Privacy Policy

Data protection statement

I. Collection of personal data

1. Personal data

The following information concerns the collection of your personal data when you use our website. Personal data is all data that relates to you personally (e.g. name, address, email address, user behaviour etc.).

2. Data controller in the sense intended by GDPR

The data controller in the sense intended by art. 4 para. 7 General Data Protection Regulation (GDPR) is:

Universität Duisburg-Essen
Lehrstuhl für ABWL & Internationales Automobilmanagement
Lotharstr. 1, 47057 Duisburg
Tel. +49 203 379 1055 | Fax +49 203 379 1599

(see also company information).

Our data protection officer can be contacted at kai-uwe.loser@uni-due.de or our postal address:

Dr. Kai-Uwe Loser
Ruhr-Universität Bochum
NB 1/68
Tel. 0234 322 8720
Fax. 0234 320 8720

3. Recording of contact

If you contact us via email or by using the contact form, the data you provide (email address, name, phone no. etc.) will be saved by us in order to respond to your enquiry. Data generated in this context will be deleted by us once its storage is no longer required. Alternatively, if a statutory obligation to retain the data applies, we will restrict its processing.

4. External service providers

Should for the provision of our services we have recourse to external service providers or should we wish to use your data for commercial purposes, we will inform you of the processes involved as set out below. In doing so will also specify the criteria for determining the duration of storage.

5. SSL and TLS encryption

For security purposes and for the protection of confidential information that you send to us in our capacity as the website operator (e.g. orders or enquiries), our website uses SSL and TLS encryption. An encrypted connection is indicated by the characters in the address bar changing from “http://” to “https://” and by the presence there of a padlock symbol.

II. General data processing

1. Scope of personal data processing

We process users’ personal data only insofar as is required for the provision of a serviceable website and of our content and services. Such processing is subject to users’ permission unless it was not possible for practical reasons to obtain the such permission in advance and the processing is permitted under statutory regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the permission of the person concerned for the processing of personal data, art. 6 para. 1 a) GDPR serves as the legal basis. For the processing of personal data as required for the performance of a contract to which the data subject is party, the legal basis is art. 6 para. 1 b) GDPR. This also applies for processing required for the performance of pre-contractual measures. Insofar as the processing of personal data is required for the performance of a legal obligation to which we are subject, the legal basis is art. 6 para. 1 c) GDPR. In the event that the essential interests of the data subject or of another natural person require the processing of personal data, the legal basis is art. 6 para. 1 d) GDPR. Where the processing is required in our legitimate interests or those of a third party and such interests are not outweighed by the interests or constitutional rights and freedoms of the data subject, the legal basis is art. 6 para. 1 f) GDPR.

3. Data deletion and duration of storage

The data subject’s personal data will be deleted or locked as soon as the purpose of storage no longer applies, although it may be stored for longer is provided for under European or domestic law in the form of EU regulations, legislation or other provisions to which the data controller is subject. Data will also be locked or deleted when the storage period allowed for under such provisions expires, unless the data is needed for formation or performance of contract.

4. Data sharing on formation of contract for services and digital content

We share data with third parties only where required for contractual purposes (e.g. we may share it with a bank that processes payments on our behalf). No other sharing of data will take place unless you have expressly consented. Your data will not be shared with any third party, for example for marketing purposes, without your express permission. The basis for such processing is art. 6 para. 1 b) GDPR, which permits the processing of data for performance of contract or pre-contractual measures.

III. Provision of website and creation of logfiles

1. Description and scope of data processing

Every time our website is accessed, our system automatically captures data and information from the accessing computer. This includes the following data:

  1. Information on browser type and version
  2. User’s operating system
  3. User’s ISP
  4. User’s IP address
  5. Date and time of access
  6. Website the user was on prior to visiting our website
  7. Websites accessed by user via our website

This data is stored in our system’s logfiles. This does not include the user’s IP address or any other data that enable the user to be identified. This data is not stored with any other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data is art. 6 para. 1 f) GDPR.

3. Purpose of data processing

The temporary storage of IP addresses by our system is necessary to ensure the optimal delivery of our website to the your computer. For this purpose your IP address must be stored for the duration of your session. This purpose also comprises our legitimate interest in data processing in the sense intended by art. 6 para. 1 f) GDPR.

4. Duration of storage

Data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data captured for the purposes of providing our website, it is no longer required once the session has ended.

5. Right to object and right to removal

The capture of data for the provision of the website and the storage of data in logfiles are necessary for the operation of the website. The user therefore has no right to object.

IV. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are saved in or by the user’s the web browser on the user’s computer system. When you access a website, a cookie may be saved on your operating system. This cookie contains a unique sequence of characters that enable your browser to be identified when you re-visit the website. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable after the user has visited a different website. In such cases, the cookies store and transmit the following data:

1. Language settings

2. Website settings (saved in the form of 0 or 1)

On accessing our website the user is informed that cookies are used for analysis purposes and is invited to consent to the processing of personal data used in this context. A notice also appears directing the user to our data protection statement.

b) Legal basis for data processing

The legal basis for the processing of personal data that involves the use of cookies for technical purposes is art. 6 para. 1 f) GDPR. Subject to the user’s consent, the legal basis for the processing of personal data involving the use of cookies for analysis purposes is art. 6 para. 1 a GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of our website. Without the use of cookies, some of the functions of our website cannot be provided. For such functions, the user’s browser needs to be recognised on a return visit to our site. User data collected via cookies necessary for technical purposes is not used for the creation of user profiles. Such purposes also constitute our legitimate interest in the processing of personal data as per art. 6 para. 1 f) GDPR.

d) Duration of storage; right to object and right to removal

Cookies are saved on the user’s computer and transferred from there to our website. The user therefore has full control over the use of cookies. By adjusting your browser settings you can deactivate or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated on our website, some of the functions of our website may not be fully available. This website uses the following types of cookies, the scope and functioning of which are explained below:

1. Transient cookies (see da)

2. Persistent cookies (see db).

da) Transient cookies are automatically deleted when you close your browser. This especially includes session cookies. These save what is known as a session ID that assigns various requests form your browser to your session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

db) Persistent cookies are automatically deleted after a set period of time that varies according to the type of cookie used. You can delete cookies at any time in the security settings of your browser.

dc) Cookies are saved on the user’s computer and from there transferred to our website. As the user, you therefore have full control over the use of cookies. By adjusting your browser settings you can deactivate or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated on our website, some of the functions of our website may not be fully available.

df) We use cookies so that we can identify you when you re-visit our website if you have an account with us. Otherwise you will need to log in each time you visit.

V. Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form that can be used for getting in touch with us electronically. Data entered onto the form will be transferred to us and stored. This data includes:

  • Surname, email address, message (compulsory information)
  • First name, phone number, subject (optional information)
  • Consent to storage of data provided (consent currently not saved, JS function activated when SUBMIT button checked)

When the message is sent, the following data is also saved:

1. Date and time of registration

As part of the transfer process, your consent will be obtained for the processing of data and reference will be made to this data protection statement. Alternatively you can contact us via the email address provided, in which case the personal data transmitted with the email will be saved. The data thus acquired will not be shared with any third party and will be used solely for the processing of your enquiry.

2. Legal basis for data processing

Where the user’s consent is given, the legal basis for the processing of data is art. 6 para. 1 a) GDPR. The legal basis for the processing of data transferred via email is art. 6 para. 1 f) GDPR. Where the aim of the email contact is formation of contract, additional grounds for the processing are provided by art. 6 para. 1 b) GDPR.

3. Purpose of data processing

Personal data obtained via the contact form is used by us solely for the processing of your enquiry. In the event of contact via email, such contact constitutes our legitimate interest in the processing of your data. Other personal data processed as part of the data transfer is designed to prevent the misuse of the contact form and to ensure our IT systems remain safe.

4. Duration of storage

Data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data collected via the contact form or email, this is the case when the conversation with the user is ended. The conversation is considered ended when it can be reasonably inferred that the matter at hand has been sufficiently resolved. Additional personal data collected during the transfer process will be deleted within seven days.

5. Right to object and right to removal

The user can at any time withdraw permission for the processing of their personal data. The user can at any time object to the saving of their personal data by contacting us via email or post/fax using the contact details provided above (see sect. I). The lawfulness of the processing of any data prior to the objection shall remain unaffected. In the event of withdrawal of consent for data storage, the conversation cannot be continued, in which case all personal data saved during the course of the enquiry will be deleted.

VI. Rights of data subject

If your personal data is processed, you are the data subject in the sense intended by GDPR and you have the following rights in your relationship with the data controller:

1. Right to be informed

You can require the data controller to confirm whether your personal data is processed by us. If your data is being processed, you have the right to the following information from the data controller:

  1. The purposes for which your personal data is being processed;
  2. The categories of the personal data that is being processed;
  3. The recipients or categories of recipients with whom your personal data has been or is being shared;
  4. The planned duration of the storage of your personal data or, where specific information on this point is not available, the criteria for establishing the duration of storage;
  5. Your right to the correction or deletion of your personal data, to the restriction of processing by the data controller and to object to such processing;
  6. Your right to complain to a supervisory authority;
  7. All available information regarding the origin of your data if it was not collected from you;
  8. The existence of an automated decision-making process, including profiling, as per art. 22 paras. 1 and 4 GDPR and, in such cases at least, meaningful information as to the algorithms involved and the scope and consequences for you of such processing.

You have the right to be informed if your personal data is transferred to a non-EU country or to an international organisation. In this context you also have the right to be informed of the guarantees covering such transfer as per art. 46 GDPR.

2. Right to correction

Insofar as your personal data is incorrect or incomplete, you have the right to have it corrected and completed by the data controller. The data controller must correct the data immediately.

3. Right to restriction of processing

Under the following circumstances you can demand the restriction of the processing of your personal data:

  1. If you dispute the accuracy of your personal data for a period that enables the data controller to check it;
  2. The processing is unlawful and you decline to have your personal data deleted and instead require its use to be restricted;
  3. The data controller’s purposes for the processing of the data no longer apply but you need the data for the assertion of or defence against claims of the exercise of your rights;
  4. If you object to the processing of your data under art. 21 para. 1 GDPR and it is not yet clear whether the data controller’s legitimate interests in the processing outweigh yours.

Once the processing of your personal data has been restricted, it may, its storage excepted, be processed only with your permission or for the assertion of or defence against claims or the exercise of rights or for the protection of the rights of another natural or juristic person or on the grounds of significant public interest of the EU or one of its member states. Where processing is restricted under the aforementioned criteria, you will be informed by the data controller before any lifting of such restriction.

4. Right to deletion

a) Obligation to delete: you can demand that the data controller immediately deletes your personal data and the data controller shall then be obliged to delete your personal data where any of the following applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed;
  2. You withdraw the permission on which under art. 6 para. 1 a) or art. 9 para. 2 a) GDPR the processing was based and there is no other legal basis for the processing;
  3. You object to the processing under art. 21 para. 1 GDPR and there are no legitimate precedent grounds for the processing, or you object to the processing under art. 21 para. 2 GDPR;
  4. Your personal data has been processed unlawfully;
  5. The deletion of your personal data is required under EU law or the law of a member state to which the data controller is subject;
  6. Your personal data has been collected in relation to information society services as per art. 8 para. 1 GDPR.

b) Information passed to third parties:where the data controller has published your personal data and is required under art. 17 para. 1 GDPR to delete it, it shall with due regard to the technology available and the cost implement appropriate measures to inform the parties responsible for the processing of your personal data that you, in your capacity as the data subject, have demanded that they delete all links to this personal data and the deletion of any copies of such data.

c) Exceptions: There shall be no right to deletion where the processing is required:

  1. For the exercise of freedom of expression or information;
  2. In order to comply with a legal obligation that, under EU law or the law of a member state to which the data controller is subject, necessitates such processing; or is required for the performance of a task that is in the public interest or at the behest of the authorities and that has been assigned to the data controller;
  3. In the public interest for reasons of public health as per art. 9 para. 2 h) and i) and art. 9 para. 3 GDPR;
  4. For archiving, scientific or historical research purposes that are in the public interest or for statistical purposes as per art. 89 para. 1 GDPR insofar as the rights specified under a) are likely to make the attainment of such processing aims impossible or is likely to significantly impair them;
  5. For the assertion of or defence against claims or the assertion of rights.

5. Right to be informed

Where you have exercised your right to the correction, deletion or restriction of processing of your data by the data controller, the data controller shall then be obliged to inform all recipients with whom your personal data has been shared that you have requested such correction, deletion or restriction of processing, unless to do so is impossible or would incur unreasonable cost. You have the right to be informed by the data controller as to the identities of such recipients.

6. Right to data portability

You have the right to have the personal data that you have given to the data controller provided to you in a structured, current and machine-readable format. You further have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data has been provided, provided that:

  1. The processing is based on permission as per art. 6 para. 1 a GDPR or art. 9 para. 2 a GDPR or on a contract as per art. 6 para. 1 b GDPR and
  2. The data is processed using automated processes.

In exercising these rights, you further have the right, insofar as is technically feasible, to have your personal data transferred directly by the data controller to another data controller. The freedoms and rights of other persons must not be hereby impaired. This right to data portability does not apply to personal data that is required for the performance of a task that has been assigned to the data controller in the public interest or at the behest of the authorities.

7. Right to object

You have the right at any time to object to such processing of your personal data as takes place under art. 6 para. 1 e) or f) GDPR provided such objection is based on your specific circumstances; this shall also apply to any profiling based on these provisions. The data controller shall then cease to process your personal data unless it can prove compelling grounds for such processing that outweigh your interests, rights and freedoms or the data processing is required for the assertion of or defence against claims or the assertion of rights. Where your personal data is processed for the purposes of sending direct marketing you have the right at any time to object to such processing; this also applies to any profiling conducted in connection with such marketing. If you object to the use of your data for direct marketing purposes, it will no longer be used for such purposes. Regardless of directive 2002/58/EC, and in the context of the use of information society services, you have the option of exercising your right to object by means of automated procedures that use technical specifications.

8. Right to revoke consent provided under data protection law

You have the right at any time to revoke such consent as you have provided under data protection law. Such revocation shall have no retroactive effect.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision-making process that is based entirely on automated processing, including profiling, where such decision-making has legal consequences for you or would in any other way have significant negative consequences for you. This shall not apply where the decision:

  1. Is required for the formation or performance of a contract between you and the data controller;
  2. Is permissible on the basis of EU law of the law of a member state to which the data controller is subject and such law contains adequate provision for the guarantee of your rights and freedoms and your legitimate interests;
  3. Is made with your express permission.

In any event such decisions must not be based on special categories of personal data as per art. 9 para. 1 GDPR unless art. 9 para. 2 a) or g) GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests. Where 1. and 3. above apply, the data controller must take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right to have a person engaged by the data controller intercede, the right to represent your own point of view and the right to contest the decision.

VII. Social media

This website does not use any social media plug-ins or links.

VIII. Plug-ins and tools

1. Google Web Fonts

For the purposes of ensuring a uniform display, this website uses web fonts provided by Google. When you visit our site your browser loads the fonts required into your browser cache so that text and typefaces can be properly displayed. For this purpose your browser has to establish a connection to Google’s servers. Google will thereby be informed that your IP address has accessed our website. Google’s web fonts are used in the interests of ensuring a uniform and appealing display of our online offering. This constitutes a legitimate interest in the sense intended by art. 6 para. 1 f) GDPR. If your browser does not support these fonts, your computer will use a standard typeface. For more information on Google’s web fonts see https://developers.google.com/fonts/faq and Google’s data protection statement at https://www.google.com/policies/privacy/

This data protection statement was last amended on 25.05.2018.