Responsible Body in Terms of the EU General Data Protection Regulation (GDPR):
[Institution, Director, Address, Email, ...]
Data protection refers to the protection of personal data. This concerns data that can be clearly assigned to an individual. When we collect and utilize personal data, we confine ourselves strictly to what is technically necessary and permitted by law. We collect and use personal data only with your prior consent or where allowed by law. It is important to us that you understand why we collect data and what we use them for. More information can be found below.
We collect information from you when you access the above-named domain. For purposes of identification and tracking unauthorized access attempts to this domain as well as for purposes of optimization of web-based services in connection with the use of the web pages of the above-named domain, user data are stored and used to create anonymous access statistics
The EU General Data Protection Regulation (GDPR) took effect on May 25, 2018. It strengthens the rights of the individual user. In point  below, “Rights of Individuals,” we describe your rights with regard to privacy and personal data. Our website uses an external search engine, the Google Custom Search Engine (Google CSE). For more information about the transfer of data to the search engine, please see point  below ("Using the third-party search engine, Google Custom Search Engine (Google CSE)").
Personal information is information that can be used to identify you. This includes information such as your name, postal or IP address (if not anonymized), telephone number, and email address, but not information that is not associated with your identity (such as anonymous log files in which the used browser types are logged).
Data provided by you (e.g., data input via a web form) can be or contain personal data. We store your data only at your request and to the extent needed (for example, for registration for an event) or for data backup. The specific use of such data is indicated in the respective context.
When you view the web pages of the above-named website, a log file is automatically created and stored on the server. Such files contain the web page you visited, the previous website you visited just before ours (in case it was a search engine, also the terms entered), date, time, the operating system you are using, features of the display (resolution in pixels and the so-called pixel-ratio for the detection of high-resolution displays), and the browser you are using (Internet Explorer, Firefox, Opera, etc.). Additionally, the size of the transferred data amount, a so-called HTTP status code (for example to identify a successfully transmitted web page), and the IP address of your computer (e.g., PC or smartphone) – whereby the IP address is immediately anonymized through deletion of the last octet of the address – are also stored.
The collection and use of information stored in the log file is only for anonymous evaluation for statistical purposes (for example, an analysis of user behavior, which pages of the website are accessed, which browsers are used, etc.) and thereby to improve our services. A mapping of IP address to the user ID does not occur. It is not possible to trace the analysis results to a specific IP address.
The information processed as explained above (see points 1 and 2) is electronically collected and used by Freie Universität Berlin, the Center for Digital Systems (CeDiS) and stored centrally by Freie Universität Berlin's Hochschul-Rechenzentrum (ZEDAT).
The information is not disclosed to third parties or used outside of Freie Universität Berlin, unless you have given us your consent to do so or we are required or authorized by law to do so (for example, in relation to law enforcement, presumed plagiarism, or other copyright infringements).
The Google Custom Search Engine (Google CSE) is integrated in the website of [XXX]. In the header of each web page, there is a search box labeled “Search with Google™”. The integrated search service provides a full-text search for content of [XXX].
Users will readily notice the search box at the top of the website of [XXX] that is labeled “Search with Google™.”
Activating the Search
Users can activate the search function by entering a search term in the search box and pressing "Enter" or the search icon (magnifying glass icon). Due to the plugin provided by Google, the search results page automatically reloads with the appropriate search results. During this process data are transferred to the search engine.
Viewing the Results Page
The plugin that is developed and made available by Google (Google Custom Search Engine Google CSE) is integrated as-is by the operator of the website of [XXX] as a software module in the search results page. The plugin allows for automated communication (data exchange) between the retrieved search results page and the Google service, if the search results page is called up. The use of the Google-powered search function comprises a dynamic transfer of data by the service provider to the Google search results page.
Data are only transferred to the provider of the search engine (Google) after a user has accessed the search results page, after having activated the search box and thereby starting a full-text search. When using the search function within the search page results, data are simultaneously transmitted to Google.
No data are transmitted to the search engine (Google), when the web pages that incorporate the Google Search Engine are visited. An exception occurs when users directly reference a search results page.
Agree to Data Transfer by Using Google Custom Search Engine
By using the full-text search and the resulting request to view the search results page, you are agreeing to the transmission of data to Google. This includes, for example, the search terms you enter and the IP address of the computer you are using.
Please note that Google has different data protection standards than those applying to the website of [XXX]. We explicitly point out that the operator of the website of [XXX] has no influence over the processing of data, in particular, the storage, deletion, and exploitation of personal data that may be transmitted to the provider of the search engine. Both the nature and scope of data that may be transmitted are entirely up to the provider of the external service, in this case Google.
In case you are logged in to Google at the same time you are using the Google Search Engine on the website of [XXX], the Google service is able to directly associate the information it collected in connection with your search with your user profile on Google. To avoid further collection of profile information about you, we recommend that you log out of Google before using the Google Search Engine on our website.
The web pages of the above-named domain sometimes use external content from third-party providers. Integrating external content such as videos, presentations, news feeds, e.g., from social media services can enhance the content of a website. Data protection aspects need to be taken into consideration. For that reason, a “two-step solution” is implemented for integrating content from third-party providers. You can recognize this type of content when you see the following box, for example, where Google Maps are integrated into the website.
By clicking the link you agree to a one-time data exchange between the respective websites of the above-named domain and the relevant third party. Under the default setting, data are not transmitted to the provider of the external content. You can permanently activate data exchange between the pages of the above-named domain and the provider of the external content (example here: maps.google.de), and you can revise this decision again at any time.
If you provide us with personal information (e.g., via web forms), you will as a rule find contact details on the same page where you can at no charge request information regarding which of your personal data are stored on our system. At your request, the information can also be provided electronically.
You have the right to ask the person responsible for confirmation of whether your personal data have been processed. If this is the case, you have a right of access to such personal data and to the information specified in Article 15 of the General Data Protection Regulation (GDPR).
You have the right to demand from the person responsible the immediate correction of incorrect and personal data concerning you and, if necessary, the completion of incomplete personal data (Article 16 of the General Data Protection Regulation).
You have the right to request the person responsible to delete your personal data without delay, provided one of the reasons detailed in Article 17 of the General Data Protection Regulation applies (right to erasure). The person responsible will then no longer process the personal data unless he/she can prove compelling legitimate grounds for processing that outweigh the interests, rights, and freedoms of the individual concerned.
You have the right, at any time, to object to the processing of your personal data for reasons arising from your particular situation. In such cases, personal data may only be processed if there are compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims (Article 21 of the General Data Protection Regulation, GDPR).
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.