Content

Privacy Statement

Privacy Policy for Social Media Platforms Used by Univention

Privacy Statement

Thank you for visiting our website at www.univention.com/ or www.univention-summit.com. In the following, we would like to inform you how we handle your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

The body named in the Imprint is responsible for the data processing as represented below.

Usage data

When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol with the aim of improving the quality of our websites. This data set comprises:

  • the name and address of the requested content;
  • the date and time of the request;
  • the data volume transferred;
  • the access status (content transferred, content not found);
  • the description of the Internet browser and operating system used;
  • the referral link, which indicates from which website you came to ours;
  • the IP address of the requesting computer, which is abbreviated in such a way that it can no longer be linked to a specific person.

The protocol data specified is only evaluated anonymously.

Data security

We employ technical and organizational measures to protect your data as comprehensively as possible from unwanted access. We use an encryption process on our websites. Your data is transferred from your computer to our server and vice versa over the Internet using a TLS encryption protocol. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Necessary cookies

Our websites use cookies, which are required for use of our websites.
Cookies are small text files that can be saved and read out on your end device. A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analytical, tracking, or advertising purposes.
To some extent, these cookies merely contain information regarding certain settings and are not linked to a specific person. They may also be required to enable the site’s user guidance, security, and implementation.

We use these cookies on the basis of point (f) of Art. 6 (1) of the GDPR.

You can adjust your browser settings to notify you about the placement of cookies – this makes the use of cookies transparent for you. In addition, you can also delete the corresponding browser setting and prevent the saving of new cookies at any time. Please note that it may then not be possible to display our websites and some functions will no longer be available for technical reasons.

The following necessary cookies are used:

Cookie Purpose Duration of storage
pll_language Saves the language 1 year
shown-overlays Saves the IDs of already shown pop-up overlays so that they are shown once 1 day
closedForms Saves which forms are closed/sent so that they are/remain hidden afterward Session
borlabs-cookie Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie 30 days
https-_csrf Allows basic functions of the Univention App Center Shop Session
OROSFID Allows basic functions of the Univention App Center Shop Session
klaro Saves the cookie banner settings for the Univention App Center Shop 1 year
_forum_session Session Cookie Session
_t User authentication token cookie 2 months

 

Matomo

We use the web analysis tool Matomo to design our websites to suit your needs. Matomo creates usage profiles on the basis of pseudonyms. To this end, permanent cookies are saved on your end device and read out by us. This allows us to identify returning visitors and count them as such.

The data processing is performed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR and Section 25 Para 1 Sentence 1 of the German Telecommunications Telemedia Data Protection Act (TTDSG), provided that you have given your consent via our banner.

You can revoke your consent at any time. To do so, please follow the link below and make the appropriate settings via our banners.

Open Cookie Consent Banner

The following analysis cookies are used:

Cookie Purpose Duration of storage
_pk_id Saves information on the visitor including the user ID 13 months
_pk_ref Saves how you originally came to the website (referrer) 6 months
_pk_ses, _pk_cvar, _pk_hsr Cookies for short-term saving of information in connection with the visit to the website 30 minutes
_pk_testcookie This cookie is used as a test to determine whether the user’s browser accepts cookies. It is deleted immediately after being created. None

 

Contact form

You have the option of contacting us via our contact form. For it to be possible to use the contact form, we first require you to complete the data marked as required fields.
We use these data on the basis of point (f) of Art. 6 (1) of the GDPR to respond to your query.

In addition, you can also decide for yourself whether you would like to provide us with additional data. Such data is provided voluntarily and is not urgently required for contacting us. Your voluntarily provided data are processed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR.

Your data is only processed to respond to your query. We delete your data once it is no longer required and provided that we are not legally required to store it for longer.
Insofar as the data you provide via the contact form are processed on the basis of point (f) of Art. 6 (1) of the GDPR, you may object to the processing at any time. Furthermore, you can withdraw your consent to the processing of the voluntarily provided data at any time. To do so, please use the e-mail address provided in the imprint.

In addition, you have the option of agreeing to your data being forwarded to our partner companies. This is done for the purpose of advertising contact of the selected partner companies with you. The forwarding of your contact data as well as the processing of this data by the selected partner companies is based on your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO. We will forward your consent to the selected partner companies. The selected partner companies are responsible for the data processing there for the purpose of contacting you in accordance with Art. 4 No. 7 DSGVO.

You can revoke your consent at any time without giving reasons. To do so, please contact the e-mail address stated in the imprint. We ask you to address the revocation against the processing of your data for advertising contact by the respective partner companies directly to them. Even after your revocation, the previously performed transfer and processing of your contact data remain lawful.

For the following partner companies, consent can be given for contacting:

Social Plugins

We provide you with the use of social plugins. For data protection reasons, however, we only integrate the social plugins we use in deactivated form. Therefore, when you call up our websites, no data is transmitted to social media services.

However, you have the option of activating and using the social plugins integrated on our websites. For this purpose, we use a solution that results in all the data and functions required to display the social plugin being provided by our web server as a first step. Only when you decide to activate the respective social plugin and click on the corresponding preview image or icon, a connection to the servers of the operator of the respective social media service is established by your browser in a second step.

When you activate a plugin, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our websites. This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create usage profiles from your data and use them for the purpose of personalized advertising. In addition, your data will be used to inform other users of the social media service about your activities on our websites.

The embedding takes place on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO or § 25 para. 1 TTDSG, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many social plugins leads to your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. If we use providers in unsafe third countries and you consent, the transfer to an unsafe third country will be based on Art. 49 (1) lit. a DSGVO.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective social plugin.

Embedded videos

We embed videos on our websites that are not stored on our servers. In order to ensure that viewing our websites with embedded videos does not automatically result in third-party content being reloaded, we only show locally stored preview images of the videos in a first step. This does not provide the third party with any information.

The third-party content is only reloaded if you click on the preview image. The third party is then informed that you have visited our site and is provided with the usage data technically required in this scope. In addition, the third party is then in a position to implement tracking technologies. We have no further influence on the data processing performed by the third party. By clicking on the preview image, you give us your consent to reloading the third-party content.

This embedding is performed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many videos results in your data being processed outside of the EU/EEA. In some countries, there is the risk that authorities will access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country is performed on the basis of point (a) of Art. 49 (1) of the GDPR.

Provider Appropriate data protection level Withdrawal of consent
YouTube / Google (USA) No appropriate data protection level. The transfer is performed on the basis of point (a) of Art. 49 (1) of the GDPR. If you have clicked on a preview image, the third-party content is reloaded directly. If you do not want such reloading to occur on other sites, please do not click on any more preview images.

 

Newsletter subscription and sending of newsletter

You can order a newsletter on our website. Please note that we require certain data to subscribe you to the newsletter (at least your e-mail address).
We use the newsletter provider MailChimp to send our newsletter. If you subscribe to our newsletter, the data that you provide during the newsletter subscription process is forwarded to MailChimp and stored there. MailChimp offers comprehensive possibilities for analyzing the use of the newsletter. These analyses are based on groups, and we do not use them for individual evaluations. Further information on MailChimp and data privacy at MailChimp can be found here: https://mailchimp.com/legal/privacy/

The newsletter is only sent if you have expressly given your consent in accordance with point (a) of Art. 6 (1) of the GDPR. You may withdraw your consent at any time. One simple option for withdrawing consent is the Unsubscribe link included in every newsletter, for example.

In the scope of the newsletter subscription process, we save additional data beyond those already specified, provided that this is necessary so as to allow us to prove that you have subscribed to our newsletter. This may include saving of the complete IP address at the time you subscribed to or confirmed the newsletter. The corresponding data processing is performed on the basis of point (f) of Art. 6 (1) of the GDPR and in the interest of being able to account for the legality of sending the newsletter.

Please note that the use of MailChimp results in your data being processed outside of the EU/EEA. In some countries, there is the risk that authorities access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country is performed on the basis of point (a) of Art. 49 (1) of the GDPR.

Provider Appropriate data protection level Withdrawal of consent
The Rocket Science Group LLC (USA) and sub-processors in the USA No appropriate data protection level. The transfer is performed on the basis of point (a) of Art. 49 (1) of the GDPR. You can unsubscribe at any time by clicking on the Unsubscribe link in any newsletter.

 

Password-protected area – Univention App Center

Certain elements of our offering, e.g., the downloading of specific apps from the App Center, require registration as a user; at other points, we offer you voluntary registration. Registration consists of you providing your name, your e-mail address, and, in some cases, additional data to us. If you register in this way, we collect and process the data provided there to optimize our offering, in order to contact you via e-mail, for example, as well as for the purposes of contract management, and, in particular, forward them on to the respective contractual partner whose offer you use via the App Center, for example. The processing is performed on the basis of point (b) of Art. 6 (1) of the GDPR or on the basis of point (f) of Art. 6 (1) of the GDPR in the interest of making the services and information in the password-protected area available to you.
If we collect additional data or these data are forwarded to third parties via our App Center, this forwarding is performed based on your consent in accordance with point (a) of Art. 6 (1) of the GDPR.
If you would like to log out of our password-protected area permanently, please use the logout option that we have made available in the area.n.

Duration of storage

Unless we have already provided specific information about the individual storage period, we delete personal data once it is no longer required for the aforementioned processing purposes and there are no legal storage obligations preventing its deletion.

Additional processors

In the scope of processing in accordance with Art. 28 of the GDPR, we provide your data to service providers who assist us with the operation of our websites and the associated processes. They include hosting service providers, for example. Our service providers are strictly bound by instructions and contractually bound to us accordingly.

In the following, we name the processors with whom we work, if we have not already done so in the preceding text of the privacy policy. If data is transferred outside the EU or EEA in this context, we provide information on the appropriate level of data protection.

Processor Purpose Appropriate level of data protection
Hetzner Online GmbH (Deutschland) Webhosting and Support Processing only within EU/EEAOnline applications

 

Online Application

You have the option of applying to the job vacancies we publish online via our website. In addition to the required data, you decide for yourself the extent of the data that you would like to send to us in the scope of your online application.

We process your personal data in accordance with the applicable data privacy provisions on the basis of Section 26 of the German Federal Data Protection Act (BDSG). We process the data you offer to us in the scope of your online application exclusively for the purpose of selecting applicants. The data is not processed for any other purposes.

Online applications are made available to our HR department and the heads of the respective teams and departments. The data is transferred encrypted. It goes without saying that we treat your data confidentially. We employ service providers who are strictly bound by instructions, who offer us IT support, and with whom we have concluded special contracts for processing. Your data is not provided to anyone else. If your application is not successful, your documents are deleted after six months.
In individual cases, some data may be stored for longer (e.g., claims for travel expenses). The duration of storage is then dictated by the legal storage obligations, e.g., in the German Tax Code (6 years) or the German Commercial Code (10 years).

If you are not hired for the vacant position but your application is still of interest to us, we will ask you whether we may keep your application for future vacancies. We then process your data on the basis of point (a) of Art. 6 (1) of the GDPR.

Registration for Univention Summit

Within our event offer, functions and contents of the service pretix are provided by

rami.io Softwareentwicklung
Raphael Michel
Römerstraße 245
69126 Heidelberg

Germany

This includes the ticket store, which is integrated via a JavaScript widget. When you buy a ticket, pretix uses a technically necessary cookie to enable the order process and to remember which shopping cart belongs to you. The cookie is set as soon as you interact with the widget. pretix does not store IP addresses, browser information or other unnecessary meta data beyond the duration of your request.

You can find further information on data protection at pretix here: https://pretix.eu/about/en/privacy
If you pay by credit card, your credit card number is never stored on our servers, except for the last four digits. It is transmitted directly to the payment provider company Stripe. For more information about Stripe’s privacy policy, please click here: https://stripe.com/terms

Creation and publication of photos and videos as part of the Univention Summit

As part of the Univention Summit event, we, Univention GmbH (e-mail: kontakt@univention.de), would like to take photos and videos. The main aim here is to capture the overall events and the course of the event for internal documentation. Occasionally, however, it can also happen that recordings are made by small groups or individuals that we would also like to publish.

We would like to use these photographs and videos for the following purposes and publish them free of charge:

Internal documentation

For the internal documentation and presentation of the final event as well as for representation purposes.

On our website

For the public representation and presentation of the event on the German-language and English-language websites www.univention.de, www.univention.com/ as well as www.univention-summit.de and www.univention-summit.com.

In social networks (Facebook, Instagram, LinkedIn, Twitter, Xing, Youtube)

For the public display and presentation of the events on the social networks we use.
Please note that the recordings published on social media sites are subject to processing over which we have no influence. Some social media platforms have in the past included ways to automatically identify and tag people in photos. In addition, content that has been shared can often no longer be deleted due to the terms of use of the platforms and is beyond our control.

Legal basis of processing

The legal basis for processing with regard to the recording, internal documentation and publication of photos of the overall happenings, the course of the events and of large groups of people is Article 6 Paragraph 1 Sentence 1 lit. f General Data Protection Regulation (GDPR). Univention GmbH has a legitimate interest in documenting the event with photographs and using these to represent the university and for public relations and marketing work. If you are part of these photographs, you can object to the processing at any time with effect for the future. To do this, please contact the above email address.

The legal basis for processing with regard to the publication of photos of small groups of people and individuals is your consent in accordance with Article 6 (1) sentence 1 lit. a GDPR. In particular, we assume your consent if you deliberately allow yourself to be photographed and pose for photos. You can revoke your consent at any time with effect for the future.

Data receiver

When creating the photos and videos, we are supported by a professional photographer. He acts strictly according to our instructions. We have concluded a separate contract for order processing with them.

Data erasure

All recordings made by us will be deleted as soon as the processing is no longer required for the above-mentioned purposes or an effective revocation has been given. Please note that when recordings are published on the Internet, there is always a risk that they will be processed without our intervention and that full deletion is therefore no longer possible. This applies accordingly to press articles etc. published on the Internet, which can be located and retrieved by Internet search engines at home and abroad.

Privacy Policy for Social Media Platforms Used by Univention

When you visit our social media pages, it may be necessary to process your personal data. We want to inform you of the following details relating to how your data is handled and the rights you have resulting from this, in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Controller

We, Univention GmbH, operate the following social media pages:

You can find our contact data in the imprint.

Data Processing We Undertake

Public Relations

The data you provide on our social media pages, such as usernames, comments, videos, images, likes, public messages, etc., are published by the social media platform and are not processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. If applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.

If you submit a request to us on the social media platform, depending on the content, we may also refer you to other secure communication channels that guarantee confidentiality. For example, you have the option at any time to send us your inquiries to the address or e-mail address listed in the imprint. The choice of the appropriate communication channel is your own responsibility in this regard.

The legal basis for processing your data is Art. 6 (1) S. 1 (f) of the GDPR. The data is processed in the legitimate interest of our public relations and to communicate with you.

Data Processing Activities Under Joint Responsibility

For some of the processing activities, we are jointly responsible with the respective operator of the social media platform.

Accordingly, we have concluded the mandatory agreement pursuant to Art. 26 DSGVO as far as possible.

The key components of shared accountability can be found in the section below.

Targeted Advertising

We also use the described social media platforms to play out targeted advertising.

For this purpose, we use target group definitions provided to us by the social media operator. We only use anonymous target group definitions – that is, we define characteristics based on general demographic information, behavior, interests and connections, for example. The operator of the social media platform uses these to play advertisements to its users accordingly. The legal basis for this is the consent that the operator of the social media platform has obtained from its users.

If you wish to revoke this consent, please use the revocation options provided by the operator of the social media platform, as the social media platform operator is responsible for this processing.

We or the operator of the social media platform also use publicly available data for target group definition. The legal basis for this processing is then Art. 6 (1) p. 1 lit. f DSGVO. The legitimate interest on our part here is to define a target group that is as suitable as possible. We never use sensitive categories of personal data mentioned in Art. 9 and 10 DSGVO (e.g. political opinions, sexual orientation) for target group definition.

We do not use target group definition based on location data. We do not pass on any personal data to the operator of the social media platform as part of the target group definition.

Data Processing by the Operator of the Social Media Platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform.

We would therefore like to point out that it cannot be ruled out that the operator of the social media platform uses and evaluates your profile and behavioral data for its own purposes. We have no influence on the processing of your data by the operator of the social media platform. Please take this into account when using the social media platform.

You can find more information on data processing by the operator of the social media platform, configuration options for protecting your privacy, and further objection options in the operator’s privacy policy.

Mastodon Profile

Under the profile domain https://univention.social/@univention, you can also find us on the short message service Mastodon. Mastodon is a decentralized microblogging service, which can be operated decentrally on your own servers.

When you call up and use our company profile, an encrypted connection is established to the web server on which the instance is operated. In order to be able to display the content correctly in your end device, the following data, among others, is processed in accordance with the HTTP and TCP/IP protocol:

  • Your IP address of your internet connection,
  • the operating system and operating system version of your end device, the display resolution of your device,
  • the Internet browser and browser version you use, and
  • the time of your access to our web profile.

This technical data is processed so that this website can be transmitted from the web server to the end device used and can be processed and displayed correctly by your browser. After each page visit, some of these data are stored in logs of the web hoster. The web hoster processes this data for server maintenance and security purposes, but deletes IP addresses after 14 days at the latest, usually sooner.

As a hosting provider, we use the company Weingärtner IT, Großzschachwitzer Strasse 14, 01259 Dresden, Germany, with headquarters and server location in the European Union. The company is subject to our instructions as a processor and has contractually agreed to comply with technical and organizational security measures.

Use of Cookies

Mastodon uses cookies (small text files that make your browser uniquely distinguishable from others) to provide core and convenience features to you. Among other things, these cookies allow the instance to recognize your browser and, if you have a registered account, to link it to your registered account.

We would like to point out that you use Mastodon and its functionalities under your own responsibility.

Duration of Storage

We delete personal data once is no longer required for the aforementioned processing purposes and there are no legal storage obligations preventing their deletion.

Your rights as a data subject

As regards the processing of your personal data, the GDPR grants you as a data subject certain rights:

Right to access (Art. 15 of the GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in Art. 15 of the GDPR.

Right to rectification (Art. 16 of the GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if applicable to have incomplete personal data completed.

Right to erasure (Art. 17 of the GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 of the GDPR applies:

Right to restriction of processing (Art. 18 of the GDPR)

You have the right to obtain restriction of processing where one of the requirements listed in Art. 18 of the GDPR applies, for example if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 of the GDPR)

In certain cases, listed individually in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and have the right to have these data transmitted to another controller.

Right to withdrawal (Art. 7 of the GDPR)

If data is processed on the basis of your consent, you are entitled in accordance with Art. 7 (3) of the GDPR to withdraw your consent to the use of your personal data at any time. Please note that this withdrawal of consent is only effective for the future and does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object (Art. 21 of the GDPR)

If data are processed on the basis of point (f) of Art. 6 (1) of the GDPR (processing for the purposes of legitimate interests) or on the basis of point (e) of Art. 6 (1) of the GDPR (processing for the performance of a task carried out in the public interest or in the exercise of official authority), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then not process your personal data any further, unless there are demonstrably compelling reasons for processing which are worthy of protection and outweigh your interests, rights, and freedoms, or the processing is necessary for the assertion, exercising, or defense of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection provisions. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Asserting your rights

Unless otherwise specified above, please contact the body named in the Imprint to assert your rights as a data subject.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information regarding all aspects of data protection and can be contacted here

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Germany

Website: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

If you do contact our data protection officer, please also specify the controller as named in the Imprint.