Privacy Statement

Note: The following English translation is intended solely to assist reader understanding and is not legally binding. Please see the original German text for the official version.

General information on the processing of your data

The processing of data by Philipps-Universität is carried out in accordance with data protection regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR) and the Hessian Data Protection and Freedom of Information Act of 03.05.2018 (HDSIG) in their currently valid versions.

Under Article 13 GDPR, Philipps-Universität Marburg has an obligation to inform individuals when personal data is collected. The controller "provides […] the data subject at the time when personal data are obtained with the information necessary to ensure fair and transparent processing."

Philipps-Universität Marburg takes the protection of your data seriously. We aim to inform you in a precise, transparent, comprehensible and easily accessible manner about when we collect which data during your access to the website and how we use it.

Due to ongoing development of the website and the implementation of new technologies, changes to this privacy statement may become necessary. Please review this privacy statement from time to time.

Name and address of the responsible person

Responsible for the processing of personal data on this website is the:

Philipps-Universität Marburg - The President
Prof. Dr. Thomas Nauss
Biegenstraße 10, 35037 Marburg
Tel. 06421 28-20, Fax 06421 28-22500
Internet: https://www.uni-marburg.de
E‑Mail: info@uni-marburg.de

Processing of data

This privacy statement applies to the web application of the subject repository service LinguRep at “https://lingurep.dsa.info” and to the personal and non-personal data collected therein.

The purpose of the LinguRep subject repository service provided by Philipps-Universität Marburg is the long-term and reliable storage and management of research data for the sake of scientific reproducibility and reusability of research results.

Personal data

According to Article 4 GDPR, "personal data" means any information relating to an identified or identifiable natural person […]; a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data for the technical delivery of the website

For the delivery of the website by the web application to the user's computer or web browser, temporary processing of the full IP address by the web server and downstream web applications is technically necessary.

Unauthenticated use of the web application

For unauthenticated users, no personal data is collected or processed beyond the temporary processing of the full IP address for delivery of the website.

Authenticated use of the web application via personal accounts

For authenticated users, the following personal data are processed as required by the purpose of the web application:

Name of the user
Name of the home organization
Name of the department (e.g., faculty, institute or research group)
Type of affiliation with the home organization (e.g., member, faculty, staff, student)
Official address and contact information (e.g., official address, official e‑mail)
Username and, depending on the authentication method used, password and/or session cookies
Memberships in roles, groups, collections and items within the application
Documents created, submitted and possibly published by users, typically including title, author names, home organization, department and official address/contact details of participating persons

Transmission of personal data as part of federated Shibboleth authentication of the DFN association and subsequent processing occurs based on the legal regulations applicable to the home organization and its users or upon explicit consent by the users.

Collection, processing and transmission of personal data of users affiliated with Philipps‑Universität Marburg is performed on the basis of the legal regulations applicable to the university and its users (e.g., HHG, HImV, collective bargaining law, civil service law, personnel law, GDPR) or upon explicit consent by the users.

Location of processing and storage

The data processed in the web application are processed and stored in the state of Hesse in the Federal Republic of Germany and not in countries outside the scope of the GDPR.

Cookies

A so‑called cookie is a small text fragment placed on the user's computer by the website via the web browser and returned to the website on each subsequent access by that browser.

For purely functional purposes of the web application, temporary cookies are set that do not allow cross-application identification of the user. These include in particular:

Authentication of the current web session of the user with the web application
Authentication of the current web session with the user's central identity provider
Storage for application-specific settings, e.g., user-selected language, session duration

For purposes beyond the mere functionality of the application, additional cookies are set. This includes in particular:

Creation of anonymized website access statistics via the central Matomo service of Philipps‑Universität Marburg to improve the web application and provided web content. Further information is available in the "Analyses" section.

Cookie storage can be disabled in the user's web browser. In this case, no cookies will be stored. As a result, personal functions of the website may not be usable.

Analyses

In the analysis services used by the web application, the user's IP address is processed in anonymized form.

Logged data on the web server

When you access the website, the following personal data are stored in the web server access logs:

IP address
Date/time of access
Method of access
Access result
Accessed resource
Transferred data volume
Browser identification string

In the web server access logs, the user's IP address is generally anonymized and retained for a period of 14 full days.

To defend against an ongoing or imminent intentional attack on the website and to secure evidence, Philipps‑Universität Marburg reserves the right to temporarily disable the anonymization of IP addresses in log files for a limited time.

Logged data in the web application

After successful authentication, the following data are stored in the application's access logs for tracing internal procedures:

Registered user's e‑mail address
Date/time of access
Executed action and accessed resource (e.g., submission, editing, approval or publication of certain metadata and data)

Personal data contained in application logs are retained for auditability of internal processes for a period of three months.

Links to other providers' websites

The website may contain links ("links") to websites of other providers. Philipps‑Universität Marburg has no influence on whether these providers also comply with applicable data protection laws. Please always review the privacy statements of those providers.

Recipients of your data in case of legal or judicial obligation

Data stored when you access the website will only be disclosed to third parties if we are legally obliged to do so or if this is necessary in the case of an attack on the website for legal or criminal prosecution.

Your rights

As a user of the website, you have various rights under Articles 15 to 18, 21 GDPR and the HDSIG: the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and the right to lodge a complaint.

Right of access

Under Article 15 GDPR you may request information about the personal data we process about you. In your access request, please specify your concern to help us compile the required data. Please note that your right of access may be restricted by provisions of the HDSIG.

Right to erasure

Pursuant to Article 17 GDPR and § 34 HDSIG, you may request deletion of your personal data. Your entitlement to deletion depends on certain conditions, for example whether we still need your data to fulfill legal obligations.

Right to object

Under Article 21 GDPR you may object at any time for reasons arising from your particular situation to the processing of data concerning you. We may not be able to comply with your objection in all cases, for example if a legal provision (§ 35 HDSIG) obliges us to process the data. Please note that we must necessarily process your client's IP address in order to provide the website.

Right to appeal

If you believe that Philipps‑Universität Marburg has not complied with data protection regulations in processing your data, you may lodge a complaint with the official data protection officer of Philipps‑Universität Marburg or with the supervisory authority responsible for public bodies processing data in the state of Hesse.

Official Data Protection Officer

Philipps‑Universität Marburg - Official Data Protection Officer
Dr. Rainer Viergutz
Biegenstraße 10, 35037 Marburg
Tel. 06421 28-20, Fax: 06421 28-22065
Internet: https://www.uni-marburg.de
E‑Mail: datenschutz@uni-marburg.de

Supervisory authority

Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Roßnagel
Gustav‑Stresemann‑Ring 1
65189 Wiesbaden
Tel.: 0611 1408-0, Fax: 0611 1408-611
Internet: https://datenschutz.hessen.de
E‑Mail: poststelle@datenschutz.hessen.de

Validity

This privacy statement is current and was last updated on 2 March 2022.