1. Scope of the processing of personal data

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (DSGVO) serves as the legal basis. Insofar as the processing of personal data is necessary for the performance of our tasks, is in the public interest or is carried out in the exercise of official authority, Art. 6 para. 1 lit. e DSGVO serves as the legal basis.

3. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Processed personal data and purposes

The library management system (Alma) is the central administration software with which the processes in the library are processed. This includes, among other things, the administration of library user data in the context of media loans, the renewal of loans, reservations for loans, the implementation of fee and reminder processes and communication with users.

Primo VE is a library search system (so-called discovery system) that enables library users to search for literature via a search mask.

The use of Primo VE for research purposes is possible both with and without registration. Registration is required to use the full range of functions.

RUB Bib App is a smartphone app developed by Bochum University Library that enables access to the personal library account and serves to authenticate customers at the circulation desks.

The following personal data of library users is processed:

RUB Bib App (library app)

Users can install the "RUB Bib" app of Bochum University Library on their smartphone and use it to view their library account and use the functions of this account, as well as for authentication at the circulation desks for borrowing media.

During authentication, a personal identification feature (barcode) with a limited validity period is generated on the smartphone. This barcode can be used to borrow media from the self-checkout machines and service desks and to pay fees at the checkout machines.

Personal data

No personal data is stored in the RUB Bib app, only the data described in the Alma section is accessed and displayed. Data retention and deletion for this data is described in the section "Duration of processing / data deletion".

Information on the development

The RUB Bib app was developed by Bochum University Library.

Alma (library management system)

A. Personal details

• First name, middle name, preferred first name, preferred middle name, last name, preferred last name, title, date of birth
• Primary identifier, library user group, status and status date, date of last user activity, account expiration date, account deletion date, preferred language, user roles
• Contact information: e-mail address
• Contact information: Address (except employees)
• Blocks, fees

B. Usage data as part of the lending procedure

• Loans (title, due date, loan date, loan status, [loan] note)
• Returns (title, return date)
• Reservations (title, order date)
• Attachments and notifications
• Proxy (where relevant)

This data is processed in order to be able to lend physical media and make digital media available to library users, as well as to be able to charge any fees that may be incurred.

Primo VE (discovery system)

Primo VE offers a user account through which users can view their own data. In particular, this is the data described in the Alma section. In the course of authentication via Shibboleth, you must also agree to the transmission of the LoginID, which serves as the primary key for assignment to your own data.

1. What does Ex Libris do with the data it collects via Beacon?

The information that is sent is used to proactively monitor end-user behavior and to enable future analysis of feature usage. No personal information is transmitted to ExLibris (e.g. no user ID, username, email, or phone number)

Data sent to the center is converted into analytical (statistical) tables and all raw data is deleted after 30 days. The 30-day window is used to ensure that operational issues related to the creation of each table can be resolved by creating a recent "history" if necessary.

2. What kind of data is collected?

The actual data passed on depends on the "click" a user makes, although some standard information is always passed on:

• Server name
• Server IP
• Session ID
• Institution
• Application (e.g. Primo_Local)
• Page
• Operation
• End user behavior (not passed on in all cases)

(Source: https://knowledge.exlibrisgroup.com/Primo/Knowledge_Articles/Data_Collection_via_beacon01.hosted.exlibrisgroup.com, graphically adapted)

Legal basis for data processing

The collection of data takes place in accordance with Art. 6 para. 1 lit. e GDPR in conjunction with § 3 para. 1 of the Higher Education Act of the State of North Rhine-Westphalia (HG NRW) and in accordance with the statutes (administrative and usage regulations) for the university library of the Ruhr-Universität Bochum of January 7, 2004 and the fee schedule for library facilities of February 23, 2010.

The library can be used on site in the reading rooms without processing personal data. However, borrowing items from the library is only possible in accordance with the statutes if the information is provided.

Consequence of the objection

If you object to the processing, library services that require this data cannot be used.

Data transmission

RUB Bib App (Library App)

Data is only transmitted to the Alma library management system.

Alma (library management system)

The data is transmitted to the following recipients outside the university:

• as part of order processing (hosting & support) to the Consortium Cloud-based Library Management System of the Universities of the State of North Rhine-Westphalia,
• as part of subcontracted processing (support & individual orders) to the University Library Center (hbz) of the state of North Rhine-Westphalia and,
• as part of subcontracted processing (provision & hosting) by Ex Libris (Deutschland) GmbH. The latter in turn operates the technical infrastructure in a data center in the Netherlands.
• In cases of extensive technical problems, data in a third country (Israel) may exceptionally be accessible for rectification by Ex Libris. For the third country Israel, a determination of the adequacy of the level of data protection pursuant to Art. 45 GDPR has been made.

Primo VE (Discovery-System)

The data is transmitted to the following recipients outside the university:

• as part of commissioned processing (hosting & support) to the Consortium Cloud-based Library Management System of the Universities of the State of North Rhine-Westphalia,
• as part of subcontracted processing (support & individual orders) to the University Library Center (hbz) of the state of North Rhine-Westphalia and,
• as part of subcontracted processing (provision & hosting) by Ex Libris (Deutschland) GmbH. The latter in turn operates the technical infrastructure in a data center in the EU (see here).
• In cases of extensive technical problems, data in a third country (Israel) may exceptionally be accessible for rectification by Ex Libris. For the third country Israel, a determination of the adequacy of the level of data protection pursuant to Art. 45 GDPR has been made.

"1 What does Ex Libris do with the data it collects via Beacon?

The information that is sent is used to proactively monitor end-user behavior and to enable future analysis of feature usage. No personal information is transmitted to ExLibris (e.g. no user ID, username, email, or phone number)

Data sent to the center is converted into analytical (statistical) tables and all raw data is deleted after 30 days. The 30-day window is used to ensure that operational issues related to the creation of each table can be resolved by creating a recent "history" if necessary.

2. What kind of data is collected?

The actual data passed on depends on the "click" a user makes, although some standard information is always passed on:

• Server name
• Server IP
• Session ID
• Institution
• Application (e.g. Primo_Local)
• Page
• Operation
• End user behavior (not passed on in all cases)

(Source: https://knowledge.exlibrisgroup.com/Primo/Knowledge_Articles/Data_Collection_via_beacon01.hosted.exlibrisgroup.com, graphically adapted)

Dauer der Verarbeitung / Datenlöschung

RUB Bib (Bibliotheks-App)

No personal data is stored in the app.

Alma (library management system)

A. Personal details

• Data of persons who lose their status as members or affiliates of Ruhr-Universität Bochum will be deleted at the beginning of the second calendar year following the loss of status.
• Data of persons who are neither members nor affiliates of the university will be deleted at the beginning of a calendar year if these persons have neither borrowed media nor made reservations in the two preceding calendar years.

B. Usage data within the scope of the lending procedure

• Storage period of processes: User-related data is anonymized 180 days after completion of the process (usually return of a medium or payment of a fee). If a reminder procedure requires a longer storage period, the relevant data will be deleted immediately after this procedure has been completed.
• For statistical purposes, personal characteristics are removed from the processes and processed further.

Primo VE (Discovery System)

Data sent to the center is converted into analytical (statistical) tables and all raw data is deleted after 30 days. The 30-day window is to ensure that operational issues related to the creation of each table can be resolved by creating a recent "history" if necessary.

(Source: https://knowledge.exlibrisgroup.com/Primo/Knowledge_Articles/Data_Collection_via_beacon01.hosted.exlibrisgroup.com, graphically adapted)

1. description and scope of data processing

Each time our website is accessed and each time a file from the RUB website is retrieved, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

• Information about the browser type and version used
• The operating system of the user
• The user's internet service provider
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2 Purpose of data processing and legal basis

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e DSGVO.

3. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.If the data is stored in log files, this is the case after 24 hours at the latest.Data may be stored for longer than this. In this case, the user's IP addresses are deleted or anonymized so that it is no longer possible to identify the accessing client.

4. possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website.Consequently, the user has no option to object.

1. description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored and transmitted in the cookies

• Preferred font size
• Preferred contrast version (stored in local storage)
• Logged in to the system (only for editorial/administration)
• Expiration date
• Contrast version

We also use cookies on our website that enable an analysis of users' surfing behavior (see next section).

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.

When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.

2. Purpose of data processing and legal basis

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies is not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can therefore continually optimize our offering.

The legal basis for the processing of personal data using cookies is Article 6 (1) (e) DSGVO.

3. Duration of the possibility of objection and removal

Cookies are stored on the user's computer and transmitted from them to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

1. Scope of processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users, which complies with the GDPR standard (see link). The software sets a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

• Two bytes of the IP address of the user's accessing system
• The website accesses
• The website from which the user accessed the website accessed (referrer)
• The subpages that are accessed from the website being accessed
• The time spent on the website
• The frequency of accessing the website

The software runs exclusively on the servers of the Ruhr University Bochum. The user’s personal data is only stored there. The data will not be passed on to third parties. The software is set so that the IP addresses are not saved completely, but rather 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

2. Purpose of data processing and legal basis

The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. By anonymizing the IP address, the user's interest in protecting personal data is sufficiently taken into account.

The legal basis for the processing of users’ personal data is article 6 Abs. 1 lit. e DSGVO.

Duration of storage

The data will be deleted as soon as it is no longer required for our recording purposes.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted from the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is placed on your system, which signals our system not to store the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again. Alternatively, you can activate the “Do-Not-Track” setting in your browser.

You can find more information about the privacy settings of the Matomo software here.

1. Description and scope of data processing

The University library is using four types of forms on the website:

1. Forms (external)

• Loss report online
• Book request online (University library)

By clicking on the above links, the user will be redirected to the internal services of the UB Bochum. When filling out the respective form, the user's data must be recorded and stored so that the order can be executed. At the time of sending, data that is relevant to the respective process is also stored on the two forms mentioned. These are:

• Signature
• Author
• Short title
• User number
• Name
• Surname
• Email address
• Subject
• Person
• Title
• Book request
• Author
• Date and time

No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

2. Forms (internal)
In addition to the two links mentioned above, forms are provided which are part of our CMS Contao and run on an internal RUB server:

• purchase proposal Departmental Library IB
• purchase proposal Departmental Library IC
• Off-site Storage Order
• Off-site storage request
• book request departmental library sports sciences
• Card lending at Departmental Library IB
• Contact form
• Procurement coordination request in Departmental Library
• Reading room request
• Book order faculty members of the Departmental Library IC
• Online form for newspaper reports
• Confirmation of loss from Departmental Library for book Interlibrary loans

When filling out the respective form, the user's data must be recorded and stored so that the order can be executed. At the time the form is sent, the following data is stored:

• Name
• Surname
• Email address of user
• Date and time

There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. A checkbox located in the lower part of the form offers the option of agreeing to the transmission of the data.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

3. Library intern forms
In addition to forms for visitors to the UB, there are internal library forms that are relevant for specialist libraries and the UB itself. When filling out the respective form, the user's data must be recorded and stored so that the order can be executed. At the time the form is sent, the following data is stored:

• Missing books
• Email address of user
• telephone number
• Name
• Surname
• faculty
• Assignment of the case
• Login-ID
• date and time

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

4. Forms for scan services with a Log-in ID at login (external)

Scanning service forms are available on our website. These can only be used with the log-in ID of RUB members. By clicking on the following link, the user will be redirected to the internal services of the UB Bochum, which will ask for the login-ID:

• Scan Service for print media for all RUB members
• Scan service for print media for scientists, teachers and doctors

You must register to view the form.

When filling out the respective scan form, the collection and storage of personal data is necessary so that the execution of the order can be guaranteed.

2. Purpose of data processing and legal basis

We process the personal data from the input mask solely to process the contact. If you contact us via email, this also represents the necessary legitimate interest in processing the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. The legal basis for the processing of the data, if the user has given their consent, is Art. 6 Abs. 1 lit. e DSGVO. The legal basis for the processing of data transmitted when sending an email is Art. 6 Abs. 1 lit. e DSGVO.

3. Duration of storage

For the forms, the requests are deleted after successful provision:

1. purchase proposal Departmental Library IB
2. purchase proposal Departmental Library IC
3. Book request online (University library)
4. book request departmental library sports sciences
5. Card lending at Departmental Library IB
6. Reading room request
7. Scan Service for print media for all RUB members
8. Scan service for print media for scientists, teachers and doctors

Loss confirmation from the Departmental Library for interlibrary loans will be deleted after 14 days.  

Inquiries from the OTRS are automatically deleted from the system after 24 months.

These are follows:

1. Contact form
2. Off-site storage request
3. Off-site Storage Order
4. Procurement coordination request in Departmental Library
5. Online form for newspaper reports

4. Possibility of objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue. In this case, all personal data that was stored in the course of contacting you will be deleted.

News section "News" and event tool (homepage and course calendar)

1. Description and scope of data processing

The news area of the UL Portal is a component of the CMS system Contao. This runs exclusively on the servers of the Ruhr-Universität Bochum / Bochum University Library.

2. Type and duration of storage

The comment function is disabled. There is no storage of personal data beyond what is described for the use of websites.

3. Possibility of objection and removal

No data is collected or stored for the use of the news section, the event tool or the course calendar.

Newsletter

1. description and scope of data processing

In order to receive the newsletter, the collection and storage of the subscriber's e-mail address is mandatory. The registration takes place in the so-called double-opt-in procedure.

2. Duration of storage

The data will be deleted as soon as the subscriber cancels the newsletter subscription.

3. Possibility of objection and removal

The collection and storage of the e-mail address is mandatory for the subscription to the newsletter. Consequently, there is no possibility for the user to object.

Cituro (booking courses or events)

1. Description and Scope of Data Processing

The Library Website of Ruhr University Bochum uses the service “Cituro” to allow for booking of its courses and events. This function is provided by Florian Heymel Consulting, Gustav-Stresemann-Str. 13, in 86199 Augsburg (Germany). For the purpose of booking courses or events, the following data is processed in accordance with article 6, paragraph. 1, letter b GDPR:  student number, name, given name and e-mail address. If provided by the user, affiliation to a faculty of RUB and other information (sonstiges) is also stored. This data is processed in accordance with article 6, paragraph 1, letter e GDPR. The provider of “Cituro” states the following terms of use (German only), which protect the data of visitors of our courses of events in accordance with legal requirements.

2. Transfer of Data

The data is stored on servers of the provider of “Cituro“. Within the University Library of Ruhr-University Bochum, only persons who are obliged to handle course or event bookings or their deletion have access to the abovementioned data. Insofar as such agreements are in place between the University Library of Ruhr University Bochum and individual faculties of Ruhr University Bochum, course specific data (name and student number) are exported from the system and passed to the relevant parts of these faculties, to allow for the generation of proof of attendance.

3. Duration of Data Storage

The data is deleted automatically if a user has been inactive for 365 days, or at an earlier time, if is no longer needed.

4. Right to Object and Options of Elimination, Consequences of the contradiction

The personally identifying data is deleted or barred as soon as the purpose of storage becomes inapplicable. Details regarding the data protection regulations of “Cituro“ can be found here (German only). If you would like your data to be deleted before that time, please contact ub-kurse@rub.de. Please be aware that without the necessary data, we cannot offer you a reservation for our courses or events.

Cituro (booking rooms)

1. Description and Scope of Data processing

The Library Website of Ruhr University Bochum uses the service “Cituro” to allow for booking of its courses and events. This function is provided by cituro GmbH Peter-Dörfler-Straße 30 in 86199 Augsburg (Germany). For the purposes of booking rooms, the following data is processed in accordance with article 6, paragraph 1, letter b GDPR: student number or RUB LogIn-ID, name, given name, e-mail address. This data is processed in accordance with article 6, paragraph 1, letter e GDPR. The provider of “Cituro” states the following terms of use (German only), which protect the data of visitors of our courses or events in accordance with legal requirements.

2. Transfer of Data

The data is stored on servers of the provider of “Cituro“. Within the University Library of Ruhr-University Bochum (including the Library IB), only persons who are obliged to handle room bookings or their deletion have access to the abovementioned data.

3. Duration of Storage

The data is deleted after a planning interval (usually 3 months) is completed, or at an earlier time, if it is no longer needed.

4. Right to Object and Options of Elimination, Consequences of Elimination

The personally identifying data is deleted or barred as soon as the purpose of storage becomes inapplicable. Details regarding the data protection regulations of “Cituro“ can be found here (German only). If you would like your data to be deleted before that time, please contact ub-information@rub.de. Please be aware that without the necessary data, we cannot offer you a room reservation.

Open Street Maps

1 Description and scope of data processing

The UB uses the OpenStreetMap (OSM) map service. The provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OSM is licensed under the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). The sole purpose of using OpenStreetMap on our website is to make it easy to find the places we have indicated on the website. This is done exclusively in the interest of Art. 6 Abs. 1 lit. e DSGVO.

2. Type and duration of storage

To protect user data, a connection to Open Street Maps is first established by clicking on a link/image and the map is loaded. Only then will data be sent to the provider. If you do not click on the link, no exchange takes place between the user and Open Street Maps. Information about the collection and use of your data by Open Street Maps can be found here.

3. Possibility of objection and removal

OpenStreetMap uses user data exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). All further information can be found in the provider's privacy policy.

By clicking on the links, the user is redirected to the services of the respective provider. If you do not click on the link, there will be no exchange between the user and the providers of the social media services. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers.

V:Scout guidance system

1. Description and scope of data processing

The guidance system gives users the opportunity to create a visual orientation aid, making it easier to reach their destination in digital form within our building. By clicking on the link/image, you will be redirected to the services of the orientation system. The provider is arTec Gesellschaft für computerunterstützte Darstellungstechnik mbH, Länderallee 6 in
14052 Berlin.

2. Type and duration of storage

If you do not click on the link, there will be no exchange between the user and the provider of the guidance system.

3. Possibility of objection and removal

Information about the collection and use of your data can be found in the terms of use of the respective provider.

By clicking on the links, the user will be redirected to the services of the respective providers. If you do not click on the link, no exchange will take place between the user and the providers of the social media services. Information about the collection and use of your data on social networks can be found in the respective terms of use of the relevant providers.

We have linked social media services from the following companies on our website:

• Facebook Inc.
• Instagram
• LinkedIn
• Twitter Inc. / X
• Whatsapp
• Youtube

The legal basis for processing the data after the user has given their consent is Art. 6 Abs. 1 lit. a DSGVO.

We offer users on our website the opportunity to watch selected videos from YouTube directly on the site. To protect user data, a connection to YouTube is only established by clicking on a link and the video is started. Only then will data be sent to the provider. Unless you click on the link, there will be no exchange between the user and YouTube. Information about the collection and use of your data on YouTube can be found here.

As a data subject, you can exercise the rights granted to you by the DSGVO at any time:

• the right to information as to whether and which of your data is being processed (Article 15 DSGVO),
• the right to request the correction or completion of the data concerning you (Article 16 DSGVO),
• the right to delete the data concerning you in accordance with Art. 17 DSGVO,
• the right to request a restriction on the processing of data in accordance with Article 18 DSGVO,
• the right to data portability in accordance with Article 20 DSGVO
• the right to object to future processing of your data in accordance with Article 21 of the DSGVO.

In addition to the rights mentioned, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 EU DSGVO), for example the one responsible for the university

Landesbeauftragten für Datenschutz und
Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
https://www.ldi.nrw.de

We reserve the right to change this privacy notice in order to adapt it to changes in relevant laws or regulations or to better meet your needs. This data protection information applies in the version last published by the Ruhr University Bochum.