General Preliminary Remarks
The EACSL takes the protection of personal data very seriously. We process personal data which are collected when visiting our websites in compliance with the applicable data protection regulations. In particular, the North-Rhine Westphalia Data Protection Act (DSG NRW), the General Data Protection Regulation (GDPR) and the German Teleservices Act (TMG) apply.
Contact Details of the Data Protection Officer
The Data Protection Officer of the EACSL can be reached at:
Prof. Dr. Thomas Schwentick
Fakultät für Informatik
I. Scope of Processing of Personal Data
We only process personal data of our users if this is necessary to provide a functional website and if this is required to make our contents and services available. The processing of personal data of our users takes place as a rule only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted under statutory regulations.
II. Data Erasure and Duration of Storage
The personal data of the data subject will be erased or made unavailable as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other ordinances to which the responsible person is subject. The data will also be made unavailable or erased if a storage period prescribed by the named norms expires, unless the continued storage of the data is necessary for the conclusion or fulfillment of a contract.
III. Provision of the Website and Creation of Log Files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected here:
- Information about the browser type and version used
- Operating system of the user
- IP address of the user
- Date and time of access
The data are also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Purpose and legal basis for data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this purpose, the user’s IP address must be stored for the duration of the session. (Necessity for the fulfillment of the task of the university Art. 6 (1) (e) GDPR)
Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. (Necessity for the fulfillment of the task of the university Art. 6 (1) (e) GDPR).
3. Duration of storage
Processing will take place during use until the end of each session.
If the data are stored in log files, this is the case for a maximum of 24 hours. After that, the IP addresses of the users are anonymized, so that an assignment to the accessing client is no longer possible.
IV. Rights of the Person Concerned
If your personal data are processed, you are affected within the meaning of the GDPR, and you have the following rights vis-à-vis the responsible person:
If you want to exercise your rights, please contact the EACSL.
1. Right of access by the data subject (Art. 15 GDPR)
You have the right to information about personal data concerning you that is collected, processed or, if relevant, transferred to third parties.
2. Right to object (Art. 21 GDPR)
You have the right to object to the processing of your personal data if the processing is based on Art. 6 (1) e or f GDPR.
3. Right to erasure (Art. 17 GDPR)
In particular, after the legally prescribed retention periods have expired, you have the right to have your data erased.
4. Right to restriction of processing (Art. 18 GDPR)
In special cases, you have the right to restrict processing. This is the case if the data processing is unlawful, if you dispute the accuracy of the data collected or if you have filed an objection to the processing. You can also request a restriction of the processing if the data are subject to an erasure obligation because the purpose of the processing has been achieved, but you need these data to assert legal claims. You must request a processing restriction.
5. Right to rectification (Art. 16 GDPR)
You have the right to have incorrect personal data rectified.
6. Right to revoke the data protection consent declaration (Art. 7 GDPR)
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
7. Right to complain to a supervisory authority
If you have any questions or complaints regarding data protection, you can always contact a data protection supervisory authority. In our case, the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia is responsible.
Name and Address of the Responsible Person
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Prof. Dr. Thomas Schwentick
Fakultät für Informatik