Data protection notice

General information

The following notices inform you about the processing of your personal data when visiting this website. Personal data means any information relating to an identified or identifiable natural person (data subject). For detailed information on the topic of data protection, please refer to our privacy policy listed below this text. With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Contact information of the controller

Responsible for the processing of personal data on this website is:

AStA of the University of Rostock
Parkstraße 6
18057 Rostock

Represented by its chair:

Kristin Wieblitz
vorsitz.asta@uni-rostock.de
+49 381 498 5601

Contact details of the data protection officer

The data protection officer of the constituted student body can be reached at:

datenschutz.asta@uni-rostock.de
Parkstraße 6
18057 Rostock

Types of data processed

• usage data (e.g. subpages visited, access times)
• meta data, communication data (e.g. device information, IP addresses)
• form entries - the form’s specific data protection notice applies here
• usernames
• e-mail addresses
• first and last names
• passwords (if the local login is used)
• matriculation number (if the ITMZ login is used)

Categories of data subjects

• visitors and users of the online offer (hereafter data subjects will collectively be referred to as “users”)

Purposes of data processing

• providing the online offer, its functions and contents
• answering contact requests and communication with users
• processing requests submitted via the platform

Legal basis

In accordance with Art. 13 GDPR, we hereby disclose the legal basis of our data processing. For users from the jurisdiction of the General Data Protection Regulation ("GDPR"), i.e. the EU and the EEC, the following applies:

The legal basis for the processing of personal data on this website, unless otherwise stated (e.g. in the case of forms with their own data protection notices), is as follows:

• The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
• The processing of data for purposes other than those for which they were collected is subject to the requirements of Art. 6(4) GDPR.

Recipient of the data

• Operator: General Students’ Committee (AStA) of the University of Rostock
• IT and Media Center (ITMZ) of the University of Rostock

There may be further data recipients depending on the form. More information can be found in the data protection notice of the respective form.

Data will not be transferred to third countries.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of technology, implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the varying probability of materializing and severity of a risk to the rights and freedoms of natural persons.

Specifically, the measures include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data and access concerning them, input, transfer, ensuring availability, and their separation. Furthermore, we have established procedures to safeguard the exercise of data subjects' rights, deletion of data, and response to compromise of data. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software, and processes in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

Duration of data storage

The data processed by us will be deleted or restricted in its processing in accordance with the legal requirements.

Unless expressly stated within the scope of this data protection notice or a separate data protection notice (e.g. for a form), the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its deletion does not violate any legal data retention obligations.

Rights of the data subject

According to Art. 16 GDPR, you have the right to correct the data and according to Art. 17 GDPR, you have the right to delete the data if you can demonstrate interests worthy of protection. Irrespective of this, the data concerning you will be automatically deleted after a certain period or if the purpose of processing no longer exists.

In addition, according to Art. 18 GDPR, you have the right to restrict the processing of the data if you can demonstrate interests worthy of protection.

In accordance with Art. 20 GDPR, you also have the right to have the data provided to you in a structured, common, and machine-readable format.

Furthermore, according to Art. 15 GDPR, you have the right to receive information about data processing. This includes the right to information about the processing purposes, the categories of personal data concerned, the recipients of the data, the planned duration of data storage, about existing rights to data erasure or correction as well as the right to restriction of processing and the right to object, about the right to lodge a complaint with the competent supervisory authority, about the origin of the data and about the possible occurrence of automated decision-making.