The controller within the meaning of the General Data Protection Regulation (GDPR) is:
University of Mannheim
Schloss
68131 Mannheim
Deutschland
E-Mail: rektor@uni-mannheim.de
Data Protection Officer of the University of Mannheim
Jan Morgenstern
Attorney‑at‑law & Certified Expert Attorney for IT Law, Certified Data Protection Officer
Johannesstraße 30, 67346 Speyer
E-Mail: datenschutzbeauftragter@uni-mannheim.de
Executive body
Department of Economics
L 7, 3–5
68161 Mannheim
E-Mail: econgrad@uni-mannheim.de
1. Personal data
As defined in the General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person. This is data such as the first and last name, address, e-mail address, phone number and, as a rule, the IP address.
2. Extent of data processing
Principally, we process personal data only as far as it is necessary in order to provide a functional website and our content and services. We only process personal data of our users after they have given their consent. An exception is made if it is not possible to get consent due to factual reasons and the processing is permitted by law. We do not deliberately collect personal data of minors. We advise parents and legal guardians to watch their children’s activities online.
1. Description and extent of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are collected:
The log files contain IP addresses or other data that can be assigned to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 paragraph 1(e) GDPR in conjunction with § 4 Landesdatenschutzgesetz Baden-Württemberg (LDSG BW).
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to facilitate the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The data are stored in log files to ensure the functionality of the website. In addition, the data help us optimize our website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
4. Storage period
The data will be deleted once the the purpose for which they have been collected ceases to apply. For the data collected in order to provide the website, this is the case when the respective session has ended.
If the data are stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that the accessing client can no longer be identified.
5. Right to object and deletion of data
The collection of data for the provision of the website and the storage of data in log files is absolutely essential for the operation of the website. Consequently, the user has no possibility to object.
1. Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic string that enables a clear identification of the browser when the website is accessed again.
We only use cookies that are technically necessary. Some elements on our website require that the accessing browser can be identified after the user changed to another website.
The following data are stored and transmitted:
2. Legal basis for data processing
The use of cookies is permitted by law if the data processing involved serves the purpose of transmitting messages or providing a digital service (Section 25 (2) TDDDG). All other data processing by cookies is only permitted with your consent (Section 25 (1) TDDDG).
3. Purpose of data processing
The purpose of using cookies that are required for technical reasons is to simplify the use of website for users. The features of our website cannot be offered without the use of cookies. For these features it is necessary that the browser is identified even after the user changed to another website.
We store the following cookies:
| Category | Description | Cookies | Storage Period |
| cookie-verification | The cookie verification is set to verify whether setting cookies is technically possible. This is necessary for the purpose of technical administration of the further cookie management. | · wordpress_test_cookie | duration of session |
| simple membership-cookies | The Simple Membership Plugin stores cookies for the purpose of remembering the logged-in status of users and handle session-related information and functionalities. It verifies the members session. | · simple_wp_membership_sec
· swpm_in_use · wp_swpm_in_use · swpm_session |
3 days
3 days 3 days duration of session |
| wordfence-cookie | The wordfence-cookie is a security plugin with a firewall, malware scan, and login security. The wordfence-cookie is stored for the purpose of checking whether a user is logged in, in order to activate security mechanisms based on this information. This serves to ensure secure data transmission/communication. | · wfwaf-authcookie | 12 hours |
| user-cookies | User cookies are set to remember logged-in users and, if necessary, to retain user/profile settings. | · wp-settings-time-1
· wp-settings-1 |
1 year |
| · wordpress_sec_*
· wordpress_logged_in_* · comment-author_ |
duration of session |
The user data collected by cookies that are required for technical reasons are not used to generate user profiles.
If your personal data are being processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:
1. Right of access
Upon request, we will inform you whether we process data relating to you. We endeavor to process requests for information promptly.
2. Right to rectification
You have the right to request that we correct any inaccurate personal data concerning you without delay.
3. Right to restriction of processing
You have the right to request that we restrict processing if one of the conditions set out in Article 18 (1) (a) – (d) GDPR applies.
4. Right to erasure
You have the right to request that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the reasons specified in Art. 17 (1) (a) – (f) GDPR applies.
5. Right to be informed
Where you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about who these recipients are.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us to whom the personal data have been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR, Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated means.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
8. Withdrawal of consent
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions may not be based on special categories of personal data referred to in Article 9 paragraph 1 GDPR, unless Article 9 paragraph 2(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
Regarding the cases referred to in (1) and (3), the data controller must implement suitable measures to safeguard your data rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR).
The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg.
