Privacy Policy

Data Protection Statement

We appreciate your interest in our online presence. The protection of your personal data is very important to us. It is possible to use our websites without providing any personal data. When you make use of special services on our websites, however, it may be necessary for us to process your personal data. If this does prove necessary and there is no statuatory basis for this processing, we generally obtain your consent.

The processing of personal data, for example, of a person’s name, street address, email address or telephone number, is always performed in accordance with the EU General Data Protection Regulation (EU-GDPR) and in compliance with the Berlin Data Protection Act (BlnDSG). The following data protection statement is intended to inform you about the type, scope and purpose of the personal data we collect. Moreover this data protection statement also explains your rights.

The Data Protection Statement of IRI THESys at Humboldt-Universität zu Berlin is based on the terms used by European legislators in issuing the General Data Protection Regulation. These terms are explained in a glossary at the end of this document.

1. Name and address of the data controller

The controller in the sense of the General Data Protection Regulation is:

Humboldt-Universität zu Berlin
The President
Prof. Dr. Julia von Blumenthal
Unter den Linden 6
10099 Berlin

Phone: +49 30 2093-20000
Email:
Website: www.hu-berlin.de

2. Name and address of the data protection officer

The Data Protection Officer of Humboldt-Universität zu Berlin is:

Gesine Hoffmann-Holland
Phone: +49 (30) 2093-2591
Email:
Website: www.hu-berlin.de/de/datenschutz

3. Data processing and processing purposes

For each visit to the website of IRI Life Sciences at Humboldt-Universität zu Berlin by a data subject or an automated system, the website collects a series of general data and information. These general data and information are stored on the log files of the server. The following are collected: (1) the type and version of the browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (HTTP referer), (4) the subsites that are accessed on our website via an accessing system, (5) the date and time of access to our website, (6) the Internet Protocol address (IP-address) with the final digits removed to make it anonymous and (7) other similar data and information that facilitate an emergency response in case of attacks on our information technology systems.

In using these general data and information, IRI THESys at Humboldt University makes no inferences about the data subject. This information is necessary in order (1) to correctly provide the contents of our website, (2) to optimize the contents of our website, (3) to ensure the continuous functionality of our IT system and the technology of our website and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the case of a cyber attack. These anonymously recorded data and information are evaluated by IRI THESys at Humboldt University statistically as well as with the goal of increasing data protection and data security at our institution in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

If a data subject contacts the data controller via email or contact form, the personal data of that data subject are automatically stored. These personal data, provided voluntarily by a data subject, are stored for the purpose of processing or of contacting the data subject. These personal data are not shared with a third party.

The transmission of data occurs via an SSL-encrypted connection, through which unauthorised viewing of same is significantly hampered.

Recipients of data: For processing, we use an external service provider who processes the data on our behalf and in accordance with our instructions under a contract processing agreement. This is jweiland.net, Echterdinger Str. 57, 70794 Filderstadt, Germany, data protection officer: Jürgen Godon.

4. Erasing and blocking personal data

The personal data collected by us will be processed and saved only for as long as is necessary to achieve the storage purposes or as laws and regulations require. The log data mentioned in (3) will be erased after one week.

5. Rights of the data subject (withdrawal, access, rectification, erasure)

Every subject whose personal data is processed has, according to the law, the right to demand free of charge from the data controller access or confirmation regarding the personal data stored about them. Moreover there is a right to the rectification of inaccurate personal data without undue delay and a right to erasure; there is also a right to restriction of processing and a right to object to processing.

Consent to the processing of personal data can be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

There is a right to keep the personal data provided by the data subject in a structured, commonly used and machine-readable format, and to transmit it to another controller.

Furthermore without prejudice to any other administrative or judicial remedy, complaints can be submitted to a Member State supervisory authority if there are any doubts about the lawfulness of the processing of personal data.

6. Cookies

The Internet pages of IRI THESys at Humboldt University Berlin use cookies. Cookies are text files that are set and stored on a computer system via a web browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie, consisting of a string of characters that websites and servers associate with the specific browser on which the cookie is stored. This allows the websites and servers to distinguish the individual browser of the data subject from other browsers that store different cookies. A specific browser can be recognized and identified by its unique cookie ID.

The use of cookies allows IRI THESys at Humboldt University Berlin to provide a more user-friendly service than would be possible without cookies. You do not, for example, have to select your preferred language every time you visit our site. The duration of our cookies is limited to a respective session. This means that when you close your browser completely, these cookies are deleted.

You can prevent our website from setting cookies at any time by selecting the appropriate configuration in your browser to always refuse cookies. Moreover previously set cookies can be deleted at any time through a browser or other software program. This is possible on all standard browsers.

7. Data protection provisions for the use and application of social media

Links to various social media platforms such as Facebook, Twitter, Instagram, etc. have been integrated into the IRI THESys websites. However, there has not been an integration of data such as the ‘like’ button, but only of links to the respective external presentation of our institution on the corresponding platform. No data that are relevant to data protection are stored.

8. Data protection provisions for the use and application of Google Maps and YouTube

Google Maps

On the basis of a consent pursuant to the first sentence of point (f) of Article 6(1) GDPR, IRI THESys uses on its websites the offer of “Google Maps”, an online map service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”).

This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. Through your visit to the web pages of IRI THESys, Google receives the information that you have called up the corresponding sub-page of our website. In the process, your IP address is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists.

If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out in advance. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website.

You have the right to object to the creation of these user profiles, whereby you must contact Google for this purpose.

For more information on data protection in connection with Google Maps, please refer to the data protection regulations of Google.

Through your visit to the web pages of IRI THESys, Google receives the information that you have called up the corresponding sub-page of our website. In the process, your IP address is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists.

If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out in advance. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website.

You have the right to object to the creation of these user profiles, whereby you must contact Google for this purpose.

For more information on data protection in connection with Google Maps, please refer to the data protection regulations of Google.

YouTube

On the basis of a consent pursuant to the first sentence of point (f) of Article 6(1) GDPR, we use components (videos) of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on our Internet pages. In doing so we use the option of “extended data protection mode” provided by YouTube.

When you access a page containing an embedded video, a connection to the YouTube servers is established and the contents are displayed on the Internet page through a notification to your browser.

Pursuant to YouTube specifications, in the “extended data protection mode” your data – especially which of our Internet pages you have visited as well as device-specific information including the IP address – is sent to the YouTube servers in the US only when you view the video. By clicking on the video, you give your consent to this transfer.

If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out in advance. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website.

You have the right to object to the creation of these user profiles, whereby you must contact Google for this purpose.

For more information on data protection in connection with YouTube, please refer to the data protection regulations of Google.

9. The legal basis of processing

The processing of personal data is always performed in accordance with the EU General Data Protection Regulation (EU-GDPR) and in compliance with the Berlin Data Protection Act (BlnDSG). If the data processing is based on your consent, the processing is lawful pursuant to Art. 6 para. 1 lit. a GDPR (e.g. newsletter subscriptions).

Data processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract is lawful pursuant to Art. 6 para. 1 lit. b GDPR (e.g. event registration). If the data processing is necessary for compliance with a legal obligation to which the Humboldt University Berlin is subject, the processing is lawful according to Art. 6 para. 1 lit. c GDPR (e.g. statutory storage obligations).

If the data processing is necessary in order to protect the vital interests of the data subject or of another natural person, the processing is lawful according to Art. 6 para. 1 lit. d GDPR. As far as the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Humboldt University Berlin, the processing is lawful according to Art. 6 para. 1 lit. e GDPR (e.g. processing of examinations).

If the data processing is necessary for the purposes of the legitimate interests pursued by the Humboldt University Berlin, the processing of data is lawful pursuant to Article 6 paragraph 1 lit. f GDPR, (e.g. the data processing as listed in 3.), unless interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, take precedence.

10. Glossary

The Data Protection Statement of Humboldt University Berlin is based on the terms used by European legislators in issuing the General Data Protection Regulation. Our Data Protection Statement is intended to be easily readable and comprehensible. To this end we would like to explain the terms that have been used here. We have used the following terms in our data protection statement:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the data controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, selection, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting in the use personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or data controller

Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or other body, to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorized to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.