Thank you for your interest in the TUM Campus Heilbronn gGmbH, the TUM Campus in Heilbronn and the website www.tumheilbronn-ggmbh.de (hereinafter referred to as “website”). The protection of your privacy and the compliance of our collection, processing and use of your data with the applicable legal framework is important to us.
Please find below detailed information on how we collect, process and make use of your data.
1. Controller / Service Provider
1.1. Controller according to Art. 4 para. 7 of the General Data Protection Regulation (hereinafter „GDPR“) and Service Provider acc. to the German Telemedia Act (Telemediengesetz, TMG) is TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn, e-mail: firstname.lastname@example.org (hereinafter referred to as „us“ or „we“).
1.2. The contact details of our external data protection officer are as follows: Dr. Thomas A. Degen, attorney and specialist in IT law, certified TÜV Süd (DSB-TÜV) data protection officer, c/o Jordan & Wagner Rechtsanwaltsgesellschaft mbH, Alexanderstr. 8A, DE 70184 Stuttgart, e-mail: email@example.com
2. Collection, Processing and Use of Data Upon Your Visit to Our Website
2.1. If you use the Website for information purposes only, i.e. if you do not register or otherwise provide us with any information yourself, we only collect the personal data, which your browser transmits to our server. If you wish to browse our website, we collect the following data, which we require for technical reasons to display our website to you and to ensure stability and security:
- the name of your internet service provider,
- the IP address assigned to you,
- the address of the website, your visit to our website originated from,
- the browser used and, if applicable, the operating system of your computer system,
- the amount of data transferred at each instance
- the individual webpages of our website, which you have browsed, as well as
- date and time of your visit to our website.
2.2. We have access to these data as well as our IT service providers, including our host provider, who’s servers are located within the European Union. We have entered into a data processor contract acc. to Art. 28 GDPR.
2.3. We process said data for the following purposes:
- safeguarding a smooth connecting to the website,
- safeguarding a comfortable use of our website,
- evaluation of system safety and stability as well as
- other administrative purposes.
2.4. Log file information is being stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of 10 days and deleted or anonymized thereafter. The storage of data required for evidence purposes is excluded from the deletion until final clarification of the respective incident.
2.5. Art. 6 para. 1 s. 1 lit. f GDPR is the legal basis for the data processing. Our legitimate interest follows from the data collection purposes as listed above.
3. Collection, Processing and Use of Data Provided by You in the Course of the Use of the Website
3.1. In the event that you contact us, e.g. by way of e-mail, facsimile transmission or by use of a contact form, we will collect any data you provide to us. The processing and use of any such data that you provide when contacting us will be carried out for the purpose of answering your request and for any follow-on queries, only.
3.2. Processing of data for the purpose of contacting is carried out in accordance with Art. 6 para. 1 s. 1 lit. b GDPR.
Running a website requires the collection and temporary storage of data in server log files by a web host. The hosting services for this website are provided by RAIDBOXES. This service is based on cloud hosting on servers situated in Germany with a guaranteed ISO 21007 certification.
RAIDBOXES automatically collects and stores server log files with information transmitted by your browser. This includes the following information: Operating system, browser type, host name (IP address) and referrer URL (previously visited webpage). RAIDBOXES cannot deduct from this data any connections to specific persons. These data will not be amalgamated with other data sources. Following a statistical analysis, these data will be deleted after 31 days at the latest.
We have entered into a contract with RAIDBOXES on commissioned data processing (CDP). This contract governs the scope, type and purpose of RAIDBOXES’ access to data. These access possibilities are limited to only a necessary access as required for the provision of the hosting services.
5. USE OF OUR SERVICES
5.1. If you wish to make use of our services, the respective advice or the conclusion of the respective contract requires that you provide your personal data, which we need in order to process your order in accordance with Art. 6 para. 1 p. 1 lit. b GDPR. We process the data you provide for the purpose of processing your order.
5.2. Provided you grant your consent, we will also include you in our database of interested parties. We will then store your data for any further orders. You are free to revoke your consent to this storage of customer data at any time. In such event, we will delete the respective data immediately, as soon as we are no longer entitled to or under an obligation of storing the data in accordance with ciphers 4.1, 4.3 of this present data protection declaration.
5.3. Commercial and tax law requires us to store your address, payment and order data for a period of ten years. However, after two years we will restrict such processing, i.e. your data will only be used to comply with the legal obligations.
6.1. When you visit our website for the first time from one of the devices you use, you will receive a notice that when using the website, so-called cookies may be loaded onto the hard disk of the device. Should you continue to use our website following receipt of this notice, you thereby declare your consent to our use of permanent cookies.
6.2. Cookies are alphanumeric identifiers that are transferred to the hard drive of the device upon visiting our website. They allow us to recognise your browser, when you visit the website again, and are primarily used to render your visit to the website a more pleasant and individual experience, e.g. by recognising the language used, as well as to protect the website from hacker attacks.
6.3. This website uses the following types of cookies, the scope and functionality of which are explained below:
- transient cookies (see 6.4 below)
6.4. Transient cookies are being deleted automatically, when you close your browser. They include in particular the session cookies. These cookies store a so-called session ID, which may be used to associate various requests from your browser with the shared session. This allows for your computer to be recognised, when you return to our website. The session cookies are being deleted upon logout or closing of your browser.
6.5. At any time, you can delete the cookies in the security settings of your browser. The help function in the menu bar of most web browsers explains, how to set up your browser so that new cookies are never being accepted, cookies are set only after notice and only by you or are being generated always automatically.
7. OWN WEB FONTS
This website currently uses web fonts on its own servers only in order to provide a uniform display of fonts. This does in no way include any access to servers of Google LLC.
8. E-MAIL NEWSLETTER
If you subscribe to our e-mail newsletter (hereinafter referred to as “newsletter”), we will collect your e-mail address and any additional data you may have provided. We use the data exclusively for the purpose of sending you the respective newsletter for the purposes stated in the course of the registration for the newsletter. The registration takes place using the double-opt-in procedure and may therefore only be completed, if you confirm the link provided in the confirmation e-mail and thereby confirm your consent to the newsletter dispatch. You may revoke your consent to the dispatch of a newsletter at any time. You may also unsubscribe using the link provided at the end of each newsletter. The legal basis for the provision of the newsletter is Art. 6 para. 1 s. 1 lit. a GDPR.
Our newsletters contain so-called tracking pixels. A tracking pixel is a tiny graphic embedded in emails sent in HTML format for log file recording and analysis. It serves the statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel allows us to determine, if and when an email was opened by a respective person and which hyperlinks in the email this person has used.
We store and evaluate such personal data collected using the tracking pixels contained in the newsletters in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the respective person. These personal data will not be passed on to third parties. The respective persons are entitled to revoke at any time the respective separate declaration of consent submitted via the double opt-in procedure. Following such revocation, we will delete these personal data. An unsubscription from the newsletter also represents such a revocation of consent.
9. REGISTRATION FOR OUR EVENTS/ REGISTRATION MASK
9.1. Description and scope of data processing
You may register for events via our website. For this purpose, you can provide personal information in the registration screen. Any such information, which is mandatory for registration, is marked with an asterisk “*”. You cannot register without this information for the event. All other information is voluntary given and not required for the participation in our events.
Different data will be requested depending on the type of event. For certificate courses, for example, participants are required to provide a proof of knowledge gained, as opposed to Virtual Info Sessions, where there is no such requirement.
Depending on the event, the following data is processed:
- First name, last name
- Telephone number
- E-mail address
- Date of birth
- Billing address
- Evidencing knowledge: resume or link to a LinkedIn profile
In addition, you may subscribe to our newsletter (please refer to our newsletter mailing information under “Email Newsletter” – in this present data protection declaration).
9.2. Legal basis for data processing
The legal basis for the processing of data is, in addition to Art. 6 para. 1 s. 1 lit. b GDPR (processing of necessary data), your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR.
9.3. Purpose of Data Processing
We only process your data for the purpose of carrying out the event you register for.
9.4. Duration of storage
The respective data will be deleted as soon as storage is no longer required to achieve the purpose for which the data were collected. Generally, this is the case after five years. Longer storage periods may result, in accordance with Art. 6 para. 1 s. 1. lit. c GDPR, where necessary due to tax and commercial law retention and documentation obligations as well as where due to regulations that apply to our company.
9.5. Possibility of Objection and Removal
You may revoke your consent at any time. Following such revocation, we will only process your data insofar as necessary for the execution of the contract with you and/or where storage obligations beyond this point apply.
10. Linking To Other Websites
On our website, we may include links – also by using icons – to websites of other providers such as TUM, TUM School of Management, Facebook, Instagram, LinkedIn, Xing or YouTube. If you follow such a link on our website, we have, unfortunately, no longer any influence on the collection, processing and use of your data by third parties. Therefore, we do not and, unfortunately, cannot assume any responsibility for any such collection, processing and use.
In the context of our Website, we provide links, if necessary – also by icon -, to web pages of other providers, e.g. on Twitter, Facebook or Youtube. If you click on such a link on the Website, we unfortunately no longer have any influence on the collection, processing and use of your data by third parties. Therefore, we cannot take any responsibility for such activity.
11. Data Disclosure
11.1. Your personal data will not be transferred to third parties for purposes other than those listed below.
11.2. We will only disclose your personal data to third parties if:
- you provided express consent to such disclosure pursuant to Art. 6 para. 1 s. 1 lit. a GDPR,
- such disclosure is, pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, necessary for the assertion, exer-cise or defence of legal claims, provided that there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- there is a legal obligation to disclose data pursuant to Art. 6 para. 1 s. 1 lit. c GDPR, and/ or
- it is legally permissible and required for the execution of contractual relationships with you acc. to Art. 6 para. 1 s. 1 lit. b GDPR.
12. Statutory Rights of Affected Persons
You are legally entitled to the following:
- acc. to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been, are or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless the data have been collected by us directly, as well as the existence of any automated decision-making process including profiling, and, if applicable, meaningful information on its details;
- acc. to Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us;
- acc. to Art. 17 GDPR, to demand the deletion of any of your personal data stored by us, unless such processing is necessary for the exercise of the right to freedom of expression and to information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- acc. to Art. 18 GDPR, to demand the restriction of the processing of your personal data, should you dispute the correctness of the data, should the processing be unlawful and you, despite all of this, refuse its deletion and should we no longer need the data, but you need the data to assert, exercise or defend legal claims or have lodged an objection against the data processing in accordance with Art. 21 GDPR;
- acc. to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transfer to another Controller;
- acc. to Art. 7 para. 3 GDPR, to revoke your consent given to us at any time. The consequence is that we may no longer continue the data processing based on this consent in the future,
- acc. to Art. 77 GDPR, to complain to a supervisory authority. Generally, you may contact the competent supervisory authority at your usual place of residence, at your workplace or at our company headquarters, and
- acc. to Art. 21 GDPR, to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR and if there are reasons for such objection, which result from your particular situation (hereinafter referred to as Right of Objection).
- TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn
- E-Mail: firstname.lastname@example.org
13. NO AUTOMATED DECISION-MAKING
We do not make use of automated decision making based on the collected data.
14. Topicality and Amending of this Present Data Protection Declaration
This present data protection declaration is currently valid and its status is June 2022. The further development of our website or changes of the legal or administrational requirements may require changes to this data protection declaration. You may access and print out the current data protection declaration at any time on the website under “Data protection declaration”.