Privacy Policy

Controller

Technical University of Darmstadt
Science Communication Centre
Karolinenplatz 5
64289 Darmstadt
Phone: +49 6151 / 16-01
Email: presse@tu-darmstadt.de

As at: 1 March 2018

Please note that the English translation of this privacy policy is provided solely for information purposes. Only the German version of the privacy policy is legally binding.

 

1. General information on data processing and legal basis

1.1. This privacy policy serves to inform you about the nature, scope and purpose of the processing of personal data in the context of our online offer and the websites, functions and content pertaining thereto (hereinafter jointly referred to as "Online Offer" or "Website"). The privacy policy applies irrespective of the domains, systems, platforms and devices (desktop computers or mobile devices) on which the Online Offer is accessed.

1.2. As regards the terms used herein, such as "personal data" or "processing" of personal data, reference is made to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). 

 

2. Data and categories

2.1 The personal data processed in connection with this Online Offer include:

  • usage data (e.g. the websites visited of our Online Offer) and
  • content data (e.g. entries in a contact form).

2.2. The term "user" covers all categories of data processing with regard to data subjects. These are, among others, our business partners, interested parties and other visitors of our Online Offer. The terms used, such as "data subjects", include all genders.

2.3. Personal data of users are always processed in compliance with applicable data protection provisions. This means that data of users are processed only if this is permitted by law, i.e. in particular  

  • if processing the data is necessary in order to provide our contractual services (e.g. processing of orders) and our Online Services or is required by law,
  • if the users have given their consent to the processing, and
  • for the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing, profitably operating and ensuring the security of our Online Offer within the meaning or Article 6 (1) (f) GDPR), in particular in connection with reach measurement.

2.4. Please note that the legal basis for the consent is Article 6 (1) (a) and Article 7 GPDR, the legal basis for the processing in order to provide our services and carry out contractual measures is Article 6 (1) (b) GDPR, the legal basis for the processing in order to fulfil our legal obligations is Article 6 (1) (c) GDPR and the legal basis for the processing in order to safeguard our legitimate interests is Article (6) (1) (f) GDPR.

 

3. Security measures

We have implemented state-of-the art organizational, contractual and technical security measures to ensure that the provisions of data protection law are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. 

 

4. Transfer of data to third parties and third-party providers

4.1. Data are transferred to third parties only in compliance with the statutory provisions. We will transfer data of users to third parties only if this is required, for example, for contractual purposes on the basis of Article (6) (1) (b) GDPR or on the basis of legitimate interests pursuant to Article (6) (1) (f) GDPR in the profitable and efficient operation of our business.

4.2. If we employ subcontractors in order to provide our services, we will make appropriate legal provisions and implement corresponding technical and organizational measures to ensure the protection of personal data in accordance with the applicable statutory provisions.

4.3. If content, tools or other means by other suppliers (hereinafter jointly referred to as "Third-Party Providers") are used in the context of this privacy policy, and such Third-Party Providers have their registered office in a third country, it must be assumed that data will be transferred to the countries in which the Third-Party Providers have their registered office. Third countries are countries in which the GDRP is not directly applicable, i.e. generally countries outside the EU and/or the European Economic Area. Data is transferred to third countries if they offer an adequate level of data protection, if the users have consented to a transfer or transfer is permitted by law.

 

5. Provision of contractual services

We process personal information (e.g. users’ names and addresses as well as contact details), contractual data (e.g. services used, names of contact persons, payment details) for the purpose of fulfilling our contractual obligations and providing our contractual services pursuant to Article 6 (1) (b) GDPR.

 

6. User accounts

Users have the option to have a user account set up for them in which they can, in particular, access their data. During the registration process, users are informed about the mandatory information required. The user accounts are not public and cannot be indexed by search engines. If users terminate their user account, any data relating to the user account are deleted, unless they must be kept for reasons of trade or tax law in accordance with Article 6 (1) (c) GDPR. In the event of termination, users are responsible for saving their data prior to the end of the contract. We are entitled to irretrievably delete any data of the user stored during the contract period.

 

7. Data storage

If you access our online service, we store the IP address and the time of user interaction. Data are stored on the basis of our legitimate interests as well as the user’s legitimate interest in being protected against misuse or other unauthorized use. As a rule, data will not be transferred to third parties, unless we are required to do so in order to pursue our claims or unless we are legally obliged to do so pursuant to Article 6 (1) (c) GDPR.

 

8. Processing of usage data

We process usage data (e.g. the websites visited on our Online Offer, interest in our projects) to improve our web offer. 

 

9. Contacting us

9.1. If you contact us (via email), information provided by the user are stored for the purpose of processing the request pursuant to Article 6 (1) (b) GDPR.

9.2. Information provided by users may be stored in our customer relationship management system ("CRM System") or a comparable means for organizing incoming requests. 

 

10. Collection of access data and log files

10.1. On the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR, we collect data on any access to the server on which this service is stored (so-called server log files). Access data include the name of the website accessed, file, date and time of access, amount of data transmitted, notice of successful access, type and version of browser, the user’s operating system, referrer URL (i.e. website visited prior to access), IP address and requesting provider. 

10.2. For security reasons (e.g. for solving acts of misuse or fraud), log file information is stored for a maximum of seven days and will then be deleted. Data that must be kept for evidence purposes will not be deleted until the case in question has been solved.

 

11. Cookies & reach measurement

11.1. Cookies are information transmitted from our web servers or third-party web servers to the users’ web browsers, where they are stored to be called up at a later point in time. Cookies can be small files or any other type of information storage.

11.2. We use "session cookies" that are stored only for the duration of the actual visit on our online presence (this enables us, among other things, to save your login status or offer the shopping cart function and thus the use or of Online Offer as a whole). A session cookie stores a randomly generated, unique identification number, the so-called session ID. A cookie also contains information on its origin and the storage period. These cookies cannot store any other data. Session cookies will be deleted once you have finished using our Online Offer and have logged off or closed your browser, for example.

11.3. Users are informed in this privacy policy about the use of cookies in connection with pseudonymized reach measurement. 

11.4. Users who do not want cookies to be stored on their device are asked to deactivate the corresponding option in their system settings of their browser. Stored cookies can be deleted in the system settings of the browser. However, the range of use of certain functions of this Online Offer may be limited if cookies are deactivated.

11.5. You can object to the use of cookies for reach measurement and marketing purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org), and additionally the US website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices. These settings take effect irrespective of the platform, i.e. they apply to all devices such as desktop computers or mobile devices. 

 

12. Rights of users

12.1. Users have the right to access, upon request and free of charge, their personal data stored by us.

12.2. In addition, users also have the right to rectification of incorrect data, restriction of processing and erasure of their personal data, to the extent applicable, to assert their right to data portability and, if there is an assumption that data have been unlawfully processed, to lodge a complaint with the competent supervisory authority.

12.3. Users may also withdraw their consent, as a rule with effect for the future. 

 

13. Erasure of data

13.1. The data stored by us will be erased as soon as they are no longer required for their intended purpose and there are no statutory retention obligations opposing erasure. If user data are not erased because they are required for other purposes permitted by law, processing of such data will be restricted. This means that the data will be made unavailable and will not be processed for other purposes. For example, this applies to data of users that must be kept for trade or tax law reasons.

13.2. In accordance with statutory provisions, data must be retained for a period of 6 years pursuant to sec. 257 para. 1 of the German Commercial Code [Handelsgesetzbuch (HGB)] (commercial records, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records) and 10 years pursuant to sec. 147 para. 1 of the Fiscal Code of Germany [Abgabenordnung (AO)] (accounts, records, management reports, accounting records, commercial and business letters, documents relevant for taxation etc.).

 

14. Right to object

Users may object to the future processing of their personal data, in particular to the processing for the purpose of direct marketing, at any time in accordance with the statutory provisions.

 

15. Amendments to the privacy policy 

15.1. We reserve the right to amend the privacy policy in order to adapt it to changes in the legal situation or changes to the service and the data processing. However, this applies only with regard to declarations on data processing. To the extent that user consent is required or components of the privacy policy contain provisions governing the contractual relationship with the users, amendments will only be made with the approval of the users.

 

15.2. Users are asked to inform themselves regularly about the content of the privacy policy.