Data Protection Information

Information according to Articles 13 and 14 General Data Protection Regulation (GDPR) for the use of the eJourney website and its services

 

The University of Mannheim and other universities have formed an alliance in the context of the ENGAGE.EU project and are responsible for the processing of personal data. In this respect, they are joint controllers within the meaning of Article 26 GDPR. Information on the other joint controllers can be found below under II.4. Who receives your data?.

Your personal data are kept confidential and processed in accordance with the provisions of the applicable data protection laws. In fulfilment of our obligation to provide information pursuant to Articles 13 and 14 GDPR, we would like to inform you about the types of personal data that are processed in connection with the use of eJourney and about the purposes for which these data are processed.

Content:

  1. Identity and contact details
  2. General information on the data processing Described below

III. Provision of the website and creation of log files

  1. Use of cookies
  2. creation AND USE of EJOURNEY ACCOUNT and Use of eJourney Features
  3. Social networks

VII. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

 

I. Identity and contact details

Controller:

Data Protection Officer:

University of Mannheim

L1, 1

68131 Mannheim

 

Phone: 0621/181-1001

Data Protection Officer of the University of Mannheim

Jan Morgenstern

Lawyer and IT law specialist

 

E-mail: rektor@uni-mannheim.de

 

E-mail: datenschutzbeauftragter@uni-mannheim.de

 

 

‍ENGAGE.EU Management Office:

 

engage@uni-mannheim.de

 

II. General information on the data processing Described below

The scope and nature of the collection and processing of your data differ depending on whether you visit our website only to obtain generally available information or whether you use additional services, such as applying for a programme.

  1. Personal data

As defined in the General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person. This includes, for example, first and last name, address, e-mail address and the IP address.

 

  1. Extent of personal data processing

In principle, we process personal data only as far as it is necessary to provide a functional website and our content and services.

We do not deliberately collect personal data of minors. We advise parents and legal guardians to watch their children’s activities online.

Our fundamental goal is to implement data protection principles, such as data minimisation, and to limit the processing of personal data while you are visiting our websites to the necessary minimum.

  1. Deletion of data and storage period

The personal data will be erased without undue delay as soon as they are no longer necessary in relation to the purposes for which they were collected or otherwise processed. Personal data may be stored for a longer period if EU or national legislators so provide in the EU regulations, laws or other rules to which the controller is subject. The specific storage periods are explained in the various data processing operations described in detail below.

  1. Who receives your data?

As joint controllers:

UNIVERSITAET MANNHEIM (UMA), established in SCHLOSS, 68131 Mannheim, Germany, data protection officer: datenschutzbeauftragter@uni-mannheim.de ;

SVENSKA HANDELSHOGSKOLAN (HANKEN), established in Arkadiankatu 22, 00100 Helsinki, Finland, data protection officer: dpo@hanken.fi;

LUISS LIBERA UNIVERSITA INTERNAZIONALE DEGLI STUDI SOCIALI GUIDO CARLI (LUISS), established in VIALE POLA 12, ROMA 00198, Italy, data protection officer: privacy@luiss.it;

NORGES HANDELSHOYSKOLE (NHH), established in Helleveien 30, Bergen 5045, Norway, data protection officer: personvernombud@nhh.no;

TILBURG UNIVERSITY- UNIVERSITEIT VAN TILBURG (Tilburg University), established in WARANDELAAN 2, TILBURG 5037 AB, Netherlands, data protection officer: privacy@tilburguniversity.edu;

UNIVERSITY OF NATIONAL AND WORLD ECONOMY (UNWE), established in STUDENTSKI CHRISTO BOTEV, SOFIA 1700, Bulgaria, data protection officer: DPO@vladimirov-kiskinov.eu;

UNIVERSITAT RAMON LLULL (URL), established in Carrer Claravall, 1-3, 08022 Barcelona, Spain, data protection officer: dpd@url.edu;

UNIVERSITE TOULOUSE CAPITOLE (UT Capitole), established in RUE DU DOYEN GABRIEL MARTY 2, TOULOUSE 31042, France, data protection officer: dpo@ut-capitole.fr;

WIRTSCHAFTSUNIVERSITAT WIEN (WU), established in WELTHANDELSPLATZ 1, WIEN 1020, Austria, data protection officer: datenschutz@wu.ac.at .

III. Provision of the website and creation of log files

In addition to the information provided in II., the following applies to this processing:

  1. Description and extent of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are collected:

  • information on the browser type and the version used
  • the user’s operating system
  • the user’s Internet service provider
  • the user’s IP address
  • date and time of access
  • websites from which the user’s system accesses our website
  • websites accessed by the user’s system via our website.

 

The log files contain IP addresses or other data that can be assigned to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contain personal data. The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.

 

  1. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

 

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to facilitate the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the functionality of the website. These purposes also constitute our legitimate interest in data processing according to Article 6 (1) (f) GDPR.

 

  1. Storage period

The personal data will be deleted once they are no longer necessary in relation to the purposes for which they were collected or otherwise processed. For the data collected to provide the website, this is the case when the respective session has ended.

If the data are stored in log files, this is the case after 14 days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that the accessing client can no longer be identified.

IV. Use of cookies

In addition to the information provided in II., the following applies to this processing:

  1. Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic string that enables a clear identification of the browser when the website is accessed again. Some elements on our website require that the accessing browser can be identified after the user changed to another website.

The following data are stored and transmitted:

  • a randomly generated session key of the website
  • login information (if necessary)

 

  1. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.

  1. Purpose of data processing

The purpose of using cookies that are required for technical reasons is to simplify the use of website for users. Some features of our website cannot be offered without the use of cookies. For these features it is necessary that the browser is identified even after the user changed to another website.

Cookies are necessary, for example, for the following features:

  • forms
  • user login

The user data collected by cookies that are required for technical reasons are not used to generate user profiles. These purposes also constitute our legitimate interest in processing personal data according to Article 6 (1) (f) GDPR.

 

  1. Storage period

Cookies are stored on the user’s computer and transmitted to our website. Consequently, the user, has full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. You can also delete cookies which have been stored at any time. This can also be done automatically. If you deactivate cookies for our website, you may no longer be able to use the site’s full range of features.

V. creation AND USE of EJOURNEY ACCOUNT and Use of eJourney Features

In addition to the information provided in II., the following applies to this processing:

  1. Description and extent of data processing

eJourney is an application that gives learners at ENGAGE.EU partner universities access to the various programmes offered by the alliance. This means that eJourney collects and processes programme registration, application and participation details, as well as learning outcomes, which will be provided after programmes have been completed. To this end, eJourney stores personal and academic data.

 

To register for an ENGAGE.EU programme, it is necessary to create an account. Account creation and logins are done via single sign-on. The user authorises the home university to send the authentication data via Identity Provider to eJourney. Therefore, access to the account requires affiliation with an ENGAGE.EU university. Authentication data include for example home university, affiliation (staff, student, member), name and surname, email address and user ID at the home university and for students the student number at home university.

 

Additionally, eJourney collects data for the purposes of processing applications to programmes when applicants provide additional personal data via an application form, as well as for the purpose of participation. Also learning outcomes are data that are generated by eJourney after the successful completion of programmes. This can include, for example, name and surname, date of birth, completed programmes with duration and timing, and obtained ECTS credits. For these data processing operations, additional data protection information is provided under the specific programmes.

 

  1. Legal basis for data processing

The legal basis for the creation and use of the account is:

  • Article 6(1) (e) in conjunction with (3) GDPR in conjunction with

-      § 12 Abs. 1 Landeshochschulgesetz Baden-Württemberg (the act of the higher education institutions of the Land of Baden-Württemberg) in conjunction with § 2 Landeshochschulgesetz or § 4 Landesdatenschutzgesetz Baden-Württemberg (data protection act of the Land of Baden-Württemberg), respectively with

-      the Austrian Universities Act 2002 in conjunction with Education Documentation Act 2020 (BilDokG), in conjunction with the University Statistics and Education Documentation Ordinance (UHSBV) in conjunction with Student Union Act 2014 (HSG), respectively with

-      Section 2-8 relating to Processing of personal data by universities and university colleges of the Norwegian Universities and University Colleges Act, respectively with

-      other national data protection regulations in the higher education sector,

-      the legal requirements of the European Commission,

-      the Consortium Agreement, governing and specifying the relationship among the universities that have formed an alliance in the context of the ENGAGE.EU project

  • Article 6(1) (a) GDPR in case you give your consent

 

  1. Purpose of data processing

The purpose of creating and using the eJourney account and using eJourney features is to process the applications and participations in ENGAGE.EU programmes, as well as to store and provide the learning outcomes to the learners after completion of the programmes.

 

  1. Storage period

The personal data will be deleted once they are no longer necessary in relation to the purposes for which they were collected or otherwise processed. For the data collected to create and use the eJourney account, this is the case when the processed data is no longer necessary for the application and participation as well as for the storage of learning outcomes and the possibility to provide them to participants, unless another legal basis applies, for example in case of consent.

 

If there hasn’t been any activity in the account after creation, such as programme applications and storage of data concerning ENGAGE.EU activities, the account shall be deleted after 6 months, unless another storage period applies.

In case of applications and participations in ENGAGE.EU programmes, as well as for the storage and providing of learning outcomes to the learners after completion of the programmes, the concrete storage periods resulting from the different programmes are provided in the data protection information concerning the respective activities. This could be, for example, for unsuccessful applicants 16 months after the application process has been completed. For the learning outcomes, a possible storage period could be 16 months after completion of the programme, unless another legal basis applies, for example in case of consent for a longer storage period.

VI. Social networks

In addition to the information provided in II., the following applies to this processing:

 

We are not being informed about the content of the data transmitted and their use by social networks (e.g. Facebook, Instagram, LinkedIn, Twitter, YouTube). Information on the purposes, extent, further processing and use of data collected by each social network as well as your rights in relation to such processing can be found in the respective privacy policies. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

We do not know what kind of data are collected and how they are used by the respective social network. It is very likely that at least the following data are collected even if you are not signed in:

  • IP address
  • time when the website was accessed
  • URL of the website that uses the plugin
  • location-based information (on mobile devices)
  • device-related information (e.g. the operating system used and browser information)
  • websites which were visited previously for advertising purposes
  • data of uninvolved third parties (e.g. e-mail addresses (in case of recommendations)).

Unless otherwise specified, it can be assumed that the following technologies are used for data processing:

  • cookies (e.g. permanent storage of your login data), this can also happen via third party providers such as advertising customers
  • log files (storage of the cookie data on the service’s servers)
  • analysis scripts (e.g. tracking of the clicking behaviour on a website)
  • forwarding of posted links
  • local data storage (e.g. permanent storage of pictures)

 

  1. Facebook

Our website uses plugins of the social network Facebook provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can recognize Facebook plugins by the Facebook logo or the “Like” button. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the Facebook server. This way, Facebook receives information that you have visited our website with your IP address. If you are logged in to your Facebook account, Facebook can link your visit to our website to your user account. If you do not wish Facebook to link the data collected via our website to your Facebook account, please log out of your Facebook account before visiting our website.

We are not being informed of the kind of data transmitted and their use by Facebook. Information on the purpose, extent, further processing and use of data collected by Facebook as well as your rights regarding such processing can be found in the Facebook Privacy Policy (https://facebook.com/policy.php). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

  1. Instagram

Our website uses features of the Instagram service provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our website to your Instagram profile by clicking on the Instagram button. This way, Instagram can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by Instagram. Information on the purpose, extent, further processing and use of data collected by Instagram as well as your rights in regarding such processing can be found in the Instagram Privacy Policy (https://help.instagram.com/155833707900388). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

  1. LinkedIn

Our website uses features of the LinkedIn network provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. If you visit a page on our website that uses LinkedIn features, your browser sets up a direct connection with the LinkedIn server. This way, LinkedIn receives information that you have visited our website. If you click on the LinkedIn “Recommend” button while you are logged in to your LinkedIn account, LinkedIn can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by LinkedIn. Information on the purpose, extent, further processing and use of data collected by LinkedIn as well as your rights regarding such processing can be found in the LinkedIn Privacy Policy (https://www.linkedin.com/legal/privacy-policy). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

  1. X

Our website uses features of the X service provided by X Corp., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using X and the “Retweet” feature, the websites visited by you are linked to your X account and disclosed to other users. This way, X can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by X. Information on the purpose, extent, further processing and use of data collected by X as well as your rights regarding such processing can be found in the X Privacy Policy: https://x.com/de/privacy. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

  1. YouTube

Our website uses plugins of the Google-operated website YouTube provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the YouTube server. This way, YouTube receives information that you have visited our website. If you are logged in to your YouTube account, YouTube can link your visit to our website to your user account. If you do not wish YouTube to link the data collected via our website to your YouTube account, please log out of your YouTube account before visiting our website.

We are not being informed of the kind of data transmitted and their use by YouTube. Information on the purpose, extent, further processing and use of data collected by YouTube as well as your rights regarding such processing can be found in the YouTube Privacy Policy (https://www.google.de/intl/de/policies/privacy). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

VII. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

  • You have the right to obtain information about your personal data processed, and the right to have false data rectified.
  • Furthermore, you have the right to erasure, the right to restriction of processing, the right to data portability and the right to object to the processing.
  • In case you gave consent to further optional cases of processing, you can withdraw your consent (completely or for individual cases of processing) at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Information on your right to object according to Article 21 (1) GDPR:

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Article 6 (1) (e) GDPR (data processing in the public interest) at any time.

To exercise your rights, please contact: engage@uni-mannheim.de

  • You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes data protection regulations.

The supervisory authority in Baden-Württemberg, for example, is the commissioner for data protection and freedom of information of Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg). The supervisory authority in Austria is the Austrian Data Protection Authority and the supervisory authority in Norway is the Norwegian Data Protection Authority.