you are here: KU.de  Privacy Statement

Information on the Processing of your Personal Data on our Website

We appreciate your interest in our University. The Catholic University of Eichstätt-Ingolstadt (KU) attaches particular importance to the protection of your personal data. In the following, we would like to inform you about how we treat your personal data in accordance with Section 15 Law on Data Protection in the Catholic Church in Germany (Gesetz über den Kirchlichen Datenschutz, KDG).

1. WHAT IS PERSONAL DATA?

Top 

All information concerning a specific or identifiable person. A person is deemed to be identifiable if such person can be identified directly or indirectly. This may be effected by allocating an identifier to such person, for example a name, an ID number, location data, online identification data or one or several distinctive characteristics.

2. BASIC INFORMATION

Top 

2.1. Who is responsible for the processing of my personal data?

Katholische Universität Eichstätt-Ingolstadt (KU)
Ostenstraße 26
85072 Eichstätt
Tel: 08421-93-0; E-Mail: info@ku.de

2.2. How can I contact the University’s data protection officer?

SK-Consulting Group GmbH, Herr Georg Möller
Osterweg 2
32549 Bad Oeynhausen
E-Mail: datenschutz@SK-consulting.com.

3. FURTHER IMPORTANT INFORMATION

Top 

3.1. Why does the KU process my personal data?

Our website provider generates anonymized data automatically in a standardized procedure which we are currently unable to deactivate.

3.2. Why is the KU allowed to process my personal data?

Section 6 para. 1 lit. b KDG serves as a legal basis for data processing operations for which we obtain an approval applicable to certain processing purposes. If the processing of personal data is necessary for the fulfillment of an agreement to which the data subject is a contractual party, as is the case, e.g. in processing operations which are necessary for the delivery of goods or other services or return services, such processing shall be governed by Section 6 para. 1 lit. c KDG. The same shall apply for processing operations necessary for the fulfillment of pre-contractual measures, e.g. in case of inquiries for our goods or services. If our University is governed by a legal obligation making the processing of personal data necessary, e.g. in order to fulfill tax obligations, such processing shall be governed by Section 6 para. 1 lit. d KDG. In exceptional cases, the processing of personal data may become necessary in order to protect vital interests of the data subject or another natural person. For example, this is the case when visitors are injured on our premises and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third parties as a consequence connected to the injury. In such a case, the processing of personal data would be governed by Section 6 para. 1 lit. e KDG. Ultimately, data processing operations can also be based on Section 6 para. 1 lit. g KDG. This serves as a legal basis for procession operations which are not covered by any of the aforementioned legal bases and if the processing of personal data becomes necessary in order to preserve a legitimate interest of our company or a third party, provided that no interests and fundamental rights and freedoms of the data subject prevail which would require protection of personal data.

3.3. Which of my data is collected?

Top 

3.3.1. Cookies

The KU web pages use cookies. Cookies are text files which are placed and stored on a computer’s system via an internet browser.

Numerous websites and servers use cookies. Many cookies have a so-called cookie ID. A cookie ID is a unique identification code of the cookie. It consists of a character sequence with which websites and servers can be traced back to the specific internet browser in which the cookie was saved. This allows accessed websites and servers to differentiate between individual browsers used by the data subject and other internet browsers, which contain different cookies. Like this, individual internet browsers can be recognized and identified by their unique cookie ID. By using cookies, the KU is able to provide more user-friendly services to website users which would not be able without allowing cookies.

Thus, cookies allow us to tailor the information and services on our website to the users’ needs in the best possible way. As mentioned above, cookies enable us to recognize visitors to our web pages. This recognition is important in order to be able to facilitate the use of our website for all visitors. Internet users who allow cookies will not have to enter their login data every time they re-visit the page – this is taken care of by the website and the cookie stored on the user’s computer system. Another common example for the use of cookies are shopping carts in online shops. The online shop remembers the goods added to the virtual cart by a customer by using a cookie.

You have the possibility to deactivate the use of cookies on our website at any time by changing the corresponding setting in the options menu of your internet browser. In doing so, you permanently object to the use of cookies. You also have the possibility to delete cookies at any time in the settings of the internet browser or another software program. The delete function is available in all common web browsers. Please note: if you deactivate the use of cookies in your internet browser, you might not be able to make full use of all functions on our web page.

3.3.2. Collection of general data and information

Top 

The KU website collects a number of general data and information every time a data subject or an automated system accesses the web page. Such general data and information is stored in the server’s log files. The following data can be collected: (1) type and version of the used browser, (2) the operating system type used by the accessing system, (3) the website from which an accessing system is redirected to our web page (so-called ‘referrers’), (4) the sub-pages accessed on our web page via an accessing system, (5) the date and time when the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for the protection against attacks on our IT systems.

When processing such general data and information, the KU does not draw any conclusions to the data subjects. Rather, this information is necessary in order to (1) correctly display and provide the content on our website, (2) optimize the content on our website and advertisement for such content, (3) ensure stable functionality of our IT systems and technology of our web page and (4) be able to provide the necessary information for prosecution and law enforcement purposes in case of a cyberattack. Therefore, such anonymized data and information is analyzed both for statistical purposes and in order to improve data protection and data security in our company with the aim of being able to ensure the best possible level of protection for personal data processed by us. The anonymized data collected by the server log files are stored separately from any personal data entered by a data subject.

3.3.3. Registration on our website

Top 

You have the possibility to register on the KU website by entering personal data. Which kind of personal data is transferred for processing to the responsible department (data processor) is dependent on the respective input mask used for the registration. Any personal data you enter will exclusively be collected and stored for internal use and own purposes by the respectively responsible data processor. The KU is authorized to transfer such data to one or several processors, e.g. parcel services, who will equally use this personal data for internal purposes only which are connected to the department responsible for the processing.

When registering on the KU website, the IP address allocated by the data subject’s internet service provider (ISP) as well as the date and time of registration will be stored. This information is collected because this is the only way to prevent misuse of our services and because this data can support the investigation of crimes committed. This means that storage of this data is necessary for the protection of the responsible data processor. In general, this data is not transferred to third parties, unless there is a legal obligation to disclose or if disclosure becomes necessary in the context of criminal prosecution.

The data subject’s registration and voluntary disclosure of personal data enables the KU to provide the data subject with content or services which can only be offered to registered users due to the nature of the content or service. Registered persons have the possibility to have their personal data, which they entered upon registration, changed or deleted from the responsible department’s database at any time.

The KU will provide information on the nature of personal data stored for the respective data subject at any time upon request. Furthermore, the data subject can request that the responsible data processor corrects or deletes personal data, unless an opposing statutory storage obligation is in place.

3.3.4. Newsletter subscription

Top 

On the KU website, you have the possibility to subscribe to the University’s newsletter. The relevant input mask provides information on which type of personal data must be disclosed to the responsible processor in order to be able to register for the newsletter.

With its newsletter, the KU provides interested readers information on news and events at the University in a regular interval. Our University’s newsletter can generally only be received by a data subject if (1) the data subject has a valid e-mail address and (2) the data subject has subscribed to the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address provided for that purpose for the first time in a double opt in process as soon as a data subject has subscribed to the newsletter. This confirmation e-mail serves the purpose of verifying whether the holder of the e-mail address as the data subject has authorized receipt of the newsletter.

When a person subscribes to the newsletter, we further store the IP address provided by the internet service provider (ISP) of the computer system which was used by the data subject at the point in time of registration as well as the date and time of the subscription. It is necessary to collect this type of data in order to be able to retrace any (possible) misuse of the data subject’s e-mail address at a later point in time. Thus, it serves as legal protection for the responsible data processor.

The personal data collected upon subscription for the newsletter is solely used for the purpose of sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if necessary for the operation of the newsletter service or a registration connected to it, as would be the case for changes to the newsletter service or to the technical conditions. Personal data collected in the context of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. You can also revoke your consent on the storage of personal data for the purpose of sending out the newsletter at any time. If you want to revoke your consent, please use the corresponding link which is included in every newsletter. You can also unsubscribe from the newsletter directly on the website of the responsible data processor or notify the responsible data processor that you no longer want to receive the newsletter in any other way.

3.3.5. Newsletter tracking

Top 

KU newsletters include so-called tracking pixels. A tracking pixel is a miniature graphic embedded into the e-mails which are sent in HTML format. They enable log file recording and analysis. This allows statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel enables the KU to see if and when an e-mail was opened by the recipient and which links contained in the e-mail were accessed by the person.

Any personal data collected by the tracking pixel used in newsletters is stored and analyzed by the responsible data processor in order to improve the newsletter service and to be able to tailor the content of future newsletters to the interests of the recipients. This personal data will not be passed on to third parties. Data subjects shall be entitled to revoke their consent, which they gave separately with regard to this in the double opt in process, at any time. After revocation, this personal data will be deleted by the responsible data processor. If a data subject unsubscribes from the newsletter, the KU deems this an automatic revocation.

3.3.6. Contact via the website

Top 

In accordance with statutory provisions, the KU website contains information offering the user a quick electronic way of contacting our University and enabling direct communication with us. This also includes a general e-mail address. If a person contacts the KU via e-mail or the contact form, any personal data transferred by the respective data subject is stored automatically. Such personal data which was passed on to the KU on a voluntary basis by the data subjects is stored for the purpose of processing their request or contacting the relevant data subject. This personal data will not be passed on to third parties.

3.4. How long will you store my personal data?

Top 

The KU only processes and stores personal data of the data subject for the period of time which is necessary for the storage purpose or if this is provided for by a European regulator or issuer of directives or another legislator or is stipulated in a law or regulation to which the responsible data processor is subject.

If the storage purpose lapses or a deadline stipulated by a European regulator or issuer of directives or another responsible legislator expires, such personal data will be deleted or blocked in a routine procedure in accordance with statutory provisions.

3.5. Do I have to provide my personal data?

Top 

In order to fulfill the reasons stipulated in 3.1, it is necessary that you provide us with your personal data.

It is mandatory and prescribed by law that you provide your personal data for the fulfillment of the agreement between you and the KU. If you deny provision of your data, we will not be able to conclude an agreement with you. Should you have any complaints, you can contact the relevant data protection supervision (responsible data protection officer of the diocese) at any time.

You are entitled to a judicial examination of the issue in accordance with Section 49 para. 1 KDG against a supervisory authority or in accordance with Section 49 para. 2 KDG against us.

3.6. Automated decision making/profiling

Top 

There will be no automated decision making/profiling.

4. WHAT ARE MY RIGHTS?

Top 

4.1. Information on your rights

As a data subject, you have amongst others the following rights in accordance with the KDG (in the following also referred to as “Data Subject Rights”):

4.2. Right to information in accordance with Section 17 KDG

You have the right to request information as to whether or not we process your personal data. If we process your personal data, you have the right to know

  • the purposes of the processing
  • the type of personal data which is processed
  • the recipient or categories of recipients to which such personal data was disclosed or will be disclosed, in particular if the recipient is in a third country or an international organization
  • if possible, the planned period for which your personal data will be stored or, if this is not possible, the criteria used to determine that period
  • the right to notification or deletion of personal data concerning your person or the right to request restrictions of processing by the respective responsible processor or the right to object to the processing
  • the right to appeal to the data protection supervision
  • if the personal data was not collected from the data subject directly, all available information on the origin of your data
  • the existence of an automated decision making process including profiling in accordance with Section 24 para. 1 and 4 KDG and – at least in those cases – relevant information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject
  • that you are entitled to be informed whether, and if so, on the basis of which guarantees, your data is adequately protected by the data recipient in case of a transfer of your personal data to a country outside the European Union;
  • about your right of requesting a copy of your personal data. The first copy is issued free of charge; an appropriate fee may be charged for any further copies. A copy can only be provided if no rights of another person are affected thereby.

4.3. Right to rectification of personal data in accordance with Section 18 KDG

Top 

You have the right to request rectification of your personal data in case it is incorrect and/or incomplete. This right also includes the right to completion by additional statements or notifications. Any rectifications and/or additions must be made without undue delay.

4.4. Right to erasure of personal data in accordance with Section 19 KDG

You have the right to request erasure of your personal data if

  • such personal data is no longer required for the purposes for which it was collected and processed;
  • processing of your personal data is effected on the basis of your consent and you have withdrawn such consent; however, this shall not apply if such data processing is permitted by another statutory authorization;
  • you have filed an objection to the processing of your personal data which is permitted by law on the basis of the so-called “legitimate interest”; however, an erasure must not be effected if legitimate reasons for a continued processing have priority;
  • you have filed an objection to the processing of your personal data for the purposes of direct marketing
  • your personal data has been unlawfully processed;

You shall not be entitled to a right of erasure of personal data if

  • the right to freedom of expression and information is opposed to the deletion request;
  • the processing of personal data is necessary

    • for the fulfillment of a legal obligation (e.g. statutory storage obligations),
    • for the purposes of public tasks or interests in accordance with applicable law (this also includes “public health”) or
    • for archiving or research purposes;

  • the personal data is required for asserting, exercising or defending legal claims.

Erasure must be effected immediately (without undue delay). If we have publicly disclosed personal data (e.g. on the internet), it is our responsibility to ensure, to the extent technically possible and reasonable, that other data processors are informed of the erasure request including the erasure of links, copies and/or other duplicates.

4.5. Right to restrictions of data processing in accordance with Section 20 KDG

Top 

You have the right to request restrictions in the processing of your personal data in the following cases:

  • If you have contested the accuracy of your personal data, you can request that we do not use your data for other purposes during the period in which its accuracy is verified, thus request a restriction of processing of such data.
  • In case of unlawful processing of your personal data, you can request restriction of processing instead of erasure of the data;
  • If you require your personal data for the assertion, exercise or defense of legal claims, but we no longer require your personal data, you can request that we impose restrictions on the processing for prosecution purposes;
  • If you have filed an objection against data processing and if it is still unclear whether our interests in a processing take precedence over your interests, you can request that your data is not used for other purposes for the duration of the verification and thus request a restriction of processing.

Any personal data, the processing of which was restricted upon your request, may, subject to storage, only be processed for

  • asserting, exercising or defending legal claims
  • the protection of the rights of other natural persons or legal entities or
  • reasons of an important public interest

provided that you give your consent.

You will be informed in advance if a processing restriction is to be lifted.

4.6. Right to data portability in accordance with Section 22 KDG

Top 

You have the right to request that we provide you with the data you have provided to us in a common electronic format (e.g. PDF or excel file).

You can also request that we directly transfer such data to another company (as named by you) as far as technically possible for us.

The prerequisite for your right to such request is that the processing is effected on the basis of a consent or for the implementation of an agreement and by using automated processes.

Exercising the right to data portability must not adversely affect the rights and freedoms of other persons. If you make use of your right to data portability, your right to erasure of data shall remain unaffected.

4.7. Right to object to certain data processing in accordance with Section 23 KDG

Top 

If your data is processed for the performance of tasks in the public interest or for the performance of legitimate interests, you can object to this processing. In doing so, you must state the reasons for your objection arising from your particular situation, such as e.g. special family circumstances or interests in confidentiality worthy of protection.

In case of an objection, we shall be obliged to refrain from processing your personal data, unless

  • there are compelling and legitimate grounds for a processing which take precedence over your interests, rights and freedoms, or
  • the processing is necessary for asserting, exercising or defending legal claims.

You have the right to object to a use of your personal data for direct marketing purposes at any time; this shall also apply to profiling, insofar as such profiling is connected to direct marketing. In case of an objection, we will no longer be authorized to use your personal data for direct marketing purposes.

⇒ Direct marketing and/or profiling is not arranged for or effected by us in any case.

4.8. Prohibition of automated decisions/profiling in accordance with Section 24 KDG

Top 

We are not allowed to base decisions taken by us, which have legal consequences or a significant adverse effect for you, exclusively on automated processing of personal data. The same shall apply to profiling. This prohibition shall not apply insofar as the automated decision making

  • is necessary for the conclusion or implementation of an agreement with you,
  • is permissible in accordance with legal provisions, if such legal provisions include appropriate measures for the protection of your rights and freedoms as well as your legitimate interests, or
  • is effected with your explicit consent.

Decisions which are exclusively based on automated processing of special types of personal data (=sensitive data), are only permissible in cases when

  • they are taken on the basis of your explicit consent or
  • there is considerable public interest in the processing

and if appropriate measures were taken for the protection of your rights and freedoms as well as your legitimate interests.

 

 

4.9. Exercise of Data Subject Rights

Top 

Please contact us if you would like to exert your Data Subject Rights. Requests which are submitted electronically are generally answered electronically. In general, all information which is to be provided in accordance with the KDG as well as all notifications and measures including exercise of the Data Subject Rights are provided free of charge. We are entitled to request a reasonable fee for further copies in order to cover administrative costs .

If there is reasonable doubt about your identity, we shall be entitled to request additional information from you for identification purposes.

In general, any requests for information are processed immediately within one month from receipt of the request. This deadline can be extended by a further two months if an extension is necessary in view of the complexity and/or number of requests; in case of a deadline extension, we shall inform you within one month after receipt of your request and state reasons for the delay. If we do not get active with regard to a request, we shall inform you immediately within one month after receipt of the request and state reasons for this. We shall also inform you of your possibility to file a complaint with a supervisory authority or seek judicial remedy before a court.

5. DATA PROTECTION NOTICE ON INTEGRATED COMPONENTS ON THIS WEBSITE

Top 

5.1. Data protection regulations for the application and use of Facebook

The KU has integrated components of the Facebook corporation on its website. Facebook is a social network.

A social network is a social meeting point on the internet and an online community which generally allows its users to communicate and interact with each other within a virtual space. A social network can be used as a platform for exchanging opinions and experiences or allows the internet community to share personal or company information. Amongst others, the social network Facebook allows its users to set up private profiles, upload pictures and carry out networking activities via friend requests.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsible for data processing for data subjects outside the USA and Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Every time a user opens a single page of this website, which is operated by the KU and on which a Facebook component (Facebook plug-in) is embedded, the respective Facebook component automatically initiates a download of an image of this Facebook component from Facebook to the internet browser on the data subject’s IT system. An overview of all Facebook plug-ins is available at developers.facebook.com/docs/plugins/. In the context of this technical process, Facebook gains information on the specific sub-pages of our website that are visited by data subjects.

If data subjects are logged on to Facebook while visiting our website, Facebook is able to recognize which sub-pages they access every time they visit our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and allocated to the respective data subject’s Facebook account. If the data subject clicks on a Facebook button which is embedded into our website, e.g. the “Like” button, or if the data subject adds a comment, Facebook connects this information with the personal Facebook user account of the data subject and stores this personal data.

The Facebook component will inform Facebook each time a data subject, who is at the same time logged on to Facebook, visits our website; this process is carried out irrespective of whether the data subject clicks on the Facebook component or not. If data subjects do not want this information to be transferred to Facebook, they can prevent transmission of this information by logging off from Facebook before accessing our website.

The data policies published by Facebook are available at de-de.facebook.com/about/privacy/ and provide detailed information on the collection, processing and use of personal data by Facebook.

Furthermore, they also provide information on settings for the protection of data subjects’ privacy offered by Facebook. There are also different applications which enable a data subject to suppress data transmission to Facebook. Furthermore, we have a company profile on Facebook. In connection to this company page, we would like to notify as follows:

  • Within the meaning of the EU General Data Protection Regulation (GDPR) and any other data protection regulations, the following parties are collectively responsible for the operation of this Facebook page:
    Facebook Ireland Ltd. (hereinafter referred to as „Facebook“)
    4 Grand Canal Square
    Grand Canal Harbour
    Dublin 2
    Ireland
    and
    Catholic University of Eichstätt-Ingolstadt (KU)
    Ostenstraße 26, 85072 Eichstätt, Germany.

  • As soon as you access our company page, your browser establishes a connection with Facebook and transfers information. This transferred data includes, amongst others:

    For users who are not registered with or logged onto Facebook:
    IP address: When a Facebook company page is accessed, Facebook automatically identifies the accessing user’s IP address.
    Cookies: If you access our company page, Facebook will automatically place cookies. According to information provided by Facebook, the so-called datr cookie enables Facebook to identify the web browser with which the connection to the Facebook page is established. This cookie plays a key role when it comes to protecting the social network from “malicious activity”. The datr cookie is valid for two years, but can be deleted by changing the browser settings.

    For users who are registered with and logged onto Facebook:
    IP address: Facebook also collects the IP address of users who are logged in (see above).
    Cookies: In this case as well, Facebook places a datr cookie (see above).

    If you are a member of Facebook and are logged on to Facebook while visiting our company profile, the c_user cookie will be additionally activated. Facebook will then connect the fact that you access the company page to your personal user account. This allows Facebook to draw conclusions on your user behavior.

  • Facebook processes user data for the following purposes:
    - Advertising, analysis, creation of personalized advertising
    - Creation of user profiles
    - Market research

    When the company page is accessed, Facebook automatically stores information transferred by your browser to Facebook in a log file. We explicitly state that we neither have any knowledge of the extent and content of the data collected by Facebook nor of its processing and use or possible transfer to third parties by Facebook.

    For information on Facebook’s data protection policy, please click here (https://www.facebook.com/policy.php ) to access Facebook’s privacy statement.

  • Facebook insights
    Furthermore, Facebook provides operators of company pages with a tool for measuring statistical information (=non-personal data) on how their pages are accessed and used. This includes, for example, the total number of page views, “Likes”, page activity, interactions on posts, video views, reach of posts, shared contents, replies, share of men and women and the origin of users (country and city) as well as their language.

  • What you can do to prevent this
    If you are a member of Facebook and you do not want Facebook to collect your data via our company page and connect such data to your member data stored on Facebook, you have to:
    - log off from Facebook before you access our company profile
    - in a next step delete any and all cookies stored on your computer
    - and quit and restart your browser.

    Like this, according to Facebook’s own statement, any and all Facebook information by which you could be identified is being deleted.

  • Opt-out possibilities
    are available here https://www.facebook.com/settings?tab=ads and here http://www.youronlinechoices.com/. Facebook Inc., the US-American parent company of Facebook Ireland Ltd. is certified under the EU-U.S. Privacy Shield and thus commits to adhere to European data protection guidelines.

  • Additional information on Facebook’s Privacy Shield status
    is available here https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. We, as operators of the company page, cannot rule out the transfer and further processing of personal user data to third countries, such as for example the USA, as well as any connected risks for users.

  • In accordance with the GDPR, you can exert your Data Subject Rights primarily towards Facebook Ireland or towards us, • In accordance with the judgment of the European Court of Justice (ECJ), the company page is jointly controlled by Facebook and us within the meaning of Art. 26 GDPR; in this context, please see Page Controller Addendum.

  • In accordance with the GDPR, the primary responsibility for the processing of insights data lies with Facebook and Facebook fulfills any and all obligations arising from the GDPR in connection with the processing of insights data,

  • Facebook Ireland shall provide the data subject with main information regarding the Page Insights Addendum,

  • Only Facebook Ireland shall make decisions on the processing of insights data and carry out such processing.

  • We do not make any decisions on the processing of insights data and all other information arising from Art. 13 GDPR, including the legal basis, identity of the controller and the period for which cookies are stored on the users’ devices.

  • The legal basis for the processing of insights data arises from Art. 6 para. 1 sentence 1 lit. f GDPR (overriding legitimate interest). Our aim is to make the page more attractive for our users.

5.2. Data protection regulations for the application and use of Instagram

Top 

The KU has integrated Instagram components on its website. Instagram is a service which qualifies as audiovisual platform and which enables its users to share photos and videos on Instagram directly and in other social networks.

Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time a user opens a single page of this website, which is operated by the KU and on which an Instagram component (Insta button) is embedded, the respective Instagram component automatically initiates a download of an image of such component from Instagram to the internet browser on the data subject’s IT system. In the context of this technical process, Instagram gains information on the specific sub-pages of our website that are visited by data subjects.

If data subjects are logged on to Instagram while visiting our website, Instagram is able to recognize which sub-pages they access every time they visit our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and allocated to the respective data subject’s Instagram account. If the data subject clicks on an Instagram button which is embedded into our website, the thus transmitted data and information will be allocated to the personal Instagram account of the data subject and will be stored and processed by Instagram.

The Instagram component will inform Instagram each time a data subject, who is at the same time logged on to Instagram, visits our website; this process is carried out irrespective of whether the data subject clicks on the Instagram component or not. If data subjects do not want this information to be transferred to Instagram, they can prevent transmission of this information by logging off from Instagram before accessing our website. For further information and the currently applicable Instagram data protection regulations, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

5.3. Data protection regulations for the application and use of Matomo

Top 

The KU has integrated the Matomo component on this website. Matomo is an open source software tool for web analysis. Web analysis means the collection and analysis of data on the behavior of website visitors. Amongst others, a website analysis tool collects data on the websites from which data subjects were referred to our website (so-called referrers), on how many sub-pages of the website were accessed or how many times and for how long a sub-page was accessed. Web analysis mainly serves the purpose of optimizing a website and for cost-benefit-analyses of internet advertising.

The software is operated on the KU server; sensible log files containing personal data are stored exclusively on this server.

The Matomo component serves the purpose of analyzing the flow of visitors on our website. The responsible data processor uses the collected data and information amongst others for the evaluation of website use and to compile online reports showing the activity on our web pages.

Matomo places a cookie in the data subject’s IT system. For an explanation on cookies, please see above. By placing the cookie, we are able to analyze how our website is used. With every access to one of the sub-pages of our website, the Matomo component automatically triggers a data transfer by the internet browser on the data subject’s IT system to our server for the purposes of online analysis. This technical procedure provides us with information on personal data, such as the IP address of the data subject which allows us to retrace the origin and clicks of our website visitors.

Cookies store personal information, such as the date and time as well as the location and origin of the access and the frequency of visits to our website. This personal data, including the IP address of the internet connection used by the data subject, is transferred to our server with every access to our websites. This personal data is stored by us. We do not transfer this personal data to third parties.

You have the possibility to deactivate the use of cookies on our website at any time, as mentioned above, by changing the corresponding setting in the options menu of your internet browser. In doing so, you permanently object to the use of cookies. Changing the settings of the used internet browser accordingly would also prevent Matomo from placing a cookie on your IT system. You also have the possibility to delete a cookie placed by Matomo at any time in the settings of the internet browser or another software program.

Please note: If all KU cookies are deleted, this also results in deletion of the Matomo deactivation cookie, which might then have to be reactivated.

For further information and the currently applicable Matomo data protection regulations, please visit matomo.org/privacy/.

 

 

5.4. Data protection regulations for the application and use of Xing

Top 

The KU has integrated Xing components on this website. Xing is an online-based social network which enables users to connect with existing professional contacts and establish new business contacts. Individual users can set up a personal user profile on the Xing platform. Companies can set up company profiles or publish job advertisements on Xing.

Xing is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Every time a user opens a single page of this website, which is operated by the KU and on which a Xing component (Xing plug-in) is embedded, the respective Xing component automatically initiates a download of an image of such component from Xing to the internet browser on the data subject’s IT system. Further information on the Xing plug-ins is available at https://dev.xing.com/plugins. In the context of this technical process, Xing gains information on the specific sub-pages of our website that are visited by data subjects.

If data subjects are logged on to Xing while visiting our website, Xing is able to recognize which sub-pages they access every time they visit our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and allocated to the respective data subject’s Xing account. If the data subject clicks on a Xing button which is embedded into our website, e.g. the “Share” button, Xing connects this information with the personal Xing user account of the data subject and stores this personal data.

The Xing component will inform Xing each time a data subject, who is at the same time logged on to Xing, visits our website; this process is carried out irrespective of whether the data subject clicks on the Xing component or not. If data subjects do not want this information to be transferred to Xing, they can prevent transmission of this information by logging off from Xing before accessing our website.

The data protection regulations published by Xing are available at https://www.xing.com/privacy and provide detailed information on the collection, processing and use of personal data by Xing. Furthermore, Xing published a data protection notice for the XING Share button at https://www.xing.com/app/share?op=data_protection.

5.5. Data protection regulations for the application and use of YouTube

Top 

The KU has integrated YouTube components on this website. YouTube is an online video portal which enables users to upload video clips free of charge which can be viewed, rated and commented by other users, also free of charge. YouTube allows publication of all kinds of videos, which is why also entire TV shows and movies are available on the platform but also music videos, trailers or videos produced by the users themselves.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC, is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time a user opens a single page of this website, which is operated by the KU and on which a YouTube component (YouTube video) is embedded, the respective YouTube component automatically initiates a download of an image of such component from YouTube to the internet browser on the data subject’s IT system. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. In the context of this technical process, YouTube and Google gain information on the specific sub-pages of our website that are visited by data subjects.

If the data subject is logged on to YouTube while accessing one of our sub-pages containing a YouTube video, YouTube is able to recognize which specific sub-page of our website is visited by the data subject. This information is collected by YouTube and Google and allocated to the respective data subject’s YouTube account.

The YouTube component will inform YouTube and Google each time a data subject, who is at the same time logged on to YouTube, visits our website; this process is carried out irrespective of whether the data subject clicks on a YouTube video or not. If data subjects do not want this information to be transferred to YouTube and Google, they can prevent transmission of this information by logging off from their YouTube account before accessing our website.

The data protection regulations published by YouTube are available at https://www.google.de/intl/de/policies/privacy/ and provide detailed information on the collection, processing and use of personal data by YouTube and Google.