Privacy Policy pursuant to the GDPR
Name and Address of the Data Controller
The Controller pursuant to the General Data Protection Regulation and other national data protection laws of the Member States plus other legal data protection regulations is:
Student Council of the Faculty for Mechanical Engineering
Universitätsplatz 2
39106 Magdeburg
Germany
Tel.: +49 391 67 51299
E-Mail: farafmb@ovgu.de
Website: www.farafmb.de
Name and Address of the Data Protection Officer
The data protection officer of the data controller is:
Rita Freudenberg
Universitätsplatz 2
39106 Magdeburg
Germany Tel.: +49 391 67 52499
E-Mail: datenschutz@ovgu.de
Website: www.ovgu.de/Universität/Organisation/Beauftragte/Datenschutzbeauftragte.html
I. General Information on Data Processing
1. Extent of the Processing of Personal Data
In principle we only collect and use the personal data of our users to the extent necessary to deliver a functioning website, and provide our content and services. The personal data of our users is routinely only collected and used with the approval of the user. An exception applies in cases where it is not possible for practical reasons to obtain consent in advance and the processing of the data is permitted by law.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for the processing of their personal data, Article 6 (1) point (a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal data. For the processing of personal data that is required for the performance of a contract to which the data subject is party, Article 6 (1) point (b) of the GDPR forms the legal basis. This also applies to processing operations that are necessary prior to entering into a contract. Insofar as it is necessary to process personal data in order to comply with a legal obligation to which our organisation is subject, Article 6 (1) point (c) of the GDPR forms the legal basis. In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) point (d) of the GDPR forms the legal basis. If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the interests, and fundamental rights and freedoms of the data subject do not override the former interest, then Article 6 (1) point (f) of the GDPR forms the legal basis for the processing.
3. Data Erasure and Storage Period
The personal data of the data subject will be erased or made unavailable as soon as the reason for storage no longer applies. Moreover, they may be stored if this is provided for by the European or national legislator under the Union regulations, laws or other mechanisms to which the controller is subject. The data shall also be made unavailable or erased when a storage period prescribed by the standards mentioned elapses, unless there is a requirement to continue to store the data in order to enter into a contract, or for the performance of a contract.
II. Provision of the Website and Creation of Log Files
1. Description and Extent of Data Processing
Each time our website is called up, our system automatically records data and information from the computer system of the calling computer. The following data are collected in the process:
- information on the browser type and the version being used
- the operating system of the user
- the Internet Service Provider of the user
- the IP address of the user
- the date and time of access
The data are also stored in the log files in our system. This data is not stored with other personal data pertaining to the user.
2. Legal Basis for the Processing of Data
The legal basis for the temporary storage of data and log files is the legitimate interests pursuant to Article 6 (1) point (f) of the GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the computer of the user. To this end, the IP address of the user must be stored for the duration of the session. It is stored in log files in order to ensure the proper functioning of the website. In addition, this data helps us to optimise the website and safeguard the security of our IT systems. The data are not evaluated for marketing purposes in this connection.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. If the data were recorded to make the website available to the user, this is the case when the relevant session comes to an end. In the event that the data are stored in log files, they will be erased at the latest after seven days. The data may be stored beyond this period. In this case, the IP addresses of the users will be erased or anonymized so that it is no longer possible to relate them to the calling clients.
5. Possibility of Objection and Elimination
Recording the data in order to provide the website and storing the data in log files is essential for the operation of the website. As a consequence, it is not possible for the user to object to this.
III. Use of Cookies
1. Description and Extent of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If a user calls up a website, then a cookie can be stored on the operating system of the user. This cookie contains a distinctive string of characters that enable the browser to be clearly identified when the website is called up again. We use cookies that are necessary for the functionality of the website.
2. Legal Basis for the Processing of Data
The legal basis for the processing of personal data using cookies is Article 6 (1) point (f) of the GDPR.
3. Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for the users. No user data are collected by technically necessary cookies.
4. Duration of Storage, Possibility of Objection and Elimination
Cookies are stored on the computer of the user and transmitted to our site by it. For this reason, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full.
IV. Newsletter
Currently no newsletter is offered.
V. Registration
1. Description and Extent of Data Processing
On this website we offer users the possibility of registering by providing their personal data. The data are entered into an input screen, transmitted to us and stored. The data will not be passed on to third parties. As part of the registration process the consent of the user will be obtained for the processing of this data.
2. Legal Basis for the Processing of Data
In the event that the consent of the user has been obtained, the legal basis for the processing of data is Article 6 (1) point (a) of the GDPR. The legal basis for the processing of data in the case of a necessary registration is the legitimate interests pursuant to Article 6(1) point (f) of the GDPR.
3. Purpose of Data Processing
Users are required to register in order to access certain content and services on our website. More detailed information, especially on the applicable legal basis is available on the relevant pages.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our website is cancelled or amended.
5. Possibility of Objection and Elimination
If the processing of data is consent-based, then as a user, you may at any time cancel your registration. You can have the data that is stored about you amended at any time.
VI. Contact Form and e-mail Contact
1. Description and Extent of Data Processing
On some websites there are contact forms that can be used to make contact electronically. If a user utilises this possibility, then the data entered into the input screen are transmitted to us and stored. More detailed information is available on the relevant pages. As part of the dispatching process, your consent will be obtained for the processing of your data and reference will be made to this privacy policy. Alternatively, it is possible to make contact using the email address provided. In this case, the personal user data transmitted with the email will be stored. No data will be passed on to third parties in this connection. The data are only used for conducting the conversation.
2. Legal Basis for the Processing of Data
In the event that the consent of the user has been obtained, the legal basis for the processing of data is Article 6 (1) point (a) of the GDPR. The legal basis for the processing of data that are transmitted as part of an email transmission is Article 6 (1) point (f) of the GDPR. If the email contact is made with a view to entering into a contract, then a further legal basis for processing the data is Article 6 (1) point (b) of the GDPR.
3. Purpose of Data Processing
We only process personal data from the input screen in order to make contact with you. In the event of contact being made by email, then there would also be a legitimate interest in processing the data. The other personal data processed during the dispatching process are used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. For the personal data from the input screen in the contact form and those that are sent by email, this is the case when the respective conversation with the user comes to an end. The conversation is deemed to have come to an end when the circumstances would lead one to infer that the matter at hand has been fully dealt with. The additional personal data collected during the dispatching process will be erased at the latest after a period of seven days.
5. Possibility of Objection and Elimination
The user may revoke his or her consent to the processing of his or her personal data at any time. If the user makes contact with us by email, then he or she may object to the storage of his or her personal data at any time. In such cases, the conversation will not be continued. All personal data stored in the course of the contact will be erased in this case.
VII. Rights of the Data Subject
If your personal data are processed, you are the data subject as defined by the GDPR and you have the following rights vis-à-vis the data controller:
1. Right of Access
You may request confirmation from the data controller regarding whether your personal data have been processed by us. If your data have been processed, you may request information from the data controller regarding the following:
- the purposes for which the personal data have been processed;
- the categories of personal data that have been processed;
- the recipients and/or the categories of recipients to whom your personal data have been or are still being disclosed;
- the planned duration of storage of your personal data or, if specific information is not available on this, criteria for specifying the duration of storage;
- the existence of a right to correction or erasure of your personal data, a right to restrict the processing by the data controller or a right of objection to this processing;
- the existence of the right to lodge a complaint to a supervisory authority;
- all available information on the origin of the data, if the personal data was not collected from the data subject;
- the existence of automated decision-making including profiling as per Article 22 (1) and (4) of the GDPR and at least in these cases meaningful information on the logic involved and the consequences and intended effects of this kind of processing for the data subject.
You also have the right to request information about whether your personal data have been transmitted to a third country or to an international organisation. In this connection you may ask to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with their transmission.
2. Right to Rectification
You have the right to rectification and/or completion by the data controller if the personal data concerning you that have been processed are incorrect or incomplete. The data controller must rectify the data immediately.
3. Right to Restriction of Processing
You may require the processing of data about you to be restricted under the following conditions:
- if you contest the accuracy of the personal data about you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful, and you decline the erasure of the personal data and request that their use be restricted instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- you have objected to processing pursuant to Article 21 (1) of the GDPR pending verification whether the legitimate grounds of the controller override your own.
Where processing of your personal data has been restricted, such personal data shall, except storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to Erasure
a) Duty to erase
You may request the data controller to immediately erase the data concerning you, and the data controller shall be obliged to erase these data without delay, if one of the following reasons applies:
- The personal data concerning you are no longer required for the purposes for which they were collected or processed in any other way.
- You revoke your consent upon which the processing was based pursuant to Article 6 (1) point (a) or Article 9 (2) point (a) of the GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing in accordance with Article 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with Article 21 (2) of the GDPR.
- The personal data concerning you were processed unlawfully.
- The erasure of your personal data is required in order to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- Your personal data were collected in relation to the use of information society services in accordance with Article 8 (1) of the GDPR.
b) Information to third parties
If the data controller has published your personal data and if it is obliged to erase them in accordance with Article 17 (1) of the GDPR, then it shall take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, to inform those responsible for processing the personal data that you, as the data subject, have required them to erase all links to this personal data or copies or replications of this personal data.
c) Exceptions
There is no right to erasure insofar as the processing is required
- for exercising the right of freedom of expression and information;
- in order to fulfil a legal obligation that requires the processing under Union or Member State law to which the data controller is subject, or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health as stipulated by Article 9 (2) points (h) and (i) as well as Article 9 (3) of the GDPR;
- for archiving purposes in the public interest, scientific of historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defence of legal claims.
5. Right to Information
If you have exercised your right to information, erasure or restriction of processing vis-à-vis the data controller, then the controller shall be obliged to notify all recipients to whom your personal data were disclosed of this rectification or erasure of data or restriction of processing, unless this should prove impossible or would involve disproportionate effort. You have the right, vis-à-vis the data controller, to be notified of these recipients.
6. Right to Data Portability
You have the right to obtain the personal data that you provided to the data controller in a structured, commonly used and machine-readable format. Furthermore, you are entitled to transmit these data to another data controller without hindrance from the controller to which the personal data were provided, where
- the processing is based on consent pursuant to Article 6 (1) point (a) or Article 9 (2) point (a) of the GDPR or on a contract pursuant to Article 6 (1) point (b) of the GDPR and
- the processing is carried out by automated means.
Furthermore, in exercising this right, you are entitled to have your personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of Objection
You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on Article 6 (1) points (e) or (f) of the GDPR; this applies also to profiling based on these provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing purposes; this applies also to profiling to the extent that it is related to such direct marketing. Should you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Revoke the Data Protection Declaration of Consent
You have the right, at any time, to revoke your data protection declaration of consent. The legality of the processing undertaken on the basis of the consent provided up until the time of revocation shall be unaffected by the revocation of consent.
9. Automated Individual Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- is necessary for entering into, or performance of, a contract between you and the data controller,
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) points (a) or (g) apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall at least include the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
State Representative for Privacy in Saxony-Anhalt
Post Office Box 1947
39009 Magdeburg
https://datenschutz.sachsen-anhalt.de/landesbeauftragter/kontakt/