I. Name and Address of the Data Controller

The data controller (hereinafter: 'Controller') as mandated by the General Data Protection Regulation and other national data protection laws from member states as well as other regulations relevant to data protection is: 

Institute of Cellular Neurosciences
Faculty of Medicine
Rheinische Friedrich-Wilhelms-Universität Bonn
Venusberg-Campus 1
53127 Bonn
Germany
Telephone: +49 228 287 14669
Telefax: +49 228 287 19121

II. Name and Address of the Data Protection Officer 

The data protection officer of the Controller is:
Dr. Jörg Hartmann
Genscherallee 3
53113 Bonn
Germany
Email: joerg.hartmann@uni-bonn.de
Phone: + 49 228 73-6758
https://www.datenschutz.uni-bonn.de

III. General Information on Data Processing

1. Scope of Processing of Personal Data

We process the personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. Routine processing of our users’ personal data is performed solely with the consent of the user. An exception comes in cases where the prior acquisition of consent is not possible for practical reasons and stipulations allowing for such processing are included in the legal requirements.

2. Legal Basis for the Processing of Personal Data

Insofar as we have obtained the consent of the data subject for the processing of their data, Art. 6 para. 1(a) GDPR serves as the legal basis for such processing.
The legal basis for the processing of personal data required for the fulfillment of a contract to which the data subject is a party is Art. 6 para. 1(b) GDPR. This also applies to measures in preparation of said contract.
The legal basis for the processing of personal data to fulfill a legal obligation on the part of the University of Bonn is Art. 6 para. 1(c) GDPR.
The legal basis for the processing of personal data as necessary to protect the vital interests of the data subject or another natural person is Art. 6 para. 1(d) GDPR.
The legal basis for processing required for the execution of duties in the public interest or the exercise of public authority that has been transferred to the University is Art. 6 para. 1(e) GDPR.

3. Erasure of Data and Duration of Storage

The personal data of the data subject is to be erased or locked as soon as the purpose for storage no longer applies. Storage can potentially extend beyond this point where necessitated by European or national legislation reflecting EU-wide directives, laws, or other rules to which the Controller is subject. The data must then be locked or erased upon expiration of the retention period stipulated by the aforementioned standards unless it is necessary to continue storage of the data for reasons of entering into or completing a contract. 

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our internet pages are requested, our system automatically records data and information about the requesting computer's system. 
The following data is recorded:

1.    Information about the browser type and version

2.    The user's operating system

3.    The user's internet service provider

4.    The user's IP address (pseudonymized, shortened IP address)

5.    Date and time of access

6.    Referrer website 

7.    Websites accessed by the user’s system via our website (within *.uni-bonn.de, details of referrers will not be communicated to third parties)

The log files contain IP addresses and other data that allow for identification of a user. This can for example be the case where a link from a referring website or from our pages to another website contains personal data.

The data is also stored in log files on our system. This data is not stored together with other personal data from the user.

2. Purpose of Data Processing

The temporary storage of the IP address by the system is required to allow for the website to be delivered to the user's computer. The IP address of the user must be stored for the duration of the session. 
Log files are stored to ensure the functionality of the website. Beyond this, the data helps us optimize the website and ensure the security of our IT systems. No analysis of the data for marketing purposes is made in this context.

3. Duration of Storage

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For data collected for the purpose of providing the website, this is the case once the respective session has ended. 

For data stored in log files, this purpose expires seven days after it is collected. The data can potentially be stored beyond this point. In this case, the user's IP address is erased or anonymized to prevent any further possibility of identifying the client that requested it.

4. Options for Objecting and Removal

The collection of data for the provision of the website and storage of data in log files is necessary for the operation of the Internet site. As a result, the user has no option for objecting in this context.

V. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user requests a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that allows for the unambiguous identification of the browser if the website is requested again. 

We use cookies to make our website more user-friendly. Some elements of our internet site require that the requesting browser can be identified even when a new page is opened. 

Cookies store and transmit the following data:

1.    Language settings

2.    Login information

Beyond this, our website uses cookies that allow for an analysis of the user's surfing habits.  A software tool called Matomo (formerly PIWIK) is used for this. More details can be found under point IX.

2. Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies for analytical purposes is the acquisition of the user's consent in accordance with Art. 6 para. 1(a) GDPR.

3. Purpose of Data Processing

Cookies related to a necessary technical function are used to make the website easier to use. Some functions on our internet site cannot be provided without the use of cookies. It is necessary for example that the browser be recognized again when navigating between pages.
We require cookies for the following applications:

(1) Adoption of language settings

User data collected through technically necessary cookies are not used to create a user profile.

The use of analytical cookies serves to improve the quality of our website and its content. The analytical cookies provide us with insights into how the website is used, allowing us to constantly optimize our offerings.

4. Duration of Storage, Options for Objecting and Removal

Cookies are stored on the user's computer and from there transmitted to our pages. In this constellation, you as a user retain full control over the use of cookies. By changing the settings of your internet browser, you can deactivate or restrict the transmission of cookies. Previously stored cookies can be erased at any time. This can also be performed automatically. If cookies are deactivated for our website, then portions of our website may potentially not display correctly.