Privacy Policy

The European University Alliance for Global Health (EUGLOH) is a network of nine European
universities, which is co-funded by the European Union. The EUGLOH members are: Université Paris-
Saclay (UPSaclay), Lund University (LU), Ludwig-Maximilians-Universität München (LMU),
Universidade do Porto (UPorto), University of Szeged (USZ), University of Alcalá (UAH), Universität
Hamburg (UHH), University of Novi Sad (UNS), Uit The Arctic University of Norway (UiT).

Universität Hamburg is responsible for the hosting, editing and overall maintenance of this website.
This privacy policy informs you about how the UHH treat your data. To make the processing of your
data transparent, we would like to provide you with the following information to give you an
overview of these processing operations. To keep things fair, we additionally want to inform you
about your rights pursuant to the EU-General Data Protection Regulation (GDPR).

I. General Information

1. Contact details

Pursuant to the General Data Protection Regulation, national data protection laws of the various
Member States, and other privacy regulations, the responsible entity (“Controller”) is:

Universität Hamburg represented by the president
Mittelweg 177
20148 Hamburg
praesident@uni-hamburg.de

Universität Hamburg is a corporation under German public law, represented by Univ.-Prof. Dr. Hauke
Heekeren, president of Universität Hamburg, Mittelweg 177, 20148 Hamburg.

2. Universität Hamburg Data Protection Officer contact details

You can contact our data protection officer via the following address:

Data Protection Officer Universität Hamburg
Mittelweg 177, 20148 Hamburg
datenschutz@uni-hamburg.de

3. Recipients of data

For certain processing activities, we rely on service providers. These processing activities include, for
example, hosting, maintenance and support for IT systems. A ‘processor’ is a natural or legal person,
public authority, agency or other body which processes personal data on behalf of the controller.
Processors process data not for their own purposes but solely for the controller and are contractually
obliged to implement appropriate technical and organizational measures ensuring data protection.

Should your data be transferred to further recipients, you can find this information under the
description of the respective processing activity.

4. Data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries
where the DSGVO is not applicable law. Such a transfer shall be authorised if the European
Commission has decided that an adequate level of data protection is ensured in such third country.

In the absence of such an adequacy decision by the European Commission, personal data will only be
transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 DSGVO
or if one of the conditions of Art. 49 DSGVO is met.

Unless otherwise stated below, we use as appropriate safeguards the EU standard contractual clauses
for the transfer of personal data to processors in third countries: eur-lex.europa.eu/legal-
content/DE/TXT/?uri=CELEX%3A32010D0087.

5. Your rights

You have the following rights:

  • the right to information regarding personal data pertaining to you that is stored by us
    (Art. 15 GDPR)
  • the right to correction of any incorrect or incomplete personal information (Art. 16 GDPR)
  • the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are
    not necessary for the exercise of the right of freedom of expression and information, for
    compliance with a legal obligation, for reasons of public interest, or the purposes of
    establishing, exercising, or defending a legal claim (Art. 17 GDPR)
  • the right to limited processing of personal data (Art. 18 GDPR)
  • the right to object to the processing of your data conducted in our legitimate interest, public
    interest, or for profiling purposes unless we can demonstrate compelling grounds for
    processing said data that outweighs your interests, rights, and freedoms or where the
    processing of said data is required for the establishment, exercise, or defense of a legal claim
    (Art. 21 GDPR);
  • the right to withdraw your consent to the collection, processing, and use of your personal
    data at any time with future effect (Art. 7 (3) GDPR)—this means that the data processing
    related to that consent will no longer be carried out;
  • the right to lodge a complaint with a supervisory authority where you believe the processing
    of personal data related to you is in breach of the GDPR (Art. 77 GDPR)

You may exercise your rights as a data subject, such as obtaining information on data being stored, by
contacting datenschutz@uni-hamburg.de.

6. Withdrawal of consent / objection to processing

The relevant declaration of consent indicates who you must contact to withdraw your consent.

II. Data Processing on the EUGLOH Page

1. Accessing this website and creation of log files

information are collected every time this website is accessed or used. These data and information are
stored in log files on the server and can include:

  • IP address
  • browser type / browser version
  • date and time the website was accessed
  • user Internet service provider
  • user operating system
  • referring website
  • websites accessed by the User’s system through our website

The temporary storage of data and log files is lawful pursuant to Art. 6 (1) lit. e GDPR,
§ 4 Hamburgisches Datenschutzgesetz (HmbDSG), §§ 3, 4 Hamburgisches Hochschulgesetz (HmbHG)

The IP address is temporarily stored in the system as it is necessary to provide website access to the
User’s computer. The IP address is retained while that website is being accessed.

These log files are stored to ensure website functionality, optimize the content of our website, and
ensure the security of our IT system.

The data will be deleted when they are no longer needed for the purpose they were collected. For
data collected to provide access to the website, this will be at the end of every session.

For log files, this will occur after 28 days at the latest. Some data may be preserved for a longer
period of time, in which case user IP addresses are deleted or anonymized, rendering it impossible to
link the data to any individual.

2. Newsletter

On our website, you can subscribe to the free newsletter.

When you register, you will be asked to give your consent to our processing of your data and referred
to our Privacy Statement. The process of registering for the newsletter will transmit the information
you have entered into the online data entry form.

In addition, we use a double opt-in procedure for delivery of the newsletter. This means that an email
will be sent to the email address you provided, in which you will be asked to confirm your registration
for the newsletter. If you do not confirm your registration within 24 hours, your information will be
blocked and then automatically deleted.
In addition, during registration and deregistration, we store the email address, name of the
newsletter, the time, and the type of confirmation (web confirmation or email confirmation) to be
able to prove registration and to identify possible misuse.

The processing of information following user registration for the newsletter is lawful subsequent to
user consent pursuant to Art. 6 (1) lit. a GDPR.

The data provided to register for the newsletter will only be used to deliver the newsletter to you and
will not be given to third parties. You may withdraw your consent at any time with future effect. You
can withdraw consent by sending an email to the sender or by clicking on the respective link in the
newsletter. Your data will then be immediately deleted from the system.

3. Mail forms

There are contact forms and other mail forms on the webpage that can be used to communicate
electronically. When registering, the data entered by you into the online data entry form will be
transmitted. Your consent is required for the processing of this data, and you will be referred to our
Privacy Statement and asked to grant your consent when you send the form.

Moreover, individuals will be informed about the purpose of the data processing for which they are
granting consent.

Your consent is required for the processing of your personal data (Art. 6 (1) lit a GDPR). Consent is
voluntary. The duration of storage of the data depends upon the processing purpose, which will be
listed separately in the email form. You can revoke this consent at any time.

4. E-Mail contact

You can contact us by using the email addresses provided. In this case, the personal data provided in
the email will be stored. This information will not be passed on to third parties.

This processing is lawful pursuant to Art. 6 (1) lit. e GDPR in conjunction with § 4 HmbDSG, where the
processing of the personal data provided by you to process your inquiry is required to discharge our
duties. Communication of additional information by you is voluntary, based on your consent pursuant
to Art. 6 (1) lit. a GDPR.

These data are only stored for the purposes of processing that communication and for the purposes
stated in that communication.

5. Cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the
Internet browser on the user's computer. When a user accesses a website, a cookie may be stored on
the user's operating system. This cookie contains a characteristic string of characters that enables the
browser to be uniquely identified when the website is called up again.

There are different types of cookies. On the one hand, a distinction is made between first-party
cookies and third-party cookies. While first-party cookies are set by the website you are currently
visiting and only this website can read information from the cookies, third-party cookies are set by
third parties who are not operators of this website. The University of Hamburg does not use third-
party cookies.

In addition, a distinction is made between session cookies and persistent cookies. Session cookies
contain information that is only stored temporarily and is automatically deleted when you leave the
website. Persistent cookies (also permanent cookies) are automatically deleted after the specified
storage period, which may vary depending on the type of cookie. However, you can delete these
cookies at any time via your browser settings.
The purpose of using necessary (also technically necessary) cookies is to simplify the use of websites
for users.

The legal basis for the storage of cookies or for the storage of information in the end user's terminal
equipment and access to this information already stored in the terminal equipment results from the
Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).
In addition, the legal basis for the further processing of personal data collected in this context arises
from the General Data Protection Regulation.

Cookies are stored on the user's computer and transmitted to us by the user. Therefore, you as the
user also have full control over the use of cookies. You can deactivate or restrict the transmission of
cookies by making a change in your Internet browser. Cookies that have already been stored can be
deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it
may no longer be possible to use all functions of the website in full.

6. Matomo

Universität Hamburg uses the cookieless version of the open-source software Matomo on its website for the analysis and statistical evaluation of its use.

Visits to our website are collected anonymously and evaluated without the use of tracking cookies. Matomo does however require that the IP address assigned to your end device be communicated to Matomo. The IP address is anonymized immediately on collection and before the data are stored. Matomo does not undertake any further processing of personal data.

This processing is lawful on the basis of Art. 6 (1) lit. e and (3) GDPR in conjunction with § HmbDSG in conjunction with § 6 (2) no. 1HmbHG.

You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users

7. YouTube

We use the services provided by YouTube to embed videos into our website. YouTube is operated by Google Ireland Limited (Ireland, EU). 

Clicking on “Play video” embeds an iframe with the provider’s content into the page. No service content is integrated, nor are any data transferred before the User clicks. 

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's privacy policy at www.google.com/policies/privacy.

8. Spotify

We use the Spotify music service to make sound files available to website visitors and to integrate playlists. The provider is Spotify AB (Sweden, EU). The processing of your IP address is technically necessary for this purpose.

Further information on this can be found in Spotify's privacy policy:
www.spotify.com/de/legal/privacy-policy/.