In the context of using this website, personal data about you is processed by us as the data controller and stored for the duration necessary to fulfill the established purposes and legal obligations. Below, we inform you about which data is involved, how it is processed, and what rights you have in this regard. Personal data, according to Article 4 No. 1 of the General Data Protection Regulation (GDPR), includes all information relating to an identified or identifiable natural person.

1. Name and Contact Details of the Data Controller and the Data Protection Officer

This privacy information applies to data processing on our website subseamonitoring.net by the data controller:

OceanTec Rostock e. V.
Alter Hafen Süd 6
18069 Rostock
Phone: +49 (381) 202 689 10
E-Mail: info@subseamonitoring.net

The data protection officer of OceanTec Rostock e. V. can be reached at the above address, attn. Data Protection Officer. You can contact our data protection officer at any time with questions regarding data protection law or your data subject rights.

2. Processing of Personal Data and Purposes of Processing

When Visiting the Website

When you visit our website, the web servers temporarily store each access from your device in a log file. The following data is collected and stored until automated deletion:

– IP address of the requesting computer
– Date and time of access
– Name and URL of the retrieved data
– Transferred data volume
– Message confirming if access was successful
– Browser and operating system used
– Name of the internet service provider
– Website from which the access was made (referrer URL)

The processing of this data is carried out for the following purposes:

– Enabling the use of the website (connection setup)
– Administration of network infrastructure
– Appropriate technical and organizational measures for IT system and information security, considering the state of the art
– Ensuring user-friendliness
– Optimization of the website offering

The legal bases for the aforementioned processing are:

– For the processing related to visiting the websites under points 1-2, Article 6(1) sentence 1 lit. b GDPR (necessity for the fulfillment of the website usage contract),
– For processing under point 3, Article 6(1) sentence 1 lit. c GDPR (legal obligation to implement technical and organizational measures to secure data processing per Article 32 GDPR) and Article 6(1) sentence 1 lit. f GDPR (legitimate interests in data processing for network and information security),
– For processing under points 4-5, Article 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interests in data processing lie in making our offering user-friendly and optimizing it.

The aforementioned data is automatically deleted from the web server after a defined period of 35 days. If data is processed for purposes under points 2-5 for a longer period, it will be anonymized or deleted when storage for the respective purpose is no longer necessary.

Additionally, we use cookies and analysis services when you visit our website. Further explanations can be found in sections 4 and 5 of this privacy information.

3. Disclosure of Personal Data

Except in the previously mentioned cases of processing on behalf (event registration, newsletter subscription), we only disclose your personal data to third parties, i.e., other natural or legal persons other than you (the data subject), the controller, or the processor and their authorized employees, if:

– You have given explicit consent according to Article 6(1) sentence 1 lit. a GDPR;
– It is necessary for the fulfillment of a contract with you under Article 6(1) sentence 1 lit. b GDPR, such as:
– Transfer to shipping companies for delivering goods you have ordered,
– Transfer of payment data to payment service providers or financial institutions to process a payment;
– There is a legal obligation for disclosure under Article 6(1) sentence 1 lit. c GDPR, for example, to financial or law enforcement authorities;
– The disclosure is necessary under Article 6(1) sentence 1 lit. f GDPR to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data; such disclosure may occur in the event of attacks on our IT systems to state institutions and law enforcement authorities.

The data disclosed may only be used by the third party for the stated purposes.

If you have registered for an event, it may be necessary, for the fulfillment of the contract, to transfer your personal data to an external organizer. When you register for an event, you will be informed about who the organizer is and whether it is an external one. This organizer will process personal data within the context of the event, primarily for participant management.

A transfer of personal data to a third country (outside the EU) or an international organisation is excluded.

4. Cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, nor do they contain viruses, trojans, or other malware.

Cookies store information related to the specific device used. However, this does not mean that we directly gain knowledge of your identity.

The use of cookies serves to make our offerings more enjoyable for you. We use session cookies, for example, to enable session management, such as storing form inputs or shopping carts during the session. Session cookies are deleted at the latest when you close your web browser.

Additionally, we use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it will automatically recognize that you have visited before and remember the inputs and settings you made, so you don’t have to enter them again.

We also use cookies to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies allow us to recognize automatically that you have visited before when you return to our site. These cookies are automatically deleted after a defined time.

The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties according to Article 6(1) sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to always display a notification before a new cookie is created. However, completely disabling cookies may result in your being unable to use all the functions of our website.

Please enable JavaScript to see the list of all declared cookies and similar technologies.

5. Web Analysis/Tracking

We use the open-source service Matomo, provided by InnoCraft Ltd from New Zealand, on our website to analyze user behavior and optimize our site and its content accordingly. We do not obtain information that directly identifies you.

In connection with the use of Matomo, cookies are employed, allowing for a statistical analysis of the use of our website through your visits. The cookie stores information—including personal information—regarding your visitor behavior, which is processed in a usage profile using a pseudonym for analysis purposes. Since Matomo is hosted on our own server, analysis processing by third parties is not required.

The data collected in this manner will not be used to personally identify you without your explicit consent, and the data will not be combined with personal information about you as the bearer of the pseudonym.

If IP addresses are collected, they are anonymized immediately by deleting the last block of numbers. Other personal data in the cookie is deleted after 13 months.

Data processing is carried out based on our legitimate interest in optimizing our online offering and website presence according to Article 6(1) lit. f GDPR.

6. Data Subject Rights

You have the right to:

– Revoke your consent at any time according to Article 7(3) GDPR. This means we will no longer be able to continue data processing based on this consent for the future.
– Request access to your personal data processed by us according to Article 15 GDPR. You may inquire about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information regarding its details.
– Demand the immediate correction of inaccurate or incomplete personal data stored by us according to Article 16 GDPR.
– Request the deletion of your personal data stored by us according to Article 17 GDPR, provided that processing is not required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
– Request the restriction of processing your personal data according to Article 18 GDPR if you dispute the accuracy of the data, the processing is unlawful, but you oppose its deletion, we no longer need the data, but you require it to assert, exercise, or defend legal claims, or you have lodged an objection against processing according to Article 21 GDPR.
– Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request its transmission to another controller according to Article 20 GDPR.
– Lodge a complaint with a supervisory authority according to Article 77 GDPR. Typically, you can contact the supervisory authority of your usual place of residence or workplace, or our company headquarters for this purpose.

7. Information About Your Right to Object According to Art. 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1) lit. e GDPR (data processing in the public interest) and Article 6(1) lit. f GDPR (data processing based on a balancing of interests). This also applies to profiling based on these provisions as outlined in Article 4 No. 4 GDPR.

If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If your objection is against the processing of data for direct marketing purposes, we will immediately stop processing your data for this purpose. In this case, it is not necessary to provide a particular situation. This also applies to profiling related to such direct marketing.

If you wish to exercise your right to object, simply send an email to otc@uni-rostock.de.

8. Data Security

All personal data you transmit to us is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a reliable and tested standard, also used in online banking.

You can recognize a secure TLS connection by the “https” prefix in the address bar of your browser or by the lock symbol in the lower area of your browser.

Additionally, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Up-to-date Information and Changes to This Privacy Policy

This privacy policy is currently valid as of April 2022. As our website and the offerings on it evolve, or due to changes in legal or regulatory requirements, it may be necessary to modify this privacy policy. The latest version of the privacy policy can be accessed and printed at any time from our website at www.oceantec-rostock.org/datenschutz.

10. Severability Clause

Should any provision of this privacy policy be or become wholly or partially invalid or unenforceable, this shall not affect the validity of the remaining provisions. The same applies in the event of any gaps.