1. Responsible institution for data protection purposes
2. Data protection officer
University of Freiburg
Data protection officer
This information on data protection/data protection declaration refers to the MIAP website of the University of Freiburg (https://miap.eu), which is operated by the Life Imaging Center of the University of Freiburg. Please contact us in case you want to withdraw consent to process your personal data or if you want to know which data we store from you.
4. Collection of personal data
Unless otherwise specified on the particular web pages, personal data are collected as follows:
4.1 Availability of web pages and creation of log files
4.1.1 Description and categories of data
When you visit this or other web pages, you send data to our web server via your web browser. The following data are retained temporarily in a log file during an ongoing connection only in the case of an error:
- IP address of the requesting computer
- Date and time of the access
- Name, URL, and amount of transferred data from the requested file
- Access status (requested file transferred, not found, etc.)
- Browser type and operating system (if sent by the requesting web browser)
- Web page from which access was obtained (if sent by the requesting web browser)
The data in this log file are processed as follows:
- In individual cases, i.e., reported defects, errors, and security incidents, a manual analysis is conducted.
The system needs to temporarily store the user’s IP address to enable the website to be sent to the user’s computer. The user’s IP address must be retained for the duration of the session.
The data are stored in a log file as a means of ensuring the proper functioning of the website. In addition, we use the data to optimize the website and guarantee the security of our information technology systems. The IP addresses included in the log entries are not combined with other retained data unless there are actual indications that there has been a disruption of proper operation.
These purposes also constitute our legitimate interest in processing data in accordance with § 6 para. 1 lit. f GDPR (General Data Protection Regulation).
4.1.3 Legal basis
The legal basis for the temporary retention of the data and the log files is § 6 para. 1 lit. f GDPR.
In the case that investigative measures are initiated due to attacks on our information technology system, the data and log files named above under 4.1. may be passed on to state investigative bodies (e.g., police, public prosecutor).
The same applies if these bodies or courts direct inquiries at the university and the university is obligated to comply with them.
4.1.5 Duration of data retention
The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. In the case of data collected to make the website available, this is the case at the end of the relevant session. The data retained in log files are deleted after fourteen days.
4.1.6 Consequences of nondisclosure, possibility of objection or removal
The collection of data for the purpose of making the website available and the storage of the data in log files is absolutely necessary for the operation of the website. Users who do not want their data to be processed as described may contact the Life Imaging Center in other ways (by telephone, in writing, in person) to obtain information or perform functions available on the website.
4.2.1 Description and categories of data
The user data collected by the cookies are not used to create user profiles.
These purposes also constitute our legitimate interest in processing personal data in accordance with § 6 para. 1 lit. f GDPR.
4.2.3 Legal basis
The legal basis for the processing of personal data using cookies is § 6 para. 1 lit. f GDPR.
The recipient of the information contained in the cookies is exclusively the authorized web server, i.e., the university web server that sent the cookie.
4.2.5 Duration of data retention
Since the cookies are stored on your computer, you also have the possibility of deleting them earlier. For more information, please read the following section.
4.2.6 Consequences of nondisclosure, possibility of objection or removal
If you want to change or delete cookie settings, you can find this in your browser settings:
- Chrome: Clear, enable, and manage cookies in Chrome
- Safari: manage cookies and website data with Safari
- Firefox: Clear cookies and site data in Firefox
- Internet Explorer: deleting and managing cookies
- Microsoft Edge: Delete and manage cookies
- Opera: Web preferences
If you deactivate cookies for our website, you may no longer be able to use all functions of the website to their full extent.
4.3 Web analysis by AWStats and WP Statistics
4.3.1 Description and categories of data
Our websites use the open-source software tool AWStats (http://www.awstats.org/) and the free WordPress plugin WP Statistics (https://wp-statistics.com/) to analyse our users’ browsing patterns. Among other things, this software reads what is called the HTTP user agent string. When subpages of our websites are accessed we collect the following data:
- Information about the type of browser and the specific version used
- Operating system of the user
- IP address of the user
- Resulting from this: Origin of the request (organisation, country, town)
- Internet service provider of the user
- Date and time of the request
- Pages viewed within our system.
- Length of stay
- Websites from which the user’s system was referred to our websites
The software runs exclusively on our own servers.
The processing of our users’ personal data gives us the opportunity to analyse their browsing patterns. By analysing the collected data we are able to understand how individual components of our websites are used. This helps us continuously improve our websites and their user-friendliness. These purposes constitute our legitimate interest in the data processing under Art. 6 (1) (f) GDPR. By anonymising the IP addresses the users’ interest in the protection of their personal data is sufficiently taken into account.
4.3.3. Legal basis
The legal basis for the temporary retention of the data and the log files is § 6 para. 1 lit. f GDPR.
The recipient of the information is exclusively the authorized web server, i.e., the university web server.
4.3.5 Duration of data retention
The data retained in log files are deleted after fourteen days.
4.3.6 Consequences of nondisclosure, possibility of objection or removal
AWStats and WP Statistics only saves data in an anonymised way and for statistical purposes. A person-related analysis is not possible.
4.4 Contact MIAP
4.5 LIC Application
4.6 Third-party services
4.6.1 Social media activities
Our website include links to social media profiles of our contact persons hosted by the following providers:
For accessing these channels it is necessary that the user’s IP address becomes visible to the providers, because without the IP address no content can be delivered to the browser of the specific user. This means that the IP address is necessary for displaying these contents. We cannot influence whether and how third-party providers save and use IP addresses.
You can find the privacy policies of the use social media providers here:
4.6.2 Embedded Google and Youtube content
On our website, components of various third-party providers are used in order to provide additional content. For example, these include YouTube and Google contents.
If you open a website with an embedded content (e.g. YouTube video or Google map), no connection is made to the a third party provider (e.g. YouTube or Google), if marketing cookies were not accepted. Once an element has been intentionally clicked on a connection to the external servers is made. At this point the IP address and any other information (for example browser type) would be transferred to the third-party provider. Consenting to the marketing cookies has the same effect.
If you are also logged into the third-party provider user account when accessing the website, it would be able to assign additional information to your user account (for example which video you are accessing, which commentary you submit and what information you share etc.).
Please bear in mind that the data processing which is carried out as a result is outside of the area of control of the university and the data protection provisions of the third-party providers must be observed.
You can find some of the data protection provisions here:
Should you not agree to data processing by the third-party provider as described above, please do not click on the media element and do not consent to the marketing cookies.
4.6.3 Embedded OpenStreetMap content
We are using the mapping service provided by OpenStreetMap (OSM). The provider of this service is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
When you visit any website, into which OpenStreetMap has been embedded, your IP address and other information concerning your behavior patterns on this website will be transferred to the OSMF. Under certain circumstances, OpenStreetMap will save cookies in your browser or uses comparable technologies for recognition.
We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website.
5. Your rights
You have the right to receive information from the University of Freiburg on your personal data that has been retained and/or to have retained data that is incorrect corrected.
You also have the right to demand that your data be deleted or that the processing thereof be restricted as well as to object to the processing of your data.
If you have given us your consent to process your personal data, you also have the right to withdraw your consent at any time. The legality of any processing performed on the grounds of the consent prior to its withdrawal remains unaffected by the withdrawal of consent. For more information, please contact us at email@example.com. If the processing of data is based on consent or on a formal agreement, we will refer you to the proper authority.
If the data is also processed in automated form, you may have a right to data portability (§ 20 EU-GDPR).
You have the right to file a complaint with the regulating authority if you believe that the processing of your personal data is in violation of the law. An example of such a regulating authority is Baden-Württemberg’s state commissioner for data protection and freedom of information (Landesbeauftragte für den Datenschutz und die Informationsfreiheit).