Die Zukunft mitgestalten
Daten­schutz­er­klä­rung

Daten­schutz

Daten­schutz­er­klä­rung

Wir nehmen den Schutz Ihrer persön­li­chen Daten sehr ernst. Die nachfol­gende Erklä­rung gibt Ihnen einen Überblick darüber, wie wir den Schutz Ihrer persön­li­chen Daten gewähr­leis­ten. Nachfol­gende Erklä­rung ist auf Englisch. Eine deutsche Version folgt in Kürze:

 

Thank you for visit­ing our inter­net pages. Data protec­tion is of a parti­cu­larly high priority for the manage­ment of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH. The use of the Inter­net pages of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH is possi­ble without any indica­tion of perso­nal data; however, if a data subject wants to use special enter­prise services via our website, proces­sing of perso­nal data could become necessary. If the proces­sing of perso­nal data is necessary and there is no statu­tory basis for such proces­sing, we generally obtain consent from the data subject.

The proces­sing of perso­nal data, such as the name, address, e‑mail address, or telephone number of a data subject shall always be in line with the General Data Protec­tion Regula­tion (GDPR), and in accordance with the country-speci­fic data protec­tion regula­ti­ons appli­ca­ble to the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH. By means of this data protec­tion decla­ra­tion, our enter­prise would like to inform the general public of the nature, scope, and purpose of the perso­nal data we collect, use and process. Further­more, data subjects are infor­med, by means of this data protec­tion decla­ra­tion, of the rights to which they are entitled.

As the control­ler, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH has imple­men­ted numerous techni­cal and organiz­a­tio­nal measu­res to ensure the most complete protec­tion of perso­nal data proces­sed through this website. However, Inter­net-based data trans­mis­si­ons may in principle have security gaps, so absolute protec­tion may not be guaran­teed. For this reason, every data subject is free to trans­fer perso­nal data to us via alter­na­tive means, e.g. by telephone.

 

1. Defini­ti­ons

The data protec­tion decla­ra­tion of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH is based on the terms used by the European legis­la­tor for the adoption of the General Data Protec­tion Regula­tion (GDPR). Our data protec­tion decla­ra­tion should be legible and under­stand­a­ble for the general public, as well as our custo­mers and business partners. To ensure this, we would like to first explain the termi­no­logy used.

In this data protec­tion decla­ra­tion, we use, inter alia, the following terms:

a) Perso­nal data

Perso­nal data means any infor­ma­tion relating to an identi­fied or identi­fia­ble natural person (“data subject”). An identi­fia­ble natural person is one who can be identi­fied, directly or indirectly, in parti­cu­lar by reference to an identi­fier such as a name, an identi­fi­ca­tion number, location data, an online identi­fier or to one or more factors speci­fic to the physi­cal, physio­lo­gi­cal, genetic, mental, econo­mic, cultu­ral or social identity of that natural person.

b) Data subject

Data subject is any identi­fied or identi­fia­ble natural person, whose perso­nal data is proces­sed by the control­ler respon­si­ble for the processing.

c) Proces­sing

Proces­sing is any opera­tion or set of opera­ti­ons which is perfor­med on perso­nal data or on sets of perso­nal data, whether or not by automa­ted means, such as collec­tion, record­ing, organi­sa­tion, struc­tu­ring, storage, adapt­ation or altera­tion, retrie­val, consul­ta­tion, use, disclo­sure by trans­mis­sion, disse­mi­na­tion or other­wise making avail­able, align­ment or combi­na­tion, restric­tion, erasure or destruction.

d) Restric­tion of processing

Restric­tion of proces­sing is the marking of stored perso­nal data with the aim of limit­ing their proces­sing in the future.

e) Profiling

Profiling means any form of automa­ted proces­sing of perso­nal data consis­ting of the use of perso­nal data to evaluate certain perso­nal aspects relating to a natural person, in parti­cu­lar to analyse or predict aspects concer­ning that natural person's perfor­mance at work, econo­mic situa­tion, health, perso­nal prefe­ren­ces, interests, relia­bi­lity, behaviour, location or movements.

f) Pseud­ony­mi­sa­tion

Pseud­ony­mi­sa­tion is the proces­sing of perso­nal data in such a manner that the perso­nal data can no longer be attri­bu­ted to a speci­fic data subject without the use of additio­nal infor­ma­tion, provi­ded that such additio­nal infor­ma­tion is kept separ­ately and is subject to techni­cal and organi­sa­tio­nal measu­res to ensure that the perso­nal data are not attri­bu­ted to an identi­fied or identi­fia­ble natural person.

g) Control­ler or control­ler respon­si­ble for the processing

Control­ler or control­ler respon­si­ble for the proces­sing is the natural or legal person, public autho­rity, agency or other body which, alone or jointly with others, deter­mi­nes the purpo­ses and means of the proces­sing of perso­nal data; where the purpo­ses and means of such proces­sing are deter­mi­ned by Union or Member State law, the control­ler or the speci­fic crite­ria for its nomina­tion may be provi­ded for by Union or Member State law.

h) Proces­sor

Proces­sor is a natural or legal person, public autho­rity, agency or other body which proces­ses perso­nal data on behalf of the controller.

i) Recipi­ent

Recipi­ent is a natural or legal person, public autho­rity, agency or another body, to which the perso­nal data are disclo­sed, whether a third party or not. However, public autho­ri­ties which may receive perso­nal data in the frame­work of a parti­cu­lar inquiry in accordance with Union or Member State law shall not be regar­ded as recipi­ents; the proces­sing of those data by those public autho­ri­ties shall be in compli­ance with the appli­ca­ble data protec­tion rules accord­ing to the purpo­ses of the processing.

j) Third party

Third party is a natural or legal person, public autho­rity, agency or body other than the data subject, control­ler, proces­sor and persons who, under the direct autho­rity of the control­ler or proces­sor, are autho­ri­sed to process perso­nal data.

k) Consent

Consent of the data subject is any freely given, speci­fic, infor­med and unambi­guous indica­tion of the data subject's wishes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the proces­sing of perso­nal data relating to him or her.

 

2.  a) Name and Address of the controller

Control­ler for the purpo­ses of the General Data Protec­tion Regula­tion (GDPR), other data protec­tion laws appli­ca­ble in Member states of the European Union and other provi­si­ons related to data protec­tion is:

Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH
Schloss­platz 19
76131 Karls­ruhe
Germany
Phone: +49 (0)721 608–47880
Email: sekretariat@idschools kit edu
Website: http://www.idschools.kit.edu

 

2. b) Name and Address of data protec­tion commissioner

The data protec­tion officer of the control­ler is:

Herr Thors­ten Jordan
ENSECUR GmbH
Kaiser­str. 86
76133 Karls­ruhe
Germany
Phone: +49 (0)721/180 356 7
E‑Mail: dsb-ID-KIT(at)ensecur.de
Website: http://www.ensecur.de

 

3. SSL encryption

This site uses SSL encryp­tion for security reasons and to protect the trans­mis­sion of sensi­tive content, such as the requests you send to us as the site opera­tor. You can recognize an encryp­ted connec­tion by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.
When SSL encryp­tion is enabled, the data you submit to us may not be read by others.

 

4. Cookies

In addition to the afore­men­tio­ned data, cookies are stored on your compu­ter when using our website. Cookies are small text files that are stored by the browser you use and that give us (the server of our website) certain infor­ma­tion. Cookies can not run programs or trans­mit viruses to your compu­ter. They serve to make the Inter­net offer more user-friendly and effec­tive, and above all, faster. There are session cookies (transi­ent cookies) and persis­tent (persis­tent) cookies.

Transi­ent cookies are automa­ti­cally deleted when you close the browser. These include in parti­cu­lar the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your compu­ter to be recogni­zed when you return to our website. The session cookies are deleted when you log out or close the browser.

We only use session cookies. Persis­tent cookies or Flash cookies are not used by us.

You can set your browser so that you are infor­med about the setting of cookies and allow cookies only in indivi­dual cases, the accep­t­ance of cookies for certain cases or generally exclude and enable the automa­tic deletion of cookies when closing the browser. Disab­ling cookies may limit the functio­n­a­lity of this website.

 

5. Collec­tion of general data and information

The website of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH collects a series of general data and infor­ma­tion when a data subject or automa­ted system calls up the website. This general data and infor­ma­tion are stored in the server log files. Collec­ted may be (1) the browser types and versi­ons used, (2) the opera­ting system used by the acces­sing system, (3) the website from which an acces­sing system reaches our website (so-called refer­rers), (4) the sub-websites, (5) the date and time of access to the Inter­net site, (6) an Inter­net proto­col address (IP address), (7) the Inter­net service provi­der of the acces­sing system, and (8) any other similar data and infor­ma­tion that may be used in the event of attacks on our infor­ma­tion techno­logy systems.

When using these general data and infor­ma­tion, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH does not draw any conclu­si­ons about the data subject. Rather, this infor­ma­tion is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its adver­ti­se­ment, (3) ensure the long-term viabi­lity of our infor­ma­tion techno­logy systems and website techno­logy, and (4) provide law enfor­ce­ment autho­ri­ties with the infor­ma­tion necessary for crimi­nal prose­cu­tion in case of a cyber-attack. There­fore, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH analy­zes anony­mously collec­ted data and infor­ma­tion statis­ti­cally, with the aim of incre­a­sing the data protec­tion and data security of our enter­prise, and to ensure an optimal level of protec­tion for the perso­nal data we process. The anony­mous data of the server log files are stored separ­ately from all perso­nal data provi­ded by a data subject.

 

6. Subscrip­tion to our newsletters

On the website of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH, users are given the oppor­tu­nity to subscribe to our enterprise's newslet­ter. The input mask used for this purpose deter­mi­nes what perso­nal data are trans­mit­ted, as well as when the newslet­ter is ordered from the controller.

The Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH informs its custo­mers and business partners regularly by means of a newslet­ter about enter­prise offers. The enterprise's newslet­ter may only be recei­ved by the data subject if (1) the data subject has a valid e‑mail address and (2) the data subject regis­ters for the newslet­ter shipping. A confir­ma­tion e‑mail will be sent to the e‑mail address regis­tered by a data subject for the first time for newslet­ter shipping, for legal reasons, in the double opt-in proce­dure. This confir­ma­tion e‑mail is used to prove whether the owner of the e‑mail address as the data subject is autho­ri­zed to receive the newsletter.

During the regis­tra­tion for the newslet­ter, we also store the IP address of the compu­ter system assigned by the Inter­net service provi­der (ISP) and used by the data subject at the time of the regis­tra­tion, as well as the date and time of the regis­tra­tion. The collec­tion of this data is necessary in order to under­stand the (possi­ble) misuse of the e‑mail address of a data subject at a later date, and it there­fore serves the aim of the legal protec­tion of the controller.

The perso­nal data collec­ted as part of a regis­tra­tion for the newslet­ter will only be used to send our newslet­ter. In addition, subscri­bers to the newslet­ter may be infor­med by e‑mail, as long as this is necessary for the opera­tion of the newslet­ter service or a regis­tra­tion in question, as this could be the case in the event of modifi­ca­ti­ons to the newslet­ter offer, or in the event of a change in techni­cal circum­s­tan­ces. There will be no trans­fer of perso­nal data collec­ted by the newslet­ter service to third parties. The subscrip­tion to our newslet­ter may be termi­na­ted by the data subject at any time. The consent to the storage of perso­nal data, which the data subject has given for shipping the newslet­ter, may be revoked at any time. For the purpose of revoca­tion of consent, a corre­spon­ding link is found in each newslet­ter. It is also possi­ble to unsub­scribe from the newslet­ter at any time directly on the website of the control­ler, or to commu­ni­cate this to the control­ler in a diffe­rent way.

We use the so-called double-opt-in proce­dure for regis­tra­tion. This means your regis­tra­tion is only comple­ted if you have previously confir­med your regis­tra­tion via a confir­ma­tion email sent to you for this purpose by clicking on the link contai­ned therein. If your confir­ma­tion is not recei­ved within 48 hours, your regis­tra­tion will be automa­ti­cally deleted from our database.

 

7. Newslet­ter-Tracking

The newslet­ter of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH contains so-called tracking pixels. A tracking pixel is a minia­ture graphic embed­ded in such e‑mails, which are sent in HTML format to enable log file record­ing and analy­sis. This allows a statis­ti­cal analy­sis of the success or failure of online marke­ting campai­gns. Based on the embed­ded tracking pixel, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH may see if and when an e‑mail was opened by a data subject, and which links in the e‑mail were called up by data subjects.

Such perso­nal data collec­ted in the tracking pixels contai­ned in the newslet­ters are stored and analy­zed by the control­ler in order to optimize the shipping of the newslet­ter, as well as to adapt the content of future newslet­ters even better to the interests of the data subject. These perso­nal data will not be passed on to third parties. Data subjects are at any time entit­led to revoke the respec­tive separate decla­ra­tion of consent issued by means of the double-opt-in proce­dure. After a revoca­tion, these perso­nal data will be deleted by the control­ler. The Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH automa­ti­cally regards a withdra­wal from the receipt of the newslet­ter as a revocation.

 

8. Contact possi­bi­lity via the website

The website of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH contains infor­ma­tion that enables a quick electro­nic contact to our enter­prise, as well as direct commu­ni­ca­tion with us, which also inclu­des a general address of the so-called electro­nic mail (e‑mail address). If a data subject conta­cts the control­ler by e‑mail or via a contact form, the perso­nal data trans­mit­ted by the data subject are automa­ti­cally stored. Such perso­nal data trans­mit­ted on a volun­tary basis by a data subject to the data control­ler are stored for the purpose of proces­sing or conta­c­ting the data subject. There is no trans­fer of this perso­nal data to third parties.

We use the so-called double-opt-in proce­dure for regis­tra­tion. This means your regis­tra­tion is only comple­ted if you have previously confir­med your regis­tra­tion via a confir­ma­tion email sent to you for this purpose by clicking on the link contai­ned therein. If your confir­ma­tion is not recei­ved within 48 hours, your regis­tra­tion will be automa­ti­cally deleted from our database.

 

9. Routine erasure and blocking of perso­nal data

The data control­ler shall process and store the perso­nal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legis­la­tor or other legis­la­tors in laws or regula­ti­ons to which the control­ler is subject to.

If the storage purpose is not appli­ca­ble, or if a storage period prescri­bed by the European legis­la­tor or another compe­tent legis­la­tor expires, the perso­nal data are routi­nely blocked or erased in accordance with legal requirements.

 

10. Rights of the data subject

a) Right of confirmation

Each data subject shall have the right granted by the European legis­la­tor to obtain from the control­ler the confir­ma­tion as to whether or not perso­nal data concer­ning him or her are being proces­sed. If a data subject wishes to avail himself of this right of confir­ma­tion, he or she may, at any time, contact any employee of the controller.

b) Right of access

Each data subject shall have the right granted by the European legis­la­tor to obtain from the control­ler free infor­ma­tion about his or her perso­nal data stored at any time and a copy of this infor­ma­tion. Further­more, the European direc­ti­ves and regula­ti­ons grant the data subject access to the following information:

  • the purpo­ses of the processing;
  • the catego­ries of perso­nal data concerned;
  • the recipi­ents or catego­ries of recipi­ents to whom the perso­nal data have been or will be disclo­sed, in parti­cu­lar recipi­ents in third countries or inter­na­tio­nal organisations;
  • where possi­ble, the envisa­ged period for which the perso­nal data will be stored, or, if not possi­ble, the crite­ria used to deter­mine that period;
  • the existence of the right to request from the control­ler recti­fi­ca­tion or erasure of perso­nal data, or restric­tion of proces­sing of perso­nal data concer­ning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a super­vi­sory authority;
  • where the perso­nal data are not collec­ted from the data subject, any avail­able infor­ma­tion as to their source;
  • the existence of automa­ted decision-making, inclu­ding profiling, refer­red to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaning­ful infor­ma­tion about the logic invol­ved, as well as the signi­fi­cance and envisa­ged conse­quen­ces of such proces­sing for the data subject.

Further­more, the data subject shall have a right to obtain infor­ma­tion as to whether perso­nal data are trans­fer­red to a third country or to an inter­na­tio­nal organi­sa­tion. Where this is the case, the data subject shall have the right to be infor­med of the appro­priate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

c) Right to rectification

Each data subject shall have the right granted by the European legis­la­tor to obtain from the control­ler without undue delay the recti­fi­ca­tion of inaccu­rate perso­nal data concer­ning him or her. Taking into account the purpo­ses of the proces­sing, the data subject shall have the right to have incom­plete perso­nal data comple­ted, inclu­ding by means of provi­ding a supple­men­tary statement.

If a data subject wishes to exercise this right to recti­fi­ca­tion, he or she may, at any time, contact any employee of the controller.

d) Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legis­la­tor to obtain from the control­ler the erasure of perso­nal data concer­ning him or her without undue delay, and the control­ler shall have the obliga­tion to erase perso­nal data without undue delay where one of the following grounds applies, as long as the proces­sing is not necessary:

  • The perso­nal data are no longer necessary in relation to the purpo­ses for which they were collec­ted or other­wise processed.
  • The data subject withdraws consent to which the proces­sing is based accord­ing to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the proces­sing pursuant to Article 21(1) of the GDPR and there are no overri­ding legiti­mate grounds for the proces­sing, or the data subject objects to the proces­sing pursuant to Article 21(2) of the GDPR.
  • The perso­nal data have been unlaw­fully processed.
  • The perso­nal data must be erased for compli­ance with a legal obliga­tion in Union or Member State law to which the control­ler is subject.
  • The perso­nal data have been collec­ted in relation to the offer of infor­ma­tion society services refer­red to in Article 8(1) of the GDPR.

If one of the afore­men­tio­ned reasons applies, and a data subject wishes to request the erasure of perso­nal data stored by the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH, he or she may, at any time, contact any employee of the control­ler. An employee of Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH shall promptly ensure that the erasure request is complied with immediately.

Where the control­ler has made perso­nal data public and is obliged pursuant to Article 17(1) to erase the perso­nal data, the control­ler, taking account of avail­able techno­logy and the cost of imple­men­ta­tion, shall take reason­able steps, inclu­ding techni­cal measu­res, to inform other control­lers proces­sing the perso­nal data that the data subject has reques­ted erasure by such control­lers of any links to, or copy or repli­ca­tion of, those perso­nal data, as far as proces­sing is not requi­red. An employees of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH will arrange the necessary measu­res in indivi­dual cases.

e) Right of restric­tion of processing

Each data subject shall have the right granted by the European legis­la­tor to obtain from the control­ler restric­tion of proces­sing where one of the following applies:

  • The accuracy of the perso­nal data is contes­ted by the data subject, for a period enabling the control­ler to verify the accuracy of the perso­nal data.
  • The proces­sing is unlaw­ful and the data subject opposes the erasure of the perso­nal data and requests instead the restric­tion of their use instead.
  • The control­ler no longer needs the perso­nal data for the purpo­ses of the proces­sing, but they are requi­red by the data subject for the estab­lish­ment, exercise or defence of legal claims.
  • The data subject has objec­ted to proces­sing pursuant to Article 21(1) of the GDPR pending the verifi­ca­tion whether the legiti­mate grounds of the control­ler override those of the data subject.

If one of the afore­men­tio­ned condi­ti­ons is met, and a data subject wishes to request the restric­tion of the proces­sing of perso­nal data stored by the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH, he or she may at any time contact any employee of the control­ler. The employee of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH will arrange the restric­tion of the processing.

f) Right to data portability

Each data subject shall have the right granted by the European legis­la­tor, to receive the perso­nal data concer­ning him or her, which was provi­ded to a control­ler, in a struc­tu­red, commonly used and machine-reada­ble format. He or she shall have the right to trans­mit those data to another control­ler without hindrance from the control­ler to which the perso­nal data have been provi­ded, as long as the proces­sing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the proces­sing is carried out by automa­ted means, as long as the proces­sing is not necessary for the perfor­mance of a task carried out in the public interest or in the exercise of official autho­rity vested in the controller.

Further­more, in exercis­ing his or her right to data porta­bi­lity pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have perso­nal data trans­mit­ted directly from one control­ler to another, where techni­cally feasi­ble and when doing so does not adver­sely affect the rights and freedoms of others.

In order to assert the right to data porta­bi­lity, the data subject may at any time contact any employee of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH.

g) Right to object

Each data subject shall have the right granted by the European legis­la­tor to object, on grounds relating to his or her parti­cu­lar situa­tion, at any time, to proces­sing of perso­nal data concer­ning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH shall no longer process the perso­nal data in the event of the objec­tion, unless we can demons­trate compel­ling legiti­mate grounds for the proces­sing which override the interests, rights and freedoms of the data subject, or for the estab­lish­ment, exercise or defence of legal claims.

If the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH proces­ses perso­nal data for direct marke­ting purpo­ses, the data subject shall have the right to object at any time to proces­sing of perso­nal data concer­ning him or her for such marke­ting. This applies to profiling to the extent that it is related to such direct marke­ting. If the data subject objects to the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH to the proces­sing for direct marke­ting purpo­ses, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH will no longer process the perso­nal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her parti­cu­lar situa­tion, to object to proces­sing of perso­nal data concer­ning him or her by the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH for scien­ti­fic or histo­ri­cal research purpo­ses, or for statis­ti­cal purpo­ses pursuant to Article 89(1) of the GDPR, unless the proces­sing is necessary for the perfor­mance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH. In addition, the data subject is free in the context of the use of infor­ma­tion society services, and notwith­stan­ding Direc­tive 2002/58/EC, to use his or her right to object by automa­ted means using techni­cal specifications.

h) Automa­ted indivi­dual decision-making, inclu­ding profiling

Each data subject shall have the right granted by the European legis­la­tor not to be subject to a decision based solely on automa­ted proces­sing, inclu­ding profiling, which produ­ces legal effects concer­ning him or her, or similarly signi­fi­cantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the perfor­mance of, a contract between the data subject and a data control­ler, or (2) is not autho­ri­sed by Union or Member State law to which the control­ler is subject and which also lays down suita­ble measu­res to safeguard the data subject's rights and freedoms and legiti­mate interests, or (3) is not based on the data subject's expli­cit consent.

If the decision (1) is necessary for entering into, or the perfor­mance of, a contract between the data subject and a data control­ler, or (2) it is based on the data subject's expli­cit consent, the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH shall imple­ment suita­ble measu­res to safeguard the data subject's rights and freedoms and legiti­mate interests, at least the right to obtain human inter­ven­tion on the part of the control­ler, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concer­ning automa­ted indivi­dual decision-making, he or she may, at any time, contact any employee of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH.

i) Right to withdraw data protec­tion consent

Each data subject shall have the right granted by the European legis­la­tor to withdraw his or her consent to proces­sing of his or her perso­nal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Inter­na­tio­nal Depart­ment des Karls­ru­her Insti­tuts für Techno­lo­gie gGmbH.

 

11. Data protec­tion for appli­ca­ti­ons and the appli­ca­tion procedures

The data control­ler shall collect and process the perso­nal data of appli­cants for the purpose of the proces­sing of the appli­ca­tion proce­dure. The proces­sing may also be carried out electro­ni­cally. This is the case, in parti­cu­lar, if an appli­cant submits corre­spon­ding appli­ca­tion documents by e‑mail or by means of a web form on the website to the controller.

a) Creating and Editing Your Appli­ca­tion Profile

You can modify and edit your appli­ca­tion profile as often as you like until you submit your appli­ca­tion. After submit­ting your appli­ca­tion, you will only have reading access until the end of the admis­sion process.

b) Collec­tion, Proces­sing, and Use of Perso­nal Data

By creating an appli­ca­tion profile and submit­ting your appli­ca­tion later on, you agree to the electro­nic proces­sing of your perso­nal data and their trans­mis­sion to the adminis­tra­tion office of the HECTOR School of Enginee­ring and Manage­ment as well as to the program direc­tors of the Master Programs. Your perso­nal data will be used for proces­sing your appli­ca­tion at the Hector Fellow Academy exclu­si­vely. They will be treated strictly confi­den­ti­ally in accordance with the legal regula­ti­ons and will not be disclo­sed to third parties.

c) Deletion of Perso­nal Data

If your appli­ca­tion was not success­ful, your perso­nal data will be deleted automa­ti­cally four months after the appli­ca­tion deadline of the HECTOR intake you applied for accord­ing to the Federal Data Protec­tion Act. Your data will also be deleted four months after the appli­ca­tion deadline.

 

12. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for proces­sing opera­ti­ons for which we obtain consent for a speci­fic proces­sing purpose. If the proces­sing of perso­nal data is necessary for the perfor­mance of a contract to which the data subject is party, as is the case, for example, when proces­sing opera­ti­ons are necessary for the supply of goods or to provide any other service, the proces­sing is based on Article 6(1) lit. b GDPR. The same applies to such proces­sing opera­ti­ons which are necessary for carry­ing out pre-contrac­tual measu­res, for example in the case of inqui­ries concer­ning our products or services. Is our company subject to a legal obliga­tion by which proces­sing of perso­nal data is requi­red, such as for the fulfill­ment of tax obliga­ti­ons, the proces­sing is based on Art. 6(1) lit. c GDPR. In rare cases, the proces­sing of perso­nal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital infor­ma­tion would have to be passed on to a doctor, hospi­tal or other third party. Then the proces­sing would be based on Art. 6(1) lit. d GDPR. Finally, proces­sing opera­ti­ons could be based on Article 6(1) lit. f GDPR. This legal basis is used for proces­sing opera­ti­ons which are not covered by any of the above­men­tio­ned legal grounds, if proces­sing is necessary for the purpo­ses of the legiti­mate interests pursued by our company or by a third party, except where such interests are overrid­den by the interests or funda­men­tal rights and freedoms of the data subject which require protec­tion of perso­nal data. Such proces­sing opera­ti­ons are parti­cu­larly permis­si­ble because they have been speci­fi­cally mentio­ned by the European legis­la­tor. He consi­de­red that a legiti­mate interest could be assumed if the data subject is a client of the control­ler (Recital 47 Sentence 2 GDPR).

 

13. The legiti­mate interests pursued by the control­ler or by a third party

Where the proces­sing of perso­nal data is based on Article 6(1) lit. f GDPR our legiti­mate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

 

14. Period for which the perso­nal data will be stored

The crite­ria used to deter­mine the period of storage of perso­nal data is the respec­tive statu­tory reten­tion period. After expira­tion of that period, the corre­spon­ding data is routi­nely deleted, as long as it is no longer necessary for the fulfill­ment of the contract or the initia­tion of a contract.

 

15. Provi­sion of perso­nal data as statu­tory or contrac­tual requi­re­ment; Requi­re­ment necessary to enter into a contract; Obliga­tion of the data subject to provide the perso­nal data; possi­ble conse­quen­ces of failure to provide such data

We clarify that the provi­sion of perso­nal data is partly requi­red by law (e.g. tax regula­ti­ons) or can also result from contrac­tual provi­si­ons (e.g. infor­ma­tion on the contrac­tual partner). Someti­mes it may be necessary to conclude a contract that the data subject provi­des us with perso­nal data, which must subse­quently be proces­sed by us. The data subject is, for example, obliged to provide us with perso­nal data when our company signs a contract with him or her. The non-provi­sion of the perso­nal data would have the conse­quence that the contract with the data subject could not be conclu­ded. Before perso­nal data is provi­ded by the data subject, the data subject must contact any employee. The employee clari­fies to the data subject whether the provi­sion of the perso­nal data is requi­red by law or contract or is necessary for the conclu­sion of the contract, whether there is an obliga­tion to provide the perso­nal data and the conse­quen­ces of non-provi­sion of the perso­nal data.

 

16. Existence of automa­ted decision-making

As a respon­si­ble company, we do not use automa­tic decision-making or profiling.

 

17. Double­click by Google

Double­click by Google is a service of Google inc., 1600 Amphi­theatre Parkway, Mountain View, CA 94043, USA ("Google"). Double­click uses cookies to send you targe­ted adverts. Your browser is assigned with a pseud­ony­mous identi­fi­ca­tion number (ID), to check which ads were displayed on your browser and to which ads you had access. Cookies do not contain perso­nal infor­ma­tion. The use of cookies facili­ta­tes google to set up ads from your previous visited websites. The infor­ma­tion achie­ved by the cookie is trans­fer­red from Google to a server in USA, where the infor­ma­tion will be checked and stored. Google adheres to the privacy policy "US Safe Harbor" agree­ment and is regis­tered in the "Safe Harbor" program of the US Chamber of Commerce. The trans­fer of data to third parties by google might only be done accord­ing to the legal requi­re­ments. Under no circum­s­tan­ces can Google match your data with other data collected.

——————————————————————————————————————–

This Privacy Policy has been genera­ted by the Privacy Policy Genera­tor of the German Associa­tion for Data Protec­tion that was develo­ped in coope­ra­tion with Privacy Lawyers from WILDE BEUGER SOLME­CKE, Cologne.

——————————————————————————————————————–