Privacy policy

Name and Address of the Controller

 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:

 

Universität Hamburg

Mittelweg 177

20148 Hamburg

Germany

 

The Universität Hamburg (UHH) is a public corporation. It is legally represented by Prof Dr Hauke Heekeren, President of the UHH, Mittelweg 177, 20148 Hamburg.

Name and Address of the Data Protection Officer

 

The controller’s data protection officer is:

 

Datenschutzbeauftragte der Universität Hamburg

Mittelweg 177, 20148 Hamburg

E-Mail: datenschutz@uni-hamburg.de

General Information on Data Processing

 

  1. Scope of personal data processing

In principle, UHH processes personal data only to the extent that is necessary to provide a functional website and its contents and services. As a rule, processing of users' personal data is only carried out with the user's consent. An exception applies in those cases where prior consent cannot be obtained for valid reasons and processing of the data is permitted by other legal provisions.

 

  1. Legal basis for the processing of personal data

Insofar as UHH obtains the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

 

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

 

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which UHH is subject, Article 6 (1) (c) GDPR serves as the legal basis.

 

  1. Data erasure and storage period

Your personal data will be erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored for longer periods, if this has been provided for by the European or national legislator in EU regulations, national laws or other provisions to which the controller is subject. In case of storage beyond the original purpose, the data will be stored exclusively for the purpose of such storage and otherwise blocked for further processing. As soon as such storage obligations cease to apply, personal data will be permanently deleted.

 

Notes on Order Processing

Personal data will not be transferred to third parties unless you have given your express consent in advance.

Under certain circumstances, UHH uses service providers for data processing who work on behalf of the UHH. Such service providers are so-called processors. Personal data may also be transferred to such processors without your express consent. However, only the data required to fulfil the order will be passed on to these processors. Personal data will only be passed on to service providers who offer sufficient guarantees that suitable technical and organisational measures are implemented in such a way that data processing is carried out in accordance with the legal requirements and that the processors comply with data protection laws in the same way as provided for in Art. 28 of the GDPR. 

UHH uses the following companies as processors to carry out payment management (= registration of participants, participant communication, transmission of participant data to UHH and processing of the payment function by credit card, bank transfer or Paypal)

Universität Hamburg Marketing GmbH (UHHMG)

Feldbrunnenstrasse 9

20148 Hamburg

To fulfil the aforementioned purpose, the UHHMG uses the conference management software Converia on this website, which is provided by the company

 

Converia GmbH

Kaufstr. 2-4

99423 Weimar

Converia GmbH hosts this software as a sub-processor of the UUHMG and in this function provides further services such as software maintenance and support. Converia GmbH also offers to handle payment processing. Converia GmbH may therefore also encounter personal data stored in the software in the course of this work.

An data processing addendum has been concluded with UHHMG in accordance with Art. 28 GDPR. For its part, UHHMG has concluded an order processing contract with Converia GmbH.

 

Provision of the Website and Creation of Log Files

 

  1. Description and scope of data processing

Each time our website is visited, our system automatically collects data and information from the accessing computer’s system.

 

The following data is collected:

  • Information on the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access

 

  1. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6  (1) (e) GDPR, in conjunction with § 4 HmDSG in conjunction with § 3 and 4 HmbHG.

 

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user’s IP address must be stored for the duration of the session.

This data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. Data collected in this context is not analysed for marketing purposes.

 

  1. Storage period

The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. If data is collected for the provision of the website, this is the case when the respective session has ended.

Data stored in log files is erased after no more than seven days. Storage for a longer period is possible. In such cases, the user’s IP address is erased or masked so that it can no longer be associated with the accessing client.

 

Use of Cookies

 

  1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. When a user accesses a website, a cookie might be stored on the user’s operating system. This cookie contains a distinct character sequence that allows unambiguous identification of the browser when the website is accessed again.

 

We classify cookies into the following categories:

 

Necessary cookies

These cookies are essential for websites and their functions to work properly. Without these cookies, services such as attendee registration cannot be provided.

 

  1. Legal basis for data processing

Necessary cookies are set to make a website usable by enabling basic functions so that a website can function properly. The legal basis for the storage of information on the end device (using cookies) and access to the information is Section 25 (2) No. 2 TTDSG. If personal data is processed simultaneously or subsequently with the storage or access to the information, the legal basis is Article 6  (1) (e)  (3) GDPR in conjunction with § 4 HmDSG in conjunction with § 3 and 4 HmbHG.

 

  1. Purpose of data processing

We use the following cookies on our websites:

 

Cookie name

Purpose

Type

PHPSESSID

Identification of a user session

1

Converia_SID

Identification of a front-end user

1

 

  1. Storage period, possibility of objection and deletion

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

 

Registration & use of the conference management software functions

 

  1. Description and scope of data processing

The conference management software offers you the option of registering for events by providing personal data and registering for a user account for future events. Your data is entered into an input mask and transmitted to us and stored.

 

Mandatory information may be requested during registration. This information must be entered completely and accurately. If this is not the case, the registration will be rejected.

 

A registration process is usually required for the following activities, among others:

  • Registration as a participant for an event
  • Submission of a scientific contribution to the system
  • Reviewing of scientific contributions
  • Actions as a speaker or chair of a session
  • Using the favourite feature of the conference planner

 

The following data is collected and stored during the registration process and use of the software features:

 

 

  • Access data (username, password)
  • Address details
  • E-mail address
  • Shopping cart data
  • Billing information
  • Information on verification (e.g. student identification)
  • In case of attendance terminal tour:
    • Nationality
    • Passport number

 

 

Payment processing

Various payment options (e.g. invoice/bank transfer, credit card, Google Pay and Apple Pay) are available for payment processing when participants register for an event. Sensitive payment information is not stored in the conference management system itself. For this purpose, specially certified payment service providers are employed which perform the data processing and storage. The user is led directly to the website of the respective provider. Further information on data protection can be found on the websites of the respective service provider.

 

The following data is collected for payment processing:

  • selected method of payment
  • invoice amount
  • amounts paid
  • billing data
  1. Legal basis for data processing

The legal basis for the processing of your data when registering for a user account is consent in accordance with Article 6  (1)  (a) GDPR.

 

When registering for events, the processing of your data serves the fulfillment of a contract or the implementation of pre-contractual measures, so that in these cases the legal basis for the processing of the data is Article 6  (1)  (b) GDPR.

 

  1. Purpose of data processing

The processing of your personal data when registering for an event is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures.

 

If you have also consented to registering for a user account, the purpose of processing your data is to create, provide and manage this user account.

 

  1. Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected.

This is the case when you register for an event if the data is no longer required for the fulfilment of the contract or for the implementation of a pre-contractual measure. However, even after fulfilment of the contract, it may be necessary to store your personal data in order to comply with contractual or legal obligations (e.g. contractual claims for damages or retention obligations under tax law). Your data is therefore regularly stored for a period of 3 years up to 10 years in the case of tax retention periods, even after fulfilment of the contract due to general limitation rules. After this period has expired, your data will be permanently deleted.

If you have given your consent to register for a user account, your data will either be deleted if you request deletion or automatically deleted 2 years after you last logged into the system.

 

  1. Possibility of objection and deletion

You have the option of cancelling your registration for a user account and requesting its deletion at any time. You can have the data stored about you amended at any time. To do so, please contact the controller by email or telephone (see information above).

If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

 

Rights of the Data Subject

 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights:

 

  1. Right to information

If such processing is taking place, you can request the following information from the controller:

  • Right to information about the personal data we have stored about you (Article 15 GDPR);
  • Right to rectification of inaccurate or incomplete personal data (Article 16 GDPR);
  • Right to erasure of stored personal data, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Article 17 GDPR)
  • Right to restriction of processing of personal data (Article 18 GDPR);
  • Right to data portability (Article 20 GDPR);
  • Right to object to processing that serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (Article 21 GDPR);
  • The right to withdraw your consent to the collection, processing and use of your personal data at any time with effect for the future (Article 7 (3) GDPR). This means that we may no longer continue the data processing that was based on this consent in the future;
  • The right to lodge a complaint with a supervisory authority (Article 77 GDPR).