Text icon 'UFR' standing for University of Freiburg
Life Imaging Center
Seal element of the university of freiburg in the shape of a trefoil

Privacy Policy

Version 14 – 10.06.2024

I. Name and Address of the Data Controller
The Data Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

Albert Ludwigs University of Freiburg
Friedrichstraße 39
79098 Freiburg
+49 (0)761/203-0
info@uni-freiburg.de

II. Name and Address of the Data Protection Officer
The Data Protection Officer of the Controller is:

Albert Ludwigs University of Freiburg
Data Protection Officer
Fahnenbergplatz
79085 Freiburg
datenschutzbeauftragter@uni-freiburg.de

III. Note of this Privacy Policy
This information on data protection/data protection declaration refers to the website of the Life Imaging Center , which is operated by the University of Freiburg. Please contact us in case you want to withdraw consent to process your personal data or if you want to know which data we store from you.

IV. General Information on Data Processing

  1. Scope of Processing of Personal Data
    We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services.
  2. Legal Basis for the Processing of Personal Data
    Insofar as we obtain consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In cases where the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, Article 6(1)(e), paragraph 3 GDPR in conjunction with the task-assigning norms of Union or national law serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by the University of Freiburg or a third party, and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing.

  1. Data Deletion and Storage Duration
    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage beyond this period can occur if required by the European or national legislator in EU regulations, laws, or other provisions to which the University of Freiburg is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires.

V. Provision of the Website and Creation of Log Files

  1. Description and Scope of Data Processing
    Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

This data is also stored in our system’s log files. The IP address is anonymized after the end of the usage session before storage in the log files. This data is not stored together with other personal data of the user.

  1. Legal Basis for Data Processing
    The legal basis for the temporary storage of data is Article 6(1)(f) GDPR.
  2. Purpose of Data Processing
    The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the IP address must be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. Additionally, the data is used for technical optimization, tracking access numbers, and ensuring the security of our IT systems.

These purposes also constitute our legitimate interest in data processing according to Article 6(1)(f) GDPR.

Right to Object
The collection of data for the provision of the website and the temporary storage of data in log files is essential for the operation of the website. Therefore, the user has no right to object.

Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. In the case of data collection for the provision of the website, this occurs when the respective session is ended. For data stored in log files, this occurs after two weeks. Further storage is only possible in cases of concrete suspicion of attacks on our website and for error analysis.

VI. Use of Cookies

  1. General Information on the Use of Cookies
    Our websites use cookies. Cookies are text files stored by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. A cookie can contain a unique string of characters that allows the browser to be uniquely identified upon a return visit to the website.

We use cookies to ensure the proper functioning of the website, improve accessibility, navigation, and presentation of our website, and to embed media from our video portal.

The following types of cookies are used on our websites:

Except for the technically required cookies, other cookies are activated only after explicit consent. These consents can be revoked at any time. If technically required cookies are blocked or deleted through browser settings, some functions of our website may only be available in a limited manner.

  1. Technically Required Cookies for the Use of the Websites

2.1 Description and Scope of Data Processing
We use cookies to make our websites functional. Some elements of our website require the requesting browser to be recognized even after a page change.

The following data is stored and transmitted in the cookies listed here:

OriginNamePurposeValidity
uni-freiburg.deserveridLoad balancer assignmentUntil the end of the browser session
videoportal.uni-freiburg.deframeworkSession ID, timestamp for video player7 days

Table 1: Overview of Technically Required Cookies

2.2 Legal Basis for Data Processing
The legal basis for data processing using the technically required cookies listed under VI. 2.1 in accordance with Section 25 (2) No. 2 TDDDG is Article 6 (1) (f) GDPR.

2.3 Purpose of Data Processing
The purpose of using technically necessary cookies is to enable the usability of the websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized after a page change.

We need cookies for the following applications:

These purposes also constitute our legitimate interest in data processing according to Article 6 (1) (f) GDPR.

2.4 Duration of Storage, Objection, and Removal Options
The storage duration of the cookies can be found in Table 1 under VI. 2.1.

Cookies are stored on the user’s computer and transmitted to our site from there. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the storage of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully usable.

  1. Technically Required Cookies for Consent Management

3.1 Description and Scope of Data Processing
On our website, we have individual offers for which we require your consent (e.g., Google search). Upon agreement, you have the option to store your consent permanently. For this, we ask for your one-time or permanent consent before using a corresponding webpage for the first time.

For permanent consent, the following data is stored and transmitted in the cookies listed here:

OriginNamePurposeValidity
uni-freiburg.deunifreiburg_allow_google_searchOpt-in cookie for Google search1 year

Table 2: Cookies for Consent Management

3.2 Legal Basis for Data Processing
The legal basis for data processing using the technically required cookies listed under VI. 3.1 in accordance with Section 25 (2) No. 2 TDDDG is Article 6 (1) (f) GDPR.

3.3 Purpose of Data Processing
The purpose of using cookies for consent management is to permanently store consent so that consent does not need to be obtained again for future page visits, and to provide proof of the given consent.

Providing proof of the given consent also constitutes our legitimate interest in data processing according to Article 6 (1) (f) GDPR.

3.4 Duration of Storage, Objection, and Removal Options
The storage duration of the cookies can be found in Table 2 under VI. 3.1.

Cookies are stored on the user’s computer and transmitted to our site from there. Therefore, you as the user have full control over the use of cookies. You can withdraw your consent at any time by deleting the corresponding cookie in your browser or system.

  1. Cookies from External Service Providers When Using Embedded Applications on Our Websites After Personal Consent

4.1 Google Search
On our website, we offer the option of a comprehensive search across all university portals using Google’s Programmable Search Engine (see X.1. Google Search). In the event of your consent, cookies from Google are stored on your system. Information on data protection and the cookies used by Google can be found in Google’s Privacy Policy [https://policies.google.com].

VII. Contact Form and Email Contact

  1. Description and Scope of Data Processing
    Our website includes a contact form that can be used for electronic communication. If a user chooses to use this option, the data entered in the input form will be transmitted to us and stored. This data includes:

At the time the message is sent, the following additional data is also stored:

(1) Date and time of submission

For the processing of the data, your consent is obtained during the submission process, and reference is made to this privacy policy.

Alternatively, contact is possible via the provided email address. In this case, the user’s personal data transmitted with the email will be stored.

In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation.

  1. Legal Basis for Data Processing
    The legal basis for processing data via the contact form is your consent pursuant to Article 6 (1) (a) GDPR.

The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (f) GDPR.

  1. Purpose of Data Processing
    The processing of personal data from the input form is solely for the purpose of handling the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process is used to prevent misuse of the contact form and ensure the security of our information technology systems.

  1. Duration of Storage
    The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input form of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved and no further inquiries are expected. The data will therefore be deleted at the end of the year following their receipt.

The personal data additionally collected during the submission process will be deleted after a maximum period of seven days.

  1. Objection and Removal Options
    The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.

VIII. Web Analysis Using Matomo

  1. Description and Scope of Processing Personal Data
    Matomo is used on our website to analyze the usage behavior of our visitors.

Matomo is configured so that the IP address is not stored in full (masking of two bytes of the IP address). This way, it is no longer possible to associate the truncated IP address with the requesting computer.

When individual pages of our website are accessed, the following data is stored:

Matomo is also configured so that no cookies are set for the analysis of usage behavior.

The data collected by Matomo is stored exclusively on servers of the University of Freiburg. The stored data is not shared with third parties. There is no merging of this data with any other stored data that may be collected when using other services that require the provision of personal information.

  1. Legal Basis for Processing Personal Data
    The legal basis for processing users’ personal data is Article 6 (1) (f) GDPR.
  2. Purpose of Data Processing
    By analyzing the usage behavior of our visitors, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

This also constitutes our legitimate interest in data processing according to Article 6 (1) (f) GDPR.

By anonymizing the IP address and avoiding the use of cookies, the interests of the users in protecting their personal data are adequately taken into account.

  1. Duration of Storage
    To analyze the temporal course and development of usage behavior, the data is generally stored for two years and then automatically deleted.

IX. Video Portal of the University of Freiburg (VIMP)
On our website, videos from the University of Freiburg’s video portal are embedded on certain pages to provide you with engaging media content. When you access a page with embedded videos, technically necessary cookies are set. For more information about the cookies used, please refer to section VI. 2. “Technically Necessary Cookies for Using the Website.”

X. Collection and Processing of Personal Data When Integrating External Services with Consent
To better convey information and improve the discoverability of our content, we integrate third-party services on our website. Below is an overview of the services used.

  1. Google Search
    1.1 Access to Google Search
    On our website, we offer the possibility of a cross-portal search across all university portals using Google’s Programmable Search Engine. Access to this search function is available on the results page of the internal search via the tab “Search Across All University Portals.”

1.2 Consent Declaration
After clicking the tab, you will be presented with a selection dialog containing information about data protection and the option to consent to the search either once or permanently (valid for 1 year). If consent is given once, users must agree again on subsequent accesses. In the case of permanent consent, we store a cookie on your system to avoid having to obtain your consent again for future searches. For more information about the cookie used, please refer to section VI. 3. “Technically Necessary Cookies for Managing Consents.”

1.3 Data Exchange with Google
With your consent, the previously entered search term is passed to a Google script, which then returns the search results. The script developed by Google (Google Programmable Search Engine) is integrated into the search results page by the University of Freiburg unchanged. This script enables automated communication (data exchange) with dynamic data transfer between the accessed page and the Google service.

1.4 Google’s Privacy Notices and Privacy Policy
By consenting to the use of Google Search, you agree to the transfer of data to the Google service. This includes the search term you entered and possibly other search parameters. Furthermore, Google may collect additional personal data through the integrated script call, such as the IP address of your computer. Please note that Google has different privacy provisions than those of the University of Freiburg’s website. We expressly inform you that the responsibility for the processing, storage, deletion, and use of any transmitted and additionally collected personal data rests solely with Google, and the University of Freiburg has no influence over the type and scope of the data collected or its further processing.

Information about Google’s privacy practices and cookies can be found in Google’s Privacy Policy [https://policies.google.com].

XI. Privacy Policies for Social Media
The University of Freiburg uses various social media platforms to complement its existing communication channels such as its website, press releases, newsletters, print materials, and events. These platforms are used for current reporting on university topics, events, news from science, research, and teaching, service offerings, student jobs, and other campus-related information. As the responsibility for editorial oversight of these services remains with the University of Freiburg, we have published separate privacy policies for the following external services:

XII. Rights of the Data Subject
If your personal data is processed, you are considered a data subject under the GDPR, and you have the following rights against the University of Freiburg:

  1. Right to Information
    You can request confirmation from the University of Freiburg as to whether personal data concerning you is being processed.

If such processing occurs, you can request information from the University of Freiburg about:

You have the right to request information on whether personal data is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards according to Article 46 GDPR related to the transfer.

  1. Right to Rectification
    You have the right to rectification and/or completion of your personal data that is inaccurate or incomplete. The University of Freiburg must rectify the data without delay.
  2. Right to Restrict Processing
    You can request the restriction of processing of your personal data under the following conditions:

If the processing of your personal data is restricted, such data – apart from being stored – may only be processed with your consent or for the assertion, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a Member State.

If the restriction of processing is based on the aforementioned conditions, the University of Freiburg will inform you before the restriction is lifted.

  1. Right to Erasure
    4.1 Obligation to Erase
    You can request that the University of Freiburg erase your personal data without delay, and the University of Freiburg is obliged to erase this data without delay, if one of the following reasons applies:

4.2 Notification to Third Parties
If the University of Freiburg has made your personal data public and is obliged to erase it according to Article 17 (1) GDPR, the University will, considering the available technology and the implementation costs, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of all links to this personal data or copies or replicas of this personal data.

4.3 Exceptions
The right to erasure does not apply to the extent that processing is necessary:

  1. Right to Notification
    If you have exercised the right to rectification, erasure, or restriction of processing, the University of Freiburg is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the University of Freiburg about these recipients.

  1. Right to Data Portability
    You have the right to receive the personal data concerning you that you have provided to the University of Freiburg in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the University of Freiburg, to whom the personal data was provided, provided that:

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected as a result.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Freiburg.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) of the GDPR.

The University of Freiburg shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.

You have the possibility, in the context of the use of information society services, and notwithstanding Directive 2002/58/EG, to exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.