1. Name and address of the controller
Controller for the purposes of the General Data Protection Regulation is the:
Research Group Law - Gender - Collectivity
Project Management Prof. Dr. Beate Binder
Institute for European Ethnology (IfEE)
Humboldt University Berlin (HU)
Tel: +49 (0)302093-70845
2. Name and address of the data protection officer
The data protection officer of the Humboldt University Berlin is:
Ms Gesine Hoffmann-Holland
Official Data Protection Officer of the Humboldt University Berlin
Unter den Linden 6
Tel: +49 (30) 2093-2591
3. Data processing and purposes of processing
This website of the Humboldt University Berlin collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following data are collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) the Internet protocol address (IP address) reduced by the last digit for anonymization purposes, and (7) other similar data and information that serve as to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the Humboldt University Berlin does not draw any conclusions about the data subject. Rather, this information is required in order to (1) correctly deliver the content of our website, (2) optimize the content of our website, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, the Humboldt University Berlin analyses anonymously collected data and information on the one hand, and furthermore with the goal of improving the data protection and data security of our institution, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
If a data subject contacts the controller via e-mail, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject will be stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.
4. Erasure and blocking of personal data
The website does not collect any personal data. The log data mentioned under 3. will be erased after one week.
5. Rights of the data subject (withdrawal, access, rectification, erasure)
Any person affected by the processing of personal data has the right, in accordance with the relevant legal provisions, to request from the controller free of charge access or confirmation about the personal data stored about him or her. In addition, there is a right to the immediate rectification of inaccurate personal data or erasure, or to the restriction of processing or a right to object to processing.
Consent to the processing of personal data under data protection law may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.
There is the right to receive the personal data provided by the data subject in a structured, common and machine-readable format and to transmit it to other controllers.
In addition, without prejudice to any other administrative or judicial remedy, a complaint may be lodged with a supervisory authority in a Member State if there is doubt as to the lawfulness of the processing of personal data concerning them.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the web browser used and thus permanently dissent to the setting of cookies. Furthermore, cookies that have already been set can be erased at any time via a web browser or other software programs. This is possible in all common web browsers.
7. Data protection provisions on the use and application of social media
Links to the social media platform Twitter were integrated into the HU website. However, this is not an integration of data such as the “Like” button, but exclusively links to the respective external presentation of our institution on the corresponding platform. No data relevant to data protection is stored.
8. Legal basis of the processing
Article 6, paragraph I, point a GDPR serves our institution as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary, as is the case, for example, of processing operations that are necessary for sending university publications, the processing is based on Article 6, paragraph I, point b GDPR. If our institution is subject to a legal obligation by which a processing of personal data becomes necessary, the processing is based on Article 6, paragraph I, point c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person.
a) personal data
personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) the data subject
data subject means any identified or identifiable natural person whose personal data are processed by the controller(s).
processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) restriction of processing
restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) controller or person responsible for processing
the controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for under Union or Member State law.
processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the context of a specific inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) third party
third party means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data.
consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.