The data processing at the University’s web pages does not require us to disclose your data to external parties. In some cases, your data might be processed by several persons or offices within the University. This, however, does not represent a data disclosure in legal terms as the data remains within the responsible unit—the University.
The most important exception is the data processing relating to the use of Google Maps. As described in the section “Data processing: Google Maps”, if you call up a map, the University discloses your IP address to Google or to its servers. Usually, these servers are located in the U.S. As a result, Google Maps, being integrated into our website, does require the University to transfer your data to a “third country” in which the protection of your personal data is not the same as in the European Union.
Officially, the data transfer is legal as Google is part of the Privacy Shield Framework. This is an agreement between the EU and the U.S. on data transfer. This successive agreement of the Safe Harbour Privacy Principles, which the Court of Justice of the European Union considered unlawful, contains a self-certification of the participating companies by which they confirm to comply with certain data protection standards. The truth is that the self-certification is not being inspected in terms of data protection and represent a mere letter of intent.
In exceptional circumstances, your data may be passed on German prosecuting authorities. This may be the case if your device attacks the University’s server. If so, the University will pass on your IP address and meta data of your requests (calling up our web pages) to the police.