$newline never
<i>Last changed: ^{formatGregorianW 2019 12 23}

<p>
  The following data protection statement extends the #
  <a href="https://www.rz.ifi.lmu.de/datenschutz_en.html">Data Protection Statement of the Rechnerbetriebsgruppe (RBG) of the LMU</a> #
  , Version 0.91 from ^{formatGregorianW 2018 05 22}.<br>
  Should the Data Protection Statement linked above be newer than the Statement on this page, #
  the version of the RBG has higher priority than this version in case of conflicting information.

<p>
  The LMU as a corporate body of public law is subject to #
  the BayDSG (bavarian legislation on data-protection), in some points the BDSG (Federal Data Protection Act), #
  the GDPR (General Data Protection Regulation), and the corresponding articles of special laws (Telemedia, Telecommunication, Employment Law, etc.) relevant to data protection.<br />
  This data privacy statement fulfills the obligations to inform the user as result from the formalities mentioned above.

<h3>Contact
<h4>Data Protection Official of the LMU Munich
<ul style="list-style-type: none">
  <li>Dr. Rolf Gemmeke
  <li>Geschwister-Scholl-Platz 1, 80539 München
  <li>Telefon: +49 (0) 89 2180-2414
  <li>
    <a href="http://www.uni-muenchen.de/einrichtungen/orga_lmu/beauftragte/dschutz/index.html">
      Website of the data protection official of the LMU

<h4>Supervisory body for data protection in the public sector
<ul style="list-style-type: none">
  <li>Bayerischer Landesbeauftragter für den Datenschutz
  <li>Promenade 27
  <li>91522 Ansbach
  <li>Telefon: +49 (0) 981 53 1300
  <li>
    <a href="http://www.datenschutz-bayern.de/">
      Website of the bavarian Data Protection Commissioner

<h4> Data Protection Coordinator of the department Institut für Informatik of the LMU
<ul style="list-style-type: none">
  <li>Robert Hofer
  <li>E-Mail: ^{mailtoHtml "dsk@ifi.lmu.de"}
  <li>Telefon: +49 (0) 89 / 2180 - 9198

<h4>Legal person responsible for data processing
<ul style="list-style-type: none">
  <li>Ludwig-Maximilians-Universität München
  <li>Geschwister-Scholl-Platz 1
  <li>80539 München
  <li>Telefon: +49 (0) 89 / 2180 - 0
  <li>E-Mail: ^{mailtoHtml "praesidium@lmu.de"}
  <li>
    <p>
      The LMU Munich is a corporate body of the public law.<br>
      It is legally represented by its president, Prof. Dr. Bernd Huber.

    <h5>Responsible department
    <ul style="list-style-type: none">
      <li> IT Operations Team (RBG) of the department Institut für Informatik of the LMU Munich
      <li>Oettingenstraße 67
      <li>D-80538 München
      <li>E-Mail: ^{mailtoHtml "rbg@ifi.lmu.de"}
      <li>Tel.: +49 (0) 89 / 2180 - 9198

<h3>Processing of Personal Data

<p>
  The IT service and organization at the department Institut für Informatik follows #
  the state of the art and best practices regarding security and IT operations.<br />
  The protection of personal data as well as the sustainable operation of services #
  in the scope of their possibilities is therefore guaranteed.

<h4>1. Webserver Protocol

<h5>Data Subjects
<p>
  Every user of this webserver is affected by the acquisition and processing of the data.

<h5>Which Data is Acquired
<p>
  The webserver records
  <ul>
    <li> Pseudonym corresponding to the IP address of the user's webclient
    <li> Date and time of the request of an element of the website
    <li> Address of the requested element
    <li> Amount of requested data
    <li> Info on whether the request was successful
    <li> Type and version of the webclient
    <li> Error messages if applicable
    <li> Text of any search, filter, or sorting parameter as applicable
<p>
  In case of a disturbance or security incident, the pseudonymisation of the IP address will be #
  temporarily suspended.
<p>
  ipscrub (<a href="http://www.ipscrub.org">http://www.ipscrub.org</a>) is used to generate pseudonyms #
  for IP addresses.

<h5>Appropriation
<p>
  The collected data is only used for statistical analysis (in anonymised form), for enhancing Uni2work, #
  for analysis, elimination and protection against disturbances, and in case of security incidents.<br />
  Only the IT administrators responsible for the operation of the department Institut für Informatik #
  have access to the data.

<h5> Legal or Contractual Basis of Data Processing
<ul>
  <li> Obligation to sustainable and secure operation of IT services according to the state of the art (TMG, TKG, DSG, EUDGV, BayDSG, BDSG)
  <li> Legislation pertaining to the retention period and type of webserver protocols
  <li> Performing of a function that is of public interest

<h5> Disclosure
<p> First point of contact is the above-mentioned responsible department.

<h5> Deletion
<p>
  Entries of the webserver protocol will be automatically deleted after seven days.<br />
  Data that is processed due to a disturbance or a security incident will be deleted after the incident 
  has been concluded.

<h5> Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
  Consent is not required for the processing of the data due to the type of the collected data, its designated use, #
  the automated deletion and the basis of the collection (GDPR, Art. 6 Para. 1 e+f).<br />
  The right of withdrawal for data processing, the right of petition for deletion, the right of petition #
  for correction, and the right of petition for transmission are not applicable due to the consent to data processing #
  not being necessary as well as the type and use of the collected data.

<h5> Right to Appeal
<p>
  Users generally have the right to appeal to the supervisory body concerning any processing or transmission #
  of their personal data.<br>
  In case of the LMU Munich, the supervisory body is the above-mentioned Bavarian Data Protection Commissioner.<br>
  Apart from that, any other above-mentioned legal contact person may be contacted concerning appeals and inquiries.

<h5> Obligation to Participate in the Processing of the Data
<p>
  The user is obligated to provide the data and allow its processing when using this service.<br>
  We reserve the right to exclude users from the service who do not provide the data.

<h4>2. LDAP

<p>
  To provide the services of Uni2work, personal data from the central directory service (LDAP) #
  of the LMU Munich is collected, saved and processed.

<h5>Data Subjects
<p>
  Every person with a record in the central directory service of the LMU Munich that #
  either directly uses the services of Uni2work (as a registered user) or participates in #
  courses and/or exams that are managed via Uni2work is affected by the acquisition, saving and #
  processing of the data.

<h5>Which Data is Acquired
<p>
  The following data is acquired (from the central directory service of the LMU Munich), #
  saved and processed:
  <ul>
    <li>Username (<i>userPrincipalName</i>)
    <li>Display name (<i>displayName</i>)
    <li>Matriculation number (<i>LMU-Stud-Matrikelnummer</i>)
    <li>Given name (<i>givenName</i>)
    <li>Surname (<i>sn</i>)
    <li>Title(s) (<i>title</i>)
    <li>Features of study (<i>dfnEduPersonFeaturesOfStudy</i>)
    <li>Field of study (<i>LMU-Stg-Fach</i>)
    <li>Associated departments (<i>LMU-IFI-eduPersonOrgUnitDNString</i>)
    <li>Gender (<i>schacGender</i>)
    <li>Subterms and semester (<i>LMU-Stg-FachundFS</i>)
    <li>Email address (<i>mail</i>)

<h5>Appropriation
<p>
  The acquired data is used exclusively to provide, maintain and improve the services provided #
  by Uni2work.<br>
  Only system administrators have access to all above-mentioned data of all users. #
  Course administrators have access to the above-mentioned data of all participants of their courses. #
  Tutors have access to the above-mentioned data of all participants of the tutorials they have been assigned to.

<h5>Legal or Contractual Basis of Data Processing
<p>
  <ul>
    <li>
      Obligation to sustainable and secure operation of IT services according to the state of the art #
      (TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
    <li>
      Performing of a function that is of public interest

<h5>Disclosure
<p>
  First point of contact is the above-mentioned responsible department.

<h5>Deletion
<p>
  Data will be deleted after termination of studies, except for the following. #
  Data that is subject to a retention period as per administrative law will be deleted after #
  this retention period is exceeded.

<h5>Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
  <ul>
    <li>
      Consent is given by using the Uni2work system.
    <li>
      Data subjects have the right to revoke the processing of the data and the right to request the #
      data for deletion, as long as the data is not subject to a retention period as per administrative law. #
      By revoking the processing or requesting for deletion, the user will not be able to further use #
      Uni2work.
    <li>
      The rights of transmission and correction are not applicable, for Uni2work obtains the data #
      from the central directory service of the LMU Munich. #
      First point of contact is the above-mentioned responsible department.

<h5>Right to Appeal
<p>
  Users generally have the right to appeal to the supervisory body concerning any processing or #
  transmission of their personal data.<br>
  In case of the LMU Munich, the supervisory body is the above-mentioned Bavarian Data Protection #
  Commissioner.<br>
  Apart from that, any other above-mentioned legal contact person may be contacted concerning #
  appeals and inquiries.

<h5>Obligation to Participate in the Processing of the Data
<p>
  The user is obligated to provide the data and allow its processing when using this service.<br>
  We reserve the right to exclude users from the service who do not provide the data.

<h4>3. Uni2work

<p>
  In addition to the data mentioned in "2. LDAP", further data is acquired and processed by #
  participating in courses and/or exams managed via Uni2work, e.g. files for exercise sheet submissions #
  or exam results.<br>
  This data is saved permanently on the Uni2work servers and may be passed on to authorized personnel.

<h5>Data Subjects
<p>
  Every person that publishes data either directly themselves or indirectly via a third party is subject #
  to the acquisition and processing of their data.

<h5>Which Data is Acquired
<p>
  The following data will be stored permanently on the Uni2work servers:
  <ul>
    <li>Files regarding exercise sheet submissions
    <li>Files regarding course material
    <li>Files regarding applications to courses or central allocations
    <li>Exam results

<h5>Appropriation
<p>
  The acquired data is used exclusively to provide, maintain and enhance the services of Uni2work.<br>
  Only system administrators have access to all of the above-mentioned data of all users of the system. #
  Course administrators have access to exercise sheet submissions, course material and applications regarding #
  their courses. #
  Correctors have access to all files regarding an exercise sheet submission they are assigned to (as correctors).

<h5>Legal or Contractual Basis of Data Processing
<p>
  <ul>
    <li>
      Obligation to sustainable and secure operation of IT services according to the state of the art #
      (TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
    <li>
      Performing of a function that is of public interest

<h5>Disclosure
<p>
  First point of contact is the above-mentioned responsible department.

<h5>Deletion
<p>
  The data is stored permanently on the Uni2work servers.<br>
  You have the right to request the data for deletion, if the deletion does not violate the rights #
  of third parties and the data is not subject to an active retention period as per administrative law.

<h5>Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
  <ul>
    <li>
      Consent is given by using the Uni2work system.
    <li>
      Data subjects have the right to revoke the processing of the data and the right to request the #
      data for deletion, if the deletion does not violate the rights of third parties and the data is #
      not subject to a retention period as per administrative law. #
    <li>
      Data subjects have the right to have the data corrected, if the correction does not violate the rights #
      of third parties and the data is not subject to a retention period as per administrative law.<br>
      Data subjects have the right to have a copy of their data transmitted to them.

<h5>Right to Appeal
<p>
  Users generally have the right to appeal to the supervisory body concerning any processing or #
  transmission of their personal data.<br>
  In case of Uni2work, the supervisory body is the above-mentioned responsible department.<br>
  Apart from that, any other above-mentioned legal contact person may be contacted concerning #
  appeals and inquiries.

<h5>Obligation to Participate in the Processing of the Data
<p>
  The user is obligated to provide the data and allow its processing when using this service.<br>
  We reserve the right to exclude users from the service who do not provide the data.