Privacy Policy
This Privacy Policy applies to the university’s online presence and the websites, services and offers made available there, provided that they link to this Policy or refer to it and explain how the university handles personal data.
It also describes the options you have regarding the recording and usage of your personal data and the access to this data, and how you can update and correct this information.
Non-legally binding translation: In case of doubt and discrepancies, the provisions of the original German version shall apply.
III. General information on data processing
IV. Rights of the data subject
V. Provision of the online presence | Creation of log files
IX. Registration -- International competitions, Weimar Master Classes, pinboard, alumni datenbase
I. Person in charge
In the sense of the EU General Data Protection Regulation (GDPR), other national data protection acts (particularly the Thuringian Data Protection Act) and other provisions under data protection legislation the person in charge is the:
University of Music FRANZ LISZT Weimar
Platz der Demokratie 2/3
99423 Weimar
Telephone: +49 3643 | 555 0
E-mail: praesidentin@hfm-weimar.de
Internetpräsenz: www.hfm-weimar.de
The University of Music FRANZ LISZT Weimar is a body under public law and is legally represented by its president.
II. Data Protection Officer
University of Music FRANZ LISZT Weimar
Legal Office | Data Protection
Platz der Demokratie 2/3
99423 Weimar
Telephone: +49 3643 | 555 191
Email: datenschutz(at)hfm-weimar.de
III. General information about data processing
1. Scope of data processing
In principle, the personal data of users is only processed to the extent that this is required for the provision of a functioning online presence and for the use of the content and services made available there, or to the extent that the user has consented to the processing of their personal data.
There is an exception in those cases where it was not previously possible to seek consent due to concrete reasons and the processing of data is permitted by statutory regulations.
Personal data is only disclosed to third parties or otherwise transmitted if this is necessary for the purposes of contract processing or for billing purposes, or the contractual partner has consented to this previously.
The use of the IT infrastructure and systems of other universities within Thuringia, within the framework of the cooperation agreement between Thuringian universities for IT services, supplemented by a corresponding framework agreement on contract data processing, remains unaffected by this.
2. Purpose and legal basis of data processing
The legal basis of the processing of the personal data in question is determined by its purpose.
In principle, every instance of processing of personal data by the university serves to fulfil the tasks assigned to it by law, particularly under Section 5 of the Thuringian Universities Act. Provided the data processing in question is covered by Section 11 of the Thuringian Universities Act and the Thuringian University Data Processing Ordinance, Art. 6 Para. 1 (e), the GDPR serves as the legal basis.
If the personal data of university employees is being processed, Section 27 of the Thuringian Data Protection Act, in conjunction with the Thuringian Government Employees Act, is the legal basis for data processing.
If consent is sought from the data subject for the processing of personal data, Art. 6 Para. 1 (a) of the GDPR is the legal basis.
3. Duration of storage and data erasure
The data subject’s personal data is erased as soon as the purpose of storage lapses.
If it is not possible to erase it due to technical circumstances or other requirements, or if this would only be possible with disproportionate outlay, the personal data will be made unavailable or otherwise restricted in terms of processing.
In addition, it may be stored if this is provided for by European or national legislators in ordinances, acts or other regulations under Union law, to which the controller is subject.
The erasure, making unavailable or restriction or processing of the data also occurs if one of the storage periods stipulated by the above norms comes to an end, unless it is necessary to continue storing the data in order to conclude a contract or fulfil it.
IV. Rights of the data subject
If your personal data is processed, you are a data subject within the sense of the GDPR, and you have rights vis-à-vis the controller, pursuant to Article 15 ff. GDPR. As part of this, limitations, changes and, potentially, the exclusion of these rights can arise from the General Data Protection Regulation itself, in particular, and from Sections 21 – 23 of the Thuringian Data Protection Act.
- In principle, you can request access to information regarding whether an of your personal data is being processed. If this is the case, you have a right to access information regarding this personal data and to any other information relating to the processing (Art. 15 GDPR).
- In the event that personal data relating to you is not (or is no longer) relevant or comprehensive, you can request the rectification, and if necessary, the supplementation, of this data (Art. 16 GDPR).
- Insofar as the statutory requirements are met, you can request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR).
- You have the right to receive the personal data relating to you, which you have provided to the controller , in a standard, structured and machine-readable format, and to transmit this data to another controller, provided that certain conditions are met (Art. 20 GDPR).
- For reasons arising from your particular situation, you have the right to object to the processing of personal data relating to you at any time, if this processing occurs under Article 6, Para. 1 (e) or (f) GDPR. Insofar as the statutory requirements are met, the university will not process your personal data subsequent to this.
- According to data protection law, you have the right to revoke your declaration of consent at any time. Revoking this consent does not affect the legality of the processing that has already occurred on the basis of this consent, up to the point in time at which it was revoked.
Irrespective of any other legal remedy under administrative law, or judicially, you have the right to file a complaint with a supervisory authority if you believe that the processing of the personal data relating to you is in breach of the GDPR. The competent supervisory authority is the:
Thuringian State Officer for Data Protection and the Freedom of Information
Visitor address: Häßlerstraße 8 (4th Floor), 99096 Erfurt
Postal Address: PO Box 90 04 55, 99107 Erfurt
Telephone: +49 361 | 57 311 29 00
Fax: +49 361 | 57 311 29 04
Email: poststelle(at)datenschutz.thueringen.de
V. Provision of the online presence | Creation of log files
1. Scope of data processing
Every time the university’s online presence is accessed, the following data and information is automatically recorded by the computer system of the accessing computer and stored in log files:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- The date and time of access
- The website from which the user’s system accessed the university’s website
- Websites that the user’s system accessed via the university’s website.
This data is not stored in conjunction with the user’s data or any other personal data.
The following external service provider assists with the operation of this website:
JUSTORANGE – resch media services, Jena (consulting, design development, technical execution of the TYPO3 template, maintenance and updating).
2. Purpose and legal basis of data processing
It is necessary for the IP address to be temporarily stored by the system in order to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
Storage in log files serves to ensure the functioning of the website. In addition, the data helps to ensure the security of the university’s IT systems. In this context, the data is not evaluated for marketing purposes.
Due to the above legitimate interest in processing the above-mentioned data, the legal basis for the temporary storage of data and the creation of log files is Art. 6 Para. 1 (f) of the GDPR.
3. Duration of storage and data erasure | Right to object
The data processed for the provision of the online presence is deleted when the session in question has ended. The data stored in log files is erased after seven days, at the most.
Given that the recording of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website, it is not possible to object to this.
VI. Usage of Cookies
1. Scope of data processing
The internet presence of the university uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your terminal device, for example, when you call up an Internet page. This cookie contains a characteristic string of characters that makes it possible to uniquely identify the browser when the website is called up again.
Cookies are used to make the Internet presence more user-friendly and to ensure that the Internet pages function as expected. Some elements of the Internet presence require that the calling browser can be identified even after a page change.
So-called session cookies (temporary cookies) are used on the university's Internet pages. This type of cookie is stored exclusively for the duration of the use of the Internet pages. Session cookies are used exclusively to identify you as long as you are logged in to the Internet pages. After the end of each session, the session cookies are deleted. Any use beyond this does not take place.
The following data is stored and transmitted in the cookies:
- Log-in information
- User setting to opt out of web analytics by Matomo
- MoodleSession identifies you by an anonymous ID and stores your login for the current session in Moodle. This is necessary to maintain login and access permissions during the session. The cookie is automatically deleted when you log out of the system or close the web browser
- MoodleID stores the username in the web browser when you use the Moodle platform. The next time you log in to the system, it will automatically be entered into the login screen to speed up your login process. You can optionally activate the cookie when logging in.
2. Purpose and legal basis of data processing
The purpose of using technically necessary cookies is to simplify the use of Internet pages. As a rule, cookies are only set in response to actions you take, such as setting privacy preferences, logging in or filling out forms. In principle, the university's Internet pages can be used without the use of cookies. However, some functions cannot be offered without the use of cookies. For these applications mentioned under No. 1, it is necessary that the browser is recognized even after a page change. The data collected through technically necessary cookies are not used to create usage profiles.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.
3. Storage period and data deletion | Possibility of objection
Cookies are stored on your computer and transmitted from it to the university's website. Therefore, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the university's Internet presence, it may no longer be possible to use all functions of the Internet pages to their full extent.
VII. Web analysis by Matomo
1. Scope of data processing
The university uses the open source software tool Matomo on its website to analyze page views and the surfing behavior of the persons using the website. The software runs exclusively on the university's own servers, without the use of cookies. The data is not passed on to third parties.
Matomo accesses various information from the browsers of the users in order to generate a randomly set, short-lived identifier for each visitor ("configuration ID"). The ID is used by Matomo to roughly and anonymously assign various actions to an end device in a short time window of a defined 30 minutes and to group them into "visits". After the 30 minutes have elapsed, a new ID is assigned when the website is called up again and it is counted as a new visit.
The following data is processed when individual pages of the website are called up:
- two bytes of the IP address of the calling system,
- the time at which the website was called up
- the page called up (page title and URL),
- the Internet page from which you accessed the accessed page (referrer),
- the subpages that are called up from the called-up Internet page,
- the time spent on the Internet page
- the frequency with which the Internet page is accessed
- the screen resolution used,
- the time in your local time zone,
- files clicked to download,
- the page generation time,
- the location of your computer (country, region, city, approximate longitude and latitude),
- language settings of the browser used,
- Operating system, browser version, end device (such as desktop, tablet, smartphone, TV, vehicle, console, etc.).
Source: https://matomo.org/faq/general/faq_18254/
The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (Ex: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling end device is no longer possible.
2. Purpose and legal basis of data processing
The processing of your personal data enables an analysis of your surfing behavior. By evaluating the data obtained, the university is able to compile information on the use of the individual components of the Internet pages. This helps to continuously improve the Internet presence and its user-friendliness.
In these purposes lies the legitimate interest in the processing of the data, so that the legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) DSGVO. By anonymizing the IP address, processing the data without cookies and the only short time of recording a visit to the website, your interest in protecting your personal data is sufficiently taken into account.
3. Storage period and data deletion | Possibility of objection
The generation of the "configuration ID" from the information of your browser is set in such a way that the data is anonymized and additionally randomly changed every 30 minutes.
The possibility of opting out of the analysis procedure is offered on the Internet pages. In this way, a cookie is set on your computer system, which signals to the university's system not to store your data. If you delete the corresponding cookie from your computer system in the meantime or if you use a different terminal device or a different Internet browser, you must set the opt-out cookie again.
You can find more information about the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/
Possibility to OPT-OUT
Will be added here shortly ...
VIII. Special data processing
The following provisions serve to provide information on the handling of your personal data within the scope of special, specific applications that you can access via the university's Internet presence. They supplement the above general provisions.
A. Social Media
Die Hochschule setzt auf ihren Internetseiten keine Social-Media-Plugins ein. Über externe Links haben Sie lediglich die Möglichkeit, zu den Social-Media-Kanälen der Hochschule zu gelangen. Um eine unerwünschte Übertragung Ihrer Nutzungsdaten an diese Dienste zu verhindern, kommen Sie erst mit einem Klick auf einen Link zu den jeweiligen Diensten. Derzeit wird auf folgende Social-Media-Anbieter verlinkt: YouTube, Facebook und Instagram.
Die Hochschule hat keinen Einfluss darauf, ob und in welchem Umfang, für welche Dauer und zu welchem Zweck die externen Anbieter personenbezogene Daten erheben, wenn Sie deren Seiten besuchen. Es ist jedoch davon auszugehen, dass zumindest die IP-Adresse und gerätebezogene Informationen erfasst und genutzt werden.
YouTube
Die Hochschule bindet auf ihren Internetseiten zu Informations- und Werbezwecken Videos von dem hochschuleigenen YouTube-Kanal ein. Darüber hinaus können die Hochschule sowie Nutzende der Moodle-Lernplattform zu Informations- und Lehrzwecken Videos über YouTube einbinden. Diese werden jeweils auf den Servern von YouTube gespeichert und von der Internetseite oder aus dem Moodle über eine Einbettung oder einen Link abgespielt. Die Einbettung auf den Internetseiten erfolgt mit erweiterten Datenschutzeinstellungen und erfordert eine zusätzliche Aktivierung. Beim Aufruf einer Seite mit eingebundenem YouTube-Video werden keine Daten weitergegeben, da das Video in diesem Moment noch deaktiviert ist. Erst bei der Wiedergabe des Videos durch die separate Aktivierung des angegebenen Links, werden nutzerspezifische Daten in Form von YouTube-Cookies und DoubleClick-Cookies gespeichert und möglicherweise automatisch an YouTube bzw. Google, auch in Drittstaaten wie die USA, übermittelt. Auf diese Datenübertragung sowie Art, Umfang und Verwendungszweck der übermittelten Daten hat die Hochschule keinen Einfluss. Ein Einsatz zu Marktforschungs- und Marketing-Zwecken kann nicht ausgeschlossen werden.
Die bei der Aktivierung der Videos gespeicherten YouTube-Cookies können über die Einstellungsmöglichkeiten Ihres Internetbrowsers gelöscht, deaktiviert und eingeschränkt werden. Möglicherweise können aber dadurch nicht mehr alle Funktionen der Website vollumfänglich genutzt werden.
Da YouTube ein Dienst von Google ist, erfolgt die Übertragung nutzerspezifischer Daten unabhängig davon, ob Sie ein Google Konto haben, über das Sie eingeloggt sind, oder ob kein Konto existiert. Sollten Sie über ein eigenes Google-Konto angemeldet sein, werden diese Daten möglicherweise direkt von Google zugeordnet. Wenn diese Zuordnung zu einem persönlichen Profil nicht gewünscht ist, müssen Sie sich vor dem Abspielen des Videos ausloggen.
Durch die Zustimmung zu den allgemeinen Nutzungsbedingungen von Google wurden gleichzeitig die EU-Standardvertragsklauseln zwischen der Hochschule und dem Anbieter abgeschlossen. Dadurch werden bei der möglichen Übertragung von Daten in Drittländer mit dem EU-Recht vergleichbare Schutzmaßnahmen gewährleistet.
Vimeo
Darüber hinaus werden auf den Internetseiten der Hochschule und auf der Lernplattform Moodle Videos eingebunden, welche über den externen Dienstleister Vimeo bereitgestellt werden. Auch hierbei erfolgt bei einem bloßen Aufruf der jeweiligen Webseite noch keine Datenübertragung und die Videos müssen separat gestartet werden. Zudem werden die Videos grundsätzlich in der „Do Not Track“-Variante eingebunden, so dass beim Abspielen personenbezogene Daten nur in minimaler Weise an Vimeo übermittelt werden.
Um ein angemessenes Datenschutzniveau bei der Übermittlung von Daten in die USA zu gewährleisten, hat die Hochschule die EU-Standardvertragsklauseln mit Vimeo in der sogenannten „Controller to Controller“-Variante abgeschlossen. Darüber hinaus hat sich der Anbieter von Vimeo gegenüber der Hochschule verpflichtet, weiterhin die selbst auferlegten Pflichten aus dem ehemaligen Privacy Shield Abkommen einzuhalten.
Trotz der getroffenen Maßnahmen können beim Ansehen von Videos Daten wie z.B. die IP-Adresse und Informationen zum Betriebssystem und Browsertyp an Vimeo übertragen und anschließend verarbeitet und gespeichert werden. Sind Sie als Mitglied bei Vimeo eingeloggt, kann es darüber hinaus ggf. zu weiteren Datenübertragungen durch gespeicherte (Drittanbieter-) Cookies und einer Zuordnung zu Ihrem persönlichen Benutzerkonto kommen. Die Zuordnung kann verhindert werden, indem Sie sich vor der Nutzung der Internetseite aus Ihrem Vimeo-Benutzerkonto abmelden und die entsprechenden Cookies löschen.
Weitere Informationen zur Handhabung des Datenschutzes bei den externen Online- und Social-Media-Plattformen können Sie auf den jeweiligen Internetseiten einsehen:
YouTube:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy?hl=de&gl=deFacebook:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
https://www.facebook.com/policy.phpVimeo:
Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA
https://vimeo.com/privacy#data_we_collect_about_youInstagram:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://www.facebook.com/help/instagram/155833707900388/
B. Podcast
1. Umfang der Datenverarbeitung
Die Hochschule bietet auf ihren Internetseiten zum Hochschuljubiläum selbst produzierte Podcast-Folgen an, in denen Angehörige und Mitglieder über sich, ihre Verbindung zur Musik und die Hochschule sprechen.
Die im MP3-Format eingebundenen Podcast-Dateien werden auf der Plattform www.podcaster.de gehostet. Betreiber der Plattform ist Fabio Bacigalupo, Brunnenstraße 147, 10115 Berlin, Deutschland.
Die Einbindung des Podcast-Players auf den Webseiten der Hochschule erfolgt durch Widgets bzw. Embeds. Dabei verarbeitet podcaster.de auf dem eigenen Server die IP-Adresse des von Ihnen genutzten Endgerätes sowie weitere Geräteinformationen in Protokoll-Dateien. Etwaige Statistiken werden ohne Informationen zu den einzelnen Personen und lediglich in aggregierter Form erstellt.
Die Hochschule hat mit podcaster.de eine Vereinbarung zur Auftragsverarbeitung nach Art. 28 DSGVO abgeschlossen. Ausweislich dieser Vereinbarung verpflichtet sich podcaster.de dazu, den notwendigen Schutz Ihrer Daten zu gewährleisten und die Daten gemäß den geltenden Datenschutzbestimmungen ausschließlich in unserem Auftrag zu verarbeiten. Weitere Informationen zum Umgang mit Nutzerdaten finden Sie in der Datenschutzerklärung: https://www.podcaster.de/podcaster-datenschutzerklaerung.pdf
Daneben können Sie die Podcasts über Ihre Privatgeräte auf einigen der gängigsten Podcast-Plattformen anhören und herunterladen. Dies geschieht unter Zustimmung zu den Nutzungsbedingungen und Datenschutzbestimmungen der jeweiligen Anbieter. Unter Umständen ist auch ein eigenes Nutzungskonto bei dem Anbieter notwendig.
Weitere Informationen finden Sie auf den Webseiten und in den Datenschutzerklärungen der Anbieter.
- Spotify:
Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Schweden
https://www.spotify.com/de/legal/privacy-policy/
- Deezer:
Deezer S.A., 24 rue de Calais, 75009 Paris, Frankreich
https://www.deezer.com/legal/personal-datas
2. Zweck und Rechtsgrundlage der Datenverarbeitung
Die Verarbeitung und vorübergehende Speicherung der IP-Adresse und weiterer Geräteinformationen erfolgt, um Podcast-Downloads und deren Wiedergabe zu ermöglichen und statistische Daten (Abrufe, Abonnentenzahlen) zu ermitteln.
Eine eigenständige Nutzung der Daten durch podcaster.de sowie eine Weitergabe an Dritte erfolgt nicht. Eine Speicherung dieser Daten zusammen mit anderen personenbezogenen Daten der nutzenden Person findet ebenfalls nicht statt.
Die Nutzung der Plattform podcaster.de erfolgt im Interesse an einer sicheren und effizienten Bereitstellung eines Podcast-Angebotes durch die Hochschule. In diesen Zwecken liegt das berechtigte Interesse in der Verarbeitung der Daten, so dass Rechtsgrundlage für die Datenverarbeitung Art. 6 Abs. 1 lit. f DSGVO ist.
3. Speicherdauer und Datenlöschung | Widerspruchsmöglichkeit
Die Protokoll-Dateien zur Bereitstellung des Podcast-Players sowie die in Logfiles gespeicherten Daten werden gelöscht, sobald diese für die Bereitstellung des Angebotes nicht mehr benötigt werden, spätestens aber bei Beendigung der Sitzung.
IX. Registration -- International competitions, Weimar Master Classes, pinboard, alumni database
1. Scope of data processing
On some webpages, the university offers the option of registering by providing personal data. The nature and scope of the data collected depend on the purpose of the data collection, as determined by the corresponding tender, participation or usage conditions. The individual conditions can be accessed upon undertaking the registration in question, or they will be provided to the user in another way.
The data is provided via an input mask, then transmitted to the university and stored.
At the point of registration, the following data (log data) is also stored:
- The user’s IP address
- Date and time of registration
Alternatively, it is possible to make contact via the email address provided for the registration in question. In this case, the user’s personal data that is transmitted with the email is stored.
Personal data is only disclosed to third parties or otherwise transmitted by the university if this is necessary for purposes of contract processing, or for billing purposes, or if the contractual partner has consented to this previously.
Alongside the videos, the visiting professors for the Weimar masterclasses receive the surname, first name and date of birth of registered participants, so that they can undertake the pre-selection provided for in the participation conditions.
The following external service providers assist with executing the above services:
- JUSTORANGE – resch media services (consulting, design development, technical execution of the TYPO3 template, maintenance and updating).
- Friedrich Schiller University Jena (maintenance of the alumni database)
- Bauhaus Weiterbildungsakademie Weimar e.V., Weimar (contract drafting, finances, participant support for competitions)
- Novalnet AG, Ismaning (payment processing/e-payment)
2. Purpose and legal basis of data processing
Registration is necessary for the provision of certain content and services, in order to fulfil a contract with the user or to execute pre-contractual services.
The personal data collected during registration for the service or product in question is used to design and execute the service or product, to establish, and, if necessary, invoice a participation account and to reply to enquiries.
The legal basis of the processing of the data is Art. 6 Para. 1 (e) of the GDPR for competitions, masterclasses and the alumni database, and Art. 6 Para. 1 (a) of the GDPR, too, if the user has given their consent.
If the registration (also) serves to fulfil a contract to which the user is a party, or to execute pre-contractual measures, an additional legal basis for the processing of the data is Article 6 Para. 1 (b) of the GDPR (competitions, Weimar masterclasses, pinboard).
The log data processed during registration serves to prevent the contact form from being abused and ensure that the IT systems are secure. The legal basis for the processing of personal data is Art. 6 Para. 1 (f) of the GDPR.
3. Duration of storage and data erasure | Right to object
The data is erased if it is no longer required to execute the contract or for pre-contractual measures. Even once the contract has been concluded, it may be necessary to continue storing the contractual partner’s personal data, in order to meet contractual or statutory requirements.
The log data is erased when the session in question has ended. In the event that data is stored in log files, this data is generally erased after seven days, at the most.
As a user, you always have the option of terminating your registration or arranging for your personal data that has been to be changed. Depending on the service used, the corresponding written enquiry is to be sent to the appropriate email address given in the tender, participation or usage conditions.
If the data is required to fulfil a contract or execute pre-contractual measures, the premature erasure of the data is only possible if there are no contractual or statutory obligations that oppose erasure.
X. Newsletter
1. Scope of data processing
The website of a university project (https://jazzomat.hfm-weimar.de) includes the option of subscribing to a free newsletter. When you register for the newsletter, the email address entered into the input mask is transmitted to the university.
In addition, the following data (log data) is recorded and stored upon registration:
- IP address of the accessing computer
- Date and time of registration
In conjunction with the processing of data for sending the newsletter, data is disclosed to the external service provider commissioned to perform this task:
MailChimp (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA)
Mailchimp has undertaken to transfer and process all data from other EU countries in accordance with the so-called EU standard contractual clauses. This valid data export mechanism automatically applies as part of the terms of use in accordance with Mailchimp's data processing addendum.
Data protection information from the service provider used:
https://mailchimp.com/legal/privacy/
2. Purpose and legal basis of data processing
The user’s email address is collected for the purpose of sending the newsletter.
The legal basis for the processing of data after the user’s registration for the newsletter is Article 6 Para. 1 (a) of the GDPR, if consent has been granted.
The log files processed during the registration serve to prevent the abuse of the data or the email address provided.
The legal basis for the processing of personal data is Art. 6 Para. 1(f) of the GDPR.
3. Duration of storage and data erasure | Right to object
The user’s email address is stored for as long as the newsletter subscription is active.
The log data is erased when the session in question has ended. In the event that data is stored in log files, this data is generally erased after seven days, at the most.
The subscription to the newsletter can be cancelled by the user at any time. Every newsletter contains a corresponding link for this purpose. This also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.
XI. Online conferences
1. Scope of data processing
Via its website, the university offers its members and affiliates the option of accessing online conferencing services from external providers, and thereby carrying out video and teleconferences, online meetings and/or webinars.
Currently the online conference services of the following external service providers can be used via the corresponding links, in conjunction with the access details for the university services:
Cisco WebEx:
T-Systems International GmbH
Hahnstraße 43d, 60528 Frankfurt am Main
Cisco's online privacy policy
Privacy notices for the individual services
DFNconf:
Verein zur Förderung eines Deutschen Forschungsnetzes e.V. (DFN)
Alexanderplatz 1, 10178 Berlin
https://www.conf.dfn.de/datenschutz/
The following data is collected and stored when online conferencing services are used:
- First name and Surname
- Username/password or telephone number
- Meeting metadata
User information is only used to provide the service and the actual functionality of the meeting.
The person who initiated the event or sent the invitation to a meeting has the option of recording the meeting (video recordings, chats and other content), with the consent of the participants involved).
All the users have the option of uploading text, audio and video files during the conference and sharing them with the other participants in the meeting.
The university has set the default settings of the online conferencing service in question to be as friendly towards data protection as possible.
In principle, no text, audio or video files are processed without the users triggering the processing themselves, via the corresponding function, and thereby consenting to processing.
Personal data that is processed in conjunction with participation in online conferences is, in principle, not disclosed to third parties, provided it is not specifically destined for disclosure.
If necessary, the providers of the services will become aware of the above-mentioned mandatory data, and the optional self-recorded data, to the extent that this is stipulated in the processing contract in question. In addition, they reserve the right to disclose registration information, host information and/or usage information to the provider of the service, contractors or other third parties, if this is necessary for the provision and improvement of the service.
When the ‘WebEx’ service is used, it cannot be ruled out that data will be transmitted to the USA, as this is an American provider. Data is processed via servers in Germany or the European Union.
2. Purpose and legal basis of data processing
In particular, online conferencing services serve to establish and use digital learning formats, in order to supplement in-person events. Alongside this, assistance can be given with personal administrative tasks via meetings and committee meetings held in the form of telephone and/or video conferences.
The legal basis for the processing of the users’ personal data is Art. 6 Para. 1 (e) of the GDPR.
If the functions of the online conferencing service (uploads, chat) and a recording of the conferences are actively used, the legal basis for the data collected and stored, to the extent that the user consents to this, is Article 6 Para. 1 (a) of the GDPR.
3. Duration of storage and data erasure | Right to object
When the DFNconf service is used, the leader or the user needs to undertake manual erasure, as the data and recordings are not erased automatically.
Subject to other internal guidelines, active users have complete control over how long their user-generated information (e.g. recordings and files that they initiate or upload) is stored on the Webex meetings platform and can view and erase this user-generated information at any time.
After the end or expiry of the service, user-generated information will be deleted from the Webex meetings platform within 60 days, at the most.
The user has the option of deregistering from the service in question at any time and erasing their personal data or their entire profile. If the processing of personal data within the scope of the use of an online conferencing service is based on the user’s consent, the user has the option of revoking this consent at any time. Revoking this consent does not affect the legality of the processing that has already occurred on the basis of this consent, up to the point in time at which it was revoked. The leader of the online conference is to be informed of the revocation of consent directly, and will either erase the data from the system him/herself or arrange for it to be done.