EUGLOH Privacy Statement

The European University Alliance for Global Health (EUGLOH) is a network of five European universities, which is co-funded by the Erasmus+ Programme of the European Union. The EUGLOH members are: Université Paris-Saclay (UPSaclay), Lund University (LU), Ludwig-Maximilians-Universität München (LMU), Universidade do Porto (UPorto), University of Szeged (USZ).

The LMU is responsible for the hosting, editing and overall maintenance of this website. To this end, the LMU is supported by the European Research Project Office GmbH in the creative concept, technical set-up and content provision. A Data Processing Agreement according to Article 28 GDPR was signed between European Research and Project Office GmbH and LMU.

European Research Project Office GmbH
Heinrich-Hertz-Allee 1
66386 St. Ingbert, Germany
Phone: +49 6894 388 130
Fax: +49 6894 388 1389
Email: contact@eurice.eu

As this internet page is hosted and published by the LMU the “General Data Protection Policy for the Internet Pages” of the LMU as outlined below applies. Furthermore, additional data privacy rules for uniquely EUGLOH-specific online communication activities are included.

I. Contact Information in Connection with the Internet Presence of the LMU

I.1 Information on the Person Responsible for Data Protection at the LMU

The person responsible for the LMU internet pages within the meaning of the General Data Protection Regulation (GDPR) and of other national data protection laws or other provisions relating to data protection, is the LMU, which is legally represented by their president. Contact information can be found here (copyright).

The particular facilities of the LMU are each responsible for the content offered on the internet pages of the LMU. Please direct any questions relating to a particular internet page of the LMU to the particular contact party who is listed for the particular internet page in the copyright notice. For EUGLOH please contact: eugloh@lmu.de

I.2 Name and Address of the Official LMU Data Protection Officer

The contact data of the official LMU data protection officer is found on the internet page of the LMU at www.lmu.de/datenschutz.

The official data protection officer is available to answer questions about data protection at the LMU. Please use the contact form on the internet page of the official LMU data protection officer for any questions: https://www.uni-muenchen.de/einrichtungen/orga_lmu/beauftragte/dschutz/Datenschutzkontaktformular.html. Please also use this form to report any data protection events which become known to you from your use of the LMU internet pages.

II. General Information about Data Processing on the LMU Internet Pages

II.1 Applicability of the Data Protection Policy

This data protection policy applies to the processing of personal data in connection with the LMU internet presences.

  • According to Art. 4 item 1 GDPR “personal data” means all information which relates to an identified or identifiable, natural person; the term “identifiable” is deemed to mean a natural person who can be identified directly or indirectly, in particular through assignment of an identifier such as a name, an identifying number, location data, an online identity or one or several special features which are an expression of physical, physiological, genetic, psychic, financial, cultural or social identity of this natural person.
  • According to Art. 4 item 2 GDPRGDPR, “processing” means any process executed with or without the aid of automated methods, or any such set of methods in connection with personal data, such as the collection, acquisition, organization, ordering, saving, adapting or changing, read-out, query, use, disclosure by means of transmittal, dissemination or any other form of manipulation, coordination or linking, limitation, deletion or destruction.

II.2 Purpose and Legal basis for Processing of Personal Data

In accordance with Art. 2 para. 6 BayHSchG Bayerisches Hochschulgesetz (Bavarian University law), Art. 4 para. 1 lines 1 and 2 Gesetz über die elektronische Verwaltung in Bayern (Law on electronic administration in Bavaria), on our web pages we offer our services and administrative services, and also information for the public about our activities. Personal data will only be processed on the LMU internet pages provided this is necessary to provide a functioning internet page, to present the particular content, or to provide certain services or offers. The processing of personal data occurs either owing to a legal requirement or based on the user’s consent. When processing of personal data is based on a consent, then such processing shall occur based on Art. 6 para. 1 (a) GDPR. Art. 6 para. 1 (b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the user is a party. Insofar as processing personal data is required to fulfil a legal obligation to which the LMU is subject, the applicable legal basis is provided by Art. 6 para. 1 (c) GDPR. In the event that the vital interests of the affected person or other natural person require the processing of personal data, the applicable legal basis is provided by Art. 6 para. 1 lit. e, para. 3 lit. b GDPR i.V.m. Art. 4 para. 1 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law). The processing may also be required in fulfillment of a mission which has been assigned to the LMU and which is in the public interest (Art. 6 para. 1 (b) GDPR). Additional legal basis may also arise from special-legal or other legal regulations, to which reference is made in the particular, individual case.

We use cookies, protocol data files and web analysis tools to prepare business statistics, to implement organizational studies, to check or maintain our web services and to ensure network and information security according to Art. 6 para. 1 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law), § 13 para. 7 TMG, Art. 11 para. 1 Gesetz über die elektronische Verwaltung in Bayern (Law on electronic administration in Bavaria). Insofar and inasmuch as the purpose of the processing is not adversely impacted, we will anonymize or pseudomize your personal data.

II.3 Data Deletion and Retention Period

The personal data of users of the LMU internet pages will be deleted or anonymised inasmuch as and provided the particular purpose of the retention has expired and there is no archiving requirement. Deletion or erasure of the data will also occur when a retention period as specified by the European or domestic legislature in EU regulations, laws or other specifications to which the LMU is subject, has expired, unless there is a requirement for continued retention of the data for completion of or fulfilment of a contract. If provided in the referenced regulation, retention for a longer period is possible.

In addition, we are obliged to respect various obligations to retain information and furnish evidence in accordance with, among other things, the German Commercial Code (Handelsgesetzbuch (HGB)) and the German Tax Code (Abgabenordnung (AO)). According to these Codes, the periods for storage amount to a maximum of ten years. Finally, the period of storage is also subject to statutory periods of limitation which, for instance in accordance with §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch (BGB)), in general amount to three year but, in certain cases, can also amount to a maximum of thirty years.

II.4 Data Security

In order to protect your data in a reasonable and comprehensive manner during the processing, and in particular to protect against its transmittal, where necessary and with reference to the prior art, we use appropriate encryption techniques and secure technical systems (e.g. SSL/TLS).

II.5 Transfer of Personal Data to Third Countries.

With regard to the services offered on the EUGLOH website, there is no transmission of your data to any third country (countries outside the European Economic Aera (EEA)). Your data will, in principle, be processed in the European Union. In order to reach broader public and to promote our project activities we also use the services of Instagram, Facebook and Twitter, whose servers are situated outside the EU.

III. Specific Information on Data Processing on the EUGLOH Page Hosted by LMU

Every time you visit an LMU website, the LMU system automatically collects data and information from the computer system of the accessing computer. In addition, we process your personal data to the extent you provide such data via the EUGLOH page hosted by LMU. In the processing of your personal data we take into account in particular the principles of data protection relating to lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security), accountability.

III.1 Protocols and Preparation of Logfiles

Due to occurring security-related events, e.g. attempted hacking attacks, relevant access data will be saved for every access on all central hosted webpages. The LMU internet server is operated for the LMU by its IT department (Department VI), Geschwister-Scholl-Platz 1, 80539 München, E-Mail: it.internet@verwaltung-uni-muenchen.de).

Depending on the used access protocol, the protocol data set contains data with the following content:

  • IP address for the inquiring computer
  • Date and time of the inquiry
  • Access method/function requested by the inquiring computer
  • Input values (file name etc.) transmitted by the inquiring computer.
  • Access status of the web server (data file transmitted, data file not found, command not executed, etc.).
  • Name of the requested data file
  • URL from which the file was requested/the desired function was initiated
  • Information on browser type
  • The user’s operating system
  • Internet pages from which the user's system accessed the LMU internet page
  • Internet pages that are called from the LMU internet pages

a) Purpose of the Protocol

The saved data are used for purposes of identification and tracking of allowed access and of impermissible access attempts, for maintenance of the internet page functionality on the internet server, and - in anonymized form - for optimizing of the internet offering. Temporary saving of the IP address is also necessary in order to enable delivery of the LMU internet page to your computer. For this purpose the user’s IP address must remain stored for the duration of the session. This data is not stored by the LMU together with other personal data.

b) Retention Period

The recorded data are saved for a maximum of seven days and then deleted. A longer retention period may occur in an individual case, provided a violation related to security was discovered. Irrespective thereof, retention for an even longer period is possible. In such a case, your IP address will be deleted or scrambled so that an allocation to the calling client is no longer possible.

c) Evaluation of the Protocol

Evaluation of the protocol occurs by the authorized employee of the IT department (Department VI), Geschwister-Scholl-Platz 1, 80539 München, E-Mail: it.internet@verwaltung-uni-muenchen.de) under contract with the LMU and observing the provisions of data protection law.

If the data is urgently required for maintenance of the internet page and the saving of the data in logfiles is required for operation of the internet page, then you will not be entitled to a right of objection.

III.2 Use of Session Cookies

Session cookies apply to technically enable

  • event registrations and
  • the access to the administration platform

on the EUGLOH website. The use of session cookies is a justified interest pursuant to Art. 6 (1) (f) GDPR.

III.3 Use of Webpage Analysis Tool Matomo (formerly PIWIK)

Programs for evaluation of user behavior on the LMU internet pages are only used by the LMU in an anonymized form. On EUGLOH website the Open-Source-Software-Tool Matomo (formerly PIWIK) is used for the analysis of the user’s surfing behaviour. This software places a cookie on the user’s computer. If individual pages - even sub-pages - of our internet pages are accessed , then the following anonymized data is saved.

  • Two bytes of the IP address of the accessing system (user’s system)
  • The accessed internet page
  • The internet page from which the user has arrived at the accessed internet page (referrer)
  • The sub-pages which are accessed on this internet page
  • The time spent on the internet page
  • The frequency of accessing the internet page
  • Information about the operating system, type of browser, video display resolution

The software Matomo is set up so that the full IP addresses will not be saved, but rather two bytes of the IP address are masked. In this way a clear connection with the accessing computer will not be possible. Therefore, your IP address will always be anonymized before any evaluation.

The software runs exclusively on the servers of the LMU. Any saving of data occurs only on these servers. Any transfer to third parties does not occur. Additional information on Matomo is found at https://matomo.org/docs/privacy/.

The use of Matomo can be disabled in general by making a corresponding setting in your internetbrowser.

You can decide whether an unambiguous internet analysis cookie may be saved in your browser in order to allow the operator of the internet page to acquire and analyse various statistical - not personal - data. The use of an internet analysis cookie serves the purpose of improving the quality of the internet pages and their content, and for improving user convenience. Web analysis cookies make it clear how the internet page is being used, so that the offering can be optimized.

However, if you decide against it, then please disable the checkbox to set the Matomo deactivation cookie in your browser.

The use of Google Analytics on the LMU web servers does not occur for reasons of data protection.

III.4 Use of RSS

An RSS feed is a form of the classical newsletter that you can read either with your browser or with a special program (RSS reader). We offer an RSS feed to inform you about current EUGLOH events and news.

III.5 Newsletter

Form for newsletter registration

  • Scope of processing of personal data
    The data you enter when registering for our newsletter.
  • Lawful basis for processing personal data
    Art. 6 (1) lit. (a) GDPR (consent by a clear affirmative action or behaviour)
  • Purpose of data processing
    We will only use the data you enter into the login screen of our newsletter for the purpose of sending you our newsletter, in which we provide you with information about our services and news. Following registration we will send you a confirmation e-mail that contains a link that you must click on in order to complete your registration to receive our newsletter (double opt-in).
  • Duration of data storage
    You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link that appears in every newsletter. Following unsubscription we will delete your data without delay. We will not save your personal data before completing the double-opt-in process. We reserve the right to delete data without giving reasons and without informing you in advance or subsequent to deletion.
  • Option to object to and remove data
    The options for objecting to and removing the data are determined in accordance with the general rules on the right to object to and delete data, as required by data-protection law, that are outlined later in this data protection declaration.

If you would like to receive the newsletter, we need your email address that will allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.

We use a double opt-in procedure so your contacts receive only the emails they've agreed to get. In order for a potential subscriber to sign up for a newsletter, they have to complete all the steps of this process. This process is complete once a user has clicked on the confirmation link in the double opt-in email. Their email address will be activated in your contact list only once they've confirmed their subscription.n the confirmation link in the double opt-in email. Their email address will be activated in your contact list only once they've confirmed their subscription.

We use this data exclusively for sending information and offers you have requested.

Sendinblue is the email marketing software used. This means your information is transmitted to Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (formerly named: Newsletter2Go). Sendinblue is prohibited from selling your data and from using it for purposes other than sending email. Sendinblue GmbH is a certified German email marketing software provider, working in accordance with the European Regulation 2016/679, as well as the German Federal Data Protection Act (BDSG). A data processing agreement between EURICE and Sendinblue has been concluded.

More information can be found here:
https://www.sendinblue.com/gdpr
https://www.sendinblue.com/legal/privacypolicy

When you give a company permission to store your personal information and email address and to send you marketing emails, you can revoke this consent at any time via the unsubscribe link in every mailing.

Data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection policy.

III.6 Event Registration Form and Use of Email

You can contact the EUGLOH team at LMU by sending an email at: eugloh@lmu.de

a) Event Registration Form

We process personal data (Art. 4 no. 2 GDPR) which we receive from you within the scope of your registration for and participation in a training session using the dedicated registration form embedded in our website.

This data includes:

  • First name
  • Last name
  • Gender
  • Nationality
  • University
  • Field of study/degree
  • Position
  • Email address

We process personal data in accordance with the provisions under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)). To meet contractual obligations (Art. 6 para. 1b GDPR)

Your registration data is processed for the purpose of the initiation, performance and conclusion of a contract and the related secondary obligations (Art. 6 para. 1 GDPR). These data are processed with the purpose of identifying you as a participant to the event, for reserving a place for you, creating a participants list and for enabling the planning and guarantee of a smooth operation. Subsequent to the event, your personal data is needed to issue certificates of participation and create participants lists in order to document towards the European Commission that the event actually took place.

If you make use of the registration form, the data provided in the particular input mask will be transmitted to the LMU and saved. Within the LMU, your data will be transferred to those persons that need them to fulfil their contractual obligations (e.g. Project Manager of the project). In addition, we may involve other service providers to fulfil our contractual and legal obligations. In addition, we may transmit your personal data to other recipients outside the LMU if this is required to fulfil our contractual and legal obligations. This includes, but is not limited to:

  • Financial institutions (SEPA payment media)
  • Financial authorities, courts
  • European Commission as funding body of the ERASMUS+ project European University Alliance for Global Health (EUGLOH)
  • Coordinator of the ERASMUS+ project European University Alliance for Global Health (EUGLOH) as representative of the project
  • Partners the European University Alliance for Global Health (EUGLOH)
  • Person responsible for organizing the webinar

Providing your personal data within the scope of registering for and participating in webinars relating to the European University Alliance for Global Health (EUGLOH) is voluntary. However, if you do not provide your data (first name, last name, gender, nationality, university, field of study/degree, position, email address) with your application, we cannot register you as participant to the webinar.

b) Use of an Email Address

It is possible to send an email to an LMU email address provided for use of the particular internet page. If you send us an email, then your email address and the other data provided by you will only be used for correspondence with you, and will be saved only as long as necessary for this purpose, unless some other legal grounds will justify its continuing retention.

Please note that the use of a non-encrypted email is fundamentally unsecure, that is, it may possibly be read, changed or captured by third parties along the transmission route. Please remember this when you send us information in an email. Therefore the sending of confidential messages should be either by regular mail or by S/MIME (X509-) encryption.

In the event that you wish to send us an encrypted message, please use the public X509-certificate for encryption of your message.

In order that we may also send you confidential messages, please also give us your postal address, if requested. Otherwise there is the possibility that no information can be shared.

In the event that you want to send us a non-encrypted email, then please use preferably a function address at the LMU, provided such an address is provided on the internet page.

Please note that in the case of an email inquiry, we cannot verify your identity and do not know who is concealed behind the email address. A legally secure communication by means of a simple, unsigned email is not ensured, not even if it is encrypted.

At the LMU we sometimes use filters against unwanted advertising (spam filters) that can also sometimes wrongly classify and delete emails as advertising. Emails that can contain harmful programs, e.g. viruses, are deleted automatically.

If you want to receive an encrypted email from us, then please provide us with the necessary information.

III.7 Use of Social Media

a) Twitter

We aim to regularly inform you about the current developments of the alliance making use of the short news service Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.for this purpose. Responsible for the data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Please note, that you use this service and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. share, rate).

1. Data processed by Twitter:

Information on which data and for what purposes is processed by Twitter can be found in the Twitter privacy policy: https://twitter.com/de/privacy

We have no influence neither on the type nor the scope of the data processed by Twitter. Furthermore, the type of data processing, the use of data or the transfer of data by Twitter cannot be affected. There are no effective means of control implemented.

By using Twitter, your personal data will be collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, transferred to, stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence.

Twitter processes data that you voluntarily enter such as your name and user name, e-mail address, telephone number or the contacts in your address book when you upload or synchronize it. Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address to send you advertising or other content.

For evaluation purposes, Twitter Inc. may use analysis tools such as Twitter or Google Analytics. We have no influence on the use of such tools by Twitter Inc. and have not been informed about such potential use. If tools of this kind are used by Twitter Inc. for our account, we have neither commissioned Twitter to do so nor approved of this or supported it in any other way. Neither will the data obtained during the analysis be made available to us. Only certain, non-personal information about the tweet activity, such as the number of profile or link clicks through a particular tweet, can be viewed by us via your account. Furthermore, we have no way of preventing or disabling the use of such tools on your Twitter account.

Finally, Twitter also receives information when you view content, even if you have not created an account. This so-called "log data" may include your IP address, browser type, operating system, information about the previously visited website and two of the pages you visited, your location, your mobile operator, the device you are using (including device ID and application ID), the search terms you used and cookie information. Twitter buttons or widgets embedded in web pages and the use of cookies enable Twitter to track your visits to these web pages and associate them with your Twitter profile. This data can be used to offer content or advertising tailored to you.

Since Twitter Inc. is a non-European provider with a European branch only in Ireland, it is not bound by German data protection regulations. This concerns, for example, your rights to information, blocking or deletion of data or the possibility of using usage data for advertising purposes to contradict. You have the possibility to limit the processing of your data in the general settings of your Twitter account as well as in the section

"Privacy and Security". In addition, you can restrict Twitter access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings there. However, this is dependent on the operating system used.

Further information on these points is available on the following Twitter support pages:
https://support.twitter.com/articles/105576#
https://help.twitter.com/de/search?q=datenschutz

You can find out about the possibility of viewing your own data on Twitter here:
https://support.twitter.com/articles/20172711#

Information about the conclusions drawn by Twitter about you can be found here:
https://twitter.com/your_twitter_data

Information on the available personalization and data protection settings can be found here (with further references):
https://twitter.com/personalization

You also have the option of requesting information via the Twitter privacy form or the archive requirements:
https://support.twitter.com/forms/privacy
https://support.twitter.com/articles/20170320#

2. Data processed by EUGLOH:

We may also process your personal data. Although we do not collect any data about your Twitter account ourselves, the data you enter into Twitter, in particular your user name and the content published under your account, will be processed by us to the extent that we re-tweet or reply to your tweets, if applicable, or write tweets that refer to your account. The data you freely publish and distribute on Twitter is thus included by us in and made accessible to your followers.

b) Facebook & Instagram

In addition to Twitter we also use Facebook and Instagram as part of our EUGLOH online communication activities to provide and to exchange information with specific target groups. To this end, we have placed the respective icon on the website. However, no active plugin is used in this case, thus no automatic transmittal of your personal data occurs when using those icons.

IV. Your Data Protection Rights as a Data Subject

As a part of the LMU internet presence, personal data is processed within the scope stated above. To this extent you are an affected person within the meaning of the GDPR and are entitled to the following rights with respect to the LMU:

IV.1 Right to Information

You can ask the LMU to confirm whether we process personal data concerning you.

If such data is processed, you can request the following information from the LMU:

  • The purposes of the processing for which the personal data are intended;
  • The categories of personal data processed;
  • The recipients or categories of recipients to whom personal data concerning you have been or will be disclosed;
  • The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • The right to request from the responsible officer to correct or delete your personal data, a right of restriction of processing or a right to object to processing as well as the right to data portability;
  • A right to complain to an oversight authority, in the case of the LMU the directly cognizant data protection oversight authority is the Bavarian State Officer for Data Protection (https://www.datenschutz-bayern.de);
  • All available information regarding the source of the data if personal data was not collected from you;
  • The existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the affected person.

You have the right to request information concerning whether your personal data will be transferred to a third country or international organization. In such cases, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR as related to this transfer.

Your right to information is subject to legal restrictions and is not absolute, rather, it is limited in particular in the following cases:

  • If a large volume of information is saved for an affected person, then the LMU may request that the information be restricted to that information or processing which relates to the request for information.
  • Obvious unfounded or excessive requests, or frequent repetitions may result in rejection or in compensation of costs.
  • The granting of information must not affect the rights of the LMU or other persons (in this regard, professional secrets, business secrets, data with reference to other persons are exempted).
  • The information may be withheld under the circumstances stated in Art. 10 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law).
  • In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to information may additionally be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law)).

IV.2 Right to Rectification

You have the right to rectify and/or to complete inaccurate and/or incomplete personal data saved by the LMU. The LMU will make the correction without delay.

In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to rectification may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law)).

IV.3 Right to Restriction of Processing

Under the following circumstances you may request a restriction of processing of your personal data:

  • If you contest the accuracy of the personal data, the restriction will extend for a period enabling the LMU to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • The LMU no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims;
  • If you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification whether the legitimate grounds of the LMU override those asserted by you. Where processing personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where processing personal data concerning you has been restricted, you will be informed by the LMU before the restriction of processing is lifted. In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law)).

IV.4 Right to Deletion

a) Deletion Requirement

You can request the LMU to delete your personal data without delay. The LMU is required to delete this data without delay, provided one of the following reasons applies:

  • The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed and the processing for other purposes is not permissible.
  • You withdraw consent on which the processing is based according to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and where there is no other legal grounds for the processing.
  • You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  • Personal data concerning you have been unlawfully processed.
  • The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the responsible person is subject.
  • The personal data concerning you have been collected in relation to an offer of services of the information company referred to in Art. 8 para. 1 GDPR.

b) Notification to Third Parties

Where the LMU has made the personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the responsible officer, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform officers who are processing the personal data, that you have requested the deletion by such officers of any links to, or copy or replication of, that personal data.

c) Exceptions

The right to erasure does not apply to the extent processing is necessary

  • For exercising the right of freedom of expression and information;
  • For completion of a legal obligation which requires the processing according to the laws of the EU or of member states to which the LMU is subject, or to complete a task in the public interest or in exercise of official authority which has been conferred upon the LMU;
  • For reasons of public interest in the area of public health in accordance with Art. 9 para. 2 (h) and (i) as well as Art. 9 para. 3 GDPR;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in letter a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • For the establishment, exercise or defense of legal claims.

IV.5 Right to Notification

If you have asserted your right to rectification, erasure or restriction of processing vis-a-vis the LMU, then we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort (Art. 19 GDPR).

You have the right to be informed by the LMU about such recipients.

IV.6 Right to Data Portability

Regarding the demands of Art. 21 GDPR you have the right to receive the personal data concerning you which you provided to the LMU, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to one or another responsible officer without hindrance by the LMU, provided

  • The processing is based on consent pursuant to Art. 6 para. 1 GDPR or Art. 9 para. 2 GDPR or on a contract pursuant to Article 6 para. 1 (b) GDPR; and
  • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from the LMU to another responsible officer, where technically feasible. The exercise of this right cannot adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the LMU.

IV.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para.1 (e) or (f) GDPR.

In such cases, the LMU shall no longer process the personal data concerning you unless the LMU can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

In the context of the use of information company services, and notwithstanding Directive 2002/58/EC, you are entitled to exercise your right to object by using automated means, in which technical specifications are applied.

In the case of processing of your personal data for scientific or historical research purposes and for statistical purposes pursuant to Art. 89 para. 1 GDPR, you have the right to object to this data processing for reasons relating to your particular situation.

Your right to objection may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 Bayerisches Datenschutzgesetz (Bavarian Data Protection Law)).

IV.8 Right to Revoke Consent to Data Processing

You have the right to revoke your consent to data processing with future effect; however, this revocation shall not affect the legitimacy of the data processing already occurred based on your consent given until the time of revocation. This revocation must always be submitted to the agency within the LMU which has received the consent.

IV.9 Right to Lodge a Complaint with an Oversight Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection oversight authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. In the case of the LMU the directly cognizant data protection oversight authority is the Bavarian State Officer for Data Protection (https://www.datenschutz-bayern.de); The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

If you believe that the processing of your personal data is in violation of the GDPR, then we request that you first turn to the officer responsible for the content of the particular internet page, who is named in the copyright statement, and/or to the official data protection officer at the LMU, since this will allow a rapid examination or remedy, if necessary, of your concerns. It is our goal and responsibility to examine all arriving questions of data protection immediately and to solve potential problems under data protection law.

V. Applicability of the General Data Protection Regulation and Scope of the Supplemental Data Protection Legislation of the Person Responsible for the Content of the Internet Page

The General Data Protection Regulation (GDPR) applies to those internet pages of the LMU for which the LMU bears responsibility. Additional data protection legislation may also apply to particular internet pages of the LMU, provided the person responsible for the content of the internet page is performing additional processing of personal data and gives notice of such processing. This applies in particular when specific services are offered by individual departments. The supplemental data protection policy can expand, but not replace, the GDPR.

VI. Status, Revisions and Applicability of the LMU General Data Protection Statement

LMU’s general data protection statement was created on 03/2019. LMU reserves the right to update this data protection policy on a regular basis in order to take proper account of current legal requirements and technical changes, and also to implement its services and offers in compliance with data protection requirements. The most recent version of this policy applies to your visit to an LMU web page.