Privacy policy

We appreciate your visit to our website. Data protection and data security are our top priority, therefore, and in order to fulfill our duty to inform you, you will find out below to what extent we process personal data, i.e. information relating to an identified or identifiable natural person (hereinafter “data subject”). In the following, you as a user of our offers will be informed in detail about, among other things, the type, scope and purpose of the data processing carried out by us (e.g. data collection, storage, etc.), for example during your visit to our website. If you have any questions regarding the data protection statement or wish to exercise the rights granted to you, you can contact the data protection officer (see below for contact details) at Chemnitz University of Technology.

For reasons of better readability, the generic masculine is generally used in the following. All personal designations naturally apply to all genders.

Content

Name and contact details of the responsible person
Contact details of the data protection officer
Technical implementation of the website
General information on data processing
Provision of the website and creation of log files
Contact
Cookies use
Use of external web offers
Rights of the data subject
Actuality/change of this privacy policy

1. name and contact details of the responsible person

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

Chemnitz University of Technology
represented by the Rector: Prof. Dr. Gerd Strohmeier
Street of Nations 62
09111 Chemnitz, Germany
E-mail: rektor@tu-chemnitz.de
Phone: +49 371 531-10000
Fax: +49 371 531-10009
Web: https://www.tu-chemnitz.de/

2. contact details of the data protection officer

The data protection officer of Chemnitz University of Technology is:

Gernot Kirchner
Street of Nations 62
09111 Chemnitz
E-mail: datenschutzbeauftragter@tu-chemnitz.de
Phone: +49 371 531-12030
Fax: +49 371 531-12039
Web: https://www.tu-chemnitz.de/rektorat/dsb/

3. technical implementation of the website

The technical implementation of the website is carried out internally by the University Computer Center (URZ) of Chemnitz University of Technology, which can be reached via the following e-mail address: webmaster@tu-chemnitz.de

The support of the individual web presences is carried out by different webmasters.

4. general information on data processing

4.1 Scope of the processing of personal data

As a matter of principle, we only process personal data of our users – i.e. also of you – to the extent that this is necessary for the provision of a functional website as well as our content and services (including event registrations, evaluations, public relations, etc.).

This may include, but is not limited to, inventory data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers, home addresses), content data (e.g., text entries, photographs, videos, comments), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Personal data of our users is regularly processed only after their prior consent. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and/or the processing of the data is permitted by legal regulations.

4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 p. 1 lit. a) DSGVO as the legal basis.

When processing personal data that is necessary for the performance of a contract with the data subject as a contracting party, Art. 6 para. 1 p. 1 lit. b) DSGVO as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which Chemnitz University of Technology is subject, Art. 6 para. 1 p. 1 lit. c) DSGVO as the legal basis. Accordingly, personal data may be stored, for example, if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which Chemnitz University of Technology is subject.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 Para. 1 p. 1 lit. d) DSGVO as the legal basis.

Art. 6 par. 1 p. 1 lit. e) GDPR is used as a legal basis for data processing when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

If the processing is necessary to protect a legitimate interest of Chemnitz University of Technology or a third party and if the interests, fundamental rights and freedoms of the data subject do not override our aforementioned legitimate interest, Art. 6 (1) sentence 1 lit. f) DSGVO serves as the legal basis for the processing. Art. 6 (1) sentence 1 lit. f) DSGVO does not apply to data processing carried out by public authorities in the performance of their duties, according to Art. 6 (1) sentence 2 DSGVO. However, according to the wording, this only includes tasks assigned by law, in particular within the framework of intervention and performance administration. Therefore, if public authorities act in a relationship of equilibrium, i.e. under private law, the application of Art. 6 (1) sentence 1 f) GDPR is not excluded. This particularly affects the public relations work of Chemnitz University of Technology.

4.3 Storage period (data deletion)

The personal data processed by us will be deleted or blocked as soon as the purpose of the data processing (including storage) ceases to apply, i.e. the processing is no longer necessary for the intended purpose and the deletion does not conflict with any statutory retention obligations.

If, for example, data processing is carried out on the basis of a legal obligation within the meaning of Art. 6 (1) p. 1 lit. c) DSGVO, the personal data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires. For example, an obligatory storage for 10 years of commercial books, inventories, management reports, accounting vouchers, etc. according to §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB as well as for 6 years for received and sent commercial letters according to § 257 para. 1 nos. 2 and 3, para. 4 HGB. In these cases, the data is not deleted, but data processing is merely restricted, i.e. the data is blocked and not used for other purposes.

Your data will also not be deleted if there is a need for further storage of the data, for example for the conclusion or fulfillment of a contract, and thus another legal basis for data processing exists (e.g. Art. 6 para. 1 p. 1 lit. b) DSGVO).

4.4 Statutory/contractual provisions on the provision of personal data and consequences of non-provision

We inform you that the provision of personal data is partly required by law or may also result from contractual provisions. For example, when a contract is concluded, it is regularly necessary for the data subject to provide us with personal data that must subsequently be processed by us. This concerns, for example, the obligation to provide personal data in the context of concluding a contract. Failure to provide the personal data would otherwise mean that the contract with the data subject could not be concluded.

Prior to the provision of personal data by the data subject in the above sense, you are very welcome to contact us, preferably our data protection officer mentioned above. We will then inform you in each specific individual case whether the provision of personal data is required by law/contract or necessary for the conclusion of the contract. We will also inform you whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be in this case.

4.5 Disclosure of personal data to third parties

Personal data is processed only by the following natural/legal persons: Chemnitz University of Technology. This also includes those persons who are authorized to process the personal data under the direct responsibility of Chemnitz University of Technology, e.g. employees of Chemnitz University of Technology. In contrast, personal data will not be disclosed to third parties – i.e. natural or legal persons, authorities, institutions or other bodies, with the exception of the data subject, the person responsible and, if applicable, existing processors – unless there is a legal obligation to do so to which Chemnitz University of Technology is subject (e.g. investigations by law enforcement or state protection authorities).

5. provision of the website and creation of log files

5.1 Description and scope of data processing

Each time our website is called up, our server systems automatically record data and information from the computer system of the user/calling computer, i.e. including your computer.

Basically, these are the following data:

IP address of the calling computer,
Host name of the queried web server,
Specification of which document is queried,
encryption standard and algorithm used,
form entries made*,
valid cookies*.

The following data can be transmitted additionally depending on the configuration of your browser:

Browser name and version and operating system of the user,
content language to be preferred,
possible data compression methods,
Web page from which the user’s system accessed the requested document (so-called referrer URL or “referrer” in the HTTP standard).

The aforementioned data (except those marked with *) are also stored temporarily – i.e. only temporarily – in the log files of our systems. The following information is also recorded in the log files:

authenticated user (after logging in to the Web Trust Center or via application-specific procedure),
Date and time of access,
Query status, duration and amount of data transferred.

This data is not stored or merged with other personal data of the user.

5.2 Legal basis for data processing

The legal basis for the collection and temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f) DSGVO (protection of a legitimate interest). In addition, Art. 6 para. 1 p. 1 lit. c) DSGVO in conjunction with. § 100 TKG also permits data storage.

5.3 Purpose of the data processing

The temporary storage of, among other things, the IP address by the system is necessary to enable delivery of our website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of our website for you. In addition, we use the data to optimize the websites and to maintain the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context under any circumstances.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO. Interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail in this respect. Data storage for the purpose of defending against disruptions to the telecommunications system is also expressly permitted by Art. 6 (1) p. 1 lit. c) DSGVO in conjunction with. § Section 100 TKG.

5.4 Security of data processing

Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, Chemnitz University of Technology has implemented appropriate technical and organizational measures to protect your personal data and to ensure a level of protection appropriate to the risk involved in providing the website offering.

For this purpose, our web servers enforce transport encryption via HTTP Strict Transport Security (HSTS). You can recognize this by the “Hypertext Transfer Protocol Secure” transmission protocol used (in your address bar: https://) and, for example, by the lock symbol in your browser bar. Currently, TLS 1.2 is required as a minimum standard. By also supporting older encryption standards, we ensure that the largest possible group of visitors can use our website offering. Encryption algorithms that are considered insecure are and will be disabled.

5.5 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. You end the session by closing your browser completely, that is, not just closing the tab in question.

In the case of storage of data in log files, deletion/anonymization takes place after half a year. Any additional storage in non-anonymized form, reduced to relevant data, only takes place to fulfill investigation requests. Furthermore, storage beyond this is possible. In this case, however, the IP addresses of the users are deleted or alienated/anonymized so that an assignment of the calling client is no longer possible under any circumstances.

5.6 Possibility of objection and removal

In case of processing of personal data concerning you on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or public authority) or lit. f) DSGVO (legitimate interest), you have a right to object at any time in accordance with Art. 21 DSGVO, for reasons arising from your particular situation (see also under right to object).

However, the collection of data for the provision of the website and the storage of the data in log files is – as described above – absolutely necessary for the operation of the website of Chemnitz University of Technology. If you therefore exercise your right to object, but regardless of this continue to access our website, there are compelling legitimate grounds for data processing that override the interests, rights and freedoms of the data subject – you – and thus limit the possibility of objecting as a result, so that pursuant to Art. 21 para. 1 p. 2 DSGVO your personal data can continue to be processed.

6. contact

6.1 Description and scope of data processing

If a user takes advantage of the opportunity to contact us, including via the e-mail addresses provided, via telephone or social media, the personal data provided will be transmitted to us as part of the contact and stored if necessary. On our website, there is also a contact form for this purpose, which can be used for electronic contact.

For the processing of the contact via a contact form are mandatory in the input mask:

Your e-mail address,
Your request,
other mandatory fields: e.g. confirmation of privacy policy.

At the time of sending the message, this mandatory information as well as other information from the contact form and the data already listed under “Provision of the website and creation of log files” are transmitted and possibly stored in a database or sent by e-mail to the originator of the contact form.

Further information on the processing of your personal data in connection with contacting us via contact form will be provided by the person responsible for the respective contact form before or in connection with sending the respective contact form.

For the processing of data, your consent is obtained during the submission process and reference is made to the privacy policy. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation, that is, in particular, to process your contact request. In addition, your personal data may be stored in a customer relationship management (CRM) system or other database.

6.2 Legal basis for data processing

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 p. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of any other contact (including via e-mail, telephone, etc.) is Art. 6 para. 1 p. 1 lit. f) DSGVO (legitimate interest). If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 p. 1 lit DSGVO.

6.3 Purpose of the data processing

The processing of personal data from the communication serves us solely to process your contact. As a rule, this also constitutes the necessary legitimate interest in the processing of the data within the meaning of Art. 6 Para. 1 p. 1 lit. f) GDPR. Your personal data will not be passed on to third parties without your consent.

The other personal data processed during the submission of the contact form serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

6.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from communication with us, this is usually the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts concerned have been conclusively clarified. In addition, other processing purposes may justify longer processing, including storage in a customer relationship management system (CRM system) for ongoing contact maintenance, storage due to relevance under auditing law, etc.

The data will also be deleted if you exercise your right of deletion or revoke your consent, provided that the data processing is based on consent. The foregoing shall apply only to the extent that no mandatory legal provisions continue to justify data processing in the future. In these cases, the statutory deletion/retention periods apply.

In the case of storage of the additional personal data collected during the submission process of the contact form in log files, the deletion/anonymization takes place after half a year. Any additional storage in non-anonymized form, reduced to relevant data, only takes place to fulfill investigation requests. Furthermore, storage beyond this is possible. In this case, however, the IP addresses of the users are deleted or alienated/anonymized so that an assignment of the calling client is no longer possible under any circumstances.

6.5 Possibility of objection/revocation and removal

The consent given, if any, is voluntary, i.e. free from coercion and pressure, and can be revoked at any time, either in whole or separately and without unreasonable disadvantages, with effect for the future. To exercise your revocation, please send us, for example, an e-mail to the e-mail address of our data protection officer. However, the revocation of consent and the resulting deletion of all personal data stored in the course of contacting us will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If the data processing is carried out for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1 p. 1 lit. e) DSGVO) or on the basis of a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f) DSGVO, you have the right to object at any time in accordance with Art. 21 DSGVO, for reasons arising from your particular situation (see also under Right to object). In this case, the Chemnitz University of Technology shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

In the event of a revocation or objection, the conversation with you cannot be continued because, as a rule, all personal data stored in the course of contacting you will be deleted.

7. use of cookies

7.1 Description and scope of data processing

Our website may use cookies. Cookies are textual information that is stored in your browser in order to be able to process user-related data at a later point in time as desired. When a user accesses a particular web page, a cookie may be sent along by the web server. In addition to the information to be stored, this cookie also contains the validity area (web server and path specification) and the validity period. This information is sent by the browser to the corresponding web server when addresses in the validity area are called. The GDPR treats any cookie information as personal data without further distinction, cf. 30th recital of the GDPR.

For a more detailed understanding of how cookies work, however, a distinction must be made between different types of cookies. With regard to the “lifetime” of cookies, a distinction is made between so-called session cookies (temporary cookies, session cookies, transient cookies) and so-called persistent/permanent cookies – sometimes also referred to as permanent cookies. The former are automatically deleted when the browser is closed, while the latter remain on the user’s end device for the set period of time. Furthermore, based on the affiliation of the cookies to a specific server, a distinction is made between so-called first-party cookies and so-called third-party cookies. The former are set by the web server from which the visited page is also retrieved. The latter, on the other hand, are set by another web server from which content is used or integrated on the visited page and are irrelevant for the use of our web offer.

7.2 Legal basis for data processing

The legal basis for the processing of personal data using cookies – esp. permanent cookies, regardless of whether they are first-party or third-party cookies – is generally Art. 6 para. 1 p. 1 lit. a) GDPR (consent of the data subject).

When accessing our website, users are informed by a pop-up (so-called cookie overlay) about the use of cookies for analysis purposes and receive a reference to this privacy policy. At the same time, they will be asked to give their consent to the use of cookies to the extent described above in the form of an unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of personal data concerning him or her (opt-in). The consent is voluntary and can be revoked at any time.

The legal basis for the processing of personal data using so-called first-party cookies, which are designed as technically necessary session cookies, on the other hand, is Art. 6 para. 1 p. 1 lit. f) DSGVO (legitimate interests). As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. This applies, for example, to be able to provide functions selected by you (e.g. language setting, login status, etc.).

7.3 Purpose of the data processing

The purpose of using technically necessary session cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. However, the user data collected through technically necessary cookies are not used to create user profiles, even if they could make the behavior of the data subject traceable. If you therefore object to the use of these cookies, the use of our website in the future may be restricted or, for example, only fully available again after a new registration.

7.4 Duration of storage, possibility of objection/revocation and elimination

Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use or storage of cookies. The storage period of the cookies, i.e. before they are automatically deleted, depends on the respective settings of the cookie. You can find more information about the storage period in the following table.

However, if cookies for our website are deactivated or later deleted, e.g. due to the lack of/revoked consent or corresponding browser settings, it may no longer be possible to fully use all functions of the website, so that limited functionality of our website may be the result.

a) Possibility of revocation

Consent to the use of cookies is voluntary and can be revoked at any time. To exercise your revocation, please send us an appropriate e-mail or delete the cookies independently in your browser or via cookie overview at https://www.tu-chemnitz.de/tu/datenschutz_cookies.html. Helpful instructions on how to delete cookies in the various browsers are available, for example, from the Verbraucherzentrale NRW e. V. (https://www.verbraucherzentrale.de/wissen/digitale-welt/datenschutz/cookies-im-browser-einstellen-11996). However, the revocation of consent and the resulting deletion of already stored cookies does not affect the legality of the processing carried out on the basis of consent up to the revocation.

b) Possibility of objection

If we use cookies on the basis of Art. 6 (1) p. 1 lit. e) (public interest or in the exercise of official authority) or lit. f) DSGVO (legitimate interests), you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. To exercise your objection, please send an appropriate e-mail to the webmaster of the respective website (contact details in the footer of the website – to the left of the update date), alternatively to the data protection officer of Chemnitz University of Technology, or delete the cookies independently in your browser. Helpful instructions on how to delete cookies in the various browsers are available, for example, from the Verbraucherzentrale NRW e. V. (https://www.verbraucherzentrale.de/wissen/digitale-welt/datenschutz/cookies-im-browser-einstellen-11996). The controller will then no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications. You can read more about this under “General elimination options”.

c) General elimination possibility

In addition, you can monitor and regulate the storage of cookies in your browser, so that you can, for example, define the automatic deletion of all cookies at the end of the session (closing the browser) or the general blocking of cookies of any kind. Sending the “Do-Not-Track” flag (“Do not follow” request) does not collect any profile data on pages that perform local tracking. However, these settings are generally only applied on a browser/device-specific basis, so you will have to make them for all of your end devices. Please also note that blocking any cookies may result in partial loss of the full functionality of our website.

In addition, various service providers offer the option to file a general objection to the use of cookies for marketing purposes on the Internet: http://www.aboutads.info/choices/ (USA) or https://www.youronlinechoices.com/ (EU). We would like to expressly point out that such use of cookies for user-based online advertising by Chemnitz University of Technology itself does not take place, but cannot be ruled out for external web offers listed below, among others.

7.5 Use of cookies in detail

In detail, the following cookies, among others, are used to access our website:

Name	Provider	Purpose	Runtime
Borlabs cookie	Owner of this website	Stores the settings of the visitors selected in the Cookie Box of Borlabs Cookie.	1 year

8. use of external web offers

8.1 Description and scope of data processing

a) User-friendly website design

We also integrate various external map services (OpenStreetMap) on our website, among other things to make the directions for contacting us as user- and operator-friendly as possible. Unfortunately, no comparable offers are currently available for this, taking into account a proportionate effort, although this is also evaluated and re-evaluated by us on an ongoing basis.

8.2 Legal basis for data processing

a) Declaration of consent

In the event that you had to declare your prior consent to data processing to us or to one of the above-mentioned external providers, e.g. by means of prior consent to web tracking by confirming a pop-up or in the case of redirection to our external search providers or map services, the data processing is based on Art. 6 (1) p. 1 lit. a) DSGVO, namely on the basis of your consent.

8.3 Purpose of the data processing

a) User-friendly website design

The sole purpose of data processing in connection with the integration of external search providers/map services on our website is to make it as efficient and user-friendly as possible for you to search our web offerings and plan your route. As a rule, this also constitutes a legitimate interest in the processing of the data within the meaning of Art. 6 (1) of the German Data Protection Act, irrespective of any consent given. 1 p. 1 lit. f) GDPR.

b) Joint responsibility

In this case, the external service provider is primarily responsible for data processing within the meaning of the GDPR and other national data protection laws of the member states of the European Union as well as other data protection provisions. For detailed information on the purposes of data processing by the above-mentioned external providers, please refer to the above-mentioned. Links to the privacy statements of the external providers.

8.4 Recipients / categories of recipients

The processing of personal data in connection with the use of external web offers (including search services, etc.) is generally only carried out by the natural/legal persons named below: Chemnitz University of Technology, in particular employees of the University Computer Center and the Center for People and Technology. Depending on the external service you have selected/used, your personal data will also be processed by the above-mentioned external providers.

Personal data will not be passed on by us to other third parties – not named here – nor will it be transferred to another EU country or to a third country or to an international organization, unless otherwise stated below.

8.5 Transfer to a third country

The transfer of personal data to a third country or an international organization may only be carried out if, inter alia, the European Commission has decided that the third country, territory or one or more specific sectors in that third country or international organization in question provides an adequate level of protection. Such data transfer does not require special authorization in this case. With respect to the above companies, an adequate level of protection is currently ensured due to the US-EU Privacy Shield.

Regarding the transfer of personal data to the United Kingdom (Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom and Wakelet Limited 76 Quay Street, Manchester, M3 4PR, United Kingdom), the Commission has decided that the third country in question provides an adequate level of protection (Adequacy Decision: https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf).

The requirements of Art. 45 GDPR (data transfer on the basis of an adequacy decision) are thus met for the aforementioned transfer operations to a third country. The transfer of personal data to the above-mentioned external providers and thus to third countries is therefore permissible, since the controller and the processor have complied with the conditions and also the requirements set out in Art. 44 et seq. DSGVO and also comply with the other provisions of the DSGVO. This ensures that the level of protection for natural persons guaranteed by the GDPR is not undermined.

8.6 Duration of storage

Personal data processed by us in this context will be deleted as soon as they are no longer required to achieve the above-mentioned purposes. Purposes of their collection are no longer necessary. You can find more details on data deletion at the above-mentioned external providers in the privacy statements of the external providers linked above.

8.7 Possibility of objection/revocation and removal

Any consent given in connection with the use of external web offerings is voluntary, i.e. free from coercion and pressure, consequently has no relevance whatsoever for your participation in TUC offerings, and can be revoked at any time, either in its entirety or separately, with effect for the future and without unreasonable disadvantages. To exercise your revocation regarding the social media channels used by Chemnitz University of Technology, please send us an email to kontakt@forschungsnetzwerk-chim.de or use the cookie overview at www.forschungsnetzwerk-chim.de/datenschutzerklaerung. Please note, however, that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If your personal data is collected on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or in the exercise of official authority) or lit. f) DSGVO (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you; this also applies to profiling based on these provisions. To exercise your objection with respect to the external providers used, please follow the opt-out options linked below:

OpenStreetMap (Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom): https://wiki.osmfoundation.org/wiki/Privacy_Policy.

In this context, please also note the above-mentioned. Information on the possibility of objection/revocation and removal with regard to the use of cookies on our website or on the offers of the external services used.

8.8 Embedding and displaying external content on our website

On our websites, external content (e.g. graphics, maps, etc.) from the above-mentioned third parties is partly integrated and displayed. Third-party providers are integrated and displayed, including OpenStreetmap etc.. In this context, too, the protection of your data is important to us. Therefore, the integration of such services is regularly carried out using the state-of-the-art data protection compliant solution from the c’t project Shariff (https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html) or similar technical procedures.

In this way, we ensure that no (personal) data is transmitted to the external providers when you visit our website. Otherwise, the integration of such external content would lead directly to the establishment of a connection with the external server when you visit the website and thus also to the transmission of your (personal) data, including your IP address, your browser type and your operating system, the websites from which your system accesses the external embedded offer pages, your visit time, etc., to the same, so that your activities on the Internet can be logged by the external provider and tracked for statistical or marketing purposes. This automatic connection to the external servers, which is established in the background without your intervention, is initially prevented by the above-mentioned solutions. Solutions initially prevented. You can thus decide yourself within the scope of consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO whether you want to transfer data to the external servers, which may be located in non-European countries (e.g. USA, see above). Once you have given your consent, it is then stored in a technically required cookie for a period of seven days – or 90 days in the case of search engine selection – if this is desired and expressly selected by you.

Only by actively, autonomously and voluntarily, i.e. free of coercion and pressure, clicking on the (“Shariff”) button to establish the connection to the external server, you transmit (personal) data, including your IP address, to the external server. For this reason, we have no influence on the collected data and data processing procedures at the external service provider, so that we can also not provide any information about the purpose and scope of data processing or the storage period/deletion. At this point, too, we would therefore like to refer you to the above-mentioned data protection statements. Data protection declarations, objection/revocation and removal options etc. of the above-mentioned external providers used by us.

9. rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, so you have the following rights vis-à-vis Chemnitz University of Technology (data controller). To assert your rights against Chemnitz University of Technology or if you have further questions regarding data protection, you can contact our data protection officer at any time.

All notifications and measures pursuant to Articles 15 to 22 (including rights of access, rectification, erasure, restriction of processing, notification, data portability, right of objection) and Article 34 GDPR (right of notification in the event of data protection breaches) shall be provided free of charge. However, in the case of manifestly unfounded or – especially in the case of frequent repetition – excessive requests by a data subject, the controller may either charge a reasonable fee, taking into account the administrative costs of informing or notifying or implementing the requested measure, or refuse to act on the request. For these cases, however, Chemnitz University of Technology must provide evidence of the manifestly unfounded or excessive nature of the request.

In addition, it is pointed out that there are restrictions on the rights of the data subject according to §§ 7-10 SächsDSDG. This affects, among other things, the right of deletion and the right to information as well as the duty to provide information to the data subjects.

9.1 Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by him. If there is such processing, you may request information from the controller about the following:

the purposes of processing;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
if the personal data are not collected from you, i.e. the data subject, any available information on the origin of the data;
the existence of automated decision making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

However, Chemnitz University of Technology, as the controller, naturally processes a large amount of information about data subjects, so you are required to specify which information or which processing operations your request for information relates to when asserting your right to information before you are provided with information, cf. p. 7 of the 63rd recital of the GDPR.

If personal data is transferred to a third country or to an international organization, you as the data subject also have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

9.2 Right to rectification

You have the right to request the controller to correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you as the data subject also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

9.3 Right to deletion

a) Obligation to delete, Art. 17 DSGVO (“right to be forgotten”)

You may request the controller to delete the personal data concerning you without undue delay. The data controller is also obliged to delete this data immediately if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing is based according to. Art. 6 par. 1 p. 1 lit. a) GDPR or Art. 9 para. 2 lit. (a) GDPR and there is no other legal basis for the processing.
They lay out acc. Art. 21 par. 1 DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. Art. 21 par. 2 DSGVO to object to the processing.
The personal data concerning you have been processed unlawfully.
The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been processed in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO collected.

b) Information to third parties

If the controller has made the personal data concerning you public and is responsible pursuant to. Art. 17 par. 1 DSGVO to erase them, it shall take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested from them – the further controller – to erase all links to or copies or replications of such personal data.

c) Exceptions to the right to erasure

The right to erasure does not exist insofar as the processing is necessary to

to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h) and lit. i) and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with. Art. 89 par. 1 DSGVO, insofar as the aforementioned “right to be forgotten” is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
for the assertion, exercise or defense of legal claims.

9.4 Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
if you object to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted in the sense described above, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

9.5 Right to information

The controller is obliged to provide all recipients to whom your personal data has been disclosed with any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, 17 para. 1 and Art. 18 DSGVO, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject about these recipients if the data subject so requests.

9.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format (including pdf, csv). You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

the processing is based on consent pursuant to. Art. 6 par. 1 p. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) DSGVO or on a contract pursuant to. Art. 6 par. 1 p. 1 lit. (b) the GDPR; and
the processing is carried out with the help of automated procedures.

In exercising this right, you have in particular the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability is not affected by Article 17 of the GDPR (“right to be forgotten”). It does not apply, moreover, to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

9.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or in the exercise of official authority) or lit. f) DSGVO (legitimate interests); this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

9.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent is as easy as granting consent, especially with regard to form requirements, so that in principle an informal communication by e-mail is sufficient. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permissible under Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a) or lit. g) DSGVO applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the previously mentioned in pt. 1 and Pkt. 3 above, the controller shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the controller, to express his point of view and to contest the decision.

9.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law.

The competent supervisory authority in the Free State of Saxony is pursuant to Art. 51 DSGVO in conjunction with. §§ 14 ff. SächsDSDG:

Saxon Commissioner for Data Protection and Transparency
Dr. Juliane Hundert
Devrient Street 5
01067 Dresden
E-mail: saechsdsb@slt.sachsen.de
Phone: +49 351 85471-101
Fax: +49 351 85471-109
Web: https://www.saechsdsb.de/

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

10. up-to-dateness/modification of this privacy statement

This privacy policy is currently valid and has the status March 2023.

Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change/update this privacy policy. Separate consent/consent on your part is generally not required by law for this.

You can access, print out and save the current data protection declaration at any time on the website at https://chim.hrz.tu-chemnitz.de/datenschutzeklaerung.

Image sources

Freepik (2021): 3d rendering of a low poly plex design – network communications Free Photo, Freepik, [online] https://de.freepik.com/fotos-kostenlos/3d-rendering-eines-low-poly-plexus-designs-netzwerkkommunikation_17560612.htm#query=network&position=3&from_view=search&track=sph.