You are here: Home Privacy Policy

Privacy Policy

Privacy Policy in German

General Information

Responsible for the data management of this web serivce is the Albert-Ludwigs Univserity Freiburg, Friedrichstraße 39, 79098 Freiburg, represented by the Rector Prof. Dr. Dr. h.c. Hans-Jochen Schiewer. Contact can be sought through the following channels:

Albert-Ludwigs-Universität Freiburg

Friedrichstraße 39
79098 Freiburg


Phone: +49 761 203 - 0

Contact info of Data Protection Officer (DPO):
Albert-Ludwigs-Universität Freiburg
79085 Freiburg


Information regarding rights of individuals affected

Under Article 15 of EU General Data Protection Regulation (EU-GDPR), the data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and if so, what data is specifically being processed. For this, a copy of the data can be obtained, as long as there is no legal exemption. Should the data be incomplete or incorrect, the subject has the right to rectification in accordance with Article 16 EU-GDPR.

Further rights of individuals affected are:

  • Art. 17 EU-GDPR: Erasure of personal data, when there is a cited cause for erasure.
  • Art. 18 EU-GDPR: Restriction of processing of personal data, when there is a cited cause.
  • Art. 20 EU-GDPR: Data portability to a provider, when the processing happens based on consent or on a contract.
  • Art. 21 EU-GDPR: The data subject has the right to object, on the grounds relating to his or her particular situation, to the otherwise legal processing of personal data.
  • Art. 22 EU-GDPR: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. 

Right of appeal

There is a right of appeal at the regulatory authority responsible for the Albert-Ludwigs University Freiburg:

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Baden Württemberg
House and package address
Königstraße 10 a
70173 Stuttgart

Postal address

Postfach 10 29 32

70025 Stuttgart

Information about individual processings

Processing of log data (access data): When using the web service, the access to the pages, whether or not the access was successful, the time, the data volume transferred and the IP address of the device are evaluated in order to recognise errors. The processing happens only internally and on the basis of Art. 6(1)(f) EU-GDPR, whereas the interest lies in error detection. The stored log data is deleted automatically after 7 calendar days.

Automatic log-in on smartphones

When using the web service with an account, it is possible to stay logged in with a smartphone. For this, a cookie is placed on the device with the encrypted log-in data. Simultaneously, a digital fingerprint of the device is placed on the server. The digital fingerprint is calculated on the basis of various parameters. For this, following information is evaluated:

  • SCREEN_SIZE_AND_COLOR_DEPTH (screen size and color depth)
  • DEVICE_ATTRIBUTES: id, model, vendor, build, device_os_version (attributes of device in use: ID, model name, manufacturer, series, OS version of device)
  • ACCEPT_LANGUAGE (language settings)
  • TIME_ZONE (time zone)
  • DEVICE_TYPE (device type)
  • BROWSER_TYPE (browser type)

The data used for the identification of the device is stored on the university server. The storage and processing occurs based on an agreement in accordance with Art 6(1)(a) EU-GDPR, which is provided by the user of the device when activating the automatic log-in function. No data is shared with third parties. The data is used exclusively for the clear identification of the device used, in connection with the automatic log-in. An automatic log-in is only successful when the digital fingerprint matches, the username and password can be decrypted and the actual log-in data matches. Automatic log-in will be deleted automatically should it not be used for 4 weeks. Additionally, the user can always deactivate automatic log-in in their account settings, e.g. when the device is lost. By storing the device´s data mentioned above, the user can keep multiple devices seperate in his/her account and deactivate automatic log-in for individual devices. The processing of the data is legitimized by the agreement up to the point of withdrawal.