Data Privacy

Privacy Statement

NAME AND ADDRESS OF THE DATA CONTROLLER

The person responsible for the data processing of this website is

Zentrum für Betriebswirtschaft im Gartenbau e.V.
Centre for Business Administration in Horticulture

Herrenhäuser Str. 2
D-30419 Hannover

Phone +49 511 762 - 5409
Fax +49 511 762 - 19209
www.zbg.uni-hannover.de

The Centre for Business Administration in Horticulture is a registered association and is legally represented by the association board. Members of the board are Prof. Dr. H. Stützel, A. Burgath, Dr. K. Rühl, Dr. T. Schmidt.

GENERAL INFORMATION ON DATA PROCESSING

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services.
Should you have any questions, please send an e-mail to zbg@zbg.uni-hannover.de.

COOKIES

This website does not use cookies.

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

Every time you visit our website, our system automatically collects data and information from the computer system of the accessingcomputer.

The following data is collected:

  • information about the browser type and version used
  • the user's operating system
  • the user's Internet service provider
  • the IP address of the user
  • the date and time of access
  • the website, from which the user's system reaches our website
  • websites accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for temporary storage of data and log files is Article 6 (1) (e) (3) GDPR in conjunction with § 3 of the German Data Protection Act (NDSG) and § 3 of the Lower Saxony Higher Education Act (NHG).

Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session. The data is stored in the log files to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our IT systems. Analysis of the data for marketing purposes does not take place in this context. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With respect to collection of data for the provision of the website, this is the case once the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Data may be stored for a longer period of time. In this case, the IP address of the user is deleted or anonymised, so that the accessing client can no longer be assigned to the user.

Collection of data for the provision of the website and storage of data in log files is - for technical reasons -  essential for the operation of the website.

CONTACT FORM AND E-MAIL CONTACT

There is a contact form on our website that can be used for electronic contact. If a user utilises this function, the data entered in the form will be transmitted to us and stored. Within the scope of the sending process, your consent will be obtained to process the data and reference is made to this privacy statement. Alternatively, you can contact us via the email address provided. In this case, the user's personal data that is transmitted via email will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for processing data is Article 6 (1) (a) GDPR provided that the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (e) (3) GDPR in conjunction with § 3 of the Lower Saxony Data Protecton Act (NDSG) and § 3 of the Lower Saxony Higher Education Act (NHG). If email contact is undertaken with the purpose of concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

Personal data that is entered in the input mask is processed solely for the purpose of establishing contact.

The other personal data that is processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data that was entered in the input mask of the contact form or sent via email, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be deduced from the circumstances that the facts in question have been conclusively clarified.

Additional personal data that is collected during the sending process will be deleted after a period of seven days at the latest.

The user can revoke consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of personal data at any time. In such a case, the conversation cannot be continued and all personal data stored during the course of contacting us will be deleted.

WEB STATISTICS

We create anonymous statistics and analysis of the access to our website.

For the creation of the web statistics we use the open source software Matomo (formerly PIWIK) in anonymized form. This means that no personal data is processed. The use of cookies in the web analysis software Matomo is deactivated.

When saving the user IP address, the last two octets are not processed. The collection of the user ID is deactivated. For the analysis, the following data is collected in addition to the access to the site and the anonymized IP address: Date and time of the request, page title of the requested page, URL of the previously requested page (referrer URL), screen resolution of the client system, local time zone, URL of clicked and downloaded files, URL of clicked external domains, geolocation of the client (country, region, city), main language of the used browser, user agent of the used browser.

RIGHTS OF THE DATA SUBJECTS

You have the following rights regarding your personal data (in accordance with Art. 15 to 21 GDPR):

  • Right to access information
  • Right of rectification and completion
  • Right of cancellation
  • Right to restrict processing
  • Right to data transferability
  • Right to receive a copy

Right to object according to Article 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you according to point (e) or (f) of Article 6(1) GDPR; this shall also apply to profiling based on these provisions.

The data controller shall no longer processes the personal data concerning you, unless he or she can demonstrate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedom, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You may exercise your right to object in connection with the use of information society services by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke the data protection declaration of consent as per Article 7 (3) GDPR

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has a legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision is

(1) necessary for the conclusion or fulfilment of a contract between you and the data controller,

(2) admissible according to Union or Member State legislation to which the data controller is subject and the legislation contains appropriate measures to safeguard your rights, freedom and legitimate interests; or

(3) is based on your express consent. However, these decisions may not be based on special categories of personal data as per Article 9 (1) GDPR, unless point (a) or (g) of Article 9 (2) GDPR applies and appropriate measures have been taken to protect your rights, freedom and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedom and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to challenge the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy as per Article 78 GDPR.