Data Privacy

I. General Preliminary Remarks

The central web server together with the individual sites belonging to the University of Bremen present the University internally and externally, disseminate information and support the tasks of the university. The web presence has an independent, uniform design. However, the university institutes and faculties have a certain freedom when it comes to the individual design of their homepages and in this context also bear their own responsibility.

II. Responsibilities and Competences

No guarantee is given for the operation or for the correctness and topicality of the information contained in the web presence. The Center for Networks at the University of Bremen is responsible for the operation of the server. The respective editors are responsible for the organization in the individual faculties. The University Executive Board has general responsibility for content and decides in case of doubt about the admissibility of the data. The Content Management (Unit 03, University Communication and Marketing) maintains the landing pages of the central website at Otherwise, the departments, units, Faculties and institutions of the University are responsible for the contents they present.

I. Name and address of the person legally responsible
University of Bremen
The University President, Prof. Dr. Jutta Günther
Bibliothekstrasse 1-3
28359 Bremen, Germany
Phone: +49 421 218-1
Email: webprotect me ?!uni-bremenprotect me ?!.de

II. Name and address of the data protection officer:
University of Bremen
Katja Losch-Kremer
Referat 06
Bibliothekstrasse 1-3
28359 Bremen, Germany
Email: datenschutzprotect me ?!uni-bremenprotect me ?!.de

III. General Information about Data Processing

(1) The University of Bremen takes data privacy very seriously. We process the personal data collected when visiting our websites in full compliance with the applicable data privacy regulations. These include, in particular, the EU General Data Protection Regulation (GDPR), the Bremen Implementation Act on the EU General Data Protection Regulation (BremDSGVOAG) and the Higher Education Act of the State of Bremen (Section 11 BremHG) and the Telecommunications and Telemedia Data Protection Act (TTDSG).

(2) In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and present content and services (see points 6 and 7). The processing of our users’ personal data takes place only after obtaining their consent. An exception applies in cases where prior consent is de facto not possible and the subsequent processing is permitted by law. Any use of your personal data takes place solely for the stated purposes and to the extent necessary to serve these purposes.

(3) Your data will neither be published by us nor without authorization passed on to third parties. We point out, however, that we are entitled in individual cases and on the order of the competent bodies to provide information on collected data for law enforcement purposes, to aid the police forces of the Länder in the prevention of risks and the Federal Intelligence Service in fulfilling the statutory duties of the constitutional protection authorities of the Federal Government and the Länder (legal basis Article 6 section 1 item (c) GDPR).
In the following, we wish to inform you about the nature, scope and purpose of the collection and use of personal data.

1. Data collection and processing when accessing from the Internet

(1) On our websites, we use a consent management platform (consent or cookie banner). We process data in connection with the use of this consent management platform and the logging of your settings to play out our content according to your preferences and to be able to prove the consent(s) you have given. The legal basis for the temporary storage of data and log files is Article 6 section (1) item (f) GDPR. A cookie is used to store your individual settings, the consent you have given, and some of your usage data. This allows your settings and consent to be retained and stored for subsequent page requests.
Further information on this is available under the "Cookies" section.

The following data is recorded:

  • The IP address of the requesting computer
  • Date and time of access
  • Access method / function desired by the requesting computer
  • Name and URL of the retrieved file
  • Transmitted amount of data
  • Access status of the web server (file transfer, file not found, command not executed, etc.)
  • The URL from which access is acquired

(2) The login for access to protected areas is partially logged in order to detect attempts at abuse and password attacks. Thereby, no data is stored with the help of which personal profiles could be created about the user’s behavior.

(3) The collection of such data and the storage of the data in log files is essential for the provision and the operation of the website. There is consequently no possibility for users to protest such use.

2. Cookies

(1) We use necessary cookies on our websites. Cookies are small text files that are stored by the browser on your computer. A distinction is made between session cookies, which are deleted as soon as you close your browser, and persistant cookies, which are stored beyond individual sessions. We do not use these necessary cookies for analysis, tracking, or advertising purposes. Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security, and running of the website. The legal basis for the use of these cookies is Article 6 section (1) item (f) GDPR. You can set your browser to inform you when cookies are placed. Additionally, you can delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed in full and some functions may no longer be technically available.

The following cookies are set:

  • session cookies (for session detection, duration: one session)
  • TYPO3 session cookie (for session detection, duration, one session)
  • JavaScript cookie for sound (for audio on / off, duration: one session)
  • Matomo Cookies for web analytics (see "Web analytics" section)

(2) In your browser settings, you can specify whether cookies may be set or not.

3. Web analytics by Matomo (formerly PIWIK)

We use the "Matomo" web analytics tool to customize our websites. Matomo creates user profiles using pseudonyms. For this purpose, we store persistent cookies on your end device retrieve information from them.
This enables us to recognize returning visitors and count them as such.

Data processing only takes place on the basis of your consent, provided that you have given your consent via our banner.

You may refuse your consent at any time by following the link below and select the appropriate settings via our banner.

The legal basis for the use of Matomo is Article 6 (1) item (a) GDPR.

4. Data security

(1) Our technical-organizational security measures, with which we protect all data from the access of unauthorized persons, are always kept up-to-date. As far as your data is collected and recorded by us, it is stored on specially protected servers. These are protected by technical and organizational measures against loss, destruction, access, modification or distribution by unauthorized persons. Access to your data is only possible for a limited number of authorized persons. All our employees are sworn to confidentiality. Personal information is always transmitted in encrypted form. The transmitted data is stored in a database that is only accessible to administrators.

(2) We point out, however, that data transmission via the Internet (for example, when communicating by email) may be vulnerable security wise. There is no complete protection from the data being accessed by third parties.

5. Links to websites of other providers

Our Internet pages contain links (references) to external websites of third parties. Our websites may also contain links to external social networks; however, no plug-ins belonging to these networks are used. These websites are subject to the liability of the respective operator. Therefore, we cannot assume any liability for these external contents. At the time the links are included, there is no evidence of illegal contents on the respective pages. However, we have no influence on the current and future design and content of the linked sites. A permanent control of these third party sites would be unreasonable. If we become aware of a violation, we will remove the link immediately. When you leave this site, it is recommended that you carefully read the privacy policy of each website first.

6. YouTube

Our websites use an iFrame of the Google Inc. powered YouTube site. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube iFrame-equipped sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited. If you're logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The legal basis is Article 6 section 1 item f). For more information on how user data is handled, please refer to the YouTube Privacy Policy at https.//

7. Integrated Maps from Google Maps

The website contains embedded maps from Google Maps to illustrate the university’s locations. The maps from Google Maps are a product of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit a page with an embedded map, your browser usually connects directly to Google’s servers. By doing so, Google receives the information that your computer has called up the corresponding page of our website. This will also give Google your computer’s IP address and information about your browser. Google will receive this information even if you do not have a Google account. If you are logged in to your Google account when you visit the site, it is possible that Google may associate this directly with your account. If you use certain services of Google on the device used for retrieval and have not objected to access to your location data, processing of your location data may also occur in connection with accessing the page with the map. It is to be assumed that Google will use your data mentioned for commercial purposes in addition to enabling use, optimization, and prevention of misuse. For more information on data protection at Google, please visit There you will also find information on how you can restrict the processing of your data at Google. The university has no influence on the processing of data at Google.

8. Contact form

(1) If you send us inquiries via the contact form, your details from the application form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We do not share this data. In order to answer your questions, though, provision of your name and your email address is mandatory.

(2) In case of your consent, the legal basis is Article 6 (1) item (a) GDPR.

(3) The granted consent to the storage of the email address can be revoked at any time. In order to do so, you can contact the above mentioned addresses or send an email to the following address: In this case, all the personal data stored in the course of making the contact will be deleted.

9. Newsletter data

(1) If you would like to receive newsletters that may be offered on the website, we need an email address from you, as well as information that allows you to verify that you are the owner of the email address provided and that you agree to the receipt of the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.

(2) You may revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

(3) Legal basis for the processing of the data after registration for the newsletter is in the case of the user’s consent Article 6 section (1) item (a) GDPR.

(4) The data will be deleted as soon as they are no longer necessary for the achievement of the purpose. The user’s email address is stored only as long as the subscription to the newsletter is active.

10. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection when the address line of the browser changes from "http: //" to "https: //" and the lock symbol appears in your browser line. When SSL encryption is enabled, it is virtually impossible for third parties to read the data you transmit to us.

IV. Rights of the Data Subject

Insofar as the University of Bremen processes the personal data you provide, you, as the person affected, are entitled in accordance with GDPR to the following rights:

1. Right to information (Article 15 of the GDPR)

You may request confirmation as to whether personal information concerning you is being processed by us. If such processing is undertaken, you can request the following information on:
(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration;

(5) the existence of a right to rectification or erasure of personal data concerning you (right to be forgotten), a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) of the GDPR Regulation and, at least in such cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information has been communicated to a third country or an international organization. In this connection, based on the guarantees contained in Article 46 GDPR you can request to be informed of any such transmission of information.
If your personal data is processed for scientific, historical or statistical research purposes, the right of access may be limited to the extent that it is likely to render the research and statistics purposes impossible or seriously impair it, and the restriction is necessary for the purposes of research and statistics.

2. Right to rectification (Article 16 of the GDPR)

You have a right to rectification and / or completion vis-à-vis the controller if the personal data processed is incorrect or incomplete. The controller must make the correction without delay.

3. Right to limit processing (Article 18 of the GDPR)

You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;

(2) if the processing is unlawful and you refuse to have the personal data deleted and instead demand the restriction of the use of the personal data;

(3) if the controller no longer needs the personal data for the purposes of processing; However, you need these to enforce your exercise or defense of a legal claim, or

(4) if you have objected to the processing pursuant to Article 21 section 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may be stored only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural person or for reasons of major public interest on the part of the European Union or a Member State. If the processing of your data in accordance with the a.m. conditions is restricted, you will be informed by the controller before the restriction is lifted.
If your personal data is processed for scientific, historical or statistical research purposes, the right of access may be limited to the extent that it is likely to render the research and statistics purposes impossible or seriously impaired, and the restriction is necessary for the purposes of research and statistics.

4. Right to cancellation (Article 17 of the GDPR)

a) Obligation to delete

You may require the controller to delete your personal information without delay. The controller is then obliged to delete this data immediately, provided one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent to which the processing pursuant to Article 6 section (1) item (a) or Article 9 section (2) item (a) GDPR referred and there is no other legal basis for processing.

(3) You submit a protest pursuant to Article 21 section 1 DS-GVO against the processing and there are no legitimate overriding reasons for the processing, or pursuant to Article 21 (2) GDPR you submit a protest about having your personal data processed.

(4) Your personal data have been processed unlawfully.

(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under EU law or the law of the Member State(s) to which the controller is subject.

(6) The personal data concerning you were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is in accordance with Article 17 (1) under obligation to have it erased, taking due account of the technology available and the implementation costs, including appropriate technical measures he/she is to inform the data controllers who process the personal data that you, the affected person, have requested all links to such personal information or copies or replications of such personal information to be deleted.

c) Exceptions

The right to erasure does not exist if the processing is deemed necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation required by the law of the European Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferred on the controller;

(3) for reasons of public interest in the field of public health pursuant to Article 9 (2) item (h) and (i) as well as Article 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, in so far as the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of such processing, or

(5) to assert exercise or defense of legal rights.

5. Right to information (Article 19 of the GDPR)

If you have declared your right of rectification, erasure or restriction of processing to the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You shall have a right vis--vis the controller to be informed about these recipients.

6. Right to data portability (Article 20 GDPR)

You have the right to receive personally identifiable information about you provided to the controller in a structured, commonly used machine-readable format. Moreover, you have the right to transfer this data to another person without hindrance on the part of the controller, provided that
(1) the processing is based on a consent pursuant to Article 6 section (1) or Item (a) GDPR or Article 9 section 2 item (a). GDPR or on a contract pursuant to Article 6 section (1) item (b) GDPR and

(2) the processing is done by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object (Article 21 GDPR)

(1) You shall have the right at any time, for reasons arising from your particular situation, to protest against the processing of your personal data based on Article 6 section (1) item (e) or (f) GDPR ; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of establishing, exercising and defending legal claims.

(2) Regardless of Directive 2002/58 / EC, you have the option to exercise your right of objection by means of automated procedures using technical specifications in relation to the use of information society services.

(3) If your personal data are processed for scientific, historical or statistical research purposes, you shall have the right, for reasons arising from your particular situation, to object to processing for scientific or historical research purposes or for statistical purposes pursuant to Article 89 DS-GVO. Your right of objection may be limited  insofar as it is likely to render impossible or seriously affect the realization of research and statistics purposes and the restriction is necessary for the fulfillment of tasks in the public interest.

8. Right to revoke data protection consent (Article 7 (3) GDPR)

You also have the right to revoke a possibly given data protection consent form at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. For this purpose and for further questions on the subject of personal data, you can contact the above addresses as well as by email to the following address:

9. Automated decision in individual cases including profiling (Article 22 GDPR)

You shall have the right not to be subject to any decision based solely on automated processing, including profiling, which will have legal effect or affect you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the controller,

(2) is permitted by European Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) item (a( or (g) GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to explain his/her own position and be heard.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you have your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you constitutes a breach of GDPR. The supervisory authority to which the complaint is submitted shall inform the complainant of the ongoing status and outcome of the complaint.

V. Processing of Personal Data on Internal Access Protected Websites

(1) In the case of access-protected internal websites of the University of Bremen, which only concern information platforms accessible to university members, the logged-in and registered users (students, employees, university members with user account) have the following personal data collected during their stay on these pages:

a) name of the user,

(b) the email address associated with the account,

(c) if applicable, the membership of the user to a specific user group.

(2) Legal basis for the processing of the personal data is the consent of the user in accordance with Article 6 section (1) item (a) GDPR. The collection of data serves to enable the use of restricted Internet sites (establishing connection), as well as for purposes of system security, technical administration, the network infrastructure and to optimize the offers. The data shall be deleted as soon as it is no longer necessary to achieving the purpose of its collection. This is deemed to be the case after logging off or closing the web browser.

VI. Validity and Timeliness of the Privacy Policy (as of July 2018)

By using our website, you consent to the use of the data as described above. This privacy policy is immediately valid and supersedes all prior statements. This statement will be updated as necessary to bring it into line with the content of the website as well as more generally with legislative changes.

The English version of this text is for informational purposes only. Only the German version is legally binding.