Privacy Policy

  1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our full privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Responsible Entity” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be, for example, data you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or the time the page was accessed). The collection of this data takes place automatically as soon as you enter the website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts are concluded or initiated via the website, the submitted data is also processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future.

You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

You can contact us at any time about this or any other questions about data protection.


  1. Hosting

We host the contents of our website with the following provider:

Hetzner

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Details can be found in Hetzner’s privacy policy: https://www.hetzner.com/legal/privacy-policy

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the above service. This is a contract required under data protection law, which ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.


  1. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., when communicating by e-mail) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Responsible Entity

The responsible entity for data processing on this website is:

Georg-August-Universität Göttingen

Stiftung öffentlichen Rechts (without University Medicine)

Wilhelmsplatz 1

37073 Göttingen

Germany

Email: sufonama@gwdg.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage Duration

Unless a specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed.

If you have expressly consented to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR.

If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also based on § 25(1) TDDDG. Consent can be withdrawn at any time.

If your data is necessary for contract performance or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR.

Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR.

Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.

You will be informed about the applicable legal basis for each case in the relevant sections of this privacy policy.

Recipients of Personal Data

In the course of our business activities, we cooperate with various external parties. This may also involve the transfer of personal data to these external parties.

We only pass on personal data to external parties if it is necessary for contract fulfillment, if we are legally obliged to do so (e.g., to tax authorities), if we have a legitimate interest in the transfer under Art. 6(1)(f) GDPR, or if another legal basis allows the data transfer.

When using processors, we only pass on personal data on the basis of a valid DPA. In the case of joint processing, a joint controller agreement is concluded.

Withdrawal of Your Consent

Many data processing operations are only possible with your express consent. You can revoke consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to Object to Data Processing in Special Cases and to Direct Advertising (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation.

This also applies to profiling based on these provisions.

If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time.

If you object, your personal data will no longer be used for direct marketing (objection under Art. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, workplace, or the place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data we process based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. You also have the right to have this data transferred directly to another controller, if technically feasible.

Right to Access, Rectification, and Erasure

Within the scope of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipient, and the purpose of the data processing. You may also have a right to rectification or erasure of this data.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data under certain conditions.

This applies if:

  • You dispute the accuracy of your data (for a period allowing us to verify it),
  • Processing is unlawful, but you oppose erasure,
  • We no longer need the data, but you need it to assert, exercise, or defend legal claims,
  • You have objected under Art. 21(1) GDPR and a balance of interests is pending.

If processing is restricted, such data – apart from storage – will only be processed with your consent or for legal claims, the protection of another person’s rights, or important public interest.

To exercise your data protection rights (e.g., access, rectification, erasure, withdrawal of consent), please contact us at sufonama@gwdg.de.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as forms or inquiries.

You can recognize an encrypted connection by the browser address switching from “http://” to “https://” and the padlock icon.

When encryption is active, the data you transmit cannot be read by third parties.

Objection to Unsolicited Advertising Emails

We hereby object to the use of published contact data for sending unsolicited advertisements and information materials. The operators of this site reserve the right to take legal action against unsolicited promotional materials, such as spam emails.


  1. Data Collection on This Website

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website.

Alumni Contact Form

The following information must be provided to you in accordance with Art. 13 of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) when personal data is collected:

Re Art. 13 (1) a) and b):

The controller for the collection and processing of personal data pursuant to Art. 4 No. 7 GDPR is the Georg-August-Universität Göttingen Stiftung öffentlichen Rechts (without University Medicine), Wilhelmsplatz 1, 37073 Göttingen, represented by the President [hereinafter: University of Göttingen], the specific data processing body is SUFONAMA Consortium in the context of alumni contact and program evaluation.

The data protection officer of the University of Göttingen is

Prof. Andreas Wiebe, LL.M. (Virginia),
Platz der Göttinger Sieben 6
37073 Göttingen
E-mail: datenschutz@uni-goettingen.de

Re Art. 13 (1) c):

The collection of personal data is necessary in order to update alumni records, evaluate the SUFONAMA program, and (with consent) use testimonials and photos for marketing purposes and is based on your consent pursuant to Art. 6 para. 1 letter a) GDPR in conjunction with § 13 NDSG (legal basis).

Re Art. 13 para. 1 e):

The personal data will be further processed and transmitted to other responsible bodies as follows:

Administration: Data that the administration collects from you is generally only processed by internal organizational units of the SUFONAMA Consortium.

Re Art. 13 para. 2 a):

In accordance with the guidelines of the German Research Foundation (DFG) on good scientific practice, the data is stored for 10 years. In any case, personal data will be deleted as soon as it is no longer required. Wherever and whenever possible, the data is anonymized.

Re Art. 13 para. 2 b):

The data subject has a right of access to the SUFONAMA Consortium regarding the personal data concerning him or her and, where applicable, a right to rectification, erasure or restriction of processing of this data and a right to object to processing. The right to data portability does not apply to the fulfillment of public tasks (university research). These rights can only be asserted as long as the data can still be assigned to you. The right to negative information and the right to lodge a complaint with a supervisory authority remain unaffected by this.

Re Art. 13 para. 2 c):

If the data processing is based on your consent, you have the right to withdraw your consent at any time. The data processing carried out until then remains lawful, the revocation only applies to the future. In this case, your data will be deleted immediately. 

Re Art. 13 para. 2 d):

The data subject has the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

The data protection supervisory authority responsible for the University of Göttingen is the State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
E-mail: poststelle@lfd.niedersachsen.de 

Re Art. 13 para. 2 e):

The provision of data by you is purely voluntary.

Re Art. 13 para. 3:

If it is intended to further process the personal data for a purpose other than that for which it was originally collected, the University of Göttingen or the SUFONAMA Consortium shall provide the data subject with information about this other purpose and any other relevant information prior to such further processing.

Contact by Email, Phone, or Fax

If you contact us by email, telephone, or fax, your inquiry and all personal data involved will be stored for the purpose of processing your request. We will not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if related to a contract or Art. 6(1)(f) GDPR for general inquiries. If consent was given, processing is based on Art. 6(1)(a) GDPR.


  1. Plugins and Tools

YouTube with Enhanced Privacy Mode

This website embeds videos from YouTube. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page with a YouTube embed, a connection is made to YouTube servers. YouTube is informed which pages you visited. If you’re logged into your YouTube account, your browsing behavior may be linked to your personal profile. You can prevent this by logging out of YouTube.

We use YouTube in “privacy-enhanced mode.” According to YouTube, this means no cookies are set unless you play the video.

However, local storage elements may still be used in your browser. Further data processing may occur beyond our control.

Use of YouTube is based on our legitimate interest in providing an attractive online presence (Art. 6(1)(f) GDPR). If consent was requested, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. You can withdraw consent at any time.

For more on YouTube’s data practices, see:

https://policies.google.com/privacy

Google is certified under the EU-US Data Privacy Framework (DPF):

https://www.dataprivacyframework.gov/participant/5780