Privacy Policy for CIBSS Centre for Integrative Biological Signalling Studies
Prof. Dr. Wolfgang Driever (CIBSS Speaker)
Prof. Dr. Carola Hunte (CIBSS Speaker)
Prof. Dr. Jürgen Kleine-Vehn (CIBSS Speaker)
Albert-Ludwigs-Universität Freiburg
Schänzlestr. 18
79104 Freiburg
Germany
Responsible institution for data protection purposes:
Albert-Ludwigs-Universität Freiburg
CIBSS Centre for Integrative Biological Signalling Studies
Schänzlestr. 18
79104 Freiburg
Germany
++49 (0)761/203-0
Data protection officer:
University of Freiburg
Data protection officer
datenschutzbeauftragter(at)uni-freiburg.de
Note
In general terms, we take the private sphere of our visitors very seriously and collect only data that are necessary for optimizing the functionality and usability of the web pages.
Insofar as the processing of personal data is necessary within the context of tasks lying within the responsibility of the University of Freiburg or a task that is in the public interest, the processing is conducted on the basis of § 6 para. 1 lit. e of the EU General Data Protection Regulation (EU-GDPR) in conjunction with § 4 of the State Data Protection Act.
In addition, the university has a legitimate interest in processing certain personal data of users and visitors in areas concerning its public image as well as for press work and public relations, particularly with regard to the operation of websites.
Collection of personal data:
Unless otherwise specified on the particular web pages, personal data are collected as follows:
Access to the Internet pages:
Our information pages are provided exclusively on the central web servers of the data center and the web servers of CIBSS.
When you visit this or other web pages, you send data to our web server via your web browser. The following data are retained temporarily in a log file during an ongoing connection only in the case of an error:
- IP address of the requesting computer
- Date and time of the access
- Name, URL, and amount of transferred data from the requested file
- Access status (requested file transferred, not found, etc.)
- Browser type and operating system (if sent by the requesting web browser)
- Web page from which access was obtained (if sent by the requesting web browser)
The data in this log file are processed as follows:
- In individual cases, i.e., reported defects, errors, and security incidents, a manual analysis is conducted.
Security
Unless otherwise stated we do not use Java applets or ActiveX controls. Only a few Javascript functions are used for an appealing presentation of our information pages and various navigation aids. All relevant information can be accessed without Javascript!
Currently the following Javascript functions are used:
- Popup layer for the main navigation
- Popup window for additional information and feedback
For further information:
Press releases from the Federal Office for Information Security (BSI) on Internet security of 21 September 1999: BSI warns against the use of JavaScript.
Use of cookies
Description and categories of data
Our website uses cookies. Cookies are text files stored on the user’s computer system by the internet browser. If a user calls up a website, a cookie can be stored on the user’s computer system. A cookie can include, e.g., a characteristic character string that enables the site to identify the browser when the user again calls up the website.
The following data are stored in cookies and sent to the user’s computer system by this website:
Table 1
Origin | Name | Use | validity | |
cookieconsent_status | user choices about | lasts one year | ||
dp_cookieconsent_status | users choices about | lasts one year | ||
PHPSESSID | internal content | Expires When the browsing session ends | ||
e_typo_user | internal content | Expires When the browsing session ends |
Additionally to track visitors, Matomo (Piwik) by default uses 1st party cookies, set on the domain of the website. Cookies created by Matomo start with: _pk_ref, _pk_cvar, _pk_id, _pk_ses.
When you exclude yourself from being tracked using the cookie method or using the iframe opt-out method, Matomo will create a cookie piwik_ignore set on the domain of the Matomo server. When Matomo is setup on a different domain than the website being tracked, the cookie will a third party cookie. Please note that the piwik_ignore cookie does not contain personal information or any ID and the cookie value is the same for all visitors.
When the opt-out feature is used, there is a cookie called MATOMO_SESSID being created, this cookie is only temporary (it is called a nonce and helps prevent CSRF security issues).
As we are asking for consent before tracking visitors, a cookie mtm_consent will be created.
Matomo by default does not use third party cookies.
- – 13 months (used to store a few details about the user such as the unique visitor ID)
- _pk_ref – 6 months (used to store the attribution information, the referrer initially used to visit the website)
- _pk_ses, _pk_cvar, _pk_hsr – 30 minutes (short lived cookies used to temporarily store data for the visit)
- _pk_testcookie is created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
- mtm_consent (or mtm_consent_removed) are created with an expiry date of 30 years to remember that consent was given (or removed) by the user. It is possible to define a shorter expiry period for your user consent by calling: _paq.push([‘rememberConsentGiven’, optionallyExpireConsentInHours]). Learn more in the Asking for consent developer guide.
- mtm_cookie_consent is created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user. It is possible to define a shorter expiry period for your user cookie consent by calling: _paq.push(['rememberCookieConsentGiven', optionallyExpireConsentInHours]);. Learn more in the Asking for consentdeveloper guide.
Purpose
The purpose of using the technically necessary cookies named under table 1 is to simplify the use of the website for the user. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognized when the user visits the website again later after leaving it.
The purpose of each cookie is listed in the table under table 1.
The user data collected by the cookies are not used to create user profiles.
These purposes also constitute our legitimate interest in processing personal data in accordance with § 6 para. 1 lit. f GDPR.
Legal basis
The legal basis for the processing of personal data using cookies is § 6 para. 1 lit. f GDPR.
Recipient
The recipient of the information contained in the cookies is exclusively the authorized web server, i.e., the university web server that sent the cookie.
Duration of data retention
The cookies are retained for the periods listed in the table under table 1.
Since the cookies are stored on your computer, you also have the possibility of deleting them earlier. For more information, please read the following section.
Consequences of nondisclosure, possibility of objection or removal
Cookies are stored on the user’s computer and transmitted to our site from it. As the user, you therefore also have complete control over the use of cookies – irrespective of the retention periods listed above. You can deactivate or limit the transfer of cookies by changing the settings of your web browser. You can also delete already stored cookies at any time. You can even set your browser to do this automatically. If you deactivate cookies for our website, you may no longer be able to use all functions of the website to their full extent.
Use of Matomo
We use Matomo on our website to analyze the usage behavior of our visitors. Matomo collects data on things like the referrer website a particular user accessed before visiting our website, the subpages of the website the user visits, the amount of time the user spends on a web page, or how often the user visits the page.
The IP address you use to access our website is anonymized. Matomo is configured to mask two bytes of the IP address (e.g.: 192.168.xxx.xxx). This makes it impossible to associate the IP address with the device used to access the site.
Matomo is still set to not send any cookies for the analysis of website usage.
The usage information collected by Matomo is stored exclusively on University of Freiburg servers. The stored usage data are not passed on to third parties. They are not combined with data collected from other pages requiring a disclosure of personal data.
The analysis of the usage behavior of our visitors helps us to optimize our website and make it more user-friendly. This constitutes our legitimate interest in processing data in accordance with § 6 para. 1 lit. f GDPR.
By anonymizing the IP address, we take into sufficient account the interest of the users in protecting their personal data.
Furthermore, we offer users of our website the possibility to opt out of the web analytics procedure. In this case, Matomo stores a cookie on your system that tells it to not collect any usage data. This cookie is not used for the analysis of website usage. Note: If you delete all of your cookies, you will have to reactivate the opt-out cookie.
For more information configuring privacy settings in Matomo, please click on the following link: https://matomo.org/docs/privacy
Description and categories of data
The following data are stored when a user visits individual pages of our website:
- two bytes of the IP address of the user’s system (The software is configured to not store the complete IP addresses but to mask two bytes of the IP address [e.g.: 192.168.xxx.xxx]. This makes it impossible to associate the IP address with the device used to access the site.)
- the web page visited
- the website accessed before visiting our website (referrer).
- The subpages accessed from the web page visited
- the duration of the visit
- how often the web page is accessed
The software runs exclusively on the university’s servers. User data are stored exclusively on our servers. The data are not passed on to third parties.
Personal data are temporarily processed only inasmuch as the complete IP address is processed in volatile memory prior to being stored on the server.
Purpose
The processing of the user’s personal data enables us to analyze the usage behavior of our users. An analysis of the data thus obtained allows us to collect information on the use of individual components of our website. This helps us to continually improve our website and make it more user-friendly. This also constitutes our legitimate interest in processing data in accordance with § 6 para. 1 lit. f GDPR. By anonymizing the IP address and avoiding cookies, we take into sufficient account the interest of the users in protecting their personal data.
Legal basis
The legal basis for the retention of the shortened IP address and the temporary processing of the personal data of users is § 6 para. 1 lit. f GDPR.
Recipient
As no personal data are collected, there is no recipient for them.
Duration of data retention
No personal data is retained permanently.
Consequences of nondisclosure, possibility of objection or removal
Our website observes the “do not track” setting on your browser. If your browser does not offer a “do not track” setting and you do not wish to have your access data retained and analyzed by Matomo, click on the following link to have the Matomo deactivation cookie placed on your browser.
Your rights
§ You have the right to obtain information from the University about the data stored about you and / or to correct incorrectly stored data.
§ You also have the right to cancellation or restriction of processing or a right to object to processing.
§ You have the right to receive the personal information that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another person without hindrance from us.
§ You have the right to complain to the Regulatory Authority if you believe that the processing of personal data concerning you is contrary to the law.
The competent supervisory authority is the state commissioner for data protection and freedom of information Baden-Württemberg https://www.baden-wuerttemberg.datenschutz.de/