Privacy
The respective FAU institutions are responsible for any content they make available on the websites of Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). For questions related to specific content, please contact the person responsible as named in the legal notice of this web page.
Name and address of the Data Protection Officer
Norbert Gärtner
Schloßplatz 4
91054 Erlangen
Tel.: +49 9131 85-25860
Fax: +49 9131 85-70239
E-Mail: datenschutzbeauftragter@fau.de
General information on data processing
Scope of processing of personal data
We only process personal data to the extent necessary to provide services, content and a functional website. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our university is subject, Article 6 (1) (c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to fulfill the legal tasks of our university, Art. 6 (1) (e) GDPR in conjunction with Art. 4 and 5 BayDSG forms the legal basis for the processing. Many of our tasks result from Art. 2 BayHSchG.
Deletion of data and storage period
We only store your personal data for as long as is necessary to fulfill our legal tasks or the respective processing activity. As a rule, we keep personal data for 10 years after it has been created. A transfer to state archives remains unaffected. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Provision of the website and generation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user’s computer system.
In this context, the following data are collected:
- Address (URL) of the website from which the file was requested
- Name of the retrieved file
- Date and time of the request
- Data volume transmitted
- Access status (file transferred, file not found, etc.)
- Description of the type of web browser and/or operating system used
- Anonymised IP address of the requesting computer
The data stored are required exclusively for technical or statistical purposes; no comparison with other data or disclosure to third parties occurs, not even in part. The data are stored in our system’s log files. This is not the case for the user’s IP addresses or other data that make it possible to assign the data to a specific user: before data are stored, each dataset is anonymised by changing the IP address. These data are not stored together with other personal data.
Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO.
Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage of such data in log files takes place in order to ensure the website’s functionality. These data also serve to help us optimise the website and ensure that our IT systems are secure. They are not evaluated for marketing purposes in this respect.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. If data have been collected for the purpose of providing the website, they are deleted at the end of the respective session.
If data are stored in log files, they are deleted at the latest after seven days. A longer storage period is possible. In this case, the users’ IP addresses are deleted or masked so that they can no longer be assigned to the client accessing the website.
Options for filing an objection or requesting removal
The collection of data for the purpose of providing the website and the storage of such data in log files is essential to the website’s operation. There is consequently no possibility of objection on the part of the user.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in the user’s web browser or by the web browser on the user’s computer system. When a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a character string that allows the unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some parts of our website require that the requesting browser can also be identified after changing pages.
During this process, the following data are stored in the cookies and transmitted:
- Language settings
- Log-in information
Technical measures are taken to pseudonymise user data collected in this way. This means that the data can no longer be assigned to the user. The data are not stored together with other personal data of the user. After calling up our website, users are informed via information banner about the use of cookies for the purpose of analysis and are referred to this privacy. In this context, there is also a hint about how to prevent the storage of cookies in the browser settings.
Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO.
Purpose of data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content. We learn through the analysis cookies how the website is used and in this way can continuously optimise our web presence.
Storage period, options for filing an objection or requesting removal
As cookies are stored on the user’s computer and are transmitted from it to our website, users have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that not all of the website’s functions can be used in full.
Contact form and contact via e-mail
Description and scope of data processing
Contact forms are available on our website that can be used to contact us electronically. If a user makes use of this possibility, the data they enter in the input form are transmitted to us and stored. The specific data records are listed and explained in the respective contact forms. If there are any deviations or additions to the principles and the purpose and duration of storage listed here, these will be indicated on the respective contact forms.
Legal basis for data processing
The legal basis for the processing of the data that is transmitted while sending an e-mail is Art. 6 (1) (e) GDPR in conjunction with Art. 4 and 5 BayDSG to fulfill the tasks from § 5 TMG, Art. 3 (1) BayEGovG and § 2 BayBITV. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.
Purpose of data processing
The personal data from the input form are processed solely for the purpose of contacting the user. If the user contacts us by e-mail, this also constitutes our legitimate interests in processing the data.
All other personal data processed during the dispatch of an e-mail serve to prevent misuse of the contact form and to ensure that our IT systems are secure.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. This is the case for the personal data from the input template of the contact form and those data sent by e-mail when the respective conversation with the user has ended. The conversation is regarded to have ended when it can be seen from the circumstances that the subject matter in question has been conclusively settled.
Options possibility
For reasons that arise from your situation, you can also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
Provision obligation
If the personal data required for the fulfillment of the contract is not provided, this is not possible for us.
Corona contact tracking
Information on data processing for pandemic-related contact tracking in the context of events and the use of facilities at Bavarian state universities.
General
With regard to the processing of your personal data, you as a data subject have the following rights in accordance with Art. 15 ff. GDPR:
You can request information about whether we are processing your personal data. If this is the case, you have a right to information about this personal data and other information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
In the event that personal data about you is no longer correct or incomplete, you can request a correction and, if necessary, completion of this data (Art. 16 GDPR).
If the legal requirements are met, you can request the deletion of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure according to Art. 17 (1) and (2) GDPR does not exist, among other things, if the processing of personal data is necessary for the performance of a task. Which is in the public interest or takes place in the exercise of official authority (Art. 17 (3) letter (b) GDPR).
You have the right to complain to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich.
Duty to provide
If you take part in our events or would like to enter our facility, we are obliged to process your personal data due to the requirements of the statutory accident insurance and the current legal provisions for combating the corona pandemic.
If you do not provide the required data, we will unfortunately not be able to allow you to participate in events or to enter the facility.
Purposes and legal basis of the processing
Purposes
Infection protection and contact tracking at events or visits to the facility to meet official requirements for the safety of the event.
Legal bases
The legal basis for the temporary storage of the data are: Art. 6 (1) letter (c) or (d) GDPR and Art. 9 (2) letter (i) GDPR in conjunction with Art. 4 (1); Art. 5 (1) page 1 no. 1 BayDSG based on BayIfSMV, IfSG, § 21 SGB VII.
Categories of personal data
| Number | Name of the data |
|---|---|
| 1 | Contact information |
| 2 | Time and length of stay |
| 3 | Information from the health department |
Categories of recipients
| No. for categories | recipient | Reason for disclosure | Storage location |
|---|---|---|---|
|
1, 2 |
Responsible health authorities / district administrative authorities |
§§ 16 (2) and § 25 (2) IfS |
Germany |
Deadlines for deleting the various categories of data
| No. for categories | deletion period |
|---|---|
| 1, 2 | Four weeks after the attendance and end of the event or facility, unless disclosure is made. |
| 3 | Information from the health department is not stored permanently. |
SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Affected Rights
Rights of the data subject
If any of your personal data are processed, you are a person concerned in terms of GDPR and you have the following rights towards the responsible party:
Right of access
With regard to the processing of your personal data, you as a data subject have the following rights in accordance with Art. 15 ff. GDPR:
- You can request information about whether we are processing your personal data. If this is the case, you have a right to information about this personal data and other information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
- If personal data about you is no longer correct or incomplete, you can request a correction and, if necessary, completion of this data (Art. 16 GDPR).
- If the legal requirements are met, you can request the deletion of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure according to Art. 17 (1) and (2) GDPR does not exist, among other things, if the processing of personal data is necessary for the performance of a task. Which is in the public interest or takes place in the exercise of official authority (Art. 17 (3) (b) GDPR).
- If you have given your consent to the processing, you have the right to revoke this at any time. The revocation is only effective for the future; that is, the revocation does not affect the legality of the processing carried out based on the consent up to the point of revocation.
- For reasons that arise from your situation, you can also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Insofar as you have consented to the processing or to the fulfillment of the contract and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR).
- You have the right to complain to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich.