Privacy Policy
This is a translation of TU Braunschweig’s Datenschutzerklärung (Data Protection Declaration). Only the German version is legally valid. In case of any differences in wording, meaning, or interpretation between the German and English versions, the German version shall prevail.
I. Name and Address of the Controller
The controller as described in the General Data Protection Regulation (GDPR) and other national data protection acts as a member states as well as other data protection provisions is:
Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Tel.: +49 (531) 391- 0
E-Mail: praesidentin(at)tu-braunschweig.de
Represented by the President
Prof. Dr. Angela Ittel
https://www.tu-braunschweig.de/en/president
II. Name and Address of the Data Protection Officer
The data protection officer at Technische Universität Braunschweig is:
Dr. Bernd Nörtemann
Bienroder Weg 80
38106 Braunschweig
Tel.: +49 (531) 391 - 7654
E-Mail: datenschutz(at)tu-braunschweig.de
https://www.tu-braunschweig.de/datenschutz
III. General Information on Data Processing
1. Extent of personal data processing
TU Braunschweig only collects and processes its users’ personal data to the extent necessary to ensure the website functions and as required for its content and services as long as there is a legal basis permitting TU Braunschweig to do so.
2. Legal basis for personal data processing
If the data subjects must consent to their personal data being processed for certain procedures, point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required to fulfil a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processes required for carrying out pre-contractual matters.
If it is necessary to process personal data to fulfil one of TU Braunschweig’s legal obligations, point (c) of Article 6(1) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require personal data to be processed, point (d) of Article 6(1) GDPR serves as the legal basis.
If the processing is required to fulfil a task that is in the public interest or that is a part of exercising official authority that was transferred to TU Braunschweig, point (e) of Article 6(1) GDPR in conjunction with § 3 NDSG serve as the legal basis for processing the data.
If it is necessary to process the data to preserve TU Braunschweig’s legitimate interests or those of the third-party, and if the interests, basic rights and freedoms of the data subject do not override the aforementioned interests, point (f) of Article 6(1) GDPR serves as the legal basis.
3. Period for which personal data is stored
TU Braunschweig saves the data subject's personal data only for as long as the reason for saving the data exists. If the data is processed based on the data subject's consent, the data is saved only until the consent is revoked unless there is another legal basis for processing the data.
4. Rights of the data subjects
4.1 Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed by TU Braunschweig. If that is the case, he or she has a right of access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the existence of the right to lodge a complaint with a supervisory authority.
4.2 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The controller shall immediately rectify the data.
4.3 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
4.4 Right to erasure
A) OBLIGATION TO ERASE
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
B) EXCEPTIONS FROM THE OBLIGATION TO ERASE
The right to have data erased shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
4.5 Right to notification
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform the data subject about those recipients if the data subject requests it.
4.6 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. In addition, the data subjects have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(b) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4.7 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1).
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Data subjects have the right to withdraw their consent to their data being processed at any time. Withdrawing consent shall not affect the lawfulness of the processing done until the time consent was withdrawn.
4.8 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
IV. Description of the Website and Creating Log Files
1. Description and scope of data processing
Each time TU Braunschweig’s website is accessed, the system automatically collects data and information from the system of the computer accessing the site.
The following data are collected:
- Information about the browser type and version used
- The user's operating system
- The user's IP address
- The date and time the website was accessed
- Websites that were accessed by the user's system via TU Braunschweig’s website
The data are also saved in TU’s system log files. These data are not saved together with other personal data from the user.
2. Legal basis for data processing
The legal basis for temporarily saving the data is point (f) of Article 6(1) EU-GDPR.
3. Purpose of data processing
The system must save IP addresses temporarily to ensure services operate properly. For this purpose, the user's IP address must be saved for the duration of the session.
The data are saved in log files to ensure the website’s functionality. The data also serve to enable TU Braunschweig to optimise the website and ensure the security of the IT systems. The data are not analysed for marketing purposes.
The purposes listed above encompass the legitimate interest in data processing according to point (f) of Article 6(1) GDPR.
4. Period of storage
The data are erased when the respective session ends. For the data stored in log files, the data are erased at the latest after seven days.
It is possible to store the data for a longer period of time. In this case, the user’s IP address is erased or alienated so that it is no longer possible to determine which client accessed the site with that address.
V. Use of Cookies
1. Description and scope of data processing
TU Braunschweig’s website uses cookies to make its website more user-friendly. Some elements of its website require the browser being used to be able to be identified even after changing webpages.
In the cookies, a unique, randomly generated identification number of the website session is stored and transferred for the duration of the session.
2. Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is point (f) of Article 6(1) EU-GDPR.
3. Purpose of data processing
Technically necessary cookies are used to simplify the use of the website for users. Some functions of TU Braunschweig’s website cannot be offered without using cookies. For these, it is necessary for the browser to be recognised even after changing pages. The purposes listed above encompass the legitimate interest in personal data processing according to point (f) of Article 6(1) EU-GDPR.
Cookies are needed for the following applications:
a) providing the website
b) use/access to protected websites and content (only after login and only for members of the TU Braunschweig)
c) use/access to the content management system of the website to edit the website (only after login and only for authorised members of the TU Braunschweig)
The usage data collected by technically necessary cookies are not used to create usage profiles.
4. Period of storage, possibilities to object to and remove cookies
Cookies are saved on the user's computer by the internet browser and transferred to TU Braunschweig’s website from that computer. This means that users also have full control over the use of cookies. By changing the settings in their Internet browser, they can deactivate or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for TU Braunschweig’s website are deactivated, it is possible that not all of the website’s functions will be able to be used to the full extent.
VI. Anonymized Measurement of access to our website
We measure the traffic with a tool called Fathom from Conva Ventures Inc.
BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8.
This is a tracking method from a company based in Canada that does not require the setting of a cookie.
The company has developed a method called "EU Isolation" for use in accordance with EU law. This means that all EU visitor traffic is processed on EU servers that belong to a German legal entity. In this way, website visitors are better protected from access by non-EU authorities.
You can find more information here: https://usefathom.com/features/eu-isolation