University of Hamburg - to research, to teach, to educate and form, to homepage
UHHApp
UHHApp

Photo: UHH

UHHApp Privacy Statement

Consent Form with Privacy Notice pursuant to Article 13 of the GDPR

Data protection is a top priority for the University of Hamburg (UHH). This Privacy Policy for the use of the UHHApp explains what personal data is processed, for what purposes, and to what extent when using the UHHApp.

For information on the processing of personal data when visiting websites or applications linked from the UHHApp, please refer to the separate privacy policies for each website or application. The operators of the respective websites are responsible for the content and data protection of external websites.

1. Persons

a. Contact Details

Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity (“Controller”) is:

University of Hamburg represented by the president
Mittelweg 177
20148 Hamburg
Email: praesident"AT"uni-hamburg.de

b. Contact details responsible for questions regarding data processing

The responsible department is:
Center for Sustainable Research Data Management
Bundesstraße 56a (MIN-Forum)
20146 Hamburg, Germany
Email: app"AT"uni-hamburg.de 

c. University of Hamburg Data Protection Officer contact details:

University of Hamburg Data Protection Officer
Mittelweg 177
20148 Hamburg, Germany
Email: dsb"AT"uni-hamburg.de 

2. Collection, Processing, and Use of Personal Data When Using the UHHApp

Purpose of data processing

In addition to online resources (websites and social media channels) and online services for students and staff, the UHH offers the UHHApp mobile application, which is designed to provide easy access to UHH information and IT services.

The UHHApp allows UHH students and staff to view their personal student or staff ID cards and use them to identify themselves as members of the UHH. It also allows users to link their library account to the UHH library system.

Use of the UHHApp is an optional feature for students and staff. The UHHApp is not required for academic studies or official business. The ID function is initially disabled after installing the app, and using it requires active login with your personal UHH user ID or library system credentials.

Without logging in, the UHHApp can be used with limited functionality.

The UHHApp is an application developed for mobile devices (mobile phones or tablets running Apple iOS or Google Android) that is installed on the user’s personal device after being downloaded from the respective app store (Apple, Google) using the user’s personal login credentials (Apple ID, Google Account). In this process, personal data is processed by the providers of the operating systems and app stores. The UHH has no control over this. You can find the providers’ privacy policies and terms of use here:

3. Categories of personal data processed when using the UHHApp

Using the UHHApp with login

You can log in to the UHHApp using the login credentials provided to UHH students and staff (UHH user account). The UHH’s standard single sign-on (SSO) procedure is used for login. Login credentials are not stored in the UHHApp.

Only after successful login are the necessary personal data of the logged-in user retrieved from UHH servers, processed for display on the ID cards in the UHHApp on the user’s personal device, and stored in the app’s local storage so that the ID cards can be displayed even without an active internet connection.

The following personal data, which has already been processed pursuant to § 111(1) HmbHG (students) or Art. 6(1)(b) GDPR in conjunction with § 10 HmbDSG, §§ 85–92 HmbBG (employees), are required for the display of ID cards and are therefore retrieved from UHH servers when the ID card function is used:

  • First and last name,
  • Academic title (e.g. Prof, Dr),
  • Student ID number (students),
  • Re-registration yes/non (students),
  • Date of birth,
  • Place of birth (optional),
  • Field of study (optional),
  • Faculty and/or institute.

Library ID and account

After successfully registering in the UHHApp, UHH students and staff can also integrate a library card into the UHHApp by logging into their personal library account in the UHH library system operated by the Hamburg State and University Library (SUB), thereby gaining access to certain features of their library account.

The library card includes:

  • First and last name,
  • the number of the library account,
  • the assignment of students or staff and
  • the barcode derived from the number of the library account.

The library account shows the items you have checked out, any overdue fees, and the loan periods, and allows you to renew the loan period.

The authentication data and the personal information associated with the library account displayed in the UHHApp are used exclusively within the UHHApp and are not stored, processed, or disclosed elsewhere. When using the library account, the SUB’s privacy policy applies.

Using the UHHApp with and without und ohne Anmeldung

For technical reasons, the following personal data is always collected when using the UHHApp:

  • Server logs
    When files (e.g., photos, linked webpages) are loaded from UHH servers in the app’s web view, the IP address and information regarding the access time and device are stored in log files on UHH servers. This data is not stored together with other personal data. The log files are analyzed only for maintenance purposes and in the event of security incidents.

    The temporary storage of the end device’s IP address is necessary to enable the delivery of the requested data to the user’s personal device. The data is stored in log files to ensure the proper functioning of the data interface. In addition, the data is used to ensure the security of UHH’s information technology systems. The data is not analyzed for marketing purposes.

Access to location data

To determine your location and provide navigation in the Campus Navigator, the UHHApp requires access to the location of the device you are using. When a request is made, the UHHApp determines your current location using GPS, cellular data, and Wi-Fi databases in order to provide you with information about your immediate surroundings. Access to location data is granted only if you have enabled this feature in your device’s settings.

The legal basis for processing location data is Article 6(1)(a) of the GDPR, provided the user has given consent.

Data regarding the user's location is used solely to process the request, to display the user's location on the map in the Campus Navigator, and to allow the user to navigate to other locations on the map.

Location data is transmitted via an encrypted connection to Google Maps; the location data is not stored in the UHHApp.

Users can revoke access to their location data at any time in the settings of their personal device, effective immediately.

Legal basis for data processing

The legal basis for processing the personal data of users that is additionally collected when using the app is Article 6(1)(a) of the GDPR.

Personal data is collected only with the data subject’s consent, following active registration on the UHHApp, and is processed for the purposes specified. The requirements under Article 4(11) and Article 7 of the GDPR are met.

  • Clear expression of intent – active registration using your personal UHH login credentials and, if applicable, those of the library system is required.
  • Informed consent – Before registering on the UHHApp, information regarding the processing of personal data is displayed.
  • Voluntary participation – Use of the UHHApp and digital ID cards is not mandatory; students can still obtain a paper-based ID card through the UHH’s STiNE account. There is no requirement to have a staff ID card at the UHH. Students can still apply for an ID card through the library system.
  • Consent to the use of data in the UHHApp can be revoked at any time by logging out of the UHHApp or uninstalling the UHHApp.

The personal data mentioned will not be used for any purposes other than those described, nor will it be stored, disclosed, or processed in any other way.

4. Categories of recipients

The recipients of the aforementioned personal data are the IT services provided by UHH. When users log in to the UHH library system, the IT services operated by SUB receive the necessary data.

5. Data transfer to third parties

The UHH has no control over the data shared when using a personal Apple ID or Google account, or the operating system of a personal device. This is subject to the respective privacy policies of Apple and Google.

6. Duration of storage

Personal data will be deleted from the user's device if

  • the registered user logs out of the UHHApp,
  • if the student's enrollment or period of employment ends, or
  • if the UHHApp is uninstalled from your personal device.

By opting out of the "Library Account" feature, you can object to the use of this data, and the stored data will be deleted from your personal device.

The technical data collected (log files) on the servers of the UHH and the SUB are deleted in accordance with the retention periods established for these services.

The retention periods for data stored by Apple and Google are subject to those companies' privacy policies.

7. Rights as a data subject

As a data subject you have the following rights:

  • Right to access the personal data we have stored about you (Art. 15 GDPR);
  • Right to rectification of inaccurate or incomplete personal data (Art. 16 GDPR);
  • The right to erasure of stored personal data, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims (Art. 17 GDPR);
  • Right to restriction of processing of personal data (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object to processing based on our legitimate interests, a public interest, or profiling, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 GDPR);
  • The right to withdraw, at any time and with future effect, any consent you have given for the collection, processing, and use of your personal data (Art. 7(3) GDPR). As a result, we may no longer continue processing your data in the future based on that consent.
  • The right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

You may exercise your data subject rights—such as the right to access stored data—by contacting the UHH Data Protection Officer at datenschutz"AT"uni-hamburg.de.

Requests for information regarding personal data stored in the UHH library system may be submitted to SUB-Hamburg via email at auskunft"AT"sub.uni-hamburg.de.

8. Right to file a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority.

The supervisory authority responsible for the UHH and SUB is

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany

Tel.: +4940 428 54 - 4040
Email: mailbox"AT"datenschutz.hamburg.de 

9. Obligation to Provide and Consequences of Failure to Provide

The collection and processing of the aforementioned data is necessary for the purposes listed. If this data cannot be collected, the UHHApp cannot be used to its full extent.

I consent to the processing of my personal data as described above. This consent is given voluntarily and may be withdrawn at any time. I have been informed of and provided with the information regarding the processing of personal data.