#### **I. Name and Address of the Controller**
The controller in terms of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is the:
University of Siegen\
Adolf-Reichwein-Str. 2a\
57076 Siegen\
Germany\
Tel: 0271-740 – 0\
E-mail: [info@uni-siegen.de](mailto:info@uni-siegen.de)\
Website: [www.uni-siegen.de](http://www.uni-siegen.de/)
#### **II. Contact details for the Data Protection Officer**
The data protection officer of the controller can be reached at:
Adolf-Reichwein-Str. 2a\
57076 Siegen\
Germany\
Tel: +49 271 – 740 5147\
E-mail: [datenschutzbeauftragter@uni-siegen.de](mailto:datenschutzbeauftragter@uni-siegen.de)
#### **III. General Information on Data Processing**
##### 1. Scope of Personal Data Processing
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users only takes place with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.
##### **2. Legal Basis for the Processing of Personal Data**
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1), point (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1), point (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1), point (c) of the GDPR serves as the legal basis.
In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1), point (d) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh this interest, Art. 6(1), point (f) of the GDPR serves as the legal basis for the processing.
##### **3. Data Erasure and Storage Duration**
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or erased when a retention period prescribed by the above standards expires, unless there is a need to retain the data for the purpose of concluding or fulfilling a contract.
#### IV. Provision of the Website and Creation of Log Files
##### 1. Description and Scope of Data Processing
Whenever our website is called up, our system automatically collects data and information from the computer system of the computer accessing it.
The following data are collected in this process:
1. Information concerning the browser type and version used
2. The user’s operating system
3. The user’s Internet Service Provider
4. The user’s IP address
5. Date and time of access
6. Websites from which the user’s system accesses our website
7. Websites which are accessed by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
##### **2. Legal Basis for the Data Processing**
The legal basis for the temporary storage of data and the log files is point (f) of Art. 6(1) of the GDPR.
##### **3. Purpose of Data Processing**
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
\
These purposes are also part of our legitimate interest in data processing in accordance with Art. 6(1), point (f) of the GDPR.
##### **4. Duration of Storage**
The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of data storage in log files, this is the case after 14 days at the latest. A storage beyond this is possible. In this case, the IP addresses of the users are erased or masked so that an assignment to the accessing client is no longer possible.
##### 5. Possibility of Objection and Removal
The collection of data for the provision of the website and the storage of the data in log files is required for the operation of the website. There is therefore no possibility of objection on the part of the user.
#### **V. Use of Cookies**
##### **1. Description and Scope of Data Processing**
Our website uses cookies. Cookies are text files that are saved by and stored in the Internet browser on the user’s computer system. If a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser be identifiable even after a page change.
##### **2. Legal Basis for the Data Processing**
The legal basis for the processing of personal data using cookies is Art. 6(1), point (f) of the GDPR.
##### **3. Purpose of Data Processing**
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser will be identifiable even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles.
These purposes are also part of our legitimate interest in the processing of personal data in accordance with Art. 6(1), point (f) of the GDPR.
##### **4. Duration of Storage, Possibility of Objection and Removal**
Cookies are stored on the user’s computer and transmitted by the user to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies existing on your computer may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website would be available to their full extent.
#### **VI. Newsletter**
##### 1. Description and Scope of Data Processing
Our website offers the possibility to subscribe to a free newsletter. When subscribing for the newsletter, the data from the input mask is transmitted to us.
In addition, the following data is collected during registration:
1. IP address of the accessing computer
2. Date and time of registration
Your consent to the processing of the data is obtained and you are referred to this privacy policy during the registration process.
The data obtained in the registration process will not be forwarded to third parties in the context of the dispatch of the newsletter. The data are used exclusively for the purpose of sending the newsletter.
##### **2. Legal Basis for the Data Processing**
If the user has given their consent to the processing, the legal basis for the processing of data after subscription to the newsletter by the user is point (a) of Article 6(1) of the GDPR.
##### **3. Purpose of Data Processing**
The collection of the user’s e-mail address for sending the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
##### **4. Duration of Storage**
The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process are usually erased after a period of seven days.
##### **5. Possibility of Objection and Removal**
The subscription to the newsletter can be cancelled by the user concerned at any time. A corresponding link for this purpose is included in every newsletter.
This also enables the revocation of the consent to store personal data collected during the registration process.
#### **VII. Contact Form and Contact by E-Mail**
##### **1. Description and Scope of Data Processing**
There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data entered on the input screen is transmitted to us and saved in our system. These data include:
1. Last name
2. First name
3. E-mail address
The following data are also stored when the message is sent:
1. The user’s IP address
2. Date and time when the data were sent
3. The address of the page from which the contact was initiated
Your consent to the processing of the data is obtained and you are referred to this Privacy Policy during the sending process.
Alternatively, you can contact us using the e-mail address provided. In this case, the user’s personal data communicated with the e-mail are saved and stored.
Data are not disclosed to third parties in this context. The data are used exclusively for the purpose of processing the conversation.
##### **2. Legal Basis for the Data Processing**
The legal basis for the processing of the data is Art. 6(1), point (a) of the GDPR if the user has given their consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1), point (f) of the GDPR. If the purpose of contacting us by e-mail is to conclude a contract, an additional legal basis for processing is point (b) of Art. 6(1) of the GDPR.
##### **3. Purpose of Data Processing**
The processing of data obtained from the input screen is only for the purpose of process the communication with the data subject. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
##### **4. Duration of Storage**
The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed terminated once it becomes clear from the circumstances that the relevant issue has been conclusively resolved.
The additional personal data collected during the sending process will be erased after a period of seven days at the latest.
##### **5. Possibility of Objection and Removal**
The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot continue.
All personal data stored in the course of contact will be erased in this case.
#### **VIII. Rights of the Data Subject**
The following list includes all rights of the data subjects according to the GDPR. Rights that are not relevant for our website do not have to be mentioned, for which reason the list may be shortened.\
If your personal data is processed, you are the data subject” within the meaning of the GDPR and you have the following rights in relation to us as the controller:
##### **1. Right of Access**
You can request from the controller confirmation of whether personal data concerning you is processed.
In the event of such processing, you may request access to the following information from the data controller:
1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage;
5. the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information on the origin of the data, if the personal data are not collected from the data subject;
8. the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.
You have the right to request access to information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer.
##### **2. Right to rectification**
You have the right to ask the data controller to rectify and/or complete the data if the personal data processed concerning you are inaccurate or incomplete. The controller shall effect the rectification without delay.
##### **3. Right to Restriction of Processing**
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
1. if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you are opposed to the erasure of the personal data and request instead the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
4. if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.
If the processing of the personal data in question has been restricted, these data – with the exception of their storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest for the Union or a member state.\
If the processing has been restricted in accordance with the above requirements you will be notified by the controller before the restriction is lifted.
##### 4. Right to Erasure
**a) Duty to Erase**
You may request the controller to erase personal data concerning you without delay and the controller is obliged to erase such data without delay if one of the following reasons applies:
1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. you revoke your consent on which the processing was based pursuant to Art. 6(1), point (a) or Art. 9(2), point (a) of the GDPR, and there is no other legal basis for the processing.
3. you object to the processing pursuant to Art. 21(1) of the GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
4. the personal data concerning you have been processed unlawfully.
5. the erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the member states to which the controller is subject.
6. The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8(1) of the GDPR.
**b) Information to Third Parties**
If the controller has made public the personal data concerning you and is obliged to erase them pursuant to Art. 17(1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures to inform data controllers which are processing the personal data that you, as a data subject, have requested the erasure of all links to these personal data or copies or replications of these personal data.
**c) Exceptions**
The right of erasure does not exist insofar as the processing is necessary
1. for exercising the right of freedom of expression and information;
2. in order to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the field of public health pursuant to Art. 9(2), points (h) and (i) and Art. 9(3) of the GDPR;
4. for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
5. for the establishment, exercise or defence of legal claims.
##### 5. Right to Be Informed
If you have asserted the right to rectify, erase or restrict the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.\
You have the right to be informed of these recipients.
##### 6. Right to Data Portability
You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom the personal data have been made available, provided that
1. the processing is based on a consent pursuant to Art. 6(1), point (a) of the GDPR or Art. 9(2), point (a) of the GDPR or on a contract pursuant to Art. 6(1), point (b) of the GDPR and
2. the processing is carried out by means of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby.\
The right to data portability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
##### 7. Right to Object
On grounds relating to your particular situation, you have the right to object to the processing of your personal data which occurs on the basis of points (e) or (f) of Art. 6(1) of the GDPR at any time; this also applies for profiling based on those provisions.\
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.\
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.\
If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.\
You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.
##### 8. Right to Withdraw a Declaration of Consent under Data Protection Law
You have the right to withdraw a declaration of consent at any time. Withdrawal of consent does not affect the legality of the processing which has been carried out on the basis of the consent before it was withdrawn.
##### 9. Automated Individual Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision
1. is necessary for the conclusion or fulfilment of a contract between you and the controller,
2. is authorised by Union or national legislation to which the controller is subject and there are legal provisions in place providing for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
3. is based on your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2), point (a) or (g) of the GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.\
With regard to the cases described under (1) and (3), the controller shall take suitable measures to safeguard your rights and freedoms as well as your legitimate interests, which at least entails the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
##### 10. Right to Lodge a Complaint with a Supervisory Authority
Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state in which you are resident, the member state in which you work or in the place of the alleged infringement if you consider that the processing of personal data concerning you violates the GDPR.\
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.
For more information click [here](https://www.e-vita.coach/privacy-policy/).