Share CTD

Privacy Policy

This Privacy Policy explains how personal data is processed by The Institute for Medical Information Processing, Biometry, and Epidemiology (IBE) of Ludwig-Maximilians-Universität München (hereinafter referred to as "LMU") in connection with its this website. Furthermore, visitors and users of LMU's this website will be informed about the rights they are entitled to. The information in Section A—General Data Protection Information—applies to all data processing operations in connection with LMU's this website. Data protection information on specific data processing operations (e.g., Deutschlandstipendium, applications) can be found in Section B. Sections C and D of the Privacy Policy provide information on the validity, scope, and status of the Privacy Policy. If individual institutions or departments of LMU perform any additional data processing on their websites, a supplementary Privacy Policy is available on their respective website. This document is based on LMU's Privacy Policy ↗ and adjusted to the processings and techniques used by this website.

General Data Protection Information

The LMU is a state university of the Free State of Bavaria (Article 4(1), first sentence, no. 1).Bavarian University Innovation Act, BayHIG). It is a body governed by public law with the right of self-government within the framework of the laws and at the same time a state body (Article 4(1) of the BayHIG). The LMU carries out its own affairs as a corporation and state affairs as a state body (Article 4 BayHIG).

The IBE is an Institute of LMU and is hosting this website.

I. Contact Information

I.1. Details of Those Responsible for Data Protection at LMU

LMU is responsible contact for data protection on all websites of LMU and it's institutions LMU's website; it is legally represented by its president. The contact information can be found in the Imprint of LMU ↗.

I.2 Details of the Data Protection Officer at LMU

The contact details of LMU's data protection officer are available on LMU's website at https://www.lmu.de/datenschutz ↗.

The data protection officer is available to answer questions about data protection at LMU. Please use the contact form on the web page of LMU's data protection officer at https://www.lmu.de/datenschutz ↗. Please direct any questions regarding specific data processing (e.g., application) to the appropriate institution IBE.

II. General Information on Data Processing on LMU's Web Pages

II.1 Scope of the Privacy Policy

This Privacy Policy applies to the processing of personal data in connection with LMU's this website.

Pursuant to Article 4 no. 1 GDPR (General Data Protection Regulation), "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Pursuant to Article 4 no. 2 GDPR, "processing" means any operation or set of operations performed on personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, dissemination or otherwise making available, comparison or association, restriction, erasure, or destruction.

II.2 Purposes and Legal Bases for Processing Personal Data

We offer our services and administrative services as well as information for the public about our activities on our website pursuant to Article 2 BayHIG, Article 4, 5, 17, 19 Bavaria Digital Act (BayDiG).

In this respect, the purpose of the processing is the fulfillment of the public tasks and legal obligations assigned to us by law, in particular the provision of information to the public. Personal data is processed on LMU's website only to the extent necessary for the provision of a functioning website, for presentation of the respective content, for the provision of information to the public, or for the provision of specific services or the presentation of offers. We also process personal data that you have provided to us or that we have obtained about you in a lawful manner (Article 4 paragraph 2 of the Bavarian Data Protection Act (BayDSG)).

When processing your personal data, we take into account in particular the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. To the extent and provided that the purpose of processing is not impaired, we anonymize or pseudonymize personal data.

The legal basis for the processing of your data ensues, unless otherwise stated, from Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG. Accordingly, we are permitted to process the data required to fulfill a task incumbent upon us. We use cookies, log files, and web analysis tools to compile business statistics, to conduct organizational studies, to test or maintain our web service, and to ensure network and information security pursuant to Article 6 paragraph 1 BayDSG, §25 TTDG, Article 43 BayDig.

II.3 Data Erasure and Storage Period

Your data will only be stored for as long as is necessary for the fulfillment of tasks, taking into account legal retention periods, or as long as you have given your consent. The personal data of users of LMU's website will be erased or anonymized as soon as and to the extent that the respective purpose of storage no longer applies and there is no archiving obligation. To the extent that this is provided for in the relevant regulations, storage may also extend beyond this.

II.4 Data Security

In order to adequately and comprehensively protect the security of your data during processing and in particular during transmission, we use appropriate encryption procedures (e.g., SSL/TLS) and secured technical systems where necessary and in line with the current state of the art.

The technical operation of the data processing system is carried out with the support of the Leibniz Supercomputing Center (LRZ) of the Bavarian Academy of Sciences and Humanities (Boltzmannstraße 1 D-85748 Garching near Munich, phone: +49 (0)89 35831 8000, fax: +49 (0)89 35831 9700, email: lrzpost@lrz.de, https://www.lrz.de/english/ ↗), with whom a contract for data processing exists.

All of our employees are subject to the statutory data secrecy pursuant to Article 11 BayDSG or are obligated to confidentiality.

II.5 Data Transmission

Data transmission takes place on the basis of the law or with your consent. If necessary, your data will be transmitted to the competent supervisory and auditing authorities for the exercise of the respective control rights.

In electronic transmission, data may be forwarded to the State Office for Information Security in order to avert threats to information technology security and processed there on the basis of Article 41 et seq. BayDiG.

Apart from that, we only transmit personal data to third parties if this is necessary in the context of the execution of a contract (Article 6 paragraph 1 letter b GDPR), for example to organizers of an event or to commissioned service providers. The disclosed data may be used by the respective contract data processor or third party exclusively for the stated purposes or within the scope of applicable law.

II.6 Protection of Minors

The websites of the LMU are not intended or designed for use by persons under the age of 16, in particular not for children. We do not knowingly collect personal information from or about persons under the age of 16.

Persons under the age of 16 should not transmit any personal data to the LMU without the consent of their parents or guardians. Processing can only take place with the appropriate consent or in the context of fulfilling a legal obligation.

Where necessary — in particular as far as paid Internet services are used — the date of birth or age will be collected or verified if necessary. This is indicated separately in the data protection information of the respective Internet service.

II.7 Evaluation

When you access LMU's website or access it from mobile devices, programs for evaluating user behavior are only used in anonymized form. Your IP address is first anonymized and can only then be evaluated.

We use the free and open source GRAV CMS ↗ and GoAccess ↗ to evaluate website usage. GoAccess is a privacy aware analytics tool that only uses the web server's logfile (see next paragraph) to evaluate usage. No other tracking technologies (magic cookies, invisible images etc.) are used.

III. Logging and the Creation of Log Files

Each time a page on LMU's this website is accessed, LMU it automatically collects data and information from the computer system of each computer accessing it. In addition, we process your personal data if you provide it on LMU's this website. When processing your personal data, we take into account in particular the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

a) Purpose and Scope of Data Processing

Due to security-related events that have occurred, e.g., attempted hacker attacks, relevant access data is stored each time any of the centrally hosted websites are accessed. The stored data is used for the purposes of identifying and tracking unauthorized access attempts and access, for maintaining the functionality of the website on the web server and—in anonymized form—for optimizing the content.

Temporary storage of the IP address is also necessary to enable delivery of LMU's this website to your computer. For this purpose, the IP address must also remain stored for the duration of the use of the session. Storage together with other personal data at LMU does not take place.

Depending on the access protocol used, the log record contains information with the following content:

• IP address of the requesting computer
• Date and time of the request
• Access method/function requested by the requesting computer
• Input values transmitted by the requesting computer (file name, etc.)
• Access status of the web server (file transferred, file not found, command not executed, etc.)
• Name of the requested file
• URL from which the file was requested/the requested function was initiated
• Information about the browser type
• Operating system of the user
• Website from which the user's system accesses LMU's this website
• Websites accessed from LMU's this website

b) Legal Basis for Data Processing

Temporary data processing is performed pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG.

c) Duration of Data Processing

The logged data is stored for a maximum of 30 days and then deleted. The storage takes place for own purposes of IT security. This is necessary in view of the current IT threat caused by spam emails, espionage and malicious programs as well as other abuses for the purpose of efficient security against cyberattacks and to maintain service operation in accordance with the state of the art in accordance with Article 32 GDPR. Longer storage can take place on a case-by-case basis, provided that a security-relevant breach has been detected or if legal obligations of the LMU require this. Regardless of this, additional storage is possible. In this case, your IP address will be deleted or alienated, so that an assignment of the calling client is no longer possible.

d) Objection and Deletion Option

To the extent that the data for provision of the website and the storage of the data in the log files is absolutely necessary for the operation of the website, you have no right of objection.

IV. Use of Active Components and Cookies

a) Purpose and Scope of Data Processing

JavaScript applications are used in the information provided by LMU, mainly for navigational elements, e.g., field-dependent visibility in contact forms. No personal data is stored in the process.

In some cases, cookies are set on LMU's this website to make the web pages user-friendly. Some elements of our website also require identifying user sessions.

?? In the cookies of the content provided, only a session ID is stored to identify the user session (session cookie). Session cookies are small units of information that a provider stores in the RAM of the visitor's computer. In addition to a randomly generated unique identification number, session cookies contain information about the source and the storage period. These cookies are unable to store any other data.

b) Legal Basis for Data Processing

Data processing is performed pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4, 16, 17 BayDig. If the processing of personal data is based on consent, it is done subject to Article 6 paragraph 1 letter a GDPR, §25 TTDSG.

c) Duration of Data Processing

Session cookies are automatically deleted at the end of your visit when you close your browser or leave the website.

d) Objection and Deletion Options

The cookies used are stored on your computer and transmitted from it to LMU's website. As a user, you therefore have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

How do I adjust the cookie settings in my browser?

Every browser is different when it comes to setting cookies and your preferences. Please learn about this on the respective pages:

• Mozilla Firefox ↗
• Google Chrome ↗
• Apple Safari ↗
• Microsoft Internet Explorer ↗
• Microsoft Edge ↗

The use of JavaScript applications can be disabled by configuring your browser. Disabling it may affect the display of some elements, for example, contact forms, video players, or collapsible elements.

However, some elements on our website require that the web browser accessing them can still be identified after switching pages. If cookies are disabled for LMU's website, it may no longer be possible to use all of the website's features.

Specific information on data processing on the LMU internet pages

V. Your Data Protection Rights

Personal data is processed to the extent described above on LMU's website. To this extent, you are a data subject as defined by the GDPR and you have the following rights with respect to LMU:

V.1 Right of Access

Pursuant to Article 15 GDPR, you may request confirmation from LMU as to whether we are processing personal data relating to you.

If such processing is taking place, you may request information about the personal data being processed and the following additional information:

• The purposes for which the personal data is processed;
• The categories of personal data being processed;
• The recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;
• The planned duration of storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
• The existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller or controllers, and a right to object to such processing;
• The right to lodge a complaint with a supervisory authority; the data protection supervisory authority directly responsible for LMU is the Bavarian Data Protection Commissioner ↗.
• Any available information about the source of the data, if the personal data is not collected from you;
• The existence of automated decision-making, including profiling, pursuant to Article 22 paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject;
• You have the right to request information about whether personal data relating to you is transmitted to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.
• The right to access information is subject to legal restrictions and does not apply absolutely, but rather is limited in particular in the following cases:
• If a large amount of information is stored about the data subject, LMU may require specification as to what information or processing operations the request for information specifically relates to.
• Manifestly unfounded or excessive requests or frequent repetitions may lead to rejection or to an obligation to reimburse costs.
• The provision of information must not infringe the rights of LMU or other persons (in this respect, professional secrecy, business secrecy, data relating to other persons are excluded).
• Under the conditions specified in Article 10 BayDSG, information may be withheld.
• If data is processed for scientific or historical research purposes and for statistical purposes, your right to access data may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

V.2 Right to Rectification

Pursuant to Article 16 GDPR, you have a right of rectification and/or completion with respect to LMU, if the personal data processed relating to you is inaccurate or incomplete. LMU will rectify the data without undue delay to the extent required by law.

If data is processed for scientific or historical research purposes and for statistical purposes, your right to rectification may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

V.3 Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data relating to you pursuant to Article 18 GDPR:

If you dispute the accuracy of the personal data relating to you for a period enabling LMU to verify the accuracy of the personal data; Processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead; LMU no longer requires the personal data for the purposes of processing, but you need them for the assertion, exercise, or defense of legal claims, or If you have objected to the processing pursuant to Article 21 paragraph 1 GDPR and it has not yet been determined whether the legitimate grounds of LMU override your legitimate interests.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If processing has been restricted pursuant to the above conditions, you will be informed by LMU before the restriction is lifted.

If data is processed for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

V.4 Right to Erasure ('Right To Be Forgotten')

Pursuant to Article 17 GDPR, you may demand that LMU immediately erase the personal data relating to you. LMU is obligated to immediately erase this data if one of the following reasons applies:

• The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed, and processing for other purposes is unlawful.
• You withdraw your consent on which processing was based pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.
• You object to processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21 paragraph 2 GDPR.
• The personal data relating to you has been processed unlawfully.
• The erasure of the personal data relating to you is necessary for fulfillment of a legal obligation under Union or Member State law to which the controller is subject.
• The personal data relating to you has been collected in connection with information society services offered pursuant to Article 8 paragraph 1 GDPR.
• If LMU has made public the personal data relating to you and is obligated to erase it pursuant to Article 17 paragraph 1 GDPR, it shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of such personal data, taking into account the available technology and the cost of implementation.
• The right to erasure does not apply to the extent that processing is necessary for the exercise of the right to freedom of expression and information.
• For compliance with a legal obligation which requires processing under Union law or the law of a Member State which LMU is subject to, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in LMU.
• For reasons of public interest in the area of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 GDPR.
• For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 GDPR, if the right referred to in (a) above is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
• For the assertion, exercise, or defense of legal claims.

V.5 Right to Notification

If you have asserted the right to rectification, erasure, or restriction of processing with respect to LMU, we are obligated pursuant to Article 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right with respect to LMU to be notified about these recipients.

V.6 Right to Data Portability

Under the conditions of Article 20 GDPR, you have the right to receive the personal data concerning you that you have provided to LMU in a structured, common, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by LMU, provided that processing is based on consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract pursuant to Article 6 paragraph 1 letter b GDPR and processing is carried out with the help of automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from LMU to another controller if technically feasible. The freedoms and rights of others must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU.

V.7 Right to Object

Under the conditions of Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR.

LMU will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or for the assertion, exercise, or defense of legal claims.

You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated means using technical specifications.

Where personal data relating to you is processed for scientific or historical research purposes and for statistical purposes pursuant to Article 89 paragraph 1 GDPR, you also have the right to object to such data processing on grounds relating to your particular situation.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of those purposes (Article 25 BayDSG).

V.8 Right to Withdraw the Declaration of Consent under Data Protection Law

You have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The right of withdrawal will not affect the lawfulness of processing based on consent before its withdrawal (Article 7 paragraph 3 GDPR). Withdrawal must always be declared to the department at LMU that obtained the consent or to whom you gave your consent.

V.9 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).

The supervisory authority responsible for LMU is the Bavarian Data Protection Commissioner ↗. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

V.10 Assertion of Rights

If you believe that the processing of the personal data relating to you violates the GDPR or if you wish to otherwise exercise your rights, please first get in touch with the contact person responsible for the content of the respective website — as named in the imprint — and/or the responsible department with which you have been in contact regarding the data processing in question, as this will make a prompt review and any necessary remedial action possible on your behalf. This particularly applies if you wish to withdraw your consent. You can also contact the data protection officer at LMU. It is our goal and ambition to immediately clarify any questions related to data protection and to resolve any data protection issues without delay.

Data Protection Information about Specific Data Processing

I. Use of Email-Contact

a) Scope and Purpose of Data Processing

it is possible to send an email to an LMU email address provided for use on the respective website.

If you send us an email, we will process your email address and your message.

We would like to point out that you may only address inquiries to LMU email addresses, i.e., those that have been specified on LMU's this website and made available for communication.

Please note that the use of unencrypted email is inherently insecure, i.e., it may be read, altered, or intercepted by third parties during transmission. Please take this into account when sending us information by email. For this reason, please use the postal service for sending messages requiring privacy. , or use the public S/MIME (X509) certificate to encrypt your message. Please use only this key to encrypt your email sent to us as otherwise we may be unable to read your email. Courts, authorities, lawyers and all other legitimate users have the opportunity to communicate confidentially and securely with the LMU via the special administrative mailbox.

If you want to send us an unencrypted email, it is preferable to use a functional LMU address, provided that such an address is provided on the website or you have been informed of it. Please note that if you send us an email request, we will be unable to verify your identity and will not know who is behind the email address. Legally secure communication via an unsigned email is not guaranteed. Even when encrypted. In order for us to be able to send you sensitive information, please also provide us with your postal address when making inquiries. It may otherwise not be possible to provide you with the required information. If you wish to receive an encrypted email from us, please provide the necessary information.

At LMU we sometimes use filters to prevent unsolicited commercial email (UCE or spam), which may also incorrectly identify emails as spam and delete them in some cases. Emails that might contain harmful programs, e.g. viruses, are deleted automatically. The use of contact data published in the context of the imprint obligation or on other websites of the LMU for sending unsolicited advertising and information materials is hereby expressly prohibited. The controller expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, including through spam e-mails.

b) Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR. Your consent will be obtained as part of the transmission process and reference will be made to the relevant Privacy Policies. We would like to point out that the processing of data may also be done based on Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG. Processing of the personal data you provide is necessary for the purpose of processing your request.

c) Duration of Data Processing

The data is only processed for as long as your request is being handled and for the purpose of communication with you and will not be disclosed to third parties or used for other purposes unless further processing is permitted by law.

d) Objection and Deletion Option

You have the option to withdraw your consent for the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further conversation or correspondence will then no longer be possible.

II. Use of other Means of Communication (e.g., Postal Mail, Telephone, Fax)

You can contact LMU and IBE using the contact details provided on the website.

If you send us a request or express an idea by mail, telephone, or fax, the information provided will be processed exclusively for the purpose of handling your request and for any follow-up questions and the exchange of ideas. We generally use the same communication channel for this purpose, unless you specify an alternative.

Personal data can only be communicated to authorized persons and if satisfactory identification and transmission security is ensured. A postal address is also generally required for communication and must be provided.

III. Data Protection Provisions on the Use and Application of Twitter and Twitter Icons

Our website uses social media icons of the provider Twitter https://twitter.com/ ↗. They are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. For those residing within the EU, the responsible company is the Irish company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The icons feature an Twitter logo.

a) Scope and Purpose of Data Processing

By using Twitter and the "re-tweet" feature, the websites you visit are associated with your Twitter account and disclosed to other users. Data is also transmitted to Twitter.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Twitter.

More information about this is available in Twitter's privacy policy at https://twitter.com/privacy ↗.

b) Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the purpose of public relations (Article 2 BayHIG).

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Twitter to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.

The use of Twitter is the responsibility of the user based on Twitter's privacy policy https://twitter.com/privacy ↗.

c) Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Twitter, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

d) Objection and Deletion Options

For a detailed presentation of the forms of processing involved and the options to object (opt-out), please refer to the privacy policy and information provided by the operator Twitter Inc:

• Information on what data is processed by Twitter and for what purposes is available in Twitter's privacy policy: https://twitter.com/privacy ↗
• More information on these points is available on the following Twitter support pages: https://support.twitter.com/articles/105576# ↗ and https://help.twitter.com/en/resources/how-you-can-control-your-privacy ↗
• Information about the option to view your own data on Twitter is available here: https://support.twitter.com/articles/20172711# ↗
• Information about the inferences that Twitter makes about you is available here: https://twitter.com/yourtwitterdata ↗
• Information on the available personalization and privacy setting options is available here (with additional references): https://twitter.com/personalization ↗
• You also have the option of requesting information via the Twitter privacy policy inquiries form and how to request, download, and view your Twitter archive: https://support.twitter.com/forms/privacy ↗ and https://support.twitter.com/articles/20170320# ↗

If you do not want Twitter to be able to associate your visit to our website with your Twitter account, please log out of your Twitter account, delete the respective cookies, and block the execution of script content from Twitter in your browser, e.g., with script blockers from https://www.noscript.net ↗ or https://www.ghostery.com/ ↗.

Currently not necessary - comment out before publishing:

Use of ... [Template, e.g. for Intranet]

a) Scope and Purpose of Data Processing

b) Legal Basis of Data Processing

c) Duration of Data Processing

d) Objection and Deletion Options

Data Processing as Part of Submitting Applications

a) Scope and Purpose of Data Processing

LMU collects and processes personal data of applicants for the purpose of filling public positions at LMU and, for this purpose, to ensure a lawful examination of the applications as part of the application process and to be able to make a selection decision. The data provided is collected, stored, and processed electronically. In particular, this comprises:

• Personal data (first name and last name, date of birth, address, school degree, severe disability, if applicable)
• Communication data (telephone number, cell phone number, fax number, email address)
• Education data (school, vocational training, university studies, doctoral studies, habilitation)
• Data on your professional career to date, educational and work references
• Information on other qualifications (e.g., language and PC skills)
• Application photo, if applicable
• Additional data required for the vacant position

The personal data you provide will be used exclusively for processing the application for the open position. The data will only be disclosed to persons involved in the application process. They may also include external experts, e.g., for appointment procedures, who are sworn to secrecy.

Unauthorized disclosure to third parties or third countries does not take place.

b) Legal Basis of Data Processing

Data processing is performed pursuant to Article 6 paragraph 1 sentence 1 letter b GDPR, Article 9 paragraph 2 letters b and h GDPR, Article 88 paragraph 1 GDPR, and Article 8 paragraph 1 sentence 1 nos. 2 and 3 BayDSG. By submitting your application, you confirm that you consent to data processing as part of and for the duration of the selection procedure. If an employment relationship is established following the application process, the personal data required in the context of employment will be processed in accordance with Article 88 paragraph 1 GDPR in conjunction with Article 8 BayDSG and, if applicable, in conjunction with Article 103 et seq. BayBG [Bavarian Civil Service Act].

c) Duration of Data Processing

If no employment relationship is established following the application process, the application documents are erased six months after notification of the rejection decision. The erasure period results from Article 17 paragraph 3 letter b GDPR in conjunction with Section 15 paragraph 4 AGG [General Equal Treatment Act], and Section 61b paragraph 1 ArbGG [Labor Court Act].

d) Objection and Deletion Options

You have the option of objecting to data processing and requesting the erasure of your data. Your objection or any request for erasure will prevent the data from being processed and will therefore be deemed to be a withdrawal of the application. Applicants will receive additional information on data protection from the department responsible for filling the position following receipt of the application.

Photo Publication

a) Scope and Purpose of Data Processing

During events and appointments, photos may be taken in which you may be identifiable. These photos may be published on LMU's website.

b) Legal Basis of Data Processing

Data processing is performed as part of public relations work pursuant to Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG, Article 2 BayHIG, or based on your consent pursuant to Article 6 paragraph 1 letter a GDPR.

c) Duration of Data Processing

Data processing will be performed as long as it is necessary for the fulfillment of the LMU's tasks or until your consent is withdrawn.

d) Objection and Deletion Option

You can object to photos being taken and/or published. You can withdraw your consent at any time with effect for the future. Validity of the Privacy Policy

LMU's Privacy Policy applies to all of LMU's websites for which LMU is responsible under data protection law.

It applies as a supplement to the extent that LMU processes personal data at its own responsibility on social networks:

https://de-de.facebook.com/lmu.muenchen/ https://www.instagram.com/ https://www.youtube.com/ https://www.instagram.com/lmu.muenchen/ https://www.youtube.com/channel/UCmIoovqeiujBp1sZHI7-poQ https://de.linkedin.com/school/lmu.muenchen/

When we provide links to websites of other organizations, this Privacy Policy does not apply to the processing of personal data by those organizations. We therefore recommend that you read the privacy policies on the other websites you visit.

A supplementary Privacy Policy may also apply to the respective LMU website, to the extent that the person or persons responsible for the content of the LMU website perform additional processing of personal data and provide information about this. This applies in particular if specific services are provided by individual departments or units. In each case, the supplementary data protection information on each of LMU's websites is part of LMU's Privacy Policy. Version and Changes to the Privacy Policy

LMU's Privacy Policy for its website was last revised on 10/31/2022. We reserve the right to regularly update this Privacy Policy to reflect current legal requirements and technical changes and to implement our services and offerings in a manner that complies with data protection laws. For your visit to an LMU website, the current version applies at the time of the visit.

?? II.1 Data Protection Provisions on the Use and Application of Facebook and Facebook Icons

Our website uses social media icons of the social network facebook.com. The web pages at https://www.facebook.com/?target=_blank and the services on these pages are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ("Facebook"). The icons feature a Facebook logo.

a) Scope and Purpose of Data Processing

We use social media icons from Facebook only in extended privacy mode. By default, no automated connection is made to Facebook's servers. This means that Facebook does not receive any data from website visitors when they access LMU's website.

If you are logged into Facebook while visiting our website, Facebook can associate the visit with your Facebook account. If you interact with Facebook, this information is transmitted directly from your browser to Facebook and stored there. We are not aware of what data Facebook associates with the personal data received and for what purpose Facebook uses this data.

If you are not a user of Facebook, there is still the possibility that Facebook will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Facebook.

The purpose and scope of data collection and the further processing and use of data by Facebook is available in Meta’s privacy policy at https://www.facebook.com/about/privacy/?target=_blank.

b) Legal Basis of Data Processing

The data processing takes place for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of public relations (Article 2 BayHIG).

For data processing by Meta in the USA, there is currently no recognized adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Meta to arrange the standard EU data protection clauses and provide for additional technical and organizational protective measures.

The use of Facebook is the responsibility of the user based on Meta’s privacy policy (https://www.facebook.com/about/privacy/?target=_blank; https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active/?target=_blank).

c) Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Meta, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

d) Objection and Deletion Options

Please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/?target=_blank for your rights and settings options for protecting your privacy on Facebook.

If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account, delete the respective cookies, and block the execution of script content from Facebook in your browser, e.g., with script blockers from https://www.noscript.net/?target=_blank or https://www.ghostery.com/?target=_blank.

II.2 Data Protection Provisions on the Use and Application of Instagram and Instagram Icons

Our website uses social media icons of the social network instagram.com. Instagram is an ad-supported online photo and video sharing service owned by Meta. The icons feature an Instagram logo.

a) Scope and Purpose of Data Processing

We use social media icons from Instagram only in extended privacy mode. By default, no automated connection is made to Instagram's servers. This means that Instagram does not receive any data from website visitors when they access LMU's website.

If you are logged into Instagram while visiting our website, Instagram can associate the visit with your Instagram account. If you interact with Instagram, this information is transmitted directly from your browser to Instagram and stored there. We are not aware of what data Instagram associates with the personal data received and for what purpose Instagram uses this data.

If you are not a user of Instagram, there is still the possibility that Instagram will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.

The purpose and scope of data collection and the further processing and use of data by Instagram is available in Instagram's privacy policy at https://help.instagram.com/519522125107875/?target=_blank.

b) Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of performing public relations (Article 2 BayHIG)

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Instagram to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.

The use of Instagram is the responsibility of the user based on Instagram's privacy policy (https://help.instagram.com/519522125107875/?target=_blank).

If you do not want Instagram to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account, delete the respective cookies, and block the execution of script content from Instagram in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com/?target=_blank.

?? II.4 Data Protection Provisions on the Use and Application of YouTube and YouTube Icons

Embedded on some of our web pages are videos from the third-party video platform YouTube (https://www.youtube.com) operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. YouTube is a video portal owned by YouTube, LLC, a subsidiary of Google LLC. The icons feature a YouTube logo.

a) Scope and Purpose of Data Processing

We use embedded YouTube videos in extended privacy mode. By default, only disabled images from the YouTube channel are embedded, which do not automatically make a connection to YouTube's servers. This means that YouTube does not receive any data from website visitors when they access LMU's website.

You can decide for yourself whether the YouTube videos should be enabled. Only when you enable the playback of the videos by clicking "Permanent Activation" do you give your consent for the data required for this (including the URL of the current website and the IP address) to be transmitted to YouTube. When playing the videos, YouTube may store additional cookies via your browser and associate the data with its own user profiles or use the data for its own purposes. We have no influence over this storage.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by YouTube.

To save the setting you want, we set a cookie that saves the parameters. However, when setting these cookies, we do not store any personal data; they only contain anonymized data for adjusting the browser. The videos are then enabled and you can play them.

If you enable YouTube videos and are logged in as a member of YouTube, YouTube will associate this information with your personal user accounts. For more information on the collection and use of data by YouTube, please refer to YouTube's privacy policy at https://www.google.com/intl/de/policies/privacy/; https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

b) Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the fulfillment of public relations (Article 2 BayHIG).

Due to data processing in the USA, however, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured.

The use of YouTube is the responsibility of the user based on YouTube's privacy policy (https://policies.google.com/privacy?hl=en-GB).

c) Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by YouTube, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

d) Objection and Deletion Options

If you would like to disable the automatic playing of YouTube videos again, you can uncheck the box for consent below the privacy icon. This will also update the cookie settings.

For any options to object, we refer to the privacy policy and information from the operator YouTube:

Information on what data is processed by YouTube/Google and for what purposes is available in YouTube and Google's privacy policy: https://policies.google.com/privacy?hl=en-GB Option to object (opt-out plugin): https://tools.google.com/dlpage/gaoptout?hl=en Settings for the display of ads: https://adssettings.google.com/authenticated

If you do not want YouTube to be able to associate your visit to our website with your YouTube account, please log out of your YouTube account, delete the respective cookies, and block the execution of script content from YouTube in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.