Privacy Policy According to Article 13 of the General Data Protection Regulation (GDPR)

The Privacy Policy is to provide information on the processing of your personal data in connection with this website and on your rights according to data protection legislation. According to Article 4, No. 1 of the EU General Data Protection Regulation (GDPR), personal data are all data that can be related to an identified or identifiable natural person.

Overview 

  1. Controller and data protection officer
  2. Accessing the website and server log files
  3. Cookies
  4. Making contact (e-mail, telephone, form)
  5. Contact/registration form
  6. Newsletter
  7. Links to other websites
  8. Encrypted transmission (TLS encryption)
  9. Your rights

Information

.

  1. Controller and data protection officer

    The controller for data processing within the meaning of the GDPR (Art. 4 No. 7) and other data protection regulations is

    Karlsruhe Institute of Technology (KIT)

    Kaiserstrasse 12
    76131 Karlsruhe
    Karlsruhe, Germany
    Phone: +49 721 608-0
    Fax: +49 721 608-44290
    E-mail: info∂kit.edu

    Karlsruhe Institute of Technology is a a corporation governed by public law. It is represented by its President.

    Our Data Protection Commissioner may be contacted at datenschutzbeauftragte∂kit.edu or by ordinary mail with “Die Datenschutzbeauftragte“ (the Data Protection Commissioner) being indicated on the envelope.

  2. Accessing the Website and Server Log Files

    Scope and purpose: When using the website for information only, i.e. when you neither register nor transmit information to us in any other way, we will only collect your personal data that are transmitted by your browser to our server after the settings you have made. These are:

    • The IP address of the user
    • Date and time of access
    • Accessed website or URL
    • Access data / HTTP status code
    • Data volume transmitted
    • Websites from which the user’s system accesses our Internet site, if the user’s browser transmits these data actively
    • Information on the browser type and the version used
    • Operation system of the user
    • Information on the encryption protocol and the used encryption algorithm

    These data serve to technically optimize the website and to ensure security of our IT systems. The IP address is required for the operation and delivery of the website, it is written into the log files in abbreviated form, and is no longer available in its entirety after the request. From these data, we cannot draw any direct conclusions with respect to individual persons. In anonymized form, the data are processed for statistical purposes. The data are not compared with other data sets.

    If we have concrete evidence of illegal use, we reserve the right to collect and store full IP addresses.

    Recipients: Data will not be forwarded to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3 lit. b GDPR in conjunction with Article 4 LDSG (State Data Protection Act) and Article 20, par. 1 KITG (Act on KIT) in conjunction with Article 12, par. 1 LHG (Act of Baden-Württemberg on Universities and Colleges).

    Storage period: The personal data are stored as long as they are needed for reaching the purpose of their collection. After seven days at the latest will the data be deleted.

  3. Cookies

    Scope and purpose: In addition to the data listed above, cookies are stored on your computer when using our website. Cookies are small text files stored by your browser on your PC, via which certain information is transmitted to us (the server of our website). We use so-called session cookies (transient cookies) that are technically required to make the website functional. In the cookies used by us, the following data are stored and transmitted.

    • Session-ID („PHPSESSID“)

    Recipient: The data are not transmitted to third parties.

    Legal basis: The legal basis for processing personal data using technically required cookies in the sense of Art. 25, par. 2 TDDDG (Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services) is Art. 6, par. 1, lit. e and par. 3, lit. b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG.

    Storage period: The session cookies will be deleted at the latest when you close your browser.

    Tip: You can set your browser such that you are informed about the setting of cookies and you can allow cookies in the individual case only, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when closing your browser. If you deactivate cookies, functionality of this website may be limited.

  4. Contact (Email, Phone, Form)

    Scope and purpose: When contacting us by email, phone, or by sending a form, your contact data transmitted to us, such as email address, phone number, and name, are stored for the purpose of processing and answering your inquiry.

    Please note that data transmission (e.g. when communicating by email) may be subject to security deficiencies. It is not possible to completely protect the data from access by third parties.

    Recipient: If needed for responding to your inquiry, personal data may be forwarded to competent offices of KIT. The responsible KIT employees will use your personal data for processing your inquiry exclusively. The data will not be transmitted to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3, lit b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG as well as other pertinent legal provisions.

    Storage period: The personal data will be stored as long as they are needed for fulfilling the above purpose. This means that the data will be deleted when it must be assumed that an exchange is no longer desired.

  5. Contact/registration form

    Scope and purpose: We process your personal data from the corresponding form/registration mask for the purpose of sending and associated organizational management of mailing lists or registrations for events. We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm your registration within 48 hours, your registration will be automatically deleted from our database.

    Recipient: The data will not be transmitted to third parties.

    Legal basis: The legal basis for the processing of this data is Art. 6 para. 1 lit. a GDPR (consent).

    Consent is given voluntarily. Consent can be withdrawn at any time with effect for the future. Effect for the future means that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. There are no disadvantages if consent is refused or withdrawn. 

    Storage period: The personal data will be stored as long as they are needed for the above purposes. This means that we will store the data as long as you have given your consent.

  6. Newsletter
    Scope and purpose: The personal data collected as part of the newsletter is used for the purpose of processing. This website uses the provider CleverReach GmbH & Co KG (Mühlenstr. 43, 26180 Rastede) to send newsletters, with whom we have concluded a contract for commissioned data processing in accordance with the strict requirements of the German data protection authorities. You can find more details in CleverReach's privacy policy at: https: //www.cleverreach.com/de/datenschutz/.
    CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland. The newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Further information on data analysis by CleverReach newsletters can be found at:  https://www.cleverreach.com/de/funktionen/reporting-und-tracking
    We use the so-called double opt-in procedure for registration, i.e. your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. Your data will not be passed on to third parties. Your data will not be processed or used for the purposes of consulting, advertising or market research. If you unsubscribe from the newsletter, all personal data relating to you will be deleted from our database. However, it is no longer possible for us to send you a newsletter without your personal data.

    Legal basis: The legal basis for the processing of this data is Art. 6 para. 1 lit. a GDPR (consent). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter.

    Storage period: The personal data will be stored for as long as is necessary for the above-mentioned purposes, i.e. we will store the data for as long as you have given your consent. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from CleverReach's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

  7. Links to other websites

    When we link to websites outside of KIT, the privacy policies and information provided there apply.

  8. Encrypted transmission (TLS encryption)

    This site uses TLS encryption to protect the transmission of all contents as well as of the inquiries you sent to us as the site operator.

    With TLS encryption, the data you transmit to us cannot be read by third parties as a rule. Please note, however, that when transmitting data via the Internet, complete protection against access by third parties can never by guaranteed.

  9. Your rights

    As regards your personal data, you have the following rights:

  10. Right to withdrawal of your consent with effect for the future, if processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a GDPR (Art. 7, par. 3 GDPR),
  11. right to confirmation as to whether data about you are processed and right to information about the data processed and to further information about data processing as well as right to obtain copies of the data (Art. 15 GDPR),
  12. right to rectification or completion of incorrect or incomplete data (Art. 16 GDPR),

  13. In addition, you have the right to complain about the processing of your personal data by KIT with its supervisory authority (Art. 77 GDPR). According to Art. 25, par. 1 LDSG, the supervisory authority of KIT according to Art. 51, par. 1 GDPR is:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (Baden-Württemberg State Commissioner for Data Protection and Freedom of Information) (https://www.baden-wuerttemberg.datenschutz.de/, in German)

  14. right to immediate erasure of your personal data (Art. 17 GDPR),
  15. right to restriction of processing (Art. 18 GDPR),
  16. right to portability of the data in a structured, common, and machine-readable format, provided that processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a or Art. 9, par. 2, lit. a GDPR or on an agreement according to Art. 6, par. 1, sub-par. 1, lit. b GDPR (Art. 20 GDPR),
  17. right to object to the future processing of your personal data, if the data are processed according to Art. 6, par. 1, lit. e or f GDPR (Art. 21 GDPR).

Newsletter

The personal data collected as part of the newsletter distribution will be used for the purpose of processing. Your data will not be passed on to third parties. Your data will not be processed or used for the purposes of consulting, advertising or market research. If you unsubscribe from the newsletter, all personal data about you will be deleted from our database.

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Here, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. For more information on data analysis by CleverReach newsletters, please visit:https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter.

The data you have provided to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from CleverReach's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

For more details, please refer to the data protection provisions of CleverReach at:https://www.cleverreach.com/de/datenschutz/.

Conclusion of a contract for order data processing
We have concluded an order data processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Use of Google ReCaptcha

We use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website you visit with us on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the described data processing is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our side in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

SSL Encryption

For reasons of security and for the protection of the transmission of confidential contents, such as inquiries sent to us as website operator, this website uses SSL encryption. In case of an encrypted connection, the address line of the browser changes from http:// to https:// and the lock symbol is indicated in your browser line.
When SSL encryption is activated, third parties cannot read the data you transmit to us as a rule.

Your Rights

As far as your personal data stored by us are concerned, you have the following rights:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to data processing
  • Right to data portability

(2) In addition, you have the right to complain about the processing of your personal data by us with a supervisory authority.
(3) In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).
(4) In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).

Cookies

In addition to the data mentioned above, cookies are stored on your personal computer when using our website. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of our website) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.

Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to our website. Session cookies are deleted when you log out or close the browser.

We use session cookies exclusively. We do not use any persistent cookies or flash cookies.

You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of this website may be limited.