Info Data Privacy Statement

Data Privacy Statement

State

Version 0.91 from 22.5.2018

As a statutory corporation the LMU falls under the bavarian Data Protection Law, the German federal Data Protection Law, the european General Data Protection Regulation and assorted special laws concernd whit Data Protection (Tele-Media Laws, Telecommunication Laws, Work Laws, etc.) This Data Privacy Statement serves to fullfill the duty to supply information to the user accrued through the aforementioned laws.

Contact Persons

Data Security Officer of the Ludwig-Maximilians-Universität München

Dr. Rolf Gemmeke
Geschwister-Scholl-Platz 1, 80539 München
Tel.: +49 (0) 89 2180-2414
Webpage of the Data Security Officer of the LMU

Regulatory Agency for Data Protection in the public sector

Bayerischer Landesbeauftragter für den Datenschutz
Promenade 27
91522 Ansbach
Telefon: +49 (0) 981 53 1300
Webpage of the bavarian Data Security Officer

Data Security Coordinator of the Instituts für Informatik of the LMU

Robert Hofer
E-Mail: dsk@ifi.lmu.de
Telefon: +49 (0) 89 / 2180 - 9198

Party responsible for data processing

Ludwig-Maximilians-Universität München
Geschwister-Scholl-Platz 1
80539 München
Telefon: +49 (0) 89 / 2180 - 0
Email: praesidium@lmu.de
The Ludwig-Maximilians-Universität München is a statutory corporation. It is legally represented by President Prof. Dr. Bernd Huber.

Responsible Department

Rechnerbetriebsgruppe of the Department "Institut für Informatik" of the Ludwig-Maximilians-Universität München
Oettingenstraße 67
D-80538 München
E-Mail: rbg@ifi.lmu.de
Telefon: +49 (0) 89 / 2180 - 9198

Processing of personal Data

The IT operation and organisation of the Institut für Informatik is done according to the state of the Art and common recomendations for security concerns and IT operations. This guaranties the protection of personal data and the sustainable operation within the bounds of capabilities.

1. Webserver Logs

Persons concerned

Every user of this webserver is subject to the accquisition and processing of the relevant data.

What data is accquired?

The webserver logs
  • pseudonymized IP-address of the webclient of the users of this service
  • Time and date of access to elements of this website
  • addresse of the accessed element
  • amount of data transfered
  • Success or failure of access/download
  • Make and Version of the webbrowser
  • errorlogs if applicable
  • search query string if applicable
The anonymization of IP-addresses is temporarily suspended in case of a service disruption or a security issue

Appropriation

The accquired data is used solely for statistical purposes(anonymized), for the improvement of the service, for analytical purposes, removal and prefention of service disruptions and in case of Secutity incidents. Only IT administrators from the Instituts für Informatik concerned with the opperation of the system have access to the data.

Legal or contractual foundation of Data Processing

  • Requirement for sustainable and secure opperation of IT services according to the State of the Art (TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
  • Rechtsprechung zur Aufbewahrungsdauer und Art von Webserverprotokollen
  • Jurisprudence concerning retention period and type of webserverlogs
  • Execution of a duty in the public interest.

Information

The first contact for inquiries is the aforementioned Responsible Department.

Deletion

The webserver logs will be automatically deleted after 7 days. Logs retained because of a service disruption or a security incident will be deleted after the resolution of the relevant event.

Consent, Correction, Disputation, Request of Deletion or Transfer

User consent to the data processing is not required because of the type of acquired data, the purpose of the data processing, the automatic deletion and the foundation of the data processing (DSGVO Art.6 Abs.1 e+f). Because no consent is required and because of the type and purpose of the accquired data the user has no right to dispute the data processing, no right to request deletion, correction and transfer of the data.

Right to complain

User can generally lodge a complaint with the Regulatory Agency about any processing and forwarding of personal data. In case of the LMU the Regulatory Agency is the aforementioned Regulatory Agency for Data Protection in the public sector. All contact persons mentioned above can be contacted concerning complaints and inquiries too.

Obligation to participate in data processing

To use the service the user is required to provide the necessary data and to consent to the processing of the data. We reserve the right to refuse service to users who do not provide the data.