Privacy Policy

Introduction and overview

This privacy policy (version 20.08.2025-323042907) explains, under the EU General Data Protection Regulation (GDPR) 2016/679 and applicable national laws, which personal data we as the controller – and our processors (e.g., hosting providers) – process now and in the future, and which lawful options you have. Terms are intended to be gender-neutral.
In short: We inform you comprehensively about the data we process about you.

Privacy policies are often technical and use legal terms. This policy aims to describe the essentials as simply and transparently as possible. Where helpful, we explain technical terms in a user-friendly way and link to further resources. We process personal data only where a legal basis exists. If you still have questions, contact the controller named below or in the imprint, follow the links provided, and consult third-party resources. Our contact details are also in the imprint.

Scope

This policy applies to all personal data we process within our company and to all personal data processed by companies we commission (processors). Personal data means information under Art. 4(1) GDPR, e.g., a person’s name, email address, or postal address. Processing enables us to provide and bill for our services and products, online and offline. The scope includes:

  • all online presences (websites, online shops) we operate,
  • social media presences and email communications,
  • mobile apps for smartphones and other devices.

In short: The policy covers all areas where personal data is processed via the channels named. If we enter into legal relations with you outside these channels, we will inform you separately if necessary.

Legal bases

We provide transparent information on the GDPR legal bases that allow us to process personal data. The relevant law is Regulation (EU) 2016/679 of 27 April 2016 (available via EUR-Lex: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679).

We process your data only if at least one of the following applies:

  1. Consent (Art. 6(1)(a) GDPR): You consented to processing for a specific purpose, e.g., storing contact-form entries.
  2. Contract (Art. 6(1)(b) GDPR): Processing to perform a contract or pre-contractual steps, e.g., to conclude a purchase.
  3. Legal obligation (Art. 6(1)(c) GDPR): Processing to comply with a legal duty, e.g., retaining invoices for accounting.
  4. Legitimate interests (Art. 6(1)(f) GDPR): Processing for our legitimate interests where your fundamental rights do not prevail, e.g., secure and economical website operation.

Other bases such as tasks in the public interest, exercise of official authority, or protection of vital interests generally do not apply to us; if they do, we will specify this.

In addition to the GDPR, national laws apply:

  • Austria: Datenschutzgesetz (DSG).
  • Germany: Bundesdatenschutzgesetz (BDSG).
    Where other regional or national laws apply, we will inform you below.

Controller contact details

For questions about data protection or personal data processing, contact the controller under Art. 4(7) GDPR:

Dr. Anne Vortkamp
Schlossplatz 8, 48143 Münster
Germany
Authorized representative: Dr. Philipp Lemke
Email: a.vortkamp@uni-muenster.de

Storage period

We store personal data only as long as strictly necessary to provide our services and products. We delete personal data once the processing purpose no longer applies. Statutory retention duties, e.g., for accounting, remain unaffected.
If you withdraw consent or request deletion, we delete the data as quickly as possible unless retention duties apply. Where available, we provide concrete retention periods below.

Rights under the GDPR

Under Arts. 13 and 14 GDPR, you have the following rights to ensure fair and transparent processing:

  • Access (Art. 15): Whether we process data; if so, a copy and information on
    • purposes,
    • categories of data,
    • recipients and any third-country transfers incl. safeguards,
    • storage period,
    • existence of rectification, erasure, restriction, objection,
    • right to complain to a supervisory authority,
    • source of data if not obtained from you,
    • existence of profiling or automated decision-making.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17, “right to be forgotten”): Request deletion.
  • Restriction (Art. 18): Require storage without further processing.
  • Data portability (Art. 20): Receive your data in a commonly used format.
  • Objection (Art. 21):
    • Object to processing based on Art. 6(1)(e) or (f); we will assess promptly.
    • Object to direct marketing at any time; we will stop using your data for it.
    • Object to profiling at any time; we will stop profiling.
  • Automated decisions (Art. 22): Right not to be subject solely to automated decisions (including profiling).
  • Complaint (Art. 77): Complain to a supervisory authority if you believe processing violates the GDPR.

In short: You have rights. Contact the controller named above.

If you believe your rights are infringed, you may complain to:
Austria: Datenschutzbehörde, https://www.dsb.gv.at/
Germany: Each federal state has a supervisory authority. Further information: Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local supervisory authority is competent:

All texts are protected by copyright.