Springe direkt zu Inhalt

Data Protection Policy of Freie Universität Berlin

Freie Universität Berlin welcomes you to our website (you can find more information on our university here). Upholding the tenets of data protection and data security on our website is very important to us. We would like to take this opportunity to outline which of your personal data we collect when you visit our website, and for which purposes they are used.

As future legislative changes or changes to our internal processes may necessitate adjustments to this data protection policy, we recommend that you revisit this page at regular intervals. The data protection policy can be accessed at “Data Protection Policy,” saved, and printed at any time.

The data controller as defined under the EU’s General Data Protection Regulation (hereinafter “GDPR”) – as well as other national data protection laws of individual member states and data protection regulations – is:

Freie Universität Berlin
represented by the President
Kaiserswerther Straße 16–18
14195 Berlin
Tel.: +49 (30) 838-1

We will be happy to answer any questions you may have about our data protection policy. If you have any questions, please contact the Online Editorial Department:

Tel.: +49 (30) 838 73199
Email: webteam@fu-berlin.de

This data protection policy applies to the website www.fu-berlin.de and the other official websites of Freie Universität Berlin that use Freie Universität Berlin’s corporate design and central content management system. 

A full list of such official websites can be found at www.fu-berlin.de/offizielle-websites.

For websites that are operated by university departments or central facilities, but do not use Freie Universität’s corporate design and/or its central content management system, the data protection policies on the individual websites apply. Please refer to the links on each website for more information.

Personal data are any information relating to an identified or identifiable natural person. This includes information such as your name, age, mailing or IP address, telephone number, date of birth, email address, and user behavior. Information that does not allow us to identify you (or would only enable us to do so with disproportionate effort) because the information is anonymized, for example, is not considered personal data.

The processing of personal data (for example, when said data are collected, retrieved, used, stored, or transmitted) must always have a legal basis and/or be based on your consent. Processed personal data are erased as soon as the purpose for which they are processed has been achieved, provided that the legally stipulated storage periods no longer apply. Such processed personal data are collected, used, and stored electronically by Freie Universität Berlin.

Insofar as we process your personal data in order to provide you with specific services, we provide information below on the specific processes involved, the scope and the purpose of the data processing, the legal basis for processing, and the respective storage periods.

These personal data are not disclosed to third parties nor used outside of Freie Universität Berlin, unless you have granted us your consent to do so or we are required or authorized by law to do so (for example, in relation to law enforcement or suspected plagiarism and other copyright infringements).

1. Website provision and usage

a. Type and scope of data processing

Whenever you access an official web page of Freie Universität Berlin, a log file containing data is automatically created and stored on the server. These data include:

  • the website you visited
  • the web page from which you accessed our web page (plus the terms entered if this was a search engine)
  • date
  • time
  • the operating system used
  • features of the display (resolution in pixels and the pixel ratio for the detection of high-resolution displays) and
  • the browser used (Internet Explorer, Firefox, Opera, etc.)

The log file also stores the volume of the transmitted data, an HTTP status code (for example, to identify a successfully transmitted web page), and the IP address of the device used to access the page (e.g., PC or smartphone) – whereby the IP address is immediately anonymized by the erasure of the last octet of the address.

The data stored in the log file is collected and used solely for anonymous evaluation for statistical purposes (for example, an analysis of user behavior, which pages of the website or subdomain are accessed, which browsers are used, etc.) and thereby serves to improve our services. As IP addresses are anonymized in the way described above, they cannot be mapped to a specific user and cannot be traced to a specific IP address.

b. Legal basis

The legal basis for our data processing is Article 6.1.1.e GDPR in conjunction with Section 3 of the Berlin Data Protection Act (BlnDSG) Section 4 of the Berlin Higher Education Act (BerlHG), and Article 6.1.1.c GDPR in conjunction with Section 13.7 of the German Teleservices Act (TMG). The processing of said data is required in order to provide and maintain the website and thus serves Freie Universität Berlin in performing a task carried out in the public interest.

c. Storage period

The log files for the ongoing and previous calendar year are stored for evaluation purposes. In this case, the IP addresses are anonymized. The data are then erased.

2. Data processing and contact requests

a. Type and scope of data processing

On some pages of our website we offer you the opportunity to get in touch with us via a pre-configured contact form. You will be notified of this data protection policy when you are about to submit your data via the contact form. Your email address will be processed if you choose to make use of such a contact form. Submitting your email address to us allows us to properly keep track of your query and to respond to it. The data you have submitted on the contact form will not be disclosed to third parties.

In the event that contact is made via email, the other personal data stated in the message (name, query subject, attachments, date, and time) will be processed along with the sender’s email address.

b. Legal basis

Data processing for the purposes of making contact via the contact form as described above is performed on the basis of your voluntarily given consent pursuant to Article 6.1.a GDPR. The legal basis for the processing of personal data in relation to email queries is based on Article 6.1.e GDPR in conjunction with Section 4 BerlHG.

c. Storage period

As soon as the query you have submitted has been dealt with and the matter resolved, the personal data you provided via the contact form that we processed will be erased. The data will only be stored in exceptional cases, for example, if required by law.

3.   Newsletter

a. Type and scope of data processing

Freie Universität offers users the opportunity to sign up for a free newsletter and other free information sent via email.The data that you have provided us via the registration form will be transferred to the party responsible for the newsletter subscription.

The data you have provided within the context of subscribing to the newsletter will not be disclosed to third parties.

b. Legal basis

The processing of the aforementioned personal data for the purposes of distributing the newsletter is performed on the basis of your voluntarily given consent pursuant to Article 6.1.a GDPR.

c. Storage period

The personal data you have provided will be stored as long as the subscription to the newsletter is active. If you unsubscribe from the newsletter, then the personal data collected for distributing the newsletter will be erased. The data will only be stored in exceptional cases, for example, if required by law.

You can terminate subscriptions to the newsletter at any time. As a rule, you will usually find a link for this purpose in each newsletter. If you have any further questions, feel free to contact the Online Editorial Department via email at webteam@fu-berlin.de.

4. User area/login page

a. Type and scope of data processing

Certain, authenticated groups of users can access websites and functions that are not visible to all visitors to the website after logging in.

The following data are collected:

  • user name (usually the one associated with your Freie Universität account)
  • email address
  • first name
  • last name
  • group membership

When a user logs in, these data are stored in a session cookie that is removed when the user closes the browser at the latest. The fact that a user name has logged in will be recorded for troubleshooting purposes. This data processing is necessary to ensure a restricted area for authenticated users. Further processing of these data is not performed.

b. Legal basis

The processing of the aforementioned personal data in the authenticated user area is based on Article 6.1.e GDPR in conjunction with Section 4 BerlHG.

c. Storage period

The session cookie is deleted when the browser window is closed. Data that contain account information are erased as soon as the user logs out.

1. Use of the search function

The Google Custom Search Engine (Google CSE) is used as the primary search service on the website of Freie Universität Berlin. The integrated search service provides a full-text search for content of the official website of Freie Universität Berlin. This search function can be accessed via the search box integrated in the header of each web page.

Users are informed of this service via the search box at the top of the website of Freie Universität labeled “Search with Google™.” If a user selects and enters a keyword in the input field of the search box, an additional link will appear just below (“Information about Using Google Search™”), which refers to the data protection policy that applies to Google CSE.

Users can activate the search function by entering a search term in the search box and pressing “Enter” or the search icon (magnifying glass icon). Via a plugin provided by Google, the search results page automatically reloads with the appropriate search results. Data are transferred to the search engine during this process.

Users can choose between a search within the currently displayed domain or the entire website of Freie Universität Berlin.

2. Data processing and using the search function

The plugin that is developed and made available by Google (Google Custom Search Engine Google, CSE) is integrated on an “as-is” (unchanged) basis by the operator of the official website of Freie Universität Berlin as a software module in the search results page. The plugin allows for automated communication (data exchange) between the retrieved search results page and the Google service, if the search results page is called up. The use of the Google-powered search function comprises a dynamic transfer of data by the service provider (Google) to the search results page.

Data are only transferred to Google when a user activates the search box, starts a full-text search, and thus retrieves the search results page. Data are simultaneously transmitted to Google when the search function is used within the search results page. No data are transmitted to the search engine (Google) when official websites of Freie Universität Berlin that incorporate the Google Search Engine are visited. An exception occurs when users directly reference a search results page.

By using the full-text search and the resulting request to view the search results page, you are agreeing to the transmission of data to Google. This includes, for example, the search terms you enter and the IP address of the device you are using.

If you are logged into Google at the same time, the Google service will be able to assign information directly to your user profile. You should therefore log out if you wish to prevent the collection of your personal profile information.

Please note that the principles relating to the processing of personal data outlined in this data protection policy only apply to the website of Freie Universität Berlin and do not refer to Google. We expressly bring to your attention that the operator of the website of Freie Universität Berlin has no influence over the type and volume of data transmitted to Google and that the processing of data, in particular, the storage, erasure, and use of personal data that may be transmitted to the provider of the search engine are entirely the responsibility of the external service provider, in this case, Google.

For more information on Google’s privacy policy and how Google handles user data, please visit: http://www.google.com/intl/de/policies/privacy.

We will only disclose your personal data to third parties when:

  • You have given your explicit consent pursuant to Article 6.1.1.a GDPR.
  • This is legally permissible and required for the performance of a contract to which you are party pursuant to Article 6.1.1.b GDPR.
  • Disclosure of personal data is necessary for compliance with a legal obligation pursuant to Article 6.1.1.c GDPR.
  • Disclosure of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Freie Universität Berlin pursuant to Article 6.1.1.e GDPR.

We will notify you if your personal data are to be disclosed due to specific circumstances in an individual case.

1. Use of cookies on our website

a. Type and scope of data processing

We use cookies on our website. Cookies are small files that are sent to the browser of your end device and stored there during your visit to our website. We are unable to offer some functions of our website without the use of certain cookies required for technical reasons. Other cookies allow us to carry out different analyses. For example, if you revisit our website, cookies are able to recognize the browser you use and transmit different kinds of information to us. Using cookies allows us to make our website more user-friendly and effective for you by tracing your use of our website and determining your preferred settings (for example, country and language settings). If third parties process information via cookies, they collect this information directly via your browser. Cookies do not inflict any damage on your end device. They cannot run programs on your end device and do not contain viruses.

b. Legal basis

Article 6.1.1.e GDPR in conjunction with Section 3 of the BlnDSG, Section 4 BerlGH, and Article 6.1.1.c GDPR in conjunction with Section 13.7 TMG, serve as the legal basis for data processing of technically necessary cookies. We must obtain your consent for cookies that are not technically necessary and third-party cookies. If you have given your consent to the use of cookies on the basis of one of the notifications on our website (“cookie banner”), the lawfulness of said use also complies with Article 6.1.1.a GDPR. You can revoke your consent at any time with future effect by deactivating cookies in your browser settings.

c. Storage period

As soon as the data transferred via cookies are no longer required to fulfill the purposes described above, this information will be erased, especially if you deactivate cookies. This is usually the case when you close your browser window. The data will only be stored in exceptional cases, for example, if this has been stipulated by law.

2. Configuring your browser settings

You can manage your cookie settings using the options described below or by configuring your browser settings.

Most browsers are pre-configured to accept cookies as the default, but you can also configure your browser to only accept specific cookies or not accept any at all. However, please note that you may not be able to use all functions of our website if you have deactivated cookies on our website via your browser settings. You can erase cookies that have been stored on your browser or display the storage period via your browser settings. You can also set your browser to notify you before cookies are stored. As different browsers tend to differ in terms of their functionality, we ask that you consult the help menu of your respective browser to access the configuration options available to you.

We recommend that you install specially developed plug-ins if you would like a comprehensive overview of all third-party access to your internet browser.

Google Maps

Google Maps

The website of Freie Universität Berlin uses Google Maps to visually depict geographical information. Data on how visitors use the map functions when using Google Maps is collected, processed, and used by Google. You can find further information on the data processing performed by Google in Google’s Privacy Policy. You can also change your data protection settings via the Google Safety Center.

You can find detailed instructions on how to manage your data when using Google products here.

Without additional measures, the map services use technical means that ensure that even when viewing or loading the page using the map, data (including personal data) are exchanged between the original website and the map service (here, Google). In the aforementioned cases, the user has the option to refuse to allow such data to be transmitted.

To protect users of our web pages from this type of exchange of data, which is not subject to our influence, and from the transmission of data to the respective map service, we have incorporated an appropriate technical precaution called the two-step solution. This two-step solution gives users the opportunity, even after loading the service, to agree to the use of the respective map service (and thus to exchange data with this map service). The default setting of the two-step solution does not transmit data to the map service. This option may be decided on a case-by-case or permanent basis. A decision can be subsequently revised. If you do not want a map service to collect information about you via our website, do not activate it by clicking the respective map.

Maps supplied by Google Maps take the form of widgets, an example of which can be seen right.

By clicking the link, you agree to a one-time data exchange between the respective web page domain and Google. No data is transferred to Google by default. To permanently agree to data exchange between the website of a specific domain and the relevant map service, which requires a cookie on our part (see above), you should check the box “Permanently activate. You can also revise this decision again later.

Some external content from third-party providers is included on the official web pages of Freie Universität Berlin. Integrating external content such as videos, presentations, or news feeds, e.g., from social media services, can enhance the content of a website. As with the use of map services, data protection aspects need to be taken into consideration here, too. For that reason, the “two-step solution” described above is also used when integrating content from third-party providers. You can recognize this type of content when you see certain types of widgets, such as the Google Maps widget shown above at Section 7.

The two-step solution operates in a similar way for third-party content. By clicking the link you agree to a one-time data exchange between the respective websites of the above-named domain and the relevant third party. Under the default setting, data are not transmitted to the provider of the external content. You can permanently activate data exchange between the pages of the relevant domain and the provider of the external content, and you can revise this decision again at any time.

Freie Universität manages a number of different social media channels on the following platforms for the purposes of public relations. Certain personal data will be processed if you visit one of these channels.

1. Facebook and Instagram

Facebook and Instagram are social media channels owned and operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). Facebook’s data processing in Europe is managed by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook provides extensive information about which personal data it processes and how it processes them. For example, Facebook uses information about you to create user profiles based on your interests with the help of cookies. Facebook’s data processing may occur outside of Europe in certain circumstances.

The legal basis for processing personal data on these fan pages by Freie Universität Berlin is provided by Article 6.1.1.e GDPR in conjunction with Article 3 BlnDSG and Article 4.6 BerlHG insofar as the processing serves public relations work, and/or by Article 6.1.1.f GDPR insofar as the fan pages serve some purpose that goes beyond the scope of public relations. In such cases, Freie Universität Berlin has a legitimate interest in processing data so that it can provide information and communication channels for interested parties.

Moreover, Freie Universität Berlin has a contractual agreement with Facebook concerning shared responsibilities related to managing fan pages. You can object to the processing of your data at any time by sending an email to datenschutz@fu-berlin.de. If you wish to assert your rights as a data subject, such as your right to information, please contact Freie Universität Berlin or Facebook directly.

For more information on Facebook’s use of personal data, please visit https://www.facebook.com/about/privacy/ and https://www.instagram.com/legal/privacy/.

2. Twitter

Twitter is owned and operated by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). Twitter’s data processing in Europe is managed by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.

Twitter provides extensive information about which personal data it processes and how it processes them. For example, Twitter uses information about you to create user profiles based on your interests with the help of cookies. Twitter’s data processing may occur outside of Europe in certain circumstances.

The legal basis for processing personal data in terms of potential communication with Freie Universität Berlin is provided by Article 6.1.1.e GDPR in conjunction with Article 3 BlnDSG and Article 4.6 BerlHG insofar as the processing serves public relations work, or by Article 6.1.1.f of the GDPR insofar as the use of the service serves some purpose that goes beyond the scope of public relations. In such cases, Freie Universität Berlin has a legitimate interest in processing data so that it can provide information and communication channels for interested parties.

You can object to the processing of your data at any time by sending an email to datenschutz@fu-berlin.de. If you wish to assert your rights as a data subject, such as your right to information, please contact Freie Universität Berlin or Twitter directly.

Please refer to the data protection policy on the Twitter website to learn more about the scope and purpose of data collection as well as the processing and use of your data by the respective service. You will find further information on your data protection rights and configuration options to protect your privacy here: https://twitter.com/en/privacy.

3. YouTube

YouTube is owned and operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”). Google’s data processing in Europe is managed by Google Ireland Limited, Gordon House 4, Barrow St, Dublin, Ireland.

We wish to indicated that using the channel, especially the “Discussion” function, lies within your own responsibility. Furthermore, Freie Universität Berlin processes personal data when you communicate with Freie Universität Berlin via YouTube.

The legal basis for processing personal data in terms of potential communication with Freie Universität Berlin is provided by Article 6.1.1.e GDPR in conjunction with Article 3 BerlDSG and Article 4.6 BerlHG insofar as the processing serves public relations work, and/or by Article 6.1.1.f GDPR insofar as the use of the service serves some purpose that goes beyond the scope of public relations. In such cases, Freie Universität Berlin has a legitimate interest in processing data so that it can provide information and communication channels for interested parties.

You can object to the processing of your data at any time by sending an email to datenschutz@fu-berlin.de. If you wish to assert your rights as a data subject, such as your right to information, please contact Freie Universität Berlin or Google directly.

Please refer to the privacy policy on the Google website to learn more about the scope and purpose of data collection as well as the processing and use of your data by the respective service. You can find further information on your data protection rights and configuration options to protect your privacy here: https://policies.google.com/privacy

4. LinkedIn

LinkedIn is owned and operated by the LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA (“LinkedIn”). LinkedIn’s data processing in Europe is managed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

LinkedIn provides extensive information about which personal data it processes and how it processes them. For example, LinkedIn uses information about you to create user profiles based on your interests with the help of cookies. LinkedIn’s data processing may occur outside of Europe in specific circumstances.

The legal basis for processing personal data on the LinkedIn page is provided by Article 6.1.1.e GDPR in conjunction with Article 3 BlnDSG and Article 4.6 BerlHG insofar as the processing serves public relations work and/or by Article 6.1.1.f of the GDPR insofar as the LinkedIn page serves some purpose that goes beyond the scope of public relations. In such cases, Freie Universität Berlin has a legitimate interest in processing data so that it can provide information and communication channels for interested parties.

Moreover, Freie Universität Berlin has a contractual agreement concerning shared responsibilities related to managing its profile. You can object to the processing of your data at any time by sending an email to datenschutz@fu-berlin.de. If you wish to assert your rights as a data subject, such as your right to information, please contact Freie Universität Berlin or LinkedIn directly.

Please refer to the privacy policy on the LinkedIn website to learn more about the scope and purpose of data collection as well as the processing and use of your data by the respective service. You can find further information on your data protection rights and configuration options to protect your privacy here: https://www.linkedin.com/legal/privacy-policy.

5. Xing

Xing is owned and operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (“Xing”).

Xing provides extensive information about which personal data Xing processes and how it processes them. For example, Xing uses information about you to create user profiles based on your interests with the help of cookies.

The legal basis for processing personal data on the Xing page is provided by Article 6.1.1.e GDPR in conjunction with Article 3 BerlDSG and Article 4.6 BerlHG insofar as the processing serves public relations work, and/or by Article 6.1.1.f GDPR insofar as the Xing page serves some purpose that goes beyond the scope of public relations. In such cases, Freie Universität Berlin has a legitimate interest in processing data so that it can provide information and communication channels for interested parties.

You can object to the processing of your data at any time by sending an email to datenschutz@fu-berlin.de. If you wish to assert your rights as a data subject, such as your right to information, please contact Freie Universität Berlin or Xing directly.

Please refer to the privacy policy on the Xing website to learn more about the scope and purpose of data collection as well as the processing and use of your data by the respective service. You can find further information on your data protection rights and configuration options to protect your privacy here: https://privacy.xing.com/en/privacy-policy.

Hyperlinks to the websites of third-party providers can be found on our website. Activating these hyperlinks will redirect you from our website to the website of said providers. You will recognize this from the change in URL. We bear no responsibility for the confidential processing of your data on these third-party websites, as we have no influence on whether or not these parties comply with data protection provisions. You can find further information on how your personal data are processed by these companies on their respective websites.

As a data subject, you have the following rights concerning the processing of your personal data in line with the GDPR:

  • You have the right to request information as to whether or not personal data concerning you are being processed by us pursuant to Article 15 GDPR. In particular, you are entitled to information on: the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom your personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the data’s source if we did not collect it, any transfer of data to a third country or to an international organization, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
  • You shall have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data concerning you pursuant to Article 16 GDPR.
  • You have the right to request from us the erasure of your personal data pursuant to Article 17 GDPR, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
  • Pursuant to Article 18 GDPR, you have the right to the restriction of processing where the accuracy of the personal data is contested by you, the processing is unlawful, or we no longer need the personal data but you reject their erasure because they are required by you for the establishment, exercise, or defense of legal claims. You are also entitled to this right to restriction of processing pursuant to Article 18 GDPR if you have submitted an objection to processing pursuant to Article 21 GDPR.
  • Pursuant to Article 20 GDPR you shall have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to transmit those data to another controller.
  • You have the right to withdraw your consent at any time pursuant to Article 7.3 GDPR. Subsequently we shall no longer have the right to continue the data processing based on your consent, with future effect.
  • You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. Generally, you should be able to contact the supervisory authority of your regular place of residence, your place of work, or our offices to do so.

Pursuant to Article 21 GDPR, you have the right, at any time, to object to the processing of your personal data based on Article 6.1.1.e or Article 6.1.1.f GDPR for reasons arising from your particular situation. Freie Universität Berlin will cease to process the personal data, unless we are able to demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or where processing is necessary for the establishment, exercise, or defense of legal claims.

We are committed to protecting your privacy and handling your personal data confidentially. To prevent the manipulation, loss, or misuse of your personal data we have stored, we implement comprehensive technical and organizational security precautions that are regularly reviewed and adapted to the latest state of technological progress. This includes using recognized encryption processes such as SSL and TLS.
However, due to the structure of the internet, it is possible that data protection regulations and the aforementioned security measures are not observed by other individuals or institutions who do not fall within the sphere of our responsibility. Data disclosed by unencrypted means, for example via email, is especially vulnerable to third-party access. We are unable to influence this by technical means. It is the responsibility of the user to protect the data they have made available against misuse by using encryption or other similar methods.

The external Data Protection Officer of the Controller is:

  • Dr. Karsten Kinast, LL.M., Attorney at Law
    KINAST Rechtsanwaltsgesellschaft mbH
    Hohenzollernring 54
    50672 Cologne
    Tel.: +49 (0)221 - 222 183 - 0
    Email: DSB-FUBerlin@kinast.eu

The Deputy Data Protection Officer of Freie Universität is: