Data Privacy Statement
State
Version 0.91 from 22.5.2018
As a statutory corporation the LMU falls under the bavarian Data Protection Law,
the German federal Data Protection Law, the european General Data Protection Regulation and assorted
special laws concernd whit Data Protection (Tele-Media Laws, Telecommunication Laws, Work Laws, etc.)
This Data Privacy Statement serves to fullfill the duty to supply information to the user accrued through
the aforementioned laws.
Contact Persons
Data Security Officer of the Ludwig-Maximilians-Universität München
Dr. Rolf Gemmeke
Geschwister-Scholl-Platz 1, 80539 München
Tel.: +49 (0) 89 2180-2414
Webpage of the Data Security Officer of the LMU
Regulatory Agency for Data Protection in the public sector
Bayerischer Landesbeauftragter für den Datenschutz
Promenade 27
91522 Ansbach
Telefon: +49 (0) 981 53 1300
Webpage of the bavarian Data Security Officer
Data Security Coordinator of the Instituts für Informatik of the LMU
Robert Hofer
E-Mail: dsk@ifi.lmu.de
Telefon: +49 (0) 89 / 2180 - 9198
Party responsible for data processing
Ludwig-Maximilians-Universität München
Geschwister-Scholl-Platz 1
80539 München
Telefon: +49 (0) 89 / 2180 - 0
Email: praesidium@lmu.de
The Ludwig-Maximilians-Universität München is a statutory corporation. It is legally represented by President Prof. Dr. Bernd Huber.
Responsible Department
Rechnerbetriebsgruppe of the Department "Institut für Informatik" of the Ludwig-Maximilians-Universität München
Oettingenstraße 67
D-80538 München
E-Mail: rbg@ifi.lmu.de
Telefon: +49 (0) 89 / 2180 - 9198
Processing of personal Data
The IT operation and organisation of the Institut für Informatik is done according to
the state of the Art and common recomendations for security concerns and IT operations.
This guaranties the protection of personal data and the sustainable operation within the
bounds of capabilities.
1. Webserver Logs
Persons concerned
Every user of this webserver is subject to the accquisition and processing of the relevant data.
What data is accquired?
The webserver logs
- pseudonymized IP-address of the webclient of the users of this service
- Time and date of access to elements of this website
- addresse of the accessed element
- amount of data transfered
- Success or failure of access/download
- Make and Version of the webbrowser
- errorlogs if applicable
- search query string if applicable
The anonymization of IP-addresses is temporarily suspended in case of a service disruption
or a security issue
Appropriation
The accquired data is used solely for statistical purposes(anonymized), for the improvement of the service,
for analytical purposes, removal and prefention of service disruptions and in case of Secutity incidents.
Only IT administrators from the Instituts für Informatik concerned with the opperation of the system
have access to the data.
Legal or contractual foundation of Data Processing
- Requirement for sustainable and secure opperation of IT services according to the State of the Art (TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
- Rechtsprechung zur Aufbewahrungsdauer und Art von Webserverprotokollen
- Jurisprudence concerning retention period and type of webserverlogs
- Execution of a duty in the public interest.
Information
The first contact for inquiries is the aforementioned Responsible Department.
Deletion
The webserver logs will be automatically deleted after 7 days. Logs retained because of a service disruption or a security incident will
be deleted after the resolution of the relevant event.
Consent, Correction, Disputation, Request of Deletion or Transfer
User consent to the data processing is not required because of the type of acquired data, the purpose of the data processing,
the automatic deletion and the foundation of the data processing (DSGVO Art.6 Abs.1 e+f).
Because no consent is required and because of the type and purpose of the accquired data the user has no right to dispute the data processing,
no right to request deletion, correction and transfer of the data.
Right to complain
User can generally lodge a complaint with the Regulatory Agency about any processing and forwarding of personal data.
In case of the LMU the Regulatory Agency is the aforementioned Regulatory Agency for Data Protection in the public sector.
All contact persons mentioned above can be contacted concerning complaints and inquiries too.
Obligation to participate in data processing
To use the service the user is required to provide the necessary data and to consent to the processing of the data.
We reserve the right to refuse service to users who do not provide the data.