Data protection officer FAU

Klaus Hoogestraat

 

Datenschutzbeauftragter FAU

c/o ITM Gesellschaft für IT-Management mbH

Bürgerstraße 81

01127 Dresden

 

Telephone: +49 9131 85-25860

E-Mail: datenschutzbeauftragter@fau.de

 

 

We generally only process our users' personal data to the extent that this is necessary to provide a functional website and our content and services. Our users' personal data is usually only processed after the user has given their consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law.

 

If personal data is processed that is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) lit. b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If we obtain the consent of the data subject for processing personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is necessary to fulfill a legal obligation to which our university is subject, Art. 6 (1) lit. c of the GDPR serves as the legal basis.

If the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d of the GDPR serves as the legal basis.

If processing is necessary to fulfil the legal duties of our university, Art. 6 Paragraph 1 Letter e of GDPR in conjunction with Art. 4 and 5 BayDSG forms the legal basis for processing. Many of our duties arise from Art. 2 and 3 BayHIG.

 

We only store your personal data for as long as it is necessary to fulfil our legal duties or the respective processing activity. As a rule, we keep personal data for 10 years after it is created. Transfer to state archives remains unaffected. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

 

Description and scope of data processing

Every time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.

The following data is collected:

• The address (URL) of the website from which the file was requested
• The name of the accessed file
• The date and time of the request
• The amount of data transferred
• The access status (file transferred, file not found, etc.)
• The description of the web browser type or operating system used
• The anonymized IP address of the requesting computer.

The stored data is required exclusively for technical or statistical purposes; there is no comparison with other data sets or even a transfer to third parties, even in extracts. The data is stored in the log files of our system. The user's IP addresses or other data that enable the data to be assigned to a user are not affected by this: Before storage, each data set is anonymized by changing the IP address. This data is not stored together with other personal data of the user.

 

The legal basis for the temporary storage of data and log files is Art. 6 (f) GDPR.

 

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or altered so that it is no longer possible to assign the calling client.

 

The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. The user therefore has no option to object.

 

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is visited again.

 

We use cookies to make our website more user-friendly. Some elements of our website require that the browser that is visiting the website can be identified even after a page change.

The following data is stored and transmitted in the cookies:

 

• Log-in information

 

The user data collected in this way is pseudonymized using technical precautions. It is therefore no longer possible to assign the data to the user who is visiting the website. The data is not stored together with other personal data of the users.

 

The cookies mentioned are necessary for the operation of the website and therefore cannot be switched off. They are only set in the situations specified above.

 

 

On our site, a user's performance sections are evaluated and forwarded in order to officially certify certain processes within the FAU.

The legal basis for processing data after the user has registered for a seminar or event is Art. 6 (f) GDPR if the user has given their consent.

 

We process the personal data from the input masks to determine whether an application can be approved and then inform another internal department at FAU about the positive status.

 

• Automatically via idm login:
  • Matriculation number
  • First name
  • Last name
  • idm ID
  • Email address
• Entered by the user:
  • Courses/degree programs taken
  • The associated data sections and their data
  • Currently selected course/degree program

• Automatically from the website:
  • Date and time of the status change (e.g. approved, rejected)
  • Date and time of any change
  • Date and time of creation
  • History of when and by whom something was changed (e.g. file upload, update, approval)
• Entered by the user:
  • Name of the section (e.g. company name, school name)
  • At which location (e.g. city name)
  • Country
  • Number of hours per week
  • Student's notes
  • Type of section (e.g. technical internship, time in the armed forces)
  • Uploaded PDF documents, such as time sheets, reports, certificates
• Entered by the supervisor:
  • Texts/emails with reasons for: Accepted, Rejected or Rejected
  • Status of the data set, such as Accepted, Rejected or Rejected

• Notes from the supervisor
• If a data set needs to be discussed internally
• Text/email to the other internal department of the FAU for certification

• Date and time of the 1st and last login
• Whether the data protection declaration regarding the storage period has been accepted by the user

Special case:

• A supervisor can create a user with his data sections completely

 

If an entry is approved by the supervisor, the data is forwarded in text form to a department within the FAU, usually by email, so that the entry can be officially approved by the FAU. This data does not include any uploaded documents or notes by the user.

The data will be deleted 10 years after the user last logged in.

 

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email he can object to the storage of his personal data at any time. In this case, all personal data that was stored in the course of contacting us will be deleted.