COLCHIS COLIaborative CHannel Integrated System

Privacy Policy

  1. Name and Address of the Controller

    The controller in terms of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is the:

    University of Siegen
    Adolf-Reichwein-Str. 2a
    57076 Siegen
    Germany
    Tel: 0271-740 – 0
    E-mail: info@uni-siegen.de
    Website: www.uni-siegen.de

  2. Contact details for the Data Protection Officer

    The data protection officer of the controller can be reached at:

    Adolf-Reichwein-Str. 2a
    57076 Siegen
    Germany
    Tel: +49 271 – 740 5147
    E-mail: datenschutzbeauftragter@uni-siegen.de

  3. General Information on Data Processing
    1. Scope of Personal Data Processing

      As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users only takes place with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

    2. Legal Basis for the Processing of Personal Data

      Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1), point (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

      If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1), point (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

      Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1), point (c) of the GDPR serves as the legal basis.

      In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1), point (d) of the GDPR serves as the legal basis.

      If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh this interest, Art. 6(1), point (f) of the GDPR serves as the legal basis for the processing.

    3. Data Erasure and Storage Duration

      The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or erased when a retention period prescribed by the above standards expires, unless there is a need to retain the data for the purpose of concluding or fulfilling a contract.

  4. Provision of the Website and Creation of Log Files
    1. Description and Scope of Data Processing

      Whenever our website is called up, our system automatically collects data and information from the computer system of the computer accessing it.

      The following data are collected in this process

      1. Information concerning the browser type and version used
      2. The user’s operating system
      3. The user’s operating system
      4. The user’s Internet Service Provider
      5. The user’s IP address
      6. Date and time of access
      7. Websites from which the user’s system accesses our website
      8. Websites which are accessed by the user’s system via our website

      The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

    2. Legal Basis for the Data Processing

      The legal basis for the temporary storage of data and the log files is point (f) of Art. 6(1) of the GDPR.

    3. Purpose of Data Processing

      The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

      The storage in log files is done to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

      These purposes are also part of our legitimate interest in data processing in accordance with Art. 6(1), point (f) of the GDPR.

    4. Duration of Storage

      The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

      In the case of data storage in log files, this is the case after 14 days at the latest. A storage beyond this is possible. In this case, the IP addresses of the users are erased or masked so that an assignment to the accessing client is no longer possible.

    5. Possibility of Objection and Removal

      The collection of data for the provision of the website and the storage of the data in log files is required for the operation of the website. There is therefore no possibility of objection on the part of the user.

  5. Use of Cookies
    1. Description and Scope of Data Processing

      Our website uses cookies. Cookies are text files that are saved by and stored in the Internet browser on the user’s computer system. If a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.

      If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

      When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

      If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

    2. Legal Basis for the Data Processing

      The legal basis for the processing of personal data using cookies is Art. 6(1), point (f) of the GDPR.

    3. Purpose of Data Processing

      The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser will be identifiable even after a page change.

      The user data collected through technically necessary cookies is not used to create user profiles.

      These purposes are also part of our legitimate interest in the processing of personal data in accordance with Art. 6(1), point (f) of the GDPR.

    4. Duration of Storage, Possibility of Objection and Removal

      Cookies are stored on the user’s computer and transmitted by the user to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies existing on your computer may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website would be available to their full extent.

  6. Login Form/Profile Form
    1. Description and Scope of Data Processing

      There is a Login/Profile form on our website, it can be used to login the blog. Login is needed to send post’s or comment’s to the blog. This option is restricted to members of the MenelaosNT project. If a user makes use of this option, the data entered on the input screen is transmitted to us and saved in our system. These required data include:

      Username
      E-mail address

      The following data are also stored when the message is sent:

      The user’s IP address
      Date and time when the data were sent
      The address of the page from which the contact was initiated

      Your consent to the processing of the data is obtained and you are referred to this Privacy Policy during the first sending process.

      Each post or comment contais the Date, Time and Name of the Author. These data are visible to everyone. The data are used exclusively for the purpose of processing the conversation in the blog. The E-mail is only used for account management and is not shared with third parties in this context.

      Account management means:
      Sending registration confirmation mails
      Sending links to reset your password
      Contact you for other reasons regarding your to your account

    2. Legal Basis for the Data Processing

      The legal basis for the processing of the data is Art. 6(1), point (a) of the GDPR if the user has given their consent.

      The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1), point (f) of the GDPR. If the purpose of contacting us by e-mail is to conclude a contract, an additional legal basis for processing is point (b) of Art. 6(1) of the GDPR.

    3. Purpose of Data Processing

      The processing of data obtained from the input screen is only for the purpose of process the communication with the data subject. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

      The other personal data processed during the sending process serves to prevent misuse of the blog forms and to ensure the security of our information technology systems.

    4. Duration of Storage

      The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. For the personal data from the registration process, post, or comments and those sent by e-mail, this is the case when the post or comment is deleted or the respective conversation with the user has ended. The conversation is deemed terminated once it becomes clear from the circumstances that the relevant issue has been conclusively resolved. Also every personal data is deleted if the account is deleted.

      The additional personal data collected during the sending process will be erased after a period of 14 days at the latest.

    5. Possibility of Objection and Removal

      The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot continue and all his/her post and comments are deleted.

  7. Sending postings or comments to the blog
    1. Description and Scope of Data Processing

      A logged in user can post messages or send comments to the blog. Each post or comment ist stored with time and the authors name.

      The following data are also stored when the message is sent:

      The user’s IP address
      Date and time when the data were sent
      The address of the page from which the contact was initiated

      Your consent to the processing of the data is obtained and you are referred to this Privacy Policy during the first login process.

      Each post or comment contains the Date, Time and Name of the Author. These data are visible to all visitors of the side. The data are used exclusively for the purpose of processing the conversation in the blog.

    2. Legal Basis for the Data Processing

      The legal basis for the processing of the data is Art. 6(1), point (a) of the GDPR if the user has given their consent.

    3. Purpose of Data Processing

      adsgfasgadgadgagasgagd gfjsrwjegxjtuj

    4. Possibility of Objection and Removal

      The user has the option to delete his own posts and comments every time logs in.

      The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case all his post and comments are deleted. and the conversation cannot continue.

      All personal data stored in the course of contact will be erased in this case.

  8. Integration of Third-Party Services
    1. YouTube

      Within our online offer, functions and contents of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be integrated. Privacy policy: https://policies.google.com/privacy?hl=en-GB, opt-out: https://adssettings.google.com/authenticated.

    2. Google Fonts

      Within our online offer, fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be integrated. Privacy policy: https://policies.google.com/privacy?hl=en-GB, opt-out: https://adssettings.google.com/authenticated.

  9. Rights of the Data Subject

    The following list includes all rights of the data subjects according to the GDPR. Rights that are not relevant for our website do not have to be mentioned, for which reason the list may be shortened.
    If your personal data is processed, you are the data subject” within the meaning of the GDPR and you have the following rights in relation to us as the controller:

    1. Right of Access

      You can request from the controller confirmation of whether personal data concerning you is processed.

      In the event of such processing, you may request access to the following information from the data controller:

      the purposes for which the personal data are processed;
      the categories of personal data which are processed;
      the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
      the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage;
      the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
      the existence of a right to lodge a complaint with a supervisory authority;
      all available information on the origin of the data, if the personal data are not collected from the data subject;
      the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

      You have the right to request access to information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer.

    2. Right to rectification

      You have the right to ask the data controller to rectify and/or complete the data if the personal data processed concerning you are inaccurate or incomplete. The controller shall effect the rectification without delay.

    3. Right to Restriction of Processing

      Under the following conditions, you may request the restriction of the processing of personal data concerning you:

      if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;
      the processing is unlawful and you are opposed to the erasure of the personal data and request instead the restriction of the use of the personal data;
      the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
      if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

      If the processing of the personal data in question has been restricted, these data – with the exception of their storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest for the Union or a member state.
      If the processing has been restricted in accordance with the above requirements you will be notified by the controller before the restriction is lifted.

    4. Right to Erasure

      a) Duty to Erase

      You may request the controller to erase personal data concerning you without delay and the controller is obliged to erase such data without delay if one of the following reasons applies:

      the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
      you revoke your consent on which the processing was based pursuant to Art. 6(1), point (a) or Art. 9(2), point (a) of the GDPR, and there is no other legal basis for the processing.

      you object to the processing pursuant to Art. 21(1) of the GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
      the personal data concerning you have been processed unlawfully.
      the erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the member states to which the controller is subject.
      The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8(1) of the GDPR.

      b) Information to Third Parties

      If the controller has made public the personal data concerning you and is obliged to erase them pursuant to Art. 17(1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures to inform data controllers which are processing the personal data that you, as a data subject, have requested the erasure of all links to these personal data or copies or replications of these personal data.

      c) Exceptions

      The right of erasure does not exist insofar as the processing is necessary

      for exercising the right of freedom of expression and information;
      in order to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
      for reasons of public interest in the field of public health pursuant to Art. 9(2), points (h) and (i) and Art. 9(3) of the GDPR;
      for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or for the establishment, exercise or defence of legal claims.

    5. Right to Be Informed

      If you have asserted the right to rectify, erase or restrict the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
      You have the right to be informed of these recipients.

    6. Right to Data Portability

      You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom the personal data have been made available, provided that

      the processing is based on a consent pursuant to Art. 6(1), point (a) of the GDPR or Art. 9(2), point (a) of the GDPR or on a contract pursuant to Art. 6(1), point (b) of the GDPR and the processing is carried out by means of automated procedures.

      In exercising this right, you also have the right to have the personal data concerning you transferred directly from controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby. The right to data portability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    7. Right to Object

      On grounds relating to your particular situation, you have the right to object to the processing of your personal data which occurs on the basis of points (e) or (f) of Art. 6(1) of the GDPR at any time; this also applies for profiling based on those provisions.
      The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
      Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
      If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
      You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

    8. Right to Withdraw a Declaration of Consent under Data Protection Law

      You have the right to withdraw a declaration of consent at any time. Withdrawal of consent does not affect the legality of the processing which has been carried out on the basis of the consent before it was withdrawn.

    9. Automated Individual Decision-Making Including Profiling

      You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

      is necessary for the conclusion or fulfilment of a contract between you and the controller,
      is authorised by Union or national legislation to which the controller is subject and there are legal provisions in place providing for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
      is based on your express consent.

      However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2), point (a) or (g) of the GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
      With regard to the cases described under (1) and (3), the controller shall take suitable measures to safeguard your rights and freedoms as well as your legitimate interests, which at least entails the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

    10. Right to Lodge a Complaint with a Supervisory Authority

      Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state in which you are resident, the member state in which you work or in the place of the alleged infringement if you consider that the processing of personal data concerning you violates the GDPR.
      The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.