Privacy Statement

1. Name and Address of the Controller

Rheinische Friedrich-Wilhelms-Universität Bonn
University and State Library
Adenauerallee 39-41
53113 Bonn, Germany

Phone: +49 (0)228 73-7352
Fax: +49 (0)228 73-7546
Email: ojs@ulb.uni-bonn.de
Website: https://www.ulb.uni-bonn.de

2. Contact Details of the Data Protection Officer

Official Data Protection Officer:

Email: datenschutz@uni-bonn.de
Adenauerallee 72-74
53113 Bonn, Germany

When you contact us by email or through a contact form, the data you provide (your email address, and optionally your name) will be stored by us in order to respond to your inquiries. Providing further information is voluntary and only facilitates our response. The data collected in this context will be deleted once storage is no longer necessary, or processing will be restricted if legal retention obligations exist.

3. General Information on Data Processing

3.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services.

3.2 Legal Basis for Processing Personal Data

Where we obtain consent for the processing of personal data, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

Processing of personal data necessary for the performance of a contract to which the data subject is a party is based on Article 6(1)(b) GDPR. This also applies to processing required for pre-contractual measures.

Processing of personal data necessary to comply with a legal obligation to which the University of Bonn is subject is based on Article 6(1)(c) GDPR.

If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University is based on Article 6(1)(e) GDPR.

3.3 Disclosure of Data to Third Parties

This website uses the Open Journal Systems (OJS) publication software. Editors in OJS use the stored data to improve the publication process and the quality of publications. Data may also be shared with the developers of OJS, the Public Knowledge Project (PKP), for software development. These data are generally anonymized and aggregated, with few exceptions such as article metrics.

Metadata of published articles, including author names, are shared with third parties for the following purposes:

  • DOI registration (e.g., via CrossRef)

  • Indexing in academic databases such as the Directory of Open Access Journals (DOAJ) and the German National Library (DNB)

Personal data are not used for other purposes or shared.

3.4 Data Deletion and Retention Period

Personal data of the data subject will be deleted once the purpose of storage ceases. Storage may continue if required by European or national law. Data will also be deleted or blocked once statutory retention periods expire unless further storage is necessary for contract fulfillment.

4. Website Provision and Creation of Logfiles

4.1 Description and Scope of Data Processing

Each time our website is accessed, the system automatically collects data and information from the user’s system in the form of web server log files. The following data are collected:

  • Browser type and version

  • Operating system of the user

  • User’s internet service provider

  • User’s IP address (pseudonymized, truncated)

  • Date and time of access

  • Websites from which the user accessed our site

  • Websites accessed from our website within .uni-bonn.de

The log files contain IP addresses or other data that may allow assignment to a user, e.g., if a referring or linked URL contains personal data. These data are stored in our system’s log files but are not stored together with other personal data of the user.

4.2 Purpose of Data Processing

Temporary storage of the IP address is necessary to deliver the website to the user’s device. Storage in log files ensures website functionality and security. The data are not analyzed for marketing purposes.

4.3 Retention Period

Data are deleted once they are no longer needed for their collection purpose. For log files, this is at most seven days, except where IP addresses are anonymized for longer-term retention.

4.4 Objection and Elimination

Collection and storage of log file data are essential for website operation; therefore, users cannot opt out.

5. Use of Cookies

5.1 Description and Scope of Data Processing

Cookies are text files stored in the browser or on the user’s device. They contain a characteristic string allowing identification of the browser upon subsequent visits.

Cookies are used to:

  • Store language settings

  • Store login information

  • Analyze user behavior (e.g., search terms, page views)

5.2 Cookies Used in OJS

OJS uses session cookies that are deleted automatically after the visit. Session cookies store a session ID to associate browser requests.

5.3 Purpose of Data Processing

Cookies simplify website use, manage sessions, store user preferences, and maintain security. They are not used to create user profiles.

5.4 Retention, Objection, and Removal

Users can control cookies via their browser, including deleting stored cookies or disabling transmission.

6. Registration

6.1 Description and Scope of Data Processing

Users may register with personal data, including:

  • First and last name

  • Institution

  • Country

  • Email address

  • Username and password

  • IP address and registration timestamp

Additional data may include submitted documents, events, decisions, and emails during editorial processing.

6.2 Legal Basis

Consent (Art. 6(1)(a) GDPR) or contract/pre-contractual measures (Art. 6(1)(b) GDPR).

6.3 Purpose

Registration is necessary for:

  • Role-based access and rights assignment

  • Manuscript submission and management

  • Peer-review process management

  • Security and editorial communication

6.4 Retention

Data are deleted once no longer necessary.

6.5 Objection and Removal

Users can terminate registration at any time. Data changes or deletions are requested via email.

6.6 Processing Co-Author Data

Authors may provide co-author names and emails, confirming consent. Co-author emails are not published; names and affiliations are displayed with published articles.

7. Web Analysis via Matomo

7.1 Scope of Data Processing

Matomo collects anonymized usage data on our servers, including:

  • Two bytes of IP address

  • Accessed webpage

  • Referrer

  • Duration and frequency of visits

7.2 Purpose

Analyzing user behavior improves website usability. IP anonymization protects user privacy.

7.3 Retention

Data are deleted after 12 weeks.

7.4 Opt-Out

Users can disable Matomo tracking via an opt-out link and cookie. More info: https://matomo.org/docs/privacy/

8. Social Media Channels

8.1 Use of Social Network Plugins

Social plugins are embedded using the Shariff tool for privacy-friendly integration. Legal basis: Art. 6(1)(f) GDPR.

8.2 Function of Shariff

Shariff prevents automatic connection to social networks until the user actively clicks.

8.3 Possible Data Processing by Social Networks

Logged-in users may have data linked to their accounts if interactive features are used. Users can log out or adjust privacy settings to prevent this.

8.4 Further Information

Shariff details: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

9. Rights of the Data Subject

Users have the following rights regarding their personal data:

  • Right of access

  • Right to rectification or deletion

  • Right to restriction of processing

  • Right to object

  • Right to data portability

Users can also complain to a data protection authority:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4, 40213 Düsseldorf, Germany
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de