Creat­ing the Future
Privacy

Data protec­tion

Thank you for visit­ing our inter­net pages. Data protec­tion is of a partic­u­larly high prior­ity for the manage­ment of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH. The use of the Inter­net pages of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH is possi­ble without any indica­tion of personal data; however, if a data subject wants to use special enter­prise services via our website, process­ing of personal data could become neces­sary. If the process­ing of personal data is neces­sary and there is no statu­tory basis for such process­ing, we gener­ally obtain consent from the data subject.

The process­ing of personal data, such as the name, address, e‑mail address, or telephone number of a data subject shall always be in line with the General Data Protec­tion Regula­tion (GDPR), and in accor­dance with the country-specific data protec­tion regula­tions applic­a­ble to the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH. By means of this data protec­tion decla­ra­tion, our enter­prise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Further­more, data subjects are informed, by means of this data protec­tion decla­ra­tion, of the rights to which they are entitled.

As the controller, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH has imple­mented numer­ous techni­cal and organi­za­tional measures to ensure the most complete protec­tion of personal data processed through this website. However, Inter­net-based data trans­mis­sions may in princi­ple have security gaps, so absolute protec­tion may not be guaran­teed. For this reason, every data subject is free to trans­fer personal data to us via alter­na­tive means, e.g. by telephone.

 

1. Defin­i­tions

The data protec­tion decla­ra­tion of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH is based on the terms used by the European legis­la­tor for the adoption of the General Data Protec­tion Regula­tion (GDPR). Our data protec­tion decla­ra­tion should be legible and under­stand­able for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the termi­nol­ogy used.

In this data protec­tion decla­ra­tion, we use, inter alia, the follow­ing terms:

a) Personal data

Personal data means any infor­ma­tion relat­ing to an identi­fied or identi­fi­able natural person (“data subject”). An identi­fi­able natural person is one who can be identi­fied, directly or indirectly, in partic­u­lar by refer­ence to an identi­fier such as a name, an identi­fi­ca­tion number, location data, an online identi­fier or to one or more factors specific to the physi­cal, physi­o­log­i­cal, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identi­fied or identi­fi­able natural person, whose personal data is processed by the controller respon­si­ble for the processing.

c) Process­ing

Process­ing is any opera­tion or set of opera­tions which is performed on personal data or on sets of personal data, whether or not by automated means, such as collec­tion, record­ing, organ­i­sa­tion, struc­tur­ing, storage, adapta­tion or alter­ation, retrieval, consul­ta­tion, use, disclo­sure by trans­mis­sion, dissem­i­na­tion or other­wise making avail­able, align­ment or combi­na­tion, restric­tion, erasure or destruction.

d) Restric­tion of processing

Restric­tion of process­ing is the marking of stored personal data with the aim of limit­ing their process­ing in the future.

e) Profil­ing

Profil­ing means any form of automated process­ing of personal data consist­ing of the use of personal data to evalu­ate certain personal aspects relat­ing to a natural person, in partic­u­lar to analyse or predict aspects concern­ing that natural person's perfor­mance at work, economic situa­tion, health, personal prefer­ences, inter­ests, relia­bil­ity, behav­iour, location or movements.

f) Pseudo­nymi­sa­tion

Pseudo­nymi­sa­tion is the process­ing of personal data in such a manner that the personal data can no longer be attrib­uted to a specific data subject without the use of additional infor­ma­tion, provided that such additional infor­ma­tion is kept separately and is subject to techni­cal and organ­i­sa­tional measures to ensure that the personal data are not attrib­uted to an identi­fied or identi­fi­able natural person.

g) Controller or controller respon­si­ble for the processing

Controller or controller respon­si­ble for the process­ing is the natural or legal person, public author­ity, agency or other body which, alone or jointly with others, deter­mines the purposes and means of the process­ing of personal data; where the purposes and means of such process­ing are deter­mined by Union or Member State law, the controller or the specific crite­ria for its nomina­tion may be provided for by Union or Member State law.

h) Proces­sor

Proces­sor is a natural or legal person, public author­ity, agency or other body which processes personal data on behalf of the controller.

i) Recip­i­ent

Recip­i­ent is a natural or legal person, public author­ity, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public author­i­ties which may receive personal data in the frame­work of a partic­u­lar inquiry in accor­dance with Union or Member State law shall not be regarded as recip­i­ents; the process­ing of those data by those public author­i­ties shall be in compli­ance with the applic­a­ble data protec­tion rules accord­ing to the purposes of the processing.

j) Third party

Third party is a natural or legal person, public author­ity, agency or body other than the data subject, controller, proces­sor and persons who, under the direct author­ity of the controller or proces­sor, are autho­rised to process personal data.

k) Consent

Consent of the data subject is any freely given, specific, informed and unambigu­ous indica­tion of the data subject's wishes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the process­ing of personal data relat­ing to him or her.

 

2.  a) Name and Address of the controller

Controller for the purposes of the General Data Protec­tion Regula­tion (GDPR), other data protec­tion laws applic­a­ble in Member states of the European Union and other provi­sions related to data protec­tion is:

Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH
Schloss­platz 19
76131 Karlsruhe
Germany
Phone: +49 (0)721 608–47880
Email: sekretariat@idschools kit edu
Website: http://www.idschools.kit.edu

 

2. b) Name and Address of data protec­tion commissioner

The data protec­tion officer of the controller is:

Herr Thorsten Jordan
ENSECUR GmbH
Kaiser­str. 86
76133 Karlsruhe
Germany
Phone: +49 (0)721/180 356 7
E‑Mail: dsb-ID-KIT(at)ensecur.de
Website: http://www.ensecur.de

 

3. SSL encryption

This site uses SSL encryp­tion for security reasons and to protect the trans­mis­sion of sensi­tive content, such as the requests you send to us as the site opera­tor. You can recog­nize an encrypted connec­tion by chang­ing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.
When SSL encryp­tion is enabled, the data you submit to us may not be read by others.

 

4. Cookies

In addition to the afore­men­tioned data, cookies are stored on your computer when using our website. Cookies are small text files that are stored by the browser you use and that give us (the server of our website) certain infor­ma­tion. Cookies can not run programs or trans­mit viruses to your computer. They serve to make the Inter­net offer more user-friendly and effec­tive, and above all, faster. There are session cookies (transient cookies) and persis­tent (persis­tent) cookies.

Transient cookies are automat­i­cally deleted when you close the browser. These include in partic­u­lar the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recog­nized when you return to our website. The session cookies are deleted when you log out or close the browser.

We only use session cookies. Persis­tent cookies or Flash cookies are not used by us.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individ­ual cases, the accep­tance of cookies for certain cases or gener­ally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the function­al­ity of this website.

 

5. Collec­tion of general data and information

The website of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH collects a series of general data and infor­ma­tion when a data subject or automated system calls up the website. This general data and infor­ma­tion are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operat­ing system used by the access­ing system, (3) the website from which an access­ing system reaches our website (so-called refer­rers), (4) the sub-websites, (5) the date and time of access to the Inter­net site, (6) an Inter­net proto­col address (IP address), (7) the Inter­net service provider of the access­ing system, and (8) any other similar data and infor­ma­tion that may be used in the event of attacks on our infor­ma­tion technol­ogy systems.

When using these general data and infor­ma­tion, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH does not draw any conclu­sions about the data subject. Rather, this infor­ma­tion is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its adver­tise­ment, (3) ensure the long-term viabil­ity of our infor­ma­tion technol­ogy systems and website technol­ogy, and (4) provide law enforce­ment author­i­ties with the infor­ma­tion neces­sary for crimi­nal prose­cu­tion in case of a cyber-attack. There­fore, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH analyzes anony­mously collected data and infor­ma­tion statis­ti­cally, with the aim of increas­ing the data protec­tion and data security of our enter­prise, and to ensure an optimal level of protec­tion for the personal data we process. The anony­mous data of the server log files are stored separately from all personal data provided by a data subject.

 

6. Subscrip­tion to our newsletters

On the website of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH, users are given the oppor­tu­nity to subscribe to our enterprise's newslet­ter. The input mask used for this purpose deter­mines what personal data are trans­mit­ted, as well as when the newslet­ter is ordered from the controller.

The Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH informs its customers and business partners regularly by means of a newslet­ter about enter­prise offers. The enterprise's newslet­ter may only be received by the data subject if (1) the data subject has a valid e‑mail address and (2) the data subject regis­ters for the newslet­ter shipping. A confir­ma­tion e‑mail will be sent to the e‑mail address regis­tered by a data subject for the first time for newslet­ter shipping, for legal reasons, in the double opt-in proce­dure. This confir­ma­tion e‑mail is used to prove whether the owner of the e‑mail address as the data subject is autho­rized to receive the newsletter.

During the regis­tra­tion for the newslet­ter, we also store the IP address of the computer system assigned by the Inter­net service provider (ISP) and used by the data subject at the time of the regis­tra­tion, as well as the date and time of the regis­tra­tion. The collec­tion of this data is neces­sary in order to under­stand the (possi­ble) misuse of the e‑mail address of a data subject at a later date, and it there­fore serves the aim of the legal protec­tion of the controller.

The personal data collected as part of a regis­tra­tion for the newslet­ter will only be used to send our newslet­ter. In addition, subscribers to the newslet­ter may be informed by e‑mail, as long as this is neces­sary for the opera­tion of the newslet­ter service or a regis­tra­tion in question, as this could be the case in the event of modifi­ca­tions to the newslet­ter offer, or in the event of a change in techni­cal circum­stances. There will be no trans­fer of personal data collected by the newslet­ter service to third parties. The subscrip­tion to our newslet­ter may be termi­nated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newslet­ter, may be revoked at any time. For the purpose of revoca­tion of consent, a corre­spond­ing link is found in each newslet­ter. It is also possi­ble to unsub­scribe from the newslet­ter at any time directly on the website of the controller, or to commu­ni­cate this to the controller in a differ­ent way.

We use the so-called double-opt-in proce­dure for regis­tra­tion. This means your regis­tra­tion is only completed if you have previ­ously confirmed your regis­tra­tion via a confir­ma­tion email sent to you for this purpose by click­ing on the link contained therein. If your confir­ma­tion is not received within 48 hours, your regis­tra­tion will be automat­i­cally deleted from our database.

 

7. Newslet­ter-Track­ing

The newslet­ter of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH contains so-called track­ing pixels. A track­ing pixel is a minia­ture graphic embed­ded in such e‑mails, which are sent in HTML format to enable log file record­ing and analy­sis. This allows a statis­ti­cal analy­sis of the success or failure of online market­ing campaigns. Based on the embed­ded track­ing pixel, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH may see if and when an e‑mail was opened by a data subject, and which links in the e‑mail were called up by data subjects.

Such personal data collected in the track­ing pixels contained in the newslet­ters are stored and analyzed by the controller in order to optimize the shipping of the newslet­ter, as well as to adapt the content of future newslet­ters even better to the inter­ests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respec­tive separate decla­ra­tion of consent issued by means of the double-opt-in proce­dure. After a revoca­tion, these personal data will be deleted by the controller. The Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH automat­i­cally regards a withdrawal from the receipt of the newslet­ter as a revocation.

 

8. Contact possi­bil­ity via the website

The website of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH contains infor­ma­tion that enables a quick electronic contact to our enter­prise, as well as direct commu­ni­ca­tion with us, which also includes a general address of the so-called electronic mail (e‑mail address). If a data subject contacts the controller by e‑mail or via a contact form, the personal data trans­mit­ted by the data subject are automat­i­cally stored. Such personal data trans­mit­ted on a volun­tary basis by a data subject to the data controller are stored for the purpose of process­ing or contact­ing the data subject. There is no trans­fer of this personal data to third parties.

We use the so-called double-opt-in proce­dure for regis­tra­tion. This means your regis­tra­tion is only completed if you have previ­ously confirmed your regis­tra­tion via a confir­ma­tion email sent to you for this purpose by click­ing on the link contained therein. If your confir­ma­tion is not received within 48 hours, your regis­tra­tion will be automat­i­cally deleted from our database.

 

9. Routine erasure and block­ing of personal data

The data controller shall process and store the personal data of the data subject only for the period neces­sary to achieve the purpose of storage, or as far as this is granted by the European legis­la­tor or other legis­la­tors in laws or regula­tions to which the controller is subject to.

If the storage purpose is not applic­a­ble, or if a storage period prescribed by the European legis­la­tor or another compe­tent legis­la­tor expires, the personal data are routinely blocked or erased in accor­dance with legal requirements.

 

10. Rights of the data subject

a) Right of confirmation

Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller the confir­ma­tion as to whether or not personal data concern­ing him or her are being processed. If a data subject wishes to avail himself of this right of confir­ma­tion, he or she may, at any time, contact any employee of the controller.

b) Right of access

Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller free infor­ma­tion about his or her personal data stored at any time and a copy of this infor­ma­tion. Further­more, the European direc­tives and regula­tions grant the data subject access to the follow­ing information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recip­i­ents or categories of recip­i­ents to whom the personal data have been or will be disclosed, in partic­u­lar recip­i­ents in third countries or inter­na­tional organisations;
  • where possi­ble, the envis­aged period for which the personal data will be stored, or, if not possi­ble, the crite­ria used to deter­mine that period;
  • the existence of the right to request from the controller recti­fi­ca­tion or erasure of personal data, or restric­tion of process­ing of personal data concern­ing the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a super­vi­sory authority;
  • where the personal data are not collected from the data subject, any avail­able infor­ma­tion as to their source;
  • the existence of automated decision-making, includ­ing profil­ing, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaning­ful infor­ma­tion about the logic involved, as well as the signif­i­cance and envis­aged conse­quences of such process­ing for the data subject.

Further­more, the data subject shall have a right to obtain infor­ma­tion as to whether personal data are trans­ferred to a third country or to an inter­na­tional organ­i­sa­tion. Where this is the case, the data subject shall have the right to be informed of the appro­pri­ate safeguards relat­ing to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

c) Right to rectification

Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller without undue delay the recti­fi­ca­tion of inaccu­rate personal data concern­ing him or her. Taking into account the purposes of the process­ing, the data subject shall have the right to have incom­plete personal data completed, includ­ing by means of provid­ing a supple­men­tary statement.

If a data subject wishes to exercise this right to recti­fi­ca­tion, he or she may, at any time, contact any employee of the controller.

d) Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller the erasure of personal data concern­ing him or her without undue delay, and the controller shall have the oblig­a­tion to erase personal data without undue delay where one of the follow­ing grounds applies, as long as the process­ing is not necessary:

  • The personal data are no longer neces­sary in relation to the purposes for which they were collected or other­wise processed.
  • The data subject withdraws consent to which the process­ing is based accord­ing to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the process­ing pursuant to Article 21(1) of the GDPR and there are no overrid­ing legit­i­mate grounds for the process­ing, or the data subject objects to the process­ing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlaw­fully processed.
  • The personal data must be erased for compli­ance with a legal oblig­a­tion in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of infor­ma­tion society services referred to in Article 8(1) of the GDPR.

If one of the afore­men­tioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH, he or she may, at any time, contact any employee of the controller. An employee of Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of avail­able technol­ogy and the cost of imple­men­ta­tion, shall take reason­able steps, includ­ing techni­cal measures, to inform other controllers process­ing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or repli­ca­tion of, those personal data, as far as process­ing is not required. An employ­ees of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH will arrange the neces­sary measures in individ­ual cases.

e) Right of restric­tion of processing

Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller restric­tion of process­ing where one of the follow­ing applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The process­ing is unlaw­ful and the data subject opposes the erasure of the personal data and requests instead the restric­tion of their use instead.
  • The controller no longer needs the personal data for the purposes of the process­ing, but they are required by the data subject for the estab­lish­ment, exercise or defence of legal claims.
  • The data subject has objected to process­ing pursuant to Article 21(1) of the GDPR pending the verifi­ca­tion whether the legit­i­mate grounds of the controller override those of the data subject.

If one of the afore­men­tioned condi­tions is met, and a data subject wishes to request the restric­tion of the process­ing of personal data stored by the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH, he or she may at any time contact any employee of the controller. The employee of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH will arrange the restric­tion of the processing.

f) Right to data portability

Each data subject shall have the right granted by the European legis­la­tor, to receive the personal data concern­ing him or her, which was provided to a controller, in a struc­tured, commonly used and machine-readable format. He or she shall have the right to trans­mit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the process­ing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the process­ing is carried out by automated means, as long as the process­ing is not neces­sary for the perfor­mance of a task carried out in the public inter­est or in the exercise of official author­ity vested in the controller.

Further­more, in exercis­ing his or her right to data porta­bil­ity pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data trans­mit­ted directly from one controller to another, where techni­cally feasi­ble and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data porta­bil­ity, the data subject may at any time contact any employee of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH.

g) Right to object

Each data subject shall have the right granted by the European legis­la­tor to object, on grounds relat­ing to his or her partic­u­lar situa­tion, at any time, to process­ing of personal data concern­ing him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profil­ing based on these provisions.

The Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH shall no longer process the personal data in the event of the objec­tion, unless we can demon­strate compelling legit­i­mate grounds for the process­ing which override the inter­ests, rights and freedoms of the data subject, or for the estab­lish­ment, exercise or defence of legal claims.

If the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH processes personal data for direct market­ing purposes, the data subject shall have the right to object at any time to process­ing of personal data concern­ing him or her for such market­ing. This applies to profil­ing to the extent that it is related to such direct market­ing. If the data subject objects to the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH to the process­ing for direct market­ing purposes, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relat­ing to his or her partic­u­lar situa­tion, to object to process­ing of personal data concern­ing him or her by the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH for scien­tific or histor­i­cal research purposes, or for statis­ti­cal purposes pursuant to Article 89(1) of the GDPR, unless the process­ing is neces­sary for the perfor­mance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH. In addition, the data subject is free in the context of the use of infor­ma­tion society services, and notwith­stand­ing Direc­tive 2002/58/EC, to use his or her right to object by automated means using techni­cal specifications.

h) Automated individ­ual decision-making, includ­ing profiling

Each data subject shall have the right granted by the European legis­la­tor not to be subject to a decision based solely on automated process­ing, includ­ing profil­ing, which produces legal effects concern­ing him or her, or similarly signif­i­cantly affects him or her, as long as the decision (1) is not is neces­sary for enter­ing into, or the perfor­mance of, a contract between the data subject and a data controller, or (2) is not autho­rised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legit­i­mate inter­ests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is neces­sary for enter­ing into, or the perfor­mance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH shall imple­ment suitable measures to safeguard the data subject's rights and freedoms and legit­i­mate inter­ests, at least the right to obtain human inter­ven­tion on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concern­ing automated individ­ual decision-making, he or she may, at any time, contact any employee of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH.

i) Right to withdraw data protec­tion consent

Each data subject shall have the right granted by the European legis­la­tor to withdraw his or her consent to process­ing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Inter­na­tional Depart­ment des Karlsruher Insti­tuts für Technolo­gie gGmbH.

 

11. Data protec­tion for appli­ca­tions and the appli­ca­tion procedures

The data controller shall collect and process the personal data of appli­cants for the purpose of the process­ing of the appli­ca­tion proce­dure. The process­ing may also be carried out electron­i­cally. This is the case, in partic­u­lar, if an appli­cant submits corre­spond­ing appli­ca­tion documents by e‑mail or by means of a web form on the website to the controller.

a) Creat­ing and Editing Your Appli­ca­tion Profile

You can modify and edit your appli­ca­tion profile as often as you like until you submit your appli­ca­tion. After submit­ting your appli­ca­tion, you will only have reading access until the end of the admis­sion process.

b) Collec­tion, Process­ing, and Use of Personal Data

By creat­ing an appli­ca­tion profile and submit­ting your appli­ca­tion later on, you agree to the electronic process­ing of your personal data and their trans­mis­sion to the admin­is­tra­tion office of the HECTOR School of Engineer­ing and Manage­ment as well as to the program direc­tors of the Master Programs. Your personal data will be used for process­ing your appli­ca­tion at the Hector Fellow Academy exclu­sively. They will be treated strictly confi­den­tially in accor­dance with the legal regula­tions and will not be disclosed to third parties.

c) Deletion of Personal Data

If your appli­ca­tion was not success­ful, your personal data will be deleted automat­i­cally four months after the appli­ca­tion deadline of the HECTOR intake you applied for accord­ing to the Federal Data Protec­tion Act. Your data will also be deleted four months after the appli­ca­tion deadline.

 

12. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for process­ing opera­tions for which we obtain consent for a specific process­ing purpose. If the process­ing of personal data is neces­sary for the perfor­mance of a contract to which the data subject is party, as is the case, for example, when process­ing opera­tions are neces­sary for the supply of goods or to provide any other service, the process­ing is based on Article 6(1) lit. b GDPR. The same applies to such process­ing opera­tions which are neces­sary for carry­ing out pre-contrac­tual measures, for example in the case of inquiries concern­ing our products or services. Is our company subject to a legal oblig­a­tion by which process­ing of personal data is required, such as for the fulfill­ment of tax oblig­a­tions, the process­ing is based on Art. 6(1) lit. c GDPR. In rare cases, the process­ing of personal data may be neces­sary to protect the vital inter­ests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insur­ance data or other vital infor­ma­tion would have to be passed on to a doctor, hospi­tal or other third party. Then the process­ing would be based on Art. 6(1) lit. d GDPR. Finally, process­ing opera­tions could be based on Article 6(1) lit. f GDPR. This legal basis is used for process­ing opera­tions which are not covered by any of the above­men­tioned legal grounds, if process­ing is neces­sary for the purposes of the legit­i­mate inter­ests pursued by our company or by a third party, except where such inter­ests are overrid­den by the inter­ests or funda­men­tal rights and freedoms of the data subject which require protec­tion of personal data. Such process­ing opera­tions are partic­u­larly permis­si­ble because they have been specif­i­cally mentioned by the European legis­la­tor. He consid­ered that a legit­i­mate inter­est could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

 

13. The legit­i­mate inter­ests pursued by the controller or by a third party

Where the process­ing of personal data is based on Article 6(1) lit. f GDPR our legit­i­mate inter­est is to carry out our business in favor of the well-being of all our employ­ees and the shareholders.

 

14. Period for which the personal data will be stored

The crite­ria used to deter­mine the period of storage of personal data is the respec­tive statu­tory reten­tion period. After expira­tion of that period, the corre­spond­ing data is routinely deleted, as long as it is no longer neces­sary for the fulfill­ment of the contract or the initi­a­tion of a contract.

 

15. Provi­sion of personal data as statu­tory or contrac­tual require­ment; Require­ment neces­sary to enter into a contract; Oblig­a­tion of the data subject to provide the personal data; possi­ble conse­quences of failure to provide such data

We clarify that the provi­sion of personal data is partly required by law (e.g. tax regula­tions) or can also result from contrac­tual provi­sions (e.g. infor­ma­tion on the contrac­tual partner). Sometimes it may be neces­sary to conclude a contract that the data subject provides us with personal data, which must subse­quently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provi­sion of the personal data would have the conse­quence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clari­fies to the data subject whether the provi­sion of the personal data is required by law or contract or is neces­sary for the conclu­sion of the contract, whether there is an oblig­a­tion to provide the personal data and the conse­quences of non-provi­sion of the personal data.

 

16. Existence of automated decision-making

As a respon­si­ble company, we do not use automatic decision-making or profiling.

 

17. Doubleclick by Google

Doubleclick by Google is a service of Google inc., 1600 Amphithe­atre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick uses cookies to send you targeted adverts. Your browser is assigned with a pseudo­ny­mous identi­fi­ca­tion number (ID), to check which ads were displayed on your browser and to which ads you had access. Cookies do not contain personal infor­ma­tion. The use of cookies facil­i­tates google to set up ads from your previ­ous visited websites. The infor­ma­tion achieved by the cookie is trans­ferred from Google to a server in USA, where the infor­ma­tion will be checked and stored. Google adheres to the privacy policy "US Safe Harbor" agree­ment and is regis­tered in the "Safe Harbor" program of the US Chamber of Commerce. The trans­fer of data to third parties by google might only be done accord­ing to the legal require­ments. Under no circum­stances can Google match your data with other data collected.

——————————————————————————————————————–

This Privacy Policy has been gener­ated by the Privacy Policy Gener­a­tor of the German Associ­a­tion for Data Protec­tion that was devel­oped in cooper­a­tion with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.

——————————————————————————————————————–