Privacy Policy of Nextcloud
Scope
This privacy policy is valid for the Nextcloud which is offered behind the domain cloud.min.uni-hamburg.de.
Contact Details
Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity (“Controller”) is:
Universität Hamburg
Mittelweg 177
20148 Hamburg
Phone: +49 40 42838 0
Fax: +49 40 42838 9586
Universität Hamburg is a corporate body organized in accordance with German public law. Univ.-Prof. Dr. Hauke Heekeren, President of Universität Hamburg, Mittelweg 177, 20148 Hamburg, Germany is authorized to represent the University.
Universität Hamburg Data Protection Officer Contact Details
Universität Hamburg Data Protection Officer
Mittelweg 177
20148 Hamburg
Phone: +49 40 42838 2957
E-mail: datenschutz@uni-hamburg.de
A. Data processing
1. Accessing this website and creation of log files
Information are collected every time this website is accessed or used. These data and information are stored in log files on the server and can include:
- IP address
- browser type / browser version
- date and time the website was accessed
- user Internet service provider
- user operating system
- referring website
- websites accessed by the User’s system through our website
The temporary storage of data and log files is lawful pursuant to Article 6 (1) lit. f General Data Protection Regulation (Datenschutz-Grundverordnung – DSGVO)
The IP address is temporarily stored in the system as it is necessary to provide website access to the User’s computer. The IP address is retained while that website is being accessed.
These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.
The data will be deleted when they are no longer needed for the purpose they were collected. For data collected to provide access to the website, this will be at the end of every session.
For log files, this will occur after seven days at the latest. Some data may be preserved for a longer period of time, in which case user IP addresses are deleted or removed, rendering it impossible to link the data to any individual.
2. Cookies
Our website uses cookies. Cookies are small data files, created and stored by the Internet browser on your computer’s hard drive. Accessing a website may result in a cookie being saved on your operating system. This cookie contains a specific string of characters that allows the browser to be clearly recognized every time the website is accessed.
We use cookies to make our website more user-friendly.
The processing of personal data based on the use of cookies is lawful pursuant to Article 6 paragraph 1 lit. f GDPR (General Data Protection Regulation).
The purpose of these technical cookies is to simplify website use.
Cookies are stored on the User’s computer and transferred to us. That is why you, as the User, have full control over cookie implementation. You can deactivate or restrict cookies by changing your browser settings Cookies already stored on your hard drive can be deleted at any time. This can also be done automatically. However, disabling cookies for our website may result in some functions not working correctly.
3. Contact form and email contact
There are contact forms on our webpage that can be used to communicate electronically. When registering, the data entered by you into the online data entry form will be transmitted. Your consent is required for the processing of this data, and you will be referred to our Privacy Statement and asked to grant your consent when you send the form.
Alternatively, contact may be initiated using an email address provided by you. In this case, the personal data provided in the email will be stored. This information will not be passed on to third parties.
This processing is lawful pursuant to Article 6 paragraph 1 lit. e GDPR in conjunction with Section 4 Hamburg data protection and privacy act (Hamburgisches Datenschutzgesetz, HmbDSG), where the processing of the personal data provided by you to process your inquiry is required to discharge our duties. Communication of additional information by you is voluntary, based on your consent pursuant to Article 6 paragraph 1 lit. a GDPR.
These data are only stored for the purposes of processing that communication. The data will be deleted when they are no longer needed for the purpose they were collected. Personal data derived from the online data entry form and any data transmitted via email will be deleted once the communication with the User has been concluded.
4. Login
Users can login on our webpage by providing personal data. The following personal data will be transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Name of user
- E-mail address
- Two-factor authentication
- Security codes
- Time-based One-time Password (TOTP)
- Universal Second Factor (U2F)
- Time of last login
- IP address
You will be asked to grant your consent for the processing of this data as part of the login process. The IP address of successful logins is stored together with the internal user ID. This data is needed for a neural network to detect unauthorized access, which increases the security of our accounts.
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
User login is necessary to provide specific content and services on our website, including the creation and administration of user accounts, participation in surveys, the administration of applications for admission and placement tests, the organization of examinations, registering for courses, events, examinations, and the administrative tasks associated with them.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
5. Sharing of Content
On our website, users can share content with other users or external persons. Among other things, files, folders, calendars, appointments, and tasks can be shared. For this purpose, each user is stored in a global list that is searchable by each user. This list is shared with other Nextcloud instances. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Name of the user
- Shared content
Participants in our federated cloud:
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
6. Activities
On our website, changes made by users to any content are stored. This makes it possible to track who has made a change. These can be viewed by other users who have access to the respective content. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Affected content
- Type of the change
- Time of the change
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or when they are older than 180 days.
7. File Management
On our website, users can upload, edit and delete files. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Contents of the file and all associated attributes
- Time of the last change
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
8. Calendar, Appointments, and Tasks
On our website, users can create, edit and delete calendars. This makes it possible to manage appointments and tasks. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Contact data with all associated attributes, including but not limited to:
- Title
- Location
- Description
- Date and time
- Status
- Participants
- Tasks with all associated attributes, including:
- Title
- Description of task
- Status
- Time of the last change
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
9. Surveys and Forms
On our website, users can create, edit and delete surveys and forms. This makes it possible to collect and evaluate anonymous or personal data. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg (if the data is not collected anonymously)
- Answers of the user to the form fields
- Time of transmission
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
10. Collabora
Users can edit documents on our website. The Collabora service can be used for this purpose. This service is provided by us under the domain office.min.uni-hamburg.de. The following personal data will be transmitted:
- Local user name or user ID of the Universität Hamburg
- Name of the file
- Contents of the file and all associated attributes
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The documents are transferred to the Collabora service when the editing process is started. Each change is saved again in the Nextcloud.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
11. BigBlueButton
Users can create video conference rooms on our website. The BigBlueButton service of the physics department is used for this purpose. The following personal data is transmitted in the process:
- Local user name or user ID of the Universität Hamburg
- Name of the user
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
The data will be deleted when they are no longer needed for the purpose they were collected or the account has been inactive for one year.
B. Your Rights
You have the following rights:
- the right to information regarding personal data pertaining to you that is stored by us (Article 15 GDPR)
- the right to correction of any incorrect or incomplete personal information (Article 16 GDPR)
- the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Article 17 GDPR)
- the right to limited processing of personal data (Article 18 GDPR)
- the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21, GDPR);
- the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR) – this means that the data processing related to that consent will no longer be carried out;
- the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR)
C. Revocation of Consent / Objecting to Processing of Personal Data
You can exercise your right to object, your right of rectification and your right to revoke consent to the processing of your personal data by contacting:
Universität Hamburg Data Protection Officer
Mittelweg 177
20148 Hamburg
Phone: +49 40 42838 2957
E-mail: datenschutz@uni-hamburg.de