The University of Cologne Business School takes the protection of your personal data very seriously. We want you to know when we store which data and how we use it when you visit the website of the University of Cologne Business School. Under no circumstances will the data collected be sold or passed on to third parties for any reason.
The following statement in accordance with Chapter 13 of the General Data Protection Regulation (GDPR) gives you an overview of how we guarantee this protection and what kinds of data are collected for what purposes.
1. Name and contact of responsible person
Responsible for the processing of personal data for the operation of this website is:
University of Cologne Business School
Tel.: 0221 / 470-7943
2. Contact of the Data Protection Officer
Data Protection Officer of the University of Cologne Business School:
Dr. Stephan Anders
Tel.: 0221 / 470-7943
3. Purposes, duration, and legal basis of the processing of personal data
3.1 Web protocols of the central WWW server
The University of Cologne collects and automatically stores information your browser sends in the protocol files of the web server. This includes:
- browser type and version
- computer name or IP address of the accessing computer
- time of the request to the server
- requested website
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your computer. To do this, the IP address of your computer must remain stored for the duration of the session.
In addition, the data helps us to ensure the security of our information technology systems and to optimize our website. An evaluation of the data for marketing purposes does not take place in this context.
Of the above data, the IP address is considered to be personal. Your IP address will be stored for a maximum of 7 days and then completely anonymized (deleted or alienated). After that time, the above data is no longer personal. It shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
The legal basis for the temporary storage of data and log files is Chapter 6 Art. 1 (f) of the GDPR, because the University of Cologne has a legitimate interest in identifying and eliminating malfunctions and in optimizing its website.
Cookies in general
More information on the Matomo software’s privacy settings can be found here: https://matomo.org/docs/privacy/.
On some of the University’s websites, we place ads in cooperation with the company VariFast GmbH (based in Germany) and using the ad server of Adition AG (based in Germany). Session cookies and temporary cookies are also used here. They serve to statistically measure the number of visitors and to limit the numerically determined delivery of advertising material. For technical reasons, your IP address will also be forwarded to these two companies. All data, including IP addresses, are recorded there anonymously and only for statistical reasons.
By clicking on the link for cookie opt-out, the collection of anonymized data is stopped. In this case, ADITION replaces the current cookie with a new opt-out cookie. This opt-out cookie deletes the information previously stored, including the IP address, and prevents further collection of anonymous information. If this opt-out cookie is deleted, ADITION can no longer determine that an opt-out has taken place. In this case, the opt-out process must be repeated.
Other measuring methods
Some sub-pages use other methods (e.g. Google Analytics) to measure their reach, the number of visitors, and the way users use the pages. These pages will inform you about the special features of these systems under data protection law.
3.3 Social Media
We offer our users so-called share opportunities with social media platforms (e.g. Facebook, Google, Twitter, YouTube, etc.).
These platforms can temporarily be embedded on uni-koeln.de using so called plugins.
By integrating the plugins, Facebook, for example, receives the information that a user with a certain IP address is visiting the website at a given moment. If you are logged in to Facebook at the same time, your visit to uni-koeln.de can be assigned to your Facebook account. In this way, your friends are also displayed in this plugin. You can read and change the purpose and scope of data collection, further processing and use of the data by Facebook, as well as your rights and settings options for the protection of your privacy, in the data protection information of Facebook.
If you access one of our pages with such a plugin, your browser establishes a direct, short connection to its servers. This is primarily used to display the content of the plugin (for example the friend box). In this case, the cooperation partner will know your IP address and other device-related things. In practice, this information cannot easily be assigned to you by name. Under certain circumstances, the cooperation partner may also place a cookie on your computer, which is deleted when you close your browser (see the section on cookies). You can decide this yourself in the browser settings by accepting or rejecting cookies.
For the recommend (Facebook), Twitter, and +1 (Google) buttons – which you will find on many pages – we have set up a two-step solution (the so-called 2click concept by heise): To recommend or share the content on a page of uni-koeln.de, you first have to click on the button and activate it. Only then is a connection with the Facebook, Twitter or Google servers established, allowing you to recommend the contribution to your friends with a second click.
3.4 Newsletter subscription and other input masks
On some sub-pages you can store your email address to subscribe to a specific newsletter (a regular or occasional newsletter delivered by email).
In this case, the operator of the respective sub-page is responsible.
The sole purpose of the data processing is to deliver the newsletter to the email address provided. The email address is stored and used until you cancel your subscription or the newsletter is discontinued. You can find out how to unsubscribe from the newsletter with just a few clicks on the sub-page where you can subscribe. Usually this is also possible at the end of each newsletter.
The legal basis is your consent, which you give when ordering the newsletter (Chapter 6 Art. 1 (a) of the GDPR).
Other input masks
Some sub-pages offer services that you are required to use as a student or employee. If you have to register online, only data necessary for the use of the service will be collected. The legal basis is then the legal fulfilment of the university’s tasks (Chapter 6 Art. 1 (e) of the GDPR in conjunction with Section 3 Higher Education Act of North-Rhine-Westphalia – HG NRW). You will receive more detailed information on data protection in connection with the respective service.
Some sub-pages offer services that you can use voluntarily. If you can or must register online, only data necessary for the use of the service will be collected from you. The legal basis is your consent (Chapter 6 Art. 1 (a) of the GDPR). You will receive more detailed information about data protection in connection with the respective service.
3.5. CRM-system of salesforce
Our brochure downloads and CV uploads allow interested parties to learn more about our company, our programmes and seminars, and to provide their contact information and other demographic information. For this, we use the CRM-system of the salesforce.com Germany GmbH (Erika-Mann-Str 31, 80636 Munich), which stores the information on its server. This enables us to get in touch with those who are interested in our programmes and seminars, in order to determine which of our company‘s services are eligible for them. In the case of the CV upload, only your manually entered data will be transmitted to salesforce. Your upload, however, is only available for the University of Cologne Business School.
Salesforce is certified under the Privacy Shield Agreement, which provides an additional guarantee to comply with European privacy legislation when processing data in the United States.(https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active).
Salesforce uses users' data only for the technical processing of inquiries and does not disclose them to third parties. To use salesforce, you need to specify at least one valid e-mail address. The use of a pseudonymous is possible. During the processing of service requests, it may be necessary to collect further data (name, address).
If users disagree with salesforce data collection and data storage in the external system of salesforce, we offer alternative contact options for submitting service requests by email, phone, fax or post.
4. Your rights
Every person affected by the processing of personal data has the right, in accordance with the legal provisions, to request free information or confirmation from us regarding the personal data stored about him or her.
In addition, you have the right to the immediate correction or deletion of incorrect personal data concerning you, or to the restriction of the processing, or to object to the processing. (However, the collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection in this respect.)
You can revoke your consent to the processing of personal data at any time. This does not affect the legality of the University’s processing of your data on the basis of your consent until your revocation.
Data subjects have the right to request information regarding their personal data in a structured, common and machine-readable format and to transmit it to other persons responsible.
We are happy to answer your questions regarding the processing of your personal data at any time. If you would like to know which personal data we store about you or your pseudonym, or if you have questions that this data protection statement could not answer, or if you would like more detailed information on a particular point, please contact us, preferably using our contact address: webmaster(at)uni-koeln.de. If you communicate by email, we cannot guarantee the complete confidentiality of the provided information. If your information is confidential, please send it to us by post.
In addition, without prejudice to any other administrative or judicial remedy, an appeal may be lodged with a Member State supervisory authority if there are doubts as to the lawfulness of the processing of personal data. The regulatory authority of the University of Cologne is:
The State Officer for Data Protection and Freedom of Information of North Rhine-Westphalia
(Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Postfach 20 04 44
Fax: +49 211/38424-10