Data Privacy Statement of Goethe University
It applies to the central web presence of Goethe University under the domain www.uni-frankfurt.de.
This data privacy statement fulfills the information requirements outlined in Article 13 of the GDPR regarding the collection of data at the time it is gathered from affected people.
1. Responsible Party
Johann Wolfgang Goethe University Frankfurt
Theodor-W.-Adorno-Platz 1
60323 Frankfurt am Main
Mailing Address:
Goethe University Frankfurt
60629 Frankfurt am Main
Phone: +49 69 798-0
Email: info@uni-frankfurt.de
2. Data Protection Officers
Johann Wolfgang Goethe University Frankfurt am Main
Official Data Protection Officers
Theodor-W.-Adorno-Platz 1
60323 Frankfurt am Main
Email: dsb@uni-frankfurt.de
Phone: +49 69 798-0
3. Rights of Affected People
You have the following rights regarding your stored personal data at Goethe University:
- Right to information (Art. 15 GDPR)
- Right to correction (Art. 16 GDPR)
- Right to deletion (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to objection to processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to revoke consent given (Art. 7 Para. 3 GDPR)
To exercise your rights, please contact: dsb@uni-frankfurt.de
Right to file a complaint:
You have the right to file a complaint with a data protection supervisory authority, particularly with:
Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
P.O. Box 3163, 65021 Wiesbaden
https://datenschutz.hessen.de/kontakt
Phone: +49 611 1408-0
4. Processing of Personal Data on the Website
a) Access Data / Server Log Files
When accessing the pages of our web server, the following data is automatically stored:
- IP address (anonymized, e.g., only the first two octets)
- Date and time of access
- Browser type and version
- Operating system of the device
- URL of the accessed page
- Referrer (originating page)
- Any error messages
This data is used solely to ensure technical operations, security, and error analysis.
Legal basis: Art. 6(1)(e) GDPR in conjunction with §§ 3, 8–11 HITSiG.
Retention periods: Log data is automatically deleted after a maximum of 7 days, or retained for up to 90 days in the case of security incidents (§ 14 HITSiG).
b) Contact via Email or Form
If you contact us, we save your information to process your inquiry and for any follow-up questions. Processing is based on Art. 6(1)(e) GDPR. Your data will be deleted once the process is completed, provided there is no legal obligation to retain it.
c) Cookies
Cookies are small text files stored on your device.
- Technically necessary cookies: These are essential for the operation of the website (e.g., session cookies for logins) and are deleted when you close your browser.
- Analytics cookies (Matomo): Used only with your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time via the cookie settings.
You can disable cookies through your browser settings; however, this may limit the website’s functionality.
d) Web Analysis with Matomo
Our website uses Matomo, a privacy-friendly, open-source web analysis software.
Default settings without cookies:
- Collection of anonymized IP addresses
- Recognition of returning visitors using an anonymized fingerprint (renewed every 24 hours)
- No sharing of data with third parties
With cookies (only with consent):
- Cookies store anonymous usage data for visitor recognition
- Maximum cookie storage duration: 13 months
Contradiction:
You can contradict the storage and analysis of your data at any time. In this case, an opt-out cookie will be set to prevent data acquisition by Matomo.
Further information: https://matomo.org
e) Integration of External Content
Some pages include content from third parties (e.g., videos via Mediasite). Transmitting your IP address is technically necessary to display this content. We strive to use providers who only utilize the IP address to deliver the content.
f) Social Media Profiles (links only)
Our website provides links to our official profiles on social networks (e.g., Facebook, Instagram, Bluesky, YouTube, LinkedIn). Simply visiting our website does not transmit any data to these platforms. Only when you actively click one of these links will you be redirected to the respective platform, where the privacy policies of that provider apply.
Responsible providers:
- Facebook/Instagram: Meta Platforms Ireland Ltd., https://www.facebook.com/privacy/policy
- Bluesky: Bluesky Social, https://bsky.social/about/support/privacy-policy
- YouTube: Google Ireland Ltd., https://policies.google.com/privacy
- LinkedIn: LinkedIn Ireland Unlimited Company, https://www.linkedin.com/legal/privacy-policy
5. Legal Basis for Processing
The processing of personal data on the Goethe University websites is based on: Article 6(1)(e) GDPR in conjunction with the Hessian Higher Education Act (HHG), the Enrollment Ordinance, and the Hessian Information Security Act (HITSiG), insofar as it pertains to public tasks. Article 6(1)(a) GDPR for voluntary consents (e.g., cookies, web analytics, optional online services).
6. Data Deletion Deadlines
Personal data is generally deleted as soon as the purpose of storage no longer applies or statutory retention periods have expired. For log files: 7 days (up to 90 days in cases of security incidents).
For Matomo cookies: a maximum of 13 months.
7. Changes to this Data Privacy Statement
We reserve the right to update this data privacy statement to reflect changes in legal requirements or technical developments.
The most current version is published on this website.
Data Privacy Statement Social Media
Here you can find the data privacy statement for the social media channels of Goethe University.