Privacy policy

1. Introduction

With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights. It is possible to use our Internet pages without entering personal data.

The processing of personal data is in accordance with the Data Protection Regulation (DS-GVO). By means of this data protection declaration, we inform you about the scope and purpose of the personal data we collect, use and process when you use our website.

As the controller, we have implemented technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions may be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or by post.

2. Responsible Party

The responsible party in the sense of the DS-GVO is:

Technische Universität Ilmenau
Ehrenbergstr. 29
98693 Ilmenau, Germany.

Telephone: +49 3677 69-0

fax: +49 3677 69-5009

E-mail: praesident@tu-ilmenau.de

Representative of the responsible person: Univ.-Prof. Dr.-Ing. habil. Kai-Uwe Sattler

3. Data Protection Officer

You can reach the data protection officer as follows:

Martin Neldner

Telephone: +49 3677 69-2524

Fax: +49 3677 69-5009

E-mail: datenschutzanfrage@tu-ilmenau.de

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

4 Legal basis of processing

The legal basis of the processing is Art. 6 para. 1 lit. e and, if applicable, c DS-GVO in conjunction with. § 16 f. ThürDSG, § 5 ThürHG.

5 Technology

5.1 SSL/TLS encryption

To ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

5.2 Data collection when visiting the website

When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information with each call of a page by you or an automated system. This general data and information is stored in the server log files. The following data can be collected

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system arrives at our website (so-called referrer),
  4. the sub-websites which are accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. an abbreviated Internet protocol address (anonymised IP address),
  7. the internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to

  1. to deliver the contents of our website correctly,
  2. to optimise the contents of our website as well as the advertising for the same,
  3. to ensure the long-term functionality of our IT systems and the technology of our website, and
  4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Therefore, the data and information collected is, on the one hand, statistically analyzed by us and, on the other hand, it is evaluated with the aim of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest follows from the purposes for data collection listed above.

6 Cookies

6.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.

In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.

7 Contents of our website

7.1 Contacting us / contact form

When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.

8. Our Activities in Social Networks

To communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Article 26 DS-GVO with regard to the processing operations triggered thereby which concern personal data.

We are not the original provider of these pages, but merely use them within the scope of the possibilities offered to us by the respective providers. As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and the processing in the social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behaviour is directly assigned to your own member profile of the social networks (if you are logged in here).

The described processing operations of personal data are carried out in accordance with Art. 6 Para. 1 lit. f DS-GVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a DS-GVO in conjunction with. Art. 7 DS-GVO.

As we do not have access to the providers' databases, we would like to point out that it is best to exercise your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks and the possibility of making use of your right of objection or revocation (so-called opt-out), we have listed below at the respective provider of social networks used by us:

8.1 Facebook

(Co-)responsible for data processing in Europe: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): https://www.facebook.com/about/privacy

Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

https://de-de.facebook.com/about/privacy/

8.2 Instagram

(Co-)responsible for data processing in Germany: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): http://instagram.com/legal/privacy/

Opt-out and advertising settings: https://www.instagram.com/accounts/privacy_and_security/

8.3 LinkedIn

(Joint) controller for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-out and advertising preferences: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

8.4 Twitter

(Joint) controller for data processing in Europe: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy: twitter.com/de/privacy

Information about your data: https://twitter.com/settings/your_twitter_data

Opt-out and advertising settings: https://twitter.com/personalization

8.5 YouTube

(Joint) controller for data processing in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy

Opt-out and advertising settings: https://adssettings.google.com/authenticated

8.6 XING

(Joint) controller for data processing in Germany: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Privacy policy: https: //privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members: https://www.xing.com/settings/privacy/data/disclosure

9. Web Analysis

9.1 Matomo

We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e. for collecting, collating and evaluating data on the behaviour of visitors to websites. Among other things, data is collected about the website from which a data subject has accessed a website (so-called referrer), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. This is used to optimise the website and for cost-benefit analysis of Internet advertising.

The software is operated on the server of the controller, the data protection sensitive log files are stored exclusively on this server.

Matomo sets a cookie on your IT system. The setting of the cookie enables us to analyse the use of our website. Each time one of the individual pages of this website is called up, the Internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. Within the scope of this technical procedure, we obtain knowledge of personal data, such as the IP address of the person concerned, which we use, among other things, to trace the origin of visitors and clicks.

By means of the cookie, personal information, such as the time of access, the place from which access originated and the frequency of visits to our website are stored. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass on this personal data to third parties.

You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your IT system. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.

Furthermore, you have the option of objecting to and preventing the collection of data generated by Matomo that relates to a use of this website. To do this, you must set an opt-out cookie. If your IT system is deleted, formatted or reinstalled at a later date, the data subject must set an opt-out cookie again. However, with the setting of the opt-out cookie, there is a possibility that our internet pages will no longer be fully usable for you.

These processing operations are only carried out if express consent is given in accordance with Art. 6 (1) lit. a DS-GVO.

Further information and the applicable data protection provisions of Matomo can be found at https://matomo.org/privacy/.

10 Plugins and other services

10.1 Vimeo (videos)

Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on our website. When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Vimeo. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA and stored there.

If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.

The described data processing operations are carried out in accordance with Art. 6 (1) lit. f DS-GVO on the basis of Vimeo's legitimate interest in market research and the needs-based design of the service.

If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy, can be found in Vimeo's privacy policy: https://vimeo.com/privacy.

The Google Analytics tracking tool is automatically integrated into videos from Vimeo that are embedded on our site. This is Vimeo's own tracking, to which we have no access and which cannot be influenced by our site. Google Analytics uses so-called "cookies" for tracking, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

These processing operations are carried out exclusively when express consent is given in accordance with Art. 6 (1) lit. a DS-GVO.

11. Your Rights as a Data Subject

11.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you is being processed.

11.2 Right to information Art. 15 DS-GVO

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the legal provisions.

11.3 Right to rectification Art. 16 DS-GVO

You have the right to demand that incorrect personal data concerning you be corrected. You also have the right to request that incomplete personal data be completed, taking into account the purposes of the processing.

11.4 Deletion Art. 17 DS-GVO

You have the right to demand that we delete the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

11.5 Restriction of processing Art. 18 DS-GVO

You have the right to demand that we restrict processing if one of the legal requirements applies.

11.6 Data portability Art. 20 DS-GVO

You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or on a contract pursuant to Art. 6(1)(b) DS-GVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

11.7 Objection Art. 21 DS-GVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) DS-GVO.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 DS-GVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the DS-GVO, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

11.8 Withdrawal of consent under data protection law

You have the right to revoke consent to the processing of personal data at any time with effect for the future.

11.9 Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

12 Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject.

If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

13 Duration of the Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.

14. Topicality and Change of the Data Protection Explanation

This data protection declaration is currently valid and has the status: March 2021.

Due to the further development of our Internet pages and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at tu-ilmenau.de/datenschutz.

This data protection declaration was created with the support of the data protection software: audatis MANAGER.