EUniTa Log in here

Privacy Policy

Information on Data Protection and Consent to the Processing of Personal Data

This Privacy Policy serves to fulfill the information obligations pursuant to Article 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data from data subjects at the time of collection.

We attach great importance to your privacy and the protection of your personal data. Therefore, we would like to inform you here about how we use and protect the data collected about you.

1. Name and Address of the Controller and Administrative Contacts

Controller:
Goethe University Frankfurt am Main
Theodor-W.-Adorno-Platz 1
60323 Frankfurt am Main
Germany

Postal Address:
Goethe University Frankfurt am Main
60629 Frankfurt
Germany

Administrative support (technical and organizational):
Goethe University Frankfurt am Main
House of Labour
studiumdigitale – Central eLearning Facility of Goethe University
Eschersheimer Landstr. 155/157
60323 Frankfurt am Main
Germany
Phone: +49-69-798-22198 | Fax: +49-69-798-22195
Website: http://www.studiumdigitale.uni-frankfurt.de
E-mail: info[at]studiumdigitale.uni-frankfurt.de

2. Data Protection Officer

Goethe University Frankfurt am Main
Data Protection Officers
Theodor-W.-Adorno-Platz 1
60323 Frankfurt am Main
Germany
Website: http://www.uni-frankfurt.de/47859992/datenschutzbeauftragte
E-mail: dsb@uni-frankfurt.de

3. Purposes and Legal Bases of Processing

Personal data are processed exclusively in accordance with the GDPR:

  • Registration and Matching: Art. 6(1)(b) GDPR (performance of a contract).
  • Optional profile data (telephone number, interests, biography, profile picture): Art. 6(1)(a) GDPR (consent).
  • Statistical analysis (Matomo): Art. 6(1)(a) GDPR (consent).
  • Operation and security of the website (logfiles, cookies): Art. 6(1)(f) GDPR (legitimate interests).
  • Spam and abuse prevention (Google reCAPTCHA): Art. 6(1)(f) GDPR (legitimate interests).
  • Processing required by legal obligations (e.g. university law): Art. 6(1)(c) GDPR.

Mandatory data:
Use of the EUniTa App requires the provision of a valid university e-mail address. Without this, registration is not possible.

4. Rights of Data Subjects

You have the following rights under the GDPR with respect to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

Note: The lawfulness of the processing carried out until the withdrawal remains unaffected.

Right to lodge a complaint:
You have the right to lodge a complaint with the competent supervisory authority:

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
Germany
Phone: +49 611 1408 – 0 | Fax: +49 611 1408 – 611
Website: https://datenschutz.hessen.de/ueber-uns/kontakt

To exercise your rights, please contact: datenschutz[at]studiumdigitale.uni-frankfurt.de

5. Categories of Data, Purposes and Storage Periods

5.1 Registration and Profile Data

  • Mandatory data: Name, university e-mail, password, language settings
  • Optional data: Profile picture, biography, telephone number

Profile data (required for matching):

  • First name, last name, date of birth, gender, academic field
  • Native and foreign languages with proficiency level (A1–C2)
  • Interests (voluntary)

Tandem and Match Data:

  • Tandem request: target language, practice frequency, optional filters (academic field, internal university matches, interests)
  • Match data: communicated by e-mail (name, university e-mail), additionally displayed in the dashboard (profile picture, academic field, language profile, interests, biography, telephone number if provided)
  • Activity data: open tandem searches, matches, dashboard usage

5.2 Data Collection When Visiting the Website

When accessing the website, technically necessary data (so-called “server logfiles”) are collected:

  • URL of the visited page
  • Date and time of access
  • Referrer (source of access)
  • Data volume transferred
  • Browser type/version
  • Operating system
  • IP address

Purpose: Ensuring functionality, security, and detection of misuse.
Legal basis: Art. 6(1)(f) GDPR.
Deletion: After a maximum of 7 days, unless longer storage is required due to legitimate interests or legal obligations.

5.3 Storage Periods

  • Account deletion: data remain inactive for 30 days (not visible). Afterwards they are permanently deleted.
  • Logfiles: 7 days
  • Backups: up to 12 months
  • Statistical data (Matomo): 13 months

6. Recipients of the Data

  • Other students: Personal data are only shared in the event of a match.
  • Local partner administrations: Designated units at partner universities (e.g. language centers, international offices, EUniTa coordination offices). They may only access and manage the data of their own university’s users (profiles, tandem searches, matches). Access to profiles of other universities is possible only if a match with their own institution’s users exists.
  • Central administration (Goethe University Frankfurt):
    • studiumdigitale – Central eLearning Facility
    • Dr. Maria Kopp-Kavermann, Internationales Studien- und Sprachenzentrum (ISZ), Fremdsprachen, Campus Westend, Tel.: +49 69 798-23757, E-mail: kopp-kavermann[at]em.uni-frankfurt.de, Website: https://www.uni-frankfurt.de/43667923/team
      These central entities are responsible for the operation, coordination and overall management of the EUniTa App and have system-wide access to ensure proper operation.
  • No disclosure to external third parties: No transfer to unrelated third parties or for marketing purposes.

7. Transfers to Third Countries

  • Google reCAPTCHA: To protect against spam, data (IP address, device information, usage behavior) may be transferred to Google LLC, USA.
    Legal basis: Art. 6(1)(f) GDPR in conjunction with the EU Standard Contractual Clauses.
    Note: Despite contractual and technical measures, a residual risk cannot be excluded when transferring data to the USA.
  • All other data: Processed exclusively on servers in Germany.

8. Automated Decision-Making / Profiling

Matching is performed by an algorithm that considers language goals, proficiency levels, and optional filters.
This does not constitute legally binding profiling but solely provides technical support for partner matching without legal effects under Art. 22 GDPR.

9. Cookies and Tracking

  • Essential cookies
    • pp_box_cookie: stores privacy preferences (1 year)
    • CAKEPHP: session cookie, deleted when the browser is closed
  • Analytics cookies (Matomo)
    • Used only with consent, anonymized, stored for 13 months
    • Opt-out possible at any time
  • reCAPTCHA cookies (Google)
    • Valid for 1–10 years

Users can block or delete cookies in their browser settings.

10. Technical and Organizational Measures

  • Server location: Germany
  • SSL encryption
  • Access restricted to authorized administrators
  • Role and rights concept (Goethe University central, partner universities local)
  • Regular backups and security updates

11. Changes

We reserve the right to update this Privacy Policy if necessary.
The current version is available at any time on the website and in the footer of the EUniTa App.