Privacy Statement

Thank you for visiting our website at www.univention.com or www.univention-summit.com. In the following, we would like to inform you how we handle your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

The body named in the Imprint is responsible for the data processing as represented below.

Usage data

When you visit our websites, so-called usage data are temporarily evaluated on our web server for statistical purposes as a protocol with the aim of improving the quality of our websites. This data set comprises:

  • the name and address of the requested content;
  • the date and time of the request;
  • the data volume transferred;
  • the access status (content transferred, content not found);
  • the description of the Internet browser and operating system used;
  • the referral link, which indicates from which website you came to ours;
  • the IP address of the requesting computer, which is abbreviated in such a way that it can no longer be linked to a specific person.

The protocol data specified are only evaluated anonymously.

Data security

We employ technical and organizational measures to protect your data as comprehensively as possible from unwanted access. We use an encryption process on our websites. Your data are transferred from your computer to our server and vice versa over the Internet using a TLS encryption protocol. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Necessary cookies

Our websites use cookies, which are required for use of our websites.
Cookies are small text files that can be saved and read out on your end device. A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these necessary cookies for analytical, tracking, or advertising purposes.
To some extent, these cookies merely contain information regarding certain settings and are not linked to a specific person. They may also be required to enable the site’s user guidance, security, and implementation.
We use these cookies on the basis of point (f) of Art. 6 (1) of the GDPR.
You can adjust your browser settings to notify you about the placement of cookies – this makes the use of cookies transparent for you. In addition, you can also delete the corresponding browser setting and prevent the saving of new cookies at any time. Please note that it may then not be possible to display our websites and some functions will no longer be available for technical reasons.

The following necessary cookies are used:

Cookie Purpose Duration of storage
pll_language Saves the language 1 year
shown-overlays Saves the IDs of already shown pop-up overlays so that they are shown once 1 day
closedForms Saves which forms are closed/sent so that they are/remain hidden afterward Session
viewed_cookie_policy Saves that the cookie banner has been displayed and closed 1 year
cookielawinfo-checkbox-necessary Saves the “Recuired cookies” setting 1 year
cookielawinfo-checkbox-non-necessary Saves the “Cookies for analyses” setting 1 year
https-_csrf Allows basic functions of the Univention App Center Shop Session
OROSFID Allows basic functions of the Univention App Center Shop Session
klaro Saves the cookie banner settings for the Univention App Center Shop 1 year
_forum_session Session Cookie Session
_t User authentication token cookie 2 months

 

Matomo

We use the web analysis tool Matomo to design our websites to suit your needs. Matomo creates usage profiles on the basis of pseudonyms. To this end, permanent cookies are saved on your end device and read out by us. This allows us to identify returning visitors and count them as such.
The data processing is performed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR and Section 15 Para 3 Sentence 1 of the German Telemedia Act (TMG), provided that you have given your consent via our banner.
You may withdraw your consent at any time. To do so, please click on the Privacy Settings button in the bottom right-hand corner and change the corresponding settings via our banner.
The following analysis cookies are used:

Cookie Purpose Duration of storage
_pk_id Saves information on the visitor including the user ID 13 months
_pk_ref Saves how you originally came to the website (referrer) 6 months
_pk_ses, _pk_cvar, _pk_hsr Cookies for short-term saving of information in connection with the visit to the website 30 minutes
_pk_testcookie This cookie is used as a test to determine whether the user’s browser accepts cookies. It is deleted immediately after being created. None

 

Zoho PageSense

We use Zoho PageSense to be able to evaluate visits to our website and design our website to be more tailored to suit needs. This involves evaluation of your visits in a pseudonymized form provided that you have given your consent. The legal basis for the processing is Section 15 Para 3 of the TMG. You can withdraw your consent at any time by clicking on the Privacy Settings button in the bottom right-hand corner.

Cookie Purpose Duration of storage
zabUserId This cookie sends a unique ID of every visitor taking part in the evaluation. 1 year
zabVisitId This cookie sends a unique ID for each of the visitor’s visits. It changes with each visit. Session

 

Contact form

You have the option of contacting us via our contact form. For it to be possible to use the contact form, we first require you to complete the data marked as required fields.
We use these data on the basis of point (f) of Art. 6 (1) of the GDPR to respond to your query.
In addition, you can also decide for yourself whether you would like to provide us with additional data. Such data are provided voluntarily and are not urgently required for contacting us. Your voluntarily provided data are processed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR.
Your data are only processed to respond to your query. We delete your data once they are no longer required and provided that we are not legally required to store them for longer.
Insofar as the data you provide via the contact form are processed on the basis of point (f) of Art. 6 (1) of the GDPR, you may object to the processing at any time. Furthermore, you can withdraw your consent to the processing of the voluntarily provided data at any time. To do so, please use the e-mail address provided in the Imprint.

Embedded videos

We embed videos on our websites which are not stored on our servers. In order to ensure that viewing our websites with embedded videos does not automatically result in third-party content being reloaded, we only show locally stored preview images of the videos in a first step. This does not provide the third party with any information.
The third-party content is only reloaded if you click on the preview image. The third party is then informed that you have visited our site and is provided with the usage data technically required in this scope. In addition, the third party is then in a position to implement tracking technologies. We have no further influence on the data processing performed by the third party. By clicking on the preview image, you give us your consent to reloading the third-party content.
This embedding is performed on the basis of your consent in accordance with point (a) of Art. 6 (1) of the GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many videos results in your data being processed outside of the EU/EEA. In some countries, there is the risk that authorities access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country is performed on the basis of point (a) of Art. 49 (1) of the GDPR.

Provider Appropriate data protection level Withdrawal of consent
YouTube / Google (USA) No appropriate data protection level. The transfer is performed on the basis of point (a) of Art. 49 (1) of the GDPR. If you have clicked on a preview image, the third-party content is reloaded directly. If you do not want such reloading to occur on other sites, please do not click on any more preview images.

 

Newsletter subscription and sending of newsletter

You can order a newsletter on our website. Please note that we require certain data to subscribe you to the newsletter (at least your e-mail address).
We use the newsletter provider MailChimp to send our newsletter. If you subscribe to our newsletter, the data that you provide during the newsletter subscription process are forwarded to MailChimp and stored there. MailChimp offers comprehensive possibilities for analyzing the use of the newsletter. These analyses are based on groups, and we do not use them for individual evaluations. Further information on MailChimp and data privacy at MailChimp can be found here: https://mailchimp.com/legal/privacy/

The newsletter is only sent if you have expressly given your consent in accordance with point (a) of Art. 6 (1) of the GDPR. You may withdraw your consent at any time. One simple option for withdrawing consent is the Unsubscribe link included in every newsletter, for example.
In the scope of the newsletter subscription process, we save additional data beyond those already specified, provided that this is necessary so as to allow us to prove that you have subscribed to our newsletter. This may include saving of the complete IP address at the time you subscribed to or confirmed the newsletter. The corresponding data processing is performed on the basis of point (f) of Art. 6 (1) of the GDPR and in the interest of being able to account for the legality of sending the newsletter.
Please note that the use of MailChimp results in your data being processed outside of the EU/EEA. In some countries, there is the risk that authorities access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country is performed on the basis of point (a) of Art. 49 (1) of the GDPR.

Provider Appropriate data protection level Withdrawal of consent
The Rocket Science Group LLC (USA) and sub-processors in the USA No appropriate data protection level. The transfer is performed on the basis of point (a) of Art. 49 (1) of the GDPR. You can unsubscribe at any time by clicking on the Unsubscribe link in any newsletter.

 

Password-protected area – Univention App Center

Certain elements of our offering, e.g., the downloading of specific apps from the App Center, require registration as a user; at other points, we offer you voluntary registration. Registration consists of you providing your name, your e-mail address, and, in some cases, additional data to us. If you register in this way, we collect and process the data provided there to optimize our offering, in order to contact you via e-mail, for example, as well as for the purposes of contract management, and, in particular, forward them on to the respective contractual partner whose offer you use via the App Center, for example. The processing is performed on the basis of point (b) of Art. 6 (1) of the GDPR or on the basis of point (f) of Art. 6 (1) of the GDPR in the interest of making the services and information in the password-protected area available to you.
If we collect additional data or these data are forwarded to third parties via our App Center, this forwarding is performed based on your consent in accordance with point (a) of Art. 6 (1) of the GDPR.
If you would like to log out of our password-protected area permanently, please use the logout option that we have made available in the area.n.

Duration of storage

Unless we have already provided specific information about the individual storage period, we delete personal data once they are no longer required for the aforementioned processing purposes and there are no legal storage obligations preventing their deletion.

Additional processors

In the scope of processing in accordance with Art. 28 of the GDPR, we provide your data to service providers who assist us with the operation of our websites and the associated processes. They include hosting service providers, for example. Our service providers are strictly bound by instructions and contractually bound to us accordingly.

Online applications

You have the option of applying to the job vacancies we publish online via our website. In addition to the required data, you decide for yourself the extent of the data that you would like to send to us in the scope of your online application.
We process your personal data in accordance with the applicable data privacy provisions on the basis of Section 26 of the German Federal Data Protection Act (BDSG). We process the data you offer to us in the scope of your online application exclusively for the purpose of selecting applicants. The data are not processed for any other purposes.
Online applications are made available to our HR department and the heads of the respective teams and departments. The data are transferred encrypted. It goes without saying that we treat your data confidentially. We employ service providers who are strictly bound by instructions, who offer us IT support, and with whom we have concluded special contracts for processing. Your data are not provided to anyone else. If your application is not successful, your documents are deleted after six months.
In individual cases, some data may be stored for longer (e.g., claims for travel expenses). The duration of storage is then dictated by the legal storage obligations, e.g., in the German Tax Code (6 years) or the German Commercial Code (10 years).
If you are not hired for the vacant position but your application is still of interest to us, we will ask you whether we may keep your application for future vacancies. We then process your data on the basis of point (a) of Art. 6 (1) of the GDPR.

Registration for Univention Summit

Within our event offer, functions and contents of the service pretix are provided by

rami.io Softwareentwicklung
Raphael Michel
Römerstraße 245
69126 Heidelberg

Germany

This includes the ticket store, which is integrated via a JavaScript widget. When you buy a ticket, pretix uses a technically necessary cookie to enable the order process and to remember which shopping cart belongs to you. The cookie is set as soon as you interact with the widget. pretix does not store IP addresses, browser information or other unnecessary meta data beyond the duration of your request.

You can find further information on data protection at pretix here: https://pretix.eu/about/en/privacy
If you pay by credit card, your credit card number is never stored on our servers, except for the last four digits. It is transmitted directly to the payment provider company Stripe. For more information about Stripe’s privacy policy, please click here: https://stripe.com/terms

Your rights as a data subject

As regards the processing of your personal data, the GDPR grants you as a data subject certain rights:

Right to access (Art. 15 of the GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in Art. 15 of the GDPR.

Right to rectification (Art. 16 of the GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if applicable to have incomplete personal data completed.

Right to erasure (Art. 17 of the GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 of the GDPR applies:

Right to restriction of processing (Art. 18 of the GDPR)

You have the right to obtain restriction of processing where one of the requirements listed in Art. 18 of the GDPR applies, for example if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 of the GDPR)

In certain cases, listed individually in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and have the right to have these data transmitted to another controller.

Right to withdrawal (Art. 7 of the GDPR)

If data is processed on the basis of your consent, you are entitled in accordance with Art. 7 (3) of the GDPR to withdraw your consent to the use of your personal data at any time. Please note that this withdrawal of consent is only effective for the future and does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object (Art. 21 of the GDPR)

If data are processed on the basis of point (f) of Art. 6 (1) of the GDPR (processing for the purposes of legitimate interests) or on the basis of point (e) of Art. 6 (1) of the GDPR (processing for the performance of a task carried out in the public interest or in the exercise of official authority), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then not process your personal data any further, unless there are demonstrably compelling reasons for processing which are worthy of protection and outweigh your interests, rights, and freedoms, or the processing is necessary for the assertion, exercising, or defense of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection provisions. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Asserting your rights

Unless otherwise specified above, please contact the body named in the Imprint to assert your rights as a data subject.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information regarding all aspects of data protection and can be contacted here

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Germany

Website: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

If you do contact our data protection officer, please also specify the controller as named in the Imprint.