Data Protection Statement
This is a translation of the original statement in German. The translation is provided for information purposes only and has no legal bearing. Only the German document is legally binding.
UZH takes data protection very seriously; in this statement, we explain which user data are collected, processed, and disclosed by UZH, and for what purpose, and we describe the measures taken to safeguard the security of these data. All measures conform to the prevailing provisions on data protection.
1. Object of Data Protection
Data protection serves to protect the privacy of individuals. It requires data processors to act lawfully, and confers enforceable rights to the affected persons with regard to the processing of their personal data. Section 3 of the Canton of Zurich’s Act on Information and Data Protection (Gesetz über die Information und den Datenschutz [IDG ZH]) defines personal data as any information related to an identified or identifiable individual. This includes details such as names, addresses, phone numbers, and e-mail or IP addresses.
2. Collecting, Processing, and Storing Data
Every time a UZH web page is requested or called up, the following access data are collected and stored in a web server file on UZH’s servers:
- The IP address of the requesting computer (e.g. 123.456.97.36)
- The site or address (URL) from which the UZH web page was requested
- The path and name of the requested UZH web page
- The date and time of the request (e.g. [12/Apr/2016:00:00:01 +0200])
- The volume of data transferred
- The access status
- The type of access
- A description of the type of web browser and/or operating system used
- The session ID
- The serial number of the requesting computer
The following is an example of a possible entry in the web log:
126.96.36.199 - - [12/Apr/2016:00:07:34 +0200] “www.psychologie.uzh.ch GET /fachrichtungen/perspsy/studium-lehre/studium/lizentiat/SH_WS0607.pdf HTTP/1.1” 200 16 22183 “-“ “User-agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)”
These data are processed for the following purposes:
- Safeguarding the network infrastructure and facilitating technical administration
- Optimizing the use of specific web offerings
- Identifying and tracking unauthorized access attempts
Web server log files are stored for six months after access is terminated. Once this period has elapsed, web server log files are automatically deleted, provided there has been no identified attack on the University’s network infrastructure necessitating the civil or criminal prosecution of the intruder and thus requiring that the log file be stored longer.
3. Consent to Further Use of Data
Use of specific functions or services on the UZH website (e.g. newsletters, contact forms, and web applications) may require further collection, processing, and long-term storage of personal data such as names, addresses, and e-mail addresses. By entering and sending this data, you give your consent for this information to be processed.
4. Disclosure of Personal Data
Personal data will be disclosed to third parties (e.g. other authorities) only if required by binding legal provisions (e.g. the ruling of an authority, court orders) or for the purposes of legal or criminal prosecution (e.g. in the event of attacks on UZH’s network infrastructure). Personal data will not be disclosed to third parties for other purposes.
Nevertheless, UZH may commission service providers to process data collected via the UZH website for the purposes described above. Legal, technical, and organizational measures will be put in place requiring UZH and external service providers to comply with the relevant provisions of data protection law.
5. Tracking Settings
To be able to better adapt website content and navigation tools to the needs of users, visits to pages and elements clicked within pages are logged and analyzed using the software Matomo. Matomo uses "cookies" (see point 6. below regarding the use and how to prevent the use of such cookies). The usage information generated by the cookies, including their abbreviated IP address, will not be forwarded to third parties, but stored on UZH’s servers for the purpose of usage analysis and website optimization. The IP addresses will immediately be anonymised during this process. It is therefore not possible to trace the results of this analysis back to a specific IP address or to monitor the behavior of a data subject.
So-called temporary cookies may be used when individual UZH web pages are accessed. Temporary cookies are small files that the UZH web page visited stores on your computer to enable optimal use of the website; the cookies are deleted automatically when the web browser is closed. You can block the use of temporary cookies by adjusting the relevant settings in your web browser. Please note that disabling, blocking, or deactivating cookies can limit the functionality of the UZH web pages.
7. Links to External Websites
The data protection statement applies only to UZH web pages. In the case of links providing access to external sites, please refer to the data protection policies of the providers in question. UZH is not responsible for the content or for the data protection policies of these providers. In particular, UZH cannot guarantee that content provided by other providers is free of malware.
8. Use of Social Media Plugins
The UZH website does not use additional programs in the form of so-called social media plugins that send IP addresses direct to the providers of social networks. The buttons that appear on the UZH website are merely links to the corresponding social network providers.
9. Use of External Search Engines
Google is the central search engine used within the UZH website. The integrated search engine enables full-text searches for content from the official UZH website. This search function can be accessed via a search field at the top of each page of the UZH website. By using the full-text search function and accessing the page of search results, you consent to using the Google search engine and thus to the disclosure of data to the Google service. Please note that a different data protection policy applies to Google than to UZH.
UZH undertakes technical and organizational security measures to ensure that the data it collects and processes via the UZH website remain confidential and are safeguarded from accidental or unauthorized access, changes or disclosure, loss, and destruction; moreover, only the persons who require access to personal data due to their job and work-related duties are granted access on a need-to-know basis.
The measures selected depend on the type of information, the type and purpose of use, and the technology available.
UZH reserves the right to amend this data protection statement at any time with future effect if the implementation of new technologies or the legal situation so requires. For this reason, we advise you to check the data protection statement on a regular basis.
If the web pages provided by individual organizational units of UZH diverge from this data protection statement, a disclaimer will be published with the legal information (Impressum) on the website of the organizational unit in question.
12. Right to Information
If you would like information on data relating to your person that has been collected and processed, if you want such data to be corrected, destroyed, or blocked, or if you have further questions on the use of such data, please contact the Department of Data Protection of the University of Zurich at the following address:
Department of Data Protection of the University of Zurich