Privacy notice

Contact details of the responsible body

Responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection regulations for the online offer “Blog” is:

Universität Hamburg
Mittelweg 177
20148 Hamburg
Tel.: +49 40 42838-0
Fax: +49 40 42838-9586

Contact details of the data protection officer of the Universität Hamburg

Mittelweg 177
20148 Hamburg
E-mail: datenschutz(at)

Objective and basic information on data processing

This privacy policy explains the nature, scope and purpose of the processing of personal data within our online offering and the websites, functions and content associated with it. The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.

We process personal data of our users only in compliance with the relevant data protection provisions in accordance with the principles of data economy and data avoidance. It follows that the processing of personal data of our users regularly takes place only after the consent of the user. An exception applies in those cases in which the processing of the data is permitted by legal regulations.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

If content, tools or other means of third-party providers (e.g. YouTube videos) are used within the scope of our online offer and their named registered office is abroad, it is to be assumed that a data transfer to the registered office states of the third-party providers takes place.


For the purposes of this Privacy Policy, the term:

“User” means all customers and visitors to our Website, which term shall be understood to be gender-neutral;

  • “Website or Online Offer” means, on an overarching basis, the content and functions contained on our Website and connected to the Website;

  • “Third-party providers” other providers that are different from us, whose content, tools or other means we use as part of our online offering and whose named registered office may be abroad. For example, video platforms such as YouTube may be mentioned here.

Data processing

1. Provision of the blog and creation of logfiles

With every call and every use of this blog, data and information are collected. This data and information is stored in log files of the server.


  • IP address

  • Information about the browser type and version used

  • Date and time of access

  • Internet service provider of the user

  • Operating system of the user

  • Websites from which the user’s system accesses our website

  • Web pages that are called up by the user’s system via our website

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 e GDPR, i.V.m. § 4 HmDSG i.V.m. § 3 und 4 HmbHG.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Log files are stored to ensure the functionality of the website, to optimize the content of the website and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 28 days at the latest. If the data is stored beyond this period, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

The personal data will also be processed for the following purposes if there is a legal basis for doing so:

  • the provision, execution, maintenance, optimization and safeguarding of our services, services and user services;

  • ensuring effective customer service and technical support.

2. Cookies

The EPOC website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

There are different types of cookies. On the one hand, a distinction is made between first-party cookies and third-party cookies. While first-party cookies are set by the website you are currently visiting and only this website can read information from the cookies, third-party cookies are set by third parties who are not operators of this website. EPOC does not use third-party cookies.

In addition, a distinction is made between session cookies and persistent cookies. Session cookies contain information that is only stored temporarily and is automatically deleted when you leave the website. Persistent cookies (also permanent cookies) are automatically deleted after the specified storage period, which may vary depending on the type of cookie. However, you can delete these cookies at any time via your browser settings.

The purpose of using necessary (also technically necessary) cookies is to simplify the use of websites for users.

The legal basis for the storage of cookies or for the storage of information in the end user’s terminal equipment and access to this information already stored in the terminal equipment results from the Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG). In addition, the legal basis for the further processing of personal data collected in this context arises from the General Data Protection Regulation.

Cookies are stored on the user’s computer and transmitted to us by the user. Therefore, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by making a change in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Required cookies (Essential category)

Necessary cookies are set to make a website usable by enabling basic functions so that a website can function properly. The legal basis for storing information on the terminal device (by means of a cookie) and accessing the information is Section 25 Subsection 2 Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG). If personal data is processed at the same time as or subsequently with the storage of or access to the information, the legal basis is Article 6 subsections 1 e and 3 GDPR in conjunction with Section 4 of the Hamburg data protection act (Hamburgisches Datenschutzgesetz, HmbDSG) in conjunction with Section 3 and 4 Hamburg higher education act (Hamburgisches Hochschulgesetz, HmbHG).

EPOC uses the following session cookies: “wordpress_test_cookie” and “wp_lang”.

3. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption.

You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Contact via e-mail

It is possible to contact the EPOC Project Management Office via the e-mail addresses provided. The personal data of the user transmitted with the e-mail will be stored in the inbox. The data will not be passed on to third parties.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR.

The data will be used exclusively for processing the request. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by e-mail this is the case when the respective request of the user has ended.

Web analytics

1. Matomo

EPOC uses the cookieless version of the open-source software Matomo on its website for the analysis and statistical evaluation of its use.

Visits to our website are collected anonymously and evaluated without the use of tracking cookies. Matomo does however require that the IP address assigned to your end device be communicated to Matomo. The IP address is anonymized immediately on collection and before the data are stored. Matomo does not undertake any further processing of personal data.

This processing is lawful on the basis of Article 6 subsections 1 e and 3 GDPR in conjunction with Section 4 of the Hamburg data protection act (Hamburgisches Datenschutzgesetz, HmbDSG) in conjunction with Section 6 subsection 2 no. 1 Hamburg higher education act (Hamburgisches Hochschulgesetz, HmbHG).

Disclosure of data to third parties

Google Web Fonts: This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Your rights

You have the following rights:

  • the right to information regarding personal data pertaining to you that is stored by us (Article 15 GDPR);

  • the right to correction of any incorrect or incomplete personal information (Article 16 GDPR);

  • the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Article 17 GDPR);

  • the right to limited processing of personal data (Article 18 GDPR);

  • Right to data portability (Art. 20 GDPR);

  • the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21, GDPR);

  • the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR)—this means that the data processing related to that consent will no longer be carried out;

  • the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR)

Withdrawal of consent / objection to processing

Please send your withdrawal to:

EPOC Project Management Office

Rights as a data subject

You may exercise your rights as a data subject, such as obtaining information on data being stored, by contacting datenschutz(at)

(Status: 20.06.2023)