As of: 13.04.2020
Name and address of the data protection officer
The data protection officer can be reached via:
Name and address of the responsible institution
The responsible institution as per the General Data Protection Regulation (GDPR), other national data protection laws of the member states as well as additional data protection regulations is the:
represented by its professor, Prof. Dr. Daniel A. Keim
Phone +49 7531 88-3161
Responsible for content:
Providing access to the website and creation of log files
- Description and scope of data processing
Every time a user accesses a University of Konstanz web page, file or other resource, the following data related to this process is stored in a log file:
- date and time of request
- address and file size ( in bytes ) of the resource requested and/or accessed
- the visitor’s IP address
- request method ( e.g. HTTP GET for requesting a website from the server )
- server response ( HTTP status code, e.g. “file sent”, “file not found”, etc)
- referrer website visited prior to this web site as well as the search terms entered, if available
- Data pertaining to the browser, operating system, and their versions, as available
- connection information from the browser and operating system used, if available
- Legal basis
The legal basis for storing log files is § 6 para 1. lit e) in connection with § 3 GDPR in connection with § 4 Landesdatenschutzgesetz (LDSG, law for the protection of personal data) in the version coming into effect on 6 June 2018.
- Purpose of processing data
The logged information is used to identify, isolate and fix disruptions or errors in the systems needed to operate the University of Konstanz web pages. These may also include disruptions or errors that lead to the restricted availability of information and communication services or allow unauthorised access to the systems.
- Storage duration
The last two bytes of the IP address are deleted after 5 days so that any other data collected in the process can no longer be associated with a particular person.
The anonymised information is used for statistical purposes in order to continually improve the quality of the web services provided.
When a page is visited, the browser will save a so-called “session cookie” to the end device in use. The cookie will be deleted as soon as the browser is closed. The “session cookies” do not contain personal information. It is not intended nor possible to use the session ID to identify a user. The temporary logging of these cookies can be disabled by changing the appropriate settings of the internet browser. This does not affect the access or use of the page, but disabling cookies may increase the server’s response time slightly.
This website is using Matomo, an Open Source, self-hosted software for collecting anonymous usage statistics for this website.
The data is used to analyse the behaviour of the website visitors to identify potential pitfalls like not found pages, search engine indexing issues and to find out which contents are the most appreciated. Once the data (number of visitors reaching a not found pages, viewing only one page…) is processed, Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.
Matomo is processing the following data:
- Anonymized IP-address by removing the last 2 bytes (so 188.8.131.52 instead of 198.51.100.54)
- Pseudo-anonymized Location of the user (generated from the anonymized IP-address)
- Date and time
- Title of the page being viewed
- URL of the page being viewed
- Screen resolution
- Time in local timezone
- Pages generation time
- Country, region, city (low resolution based on IP-address
- Main Language of the browser
- User Agent of the browser
Details of transfers to third country and safeguards
Matomo and this website data is hosted in Germany. No data leaves the EU.
Rights for the parties involved
- In accordance with § 15 GDPR, you have the right to request information from the Data Analysis and Visualization group of the department of Computer and Information Science of the University of Konstanz about any data it saves that is related to your person and/or to have incorrect data corrected as per § 16 GDPR.
- You also have the right to demand that your data be deleted (§ 17 GDPR) or that the processing and use thereof be restricted (§ 18 GDPR), as well as to object to the processing and use of your data (§ 21 GDPR).
- If you raise an objection while in a contractual relationship with the university, it may no longer be possible to fulfil the contract.
- You can withdraw your consent regarding the processing and use of your data at any time. The fact that all data processed between the point in time that consent was given and it being withdrawn was processed lawfully remains untouched.
- To better understand and exercise your rights, please contact our data protection officer by emailing email@example.com.
- You also have the right to file a complaint with the regulating authority if you believe that the processing and use of your personal data is in violation of the law (§ 77 GDPR). The responsible contact person at the regulating authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (state commissioner for data protection and the freedom of information in Baden-Württemberg) (https://www.baden-wuerttemberg.datenschutz.de).
The website uses various social media channels to keep visitors informed about its activities and appreciates the lively exchange that this enables.
When engaging with the website using social media, please note that we have no way of influencing if and how data is collected and processed by the social media services used. Please check the personal data you make available to social media outlets carefully. We cannot accept liability for the conduct of the operating companies or third parties.
We wish to draw your attention to the fact that Twitter stores and utilises user data (e.g. personal data, IP address, etc.) in line with their own data processing guidelines. The university has no way of determining to what extent the way personal data is evaluated, linked or passed on to third parties is in accordance with the European data protection regulations. You can learn more about data processing in social media by visiting the following pages: