle 46 DS-GVO you can request to be informed of any such trans­mis­sion of infor­ma­tion.
If your per­son­al data is processed for sci­en­tif­ic, his­tor­i­cal or sta­tis­ti­cal research pur­pos­es, the right of access may be lim­it­ed to the extent that it is like­ly to ren­der the research and sta­tis­tics pur­pos­es impos­si­ble or seri­ous­ly impair it, and the restric­tion is nec­es­sary for the pur­pos­es of research and statistics.

2. Right to rectification (Article 16 of the DS-GVO)

You have a right to rec­ti­fi­ca­tion and /​ or com­ple­tion vis-à-vis the con­troller if the per­son­al data processed is incor­rect or incom­plete. The con­troller must make the cor­rec­tion with­out delay.

3. Right to limit processing (Article 18 of the DS-GVO)

You may request the restric­tion of the pro­cess­ing of your per­son­al data under the fol­low­ing con­di­tions:
(1) if you con­test the accu­ra­cy of your per­son­al infor­ma­tion for a peri­od of time that enables the con­troller to ver­i­fy the accu­ra­cy of your per­son­al infor­ma­tion;

(2) if the pro­cess­ing is unlaw­ful and you refuse to have the per­son­al data delet­ed and instead demand the restric­tion of the use of the per­son­al data;

(3) if the con­troller no longer needs the per­son­al data for the pur­pos­es of pro­cess­ing; How­ev­er, you need these to enforce your exer­cise or defense of a legal claim, or

(4) if you have object­ed to the pro­cess­ing pur­suant to Arti­cle 21 sec­tion 1 DS-GVO and it is not yet cer­tain whether the legit­i­mate rea­sons of the per­son respon­si­ble out­weigh your rea­sons.

If the pro­cess­ing of per­son­al data con­cern­ing you has been restrict­ed, such data may be stored only with your con­sent or for the pur­pose of assert­ing, exer­cis­ing or defend­ing legal claims or pro­tect­ing the rights of anoth­er nat­ur­al per­son or for rea­sons of major pub­lic inter­est on the part of the Euro­pean Union or a Mem­ber State. If the pro­cess­ing of your data in accor­dance with the a.m. con­di­tions is restrict­ed, you will be informed by the con­troller before the restric­tion is lift­ed.
If your per­son­al data is processed for sci­en­tif­ic, his­tor­i­cal or sta­tis­ti­cal research pur­pos­es, the right of access may be lim­it­ed to the extent that it is like­ly to ren­der the research and sta­tis­tics pur­pos­es impos­si­ble or seri­ous­ly impaired, and the restric­tion is nec­es­sary for the pur­pos­es of research and statistics.

4. Right to cancellation (Article 17 of the DS-GVO)

a) Obligation to delete

You may require the con­troller to delete your per­son­al infor­ma­tion with­out delay. The con­troller is then oblig­ed to delete this data imme­di­ate­ly, pro­vid­ed one of the fol­low­ing rea­sons applies:
(1) The per­son­al data con­cern­ing you are no longer nec­es­sary for the pur­pos­es for which they were col­lect­ed or oth­er­wise processed.

(2) You revoke your con­sent to which the pro­cess­ing pur­suant to Arti­cle 6 sec­tion (1) item (a) or Arti­cle 9 sec­tion (2) item (a) DS-GVO referred and there is no oth­er legal basis for pro­cess­ing.

(3) You sub­mit a protest pur­suant to Arti­cle 21 sec­tion 1 DS-GVO against the pro­cess­ing and there are no legit­i­mate over­rid­ing rea­sons for the pro­cess­ing, or pur­suant to Arti­cle 21 (2) DS-GVO you sub­mit a protest about hav­ing your per­son­al data processed.

(4) Your per­son­al data have been processed unlaw­ful­ly.

(5) The dele­tion of per­son­al data con­cern­ing you shall be required to ful­fill a legal oblig­a­tion under EU law or the law of the Mem­ber State(s) to which the con­troller is sub­ject.

(6) The per­son­al data con­cern­ing you were col­lect­ed in rela­tion to infor­ma­tion soci­ety ser­vices offered pur­suant to Arti­cle 8 (1) of the DS-GVO.

b) Information to third parties

If the con­troller has made the per­son­al data con­cern­ing you pub­lic and is in accor­dance with Arti­cle 17 (1) under oblig­a­tion to have it erased, tak­ing due account of the tech­nol­o­gy avail­able and the imple­men­ta­tion costs, includ­ing appro­pri­ate tech­ni­cal mea­sures he/​she is to inform the data con­trollers who process the per­son­al data that you, the affect­ed per­son, have request­ed all links to such per­son­al infor­ma­tion or copies or repli­ca­tions of such per­son­al infor­ma­tion to be deleted.

c) Exceptions

The right to era­sure does not exist if the pro­cess­ing is deemed nec­es­sary

(1) to exer­cise the right to free­dom of expres­sion and infor­ma­tion;

(2) to ful­fill a legal oblig­a­tion required by the law of the Euro­pean Union or of the Mem­ber States to which the con­troller is sub­ject, or to car­ry out a task which is in the pub­lic inter­est or in the exer­cise of offi­cial author­i­ty con­ferred on the con­troller;

(3) for rea­sons of pub­lic inter­est in the field of pub­lic health pur­suant to Arti­cle 9 (2) item (h) and (i) as well as Arti­cle 9 (3) DS-GVO;

(4) for archival pur­pos­es of pub­lic inter­est, sci­en­tif­ic or his­tor­i­cal research pur­pos­es or for sta­tis­ti­cal pur­pos­es pur­suant to Arti­cle 89 (1) of the DS-GVO, in so far as the law referred to in sub­para­graph (a) is like­ly to ren­der impos­si­ble or seri­ous­ly affect the achieve­ment of the objec­tives of such pro­cess­ing, or

(5) to assert exer­cise or defense of legal rights.

5. Right to information (Article 19 of the DS-GVO)

If you have declared your right of rec­ti­fi­ca­tion, era­sure or restric­tion of pro­cess­ing to the con­troller, he/​she is oblig­ed to noti­fy all recip­i­ents to whom your per­son­al data have been dis­closed of this cor­rec­tion or dele­tion of the data or restric­tion of pro­cess­ing, unless this proves to be impos­si­ble or involves a dis­pro­por­tion­ate effort.
You shall have a right vis–vis the con­troller to be informed about these recipients.

6. Right to data portability (Article 20 DS-GVO)

You have the right to receive per­son­al­ly iden­ti­fi­able infor­ma­tion about you pro­vid­ed to the con­troller in a struc­tured, com­mon­ly used machine-read­able for­mat. More­over, you have the right to trans­fer this data to anoth­er per­son with­out hin­drance on the part of the con­troller, pro­vid­ed that
(1) the pro­cess­ing is based on a con­sent pur­suant to Arti­cle 6 sec­tion (1) or Item (a) DS-GVO or Arti­cle 9 sec­tion 2 item (a). DS-GVO or on a con­tract pur­suant to Arti­cle 6 sec­tion (1) item (b) DS-GVO and

(2) the pro­cess­ing is done by auto­mat­ed means.
In exer­cis­ing this right, you also have the right to have your per­son­al data trans­mit­ted direct­ly from one con­troller to anoth­er, inso­far as this is tech­ni­cal­ly fea­si­ble. Free­doms and rights of oth­er per­sons may not be affect­ed.

The right to data porta­bil­i­ty does not apply to the pro­cess­ing of per­son­al data nec­es­sary for the per­for­mance of a task car­ried out in the pub­lic inter­est or in the exer­cise of offi­cial author­i­ty vest­ed in the controller.

7. Right to object (Article 21 DS-GVO)

(1) You shall have the right at any time, for rea­sons aris­ing from your par­tic­u­lar sit­u­a­tion, to protest against the pro­cess­ing of your per­son­al data based on Arti­cle 6 sec­tion (1) item (e) or (f) DS-GVO ; this also applies to pro­fil­ing based on these pro­vi­sions.
The con­troller shall no longer process the per­son­al data con­cern­ing you unless he/​she can demon­strate com­pelling legit­i­mate grounds for pro­cess­ing that out­weigh your inter­ests, rights and free­doms, or the pro­cess­ing is for the pur­pose of estab­lish­ing, exer­cis­ing and defend­ing legal claims.

(2) Regard­less of Direc­tive 2002/​58 /​ EC, you have the option to exer­cise your right of objec­tion by means of auto­mat­ed pro­ce­dures using tech­ni­cal spec­i­fi­ca­tions in rela­tion to the use of infor­ma­tion soci­ety ser­vices.

(3) If your per­son­al data are processed for sci­en­tif­ic, his­tor­i­cal or sta­tis­ti­cal research pur­pos­es, you shall have the right, for rea­sons aris­ing from your par­tic­u­lar sit­u­a­tion, to object to pro­cess­ing for sci­en­tif­ic or his­tor­i­cal research pur­pos­es or for sta­tis­ti­cal pur­pos­es pur­suant to Arti­cle 89 DS-GVO. Your right of objec­tion may be lim­it­ed  inso­far as it is like­ly to ren­der impos­si­ble or seri­ous­ly affect the real­iza­tion of research and sta­tis­tics pur­pos­es and the restric­tion is nec­es­sary for the ful­fill­ment of tasks in the pub­lic interest.

8. Right to revoke data protection consent (Article 7 (3) DS-GVO)

You also have the right to revoke a pos­si­bly giv­en data pro­tec­tion con­sent form at any time. The revo­ca­tion of con­sent does not affect the legal­i­ty of the pro­cess­ing car­ried out on the basis of the con­sent until the revo­ca­tion. For this pur­pose and for fur­ther ques­tions on the sub­ject of per­son­al data, you can con­tact the above address­es as well as by email to the fol­low­ing address: content@uni-bremen.de.

9. Automated decision in individual cases including profiling (Article 22 DS-GVO)

You shall have the right not to be sub­ject to any deci­sion based sole­ly on auto­mat­ed pro­cess­ing, includ­ing pro­fil­ing, which will have legal effect or affect you in a sim­i­lar man­ner. This does not apply if the deci­sion

(1) is required for the con­clu­sion or per­for­mance of a con­tract between you and the con­troller,

(2) is per­mit­ted by Euro­pean Union or Mem­ber State leg­is­la­tion to which the con­troller is sub­ject, and where such leg­is­la­tion con­tains appro­pri­ate mea­sures to safe­guard your rights and free­doms and legit­i­mate inter­ests, or

(3) with your express con­sent.

How­ev­er, these deci­sions must not be based on spe­cial cat­e­gories of per­son­al data pur­suant to Arti­cle 9 (1) DS-GVO, unless Arti­cle 9 (2) item (a( or (g) DS-GVO applies and rea­son­able mea­sures have been tak­en to pro­tect the rights and free­doms as well as your legit­i­mate inter­ests. With regard to the cas­es referred to in (1) and (3), the con­troller shall take appro­pri­ate mea­sures to uphold your rights and free­doms and your legit­i­mate inter­ests, includ­ing at least the right to obtain the inter­ven­tion of a per­son by the con­troller, to explain his/​her own posi­tion and be heard.

10. Right to complain to a supervisory authority

With­out prej­u­dice to any oth­er admin­is­tra­tive or judi­cial rem­e­dy, you shall have the right to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State where you have your res­i­dence, place of work or place of alleged infringe­ment, if you believe that the pro­cess­ing of the per­son­al data con­cern­ing you con­sti­tutes a breach of DS-GVO. The super­vi­so­ry author­i­ty to which the com­plaint is sub­mit­ted shall inform the com­plainant of the ongo­ing sta­tus and out­come of the complaint.

V. Processing of Personal Data on Internal Access Protected Websites

(1) In the case of access-pro­tect­ed inter­nal web­sites of the Uni­ver­si­ty of Bre­men, which only con­cern infor­ma­tion plat­forms acces­si­ble to uni­ver­si­ty mem­bers, the logged-in and reg­is­tered users (stu­dents, employ­ees, uni­ver­si­ty mem­bers with user account) have the fol­low­ing per­son­al data col­lect­ed dur­ing their stay on these pages:

a) name of the user,

(b) the email address asso­ci­at­ed with the account,

© if applic­a­ble, the mem­ber­ship of the user to a spe­cif­ic user group.

(2) Legal basis for the pro­cess­ing of the per­son­al data is the con­sent of the user in accor­dance with Arti­cle 6 sec­tion (1) item (a) DS-GVO. The col­lec­tion of data serves to enable the use of restrict­ed Inter­net sites (estab­lish­ing con­nec­tion), as well as for pur­pos­es of sys­tem secu­ri­ty, tech­ni­cal admin­is­tra­tion, the net­work infra­struc­ture and to opti­mize the offers. The data shall be delet­ed as soon as it is no longer nec­es­sary to achiev­ing the pur­pose of its col­lec­tion. This is deemed to be the case after log­ging off or clos­ing the web browser.

VI. Validity and Timeliness of the Privacy Policy (as of July 2018)

By using our web­site, you con­sent to the use of the data as described above. This pri­va­cy pol­i­cy is imme­di­ate­ly valid and super­sedes all pri­or state­ments. This state­ment will be updat­ed as nec­es­sary to bring it into line with the con­tent of the web­site as well as more gen­er­al­ly with leg­isla­tive changes.