Data privacy

Any processing of personal data by the University of Kassel takes place in line with the data privacy regulations, particularly Regulation (EU) 2016/679 adopted by the European Parliament and the Council on 27 April 2016 (General Data Protection Regulation or GDPR), which is designed to protect private individuals when any personal data is processed, ensure the free movement of data and cancel Directive 95/46/EC, and in line with the Hesse Data Privacy and Freedom of Information Act (HDSIG) in the version dated 25 May 2018.

Contact details

Name and address of the Controller
University of Kassel
The President
34109 Kassel

The Data Protection Officer
University of Kassel
The Official Data Protection Officer
34109 Kassel
Internet: www.uni-kassel.de/go/datenschutz
E-mail: datenschutz@uni-kassel.de

Data subjects’ right of appeal

Data subjects have the right to appeal to the responsible supervisory authority if any problems arise in connection with data privacy law.

The contact address for the supervisory authority for the University of Kassel:

The Hesse Data Protection Officer
Postfach 3163
65021 Wiesbaden

E-mail: poststelle@datenschutz.hessen.de

Phone: +49-611-1408-0
Fax: +49-611-1408-611

Other rights for data subjects

You can exercise the following rights by using the contact data specified for our Data Protection Officer (at the University of Kassel):  

• obtain information about the data that we have stored about you and how we process it
• have any incorrect personal data corrected
• restrict the data processing procedures, if we may not yet delete your data because of statutory obligations
• withdraw your approval
• withdraw your approval for us to process your data
• ensure data portability, if you have approved any data processing or have concluded a contract with us (Article 20 of the GDPR).

Handling personal data

Personal data involves information that enables us to determine who a private individual is – i.e. details that make it possible to identify persons.

We only gather, use and pass on any personal data if the law permits this or the data subjects affected by the data processing have agreed to this.

Any use of personal data related to students for the purpose of their degree course is largely based on the current Hesse Higher Education Act in conjunction with the current Enrolment Order of the State of Hesse and therefore relates to Article 6 Para. 1c of the GDPR.

The data relating to employees at the University of Kassel for the purposes of administering personnel or teaching, research or examination activities is gathered and processed on the basis of the Hesse Higher Education Act, the Enrolment Order of the State of Hesse, the collective wage agreement (TV-GU) as well as civil service and labour-law related provisions.

The University of Kassel complies with the principles of preventing and minimising data. It only stores any personal data for as long as this is necessary to fulfil its purpose or as the law stipulates in any other cases. After this period, the relevant data is routinely blocked or deleted in line with the statutory provisions.

The www.uni-kassel.de website and other Internet services

Log files

Generally speaking, the following data is stored in the server log files when anybody accesses the content on the web servers at the University of Kassel:

• the IP address
• the date and time
• possibly the type of browser ("user agent") and referring page ("referer")
• the URL and length of the page that has been viewed
• the "status code"
• the user ID for web services requiring registration (see below)

This data is exclusively used for the purpose of checking that everything functions properly, eliminating any errors, security and statistics (see below). The legal basis for this is Article 6 Para. 1f of the GDPR. All the log files are immediately deleted or anonymised.

Access statistics

The University of Kassel uses “Matomo” (formerly Piwik) software to assess access to its web servers, so that it can record its own internal statistics about visits to its website.

Matomo makes use of so-called “cookies”, text files that are stored on your computer, and they enable us to analyse the use of our web services. The information generated by a cookie about your usage is only stored on the servers of the University of Kassel. Matomo works with the activated plug-in known as “AnonymizeIP” at the University of Kassel, so that your IP address is anonymised immediately after it has been processed and before it is stored. As a result, the precise IP address related to your computer is not logged in our statistics.

The data that is logged in this way is only used for the purpose of our own internal statistics and is then deleted after use. You can prevent any cookies from being installed by making the appropriate setting in your browser software; however, we would point out that that you may not be able to fully make use of all the functions provided by our web services, if you do so. Matomo has been checked and recommended by the Schleswig-Holstein Independent State Centre for Data Protection, among other organisations. You can find more information about Matomo at: https://matomo.org.

Websites with protected access and user-based services

In the case of any websites with protected access and user-based services, the user name or identification is gathered, in addition to the data mentioned above, to check the person’s authorisation to access the data. This data is also immediately deleted or anonymised, unless the storage of the data is necessary for the University of Kassel to pursue any legitimate interests or to fulfil a statutory provision (e.g. a law, a legal ordinance, the rules of the University of Kassel etc.). 

Incorporating third-party services

Content from third parties (e.g. videos from YouTube, external map materials, RSS feeds, graphics etc.) are included on some of the pages of the web services provided by the University of Kassel and this material is taken from the relevant websites. This inevitably means from a technical point of view that the providers of this content will process your IP address.

Newsletters and contact forms

It is possible to subscribe to a newsletter or complete a contact form at various points within our web services. The data entered on the input form when you register for the newsletter or contact us is then forwarded to us.

If not specifically indicated otherwise, no data is passed on to third parties when we process the data for sending out newsletters or contacting us. The data is exclusively used for the purposes that are mentioned above.

Status

This data privacy statement was correct on 25 May 2018. The University of Kassel retains the right to make adjustments to it because of the very recent changes to the legal situation; and its IT products and services are constantly developing too.