fraport/fradrive
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c99d96ecb8
fradrive/templates/i18n/data-protection/en.hamlet
Gregor Kleen 0af3b87a47 fix: date formatting
2020-01-30 13:38:04 +01:00

300 lines
13 KiB
Plaintext
Raw Blame History

$newline never
<i>Last changed: ^{formatGregorianW 2019 12 23}
<p>
The following data protection statement extends the #
<a href="https://www.rz.ifi.lmu.de/datenschutz_en.html">Data Protection Statement of the Rechnerbetriebsgruppe (RBG) of the LMU</a> #
, Version 0.91 from ^{formatGregorianW 2018 05 22}.<br>
Should the Data Protection Statement linked above be newer than the Statement on this page, #
the version of the RBG has higher priority than this version in case of conflicting information.
<p>
The LMU as a corporate body of public law is subject to #
the BayDSG (bavarian legislation on data-protection), in some points the BDSG (Federal Data Protection Act), #
the GDPR (General Data Protection Regulation), and the corresponding articles of special laws (Telemedia, Telecommunication, Employment Law, etc.) relevant to data protection.<br />
This data privacy statement fulfills the obligations to inform the user as result from the formalities mentioned above.
<h3>Contact
<h4>Data Protection Official of the LMU Munich
<ul style="list-style-type: none">
<li>Dr. Rolf Gemmeke
<li>Geschwister-Scholl-Platz 1, 80539 München
<li>Telefon: +49 (0) 89 2180-2414
<li>
<a href="http://www.uni-muenchen.de/einrichtungen/orga_lmu/beauftragte/dschutz/index.html">
Website of the data protection official of the LMU
<h4>Supervisory body for data protection in the public sector
<ul style="list-style-type: none">
<li>Bayerischer Landesbeauftragter für den Datenschutz
<li>Promenade 27
<li>91522 Ansbach
<li>Telefon: +49 (0) 981 53 1300
<li>
<a href="http://www.datenschutz-bayern.de/">
Website of the bavarian Data Protection Commissioner
<h4> Data Protection Coordinator of the department Institut für Informatik of the LMU
<ul style="list-style-type: none">
<li>Robert Hofer
<li>E-Mail: ^{mailtoHtml "dsk@ifi.lmu.de"}
<li>Telefon: +49 (0) 89 / 2180 - 9198
<h4>Legal person responsible for data processing
<ul style="list-style-type: none">
<li>Ludwig-Maximilians-Universität München
<li>Geschwister-Scholl-Platz 1
<li>80539 München
<li>Telefon: +49 (0) 89 / 2180 - 0
<li>E-Mail: ^{mailtoHtml "praesidium@lmu.de"}
<li>
<p>
The LMU Munich is a corporate body of the public law.<br>
It is legally represented by its president, Prof. Dr. Bernd Huber.
<h5>Responsible department
<ul style="list-style-type: none">
<li> IT Operations Team (RBG) of the department Institut für Informatik of the LMU Munich
<li>Oettingenstraße 67
<li>D-80538 München
<li>E-Mail: ^{mailtoHtml "rbg@ifi.lmu.de"}
<li>Tel.: +49 (0) 89 / 2180 - 9198
<h3>Processing of Personal Data
<p>
The IT service and organization at the department Institut für Informatik follows #
the state of the art and best practices regarding security and IT operations.<br />
The protection of personal data as well as the sustainable operation of services #
in the scope of their possibilities is therefore guaranteed.
<h4>1. Webserver Protocol
<h5>Data Subjects
<p>
Every user of this webserver is affected by the acquisition and processing of the data.
<h5>Which Data is Acquired
<p>
The webserver records
<ul>
<li> Pseudonym corresponding to the IP address of the user's webclient
<li> Date and time of the request of an element of the website
<li> Address of the requested element
<li> Amount of requested data
<li> Info on whether the request was successful
<li> Type and version of the webclient
<li> Error messages if applicable
<li> Text of any search, filter, or sorting parameter as applicable
<p>
In case of a disturbance or security incident, the pseudonymisation of the IP address will be #
temporarily suspended.
<p>
ipscrub (<a href="http://www.ipscrub.org">http://www.ipscrub.org</a>) is used to generate pseudonyms #
for IP addresses.
<h5>Appropriation
<p>
The collected data is only used for statistical analysis (in anonymised form), for enhancing Uni2work, #
for analysis, elimination and protection against disturbances, and in case of security incidents.<br />
Only the IT administrators responsible for the operation of the department Institut für Informatik #
have access to the data.
<h5> Legal or Contractual Basis of Data Processing
<ul>
<li> Obligation to sustainable and secure operation of IT services according to the state of the art (TMG, TKG, DSG, EUDGV, BayDSG, BDSG)
<li> Legislation pertaining to the retention period and type of webserver protocols
<li> Performing of a function that is of public interest
<h5> Disclosure
<p> First point of contact is the above-mentioned responsible department.
<h5> Deletion
<p>
Entries of the webserver protocol will be automatically deleted after seven days.<br />
Data that is processed due to a disturbance or a security incident will be deleted after the incident
has been concluded.
<h5> Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
Consent is not required for the processing of the data due to the type of the collected data, its designated use, #
the automated deletion and the basis of the collection (GDPR, Art. 6 Para. 1 e+f).<br />
The right of withdrawal for data processing, the right of petition for deletion, the right of petition #
for correction, and the right of petition for transmission are not applicable due to the consent to data processing #
not being necessary as well as the type and use of the collected data.
<h5> Right to Appeal
<p>
Users generally have the right to appeal to the supervisory body concerning any processing or transmission #
of their personal data.<br>
In case of the LMU Munich, the supervisory body is the above-mentioned Bavarian Data Protection Commissioner.<br>
Apart from that, any other above-mentioned legal contact person may be contacted concerning appeals and inquiries.
<h5> Obligation to Participate in the Processing of the Data
<p>
The user is obligated to provide the data and allow its processing when using this service.<br>
We reserve the right to exclude users from the service who do not provide the data.
<h4>2. LDAP
<p>
To provide the services of Uni2work, personal data from the central directory service (LDAP) #
of the LMU Munich is collected, saved and processed.
<h5>Data Subjects
<p>
Every person with a record in the central directory service of the LMU Munich that #
either directly uses the services of Uni2work (as a registered user) or participates in #
courses and/or exams that are managed via Uni2work is affected by the acquisition, saving and #
processing of the data.
<h5>Which Data is Acquired
<p>
The following data is acquired (from the central directory service of the LMU Munich), #
saved and processed:
<ul>
<li>Username (<i>userPrincipalName</i>)
<li>Display name (<i>displayName</i>)
<li>Matriculation number (<i>LMU-Stud-Matrikelnummer</i>)
<li>Given name (<i>givenName</i>)
<li>Surname (<i>sn</i>)
<li>Title(s) (<i>title</i>)
<li>Features of study (<i>dfnEduPersonFeaturesOfStudy</i>)
<li>Field of study (<i>LMU-Stg-Fach</i>)
<li>Associated departments (<i>LMU-IFI-eduPersonOrgUnitDNString</i>)
<li>Gender (<i>schacGender</i>)
<li>Subterms and semester (<i>LMU-Stg-FachundFS</i>)
<li>Email address (<i>mail</i>)
<h5>Appropriation
<p>
The acquired data is used exclusively to provide, maintain and improve the services provided #
by Uni2work.<br>
Only system administrators have access to all above-mentioned data of all users. #
Course administrators have access to the above-mentioned data of all participants of their courses. #
Tutors have access to the above-mentioned data of all participants of the tutorials they have been assigned to.
<h5>Legal or Contractual Basis of Data Processing
<p>
<ul>
<li>
Obligation to sustainable and secure operation of IT services according to the state of the art #
(TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
<li>
Performing of a function that is of public interest
<h5>Disclosure
<p>
First point of contact is the above-mentioned responsible department.
<h5>Deletion
<p>
Data will be deleted after termination of studies, except for the following. #
Data that is subject to a retention period as per administrative law will be deleted after #
this retention period is exceeded.
<h5>Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
<ul>
<li>
Consent is given by using the Uni2work system.
<li>
Data subjects have the right to revoke the processing of the data and the right to request the #
data for deletion, as long as the data is not subject to a retention period as per administrative law. #
By revoking the processing or requesting for deletion, the user will not be able to further use #
Uni2work.
<li>
The rights of transmission and correction are not applicable, for Uni2work obtains the data #
from the central directory service of the LMU Munich. #
First point of contact is the above-mentioned responsible department.
<h5>Right to Appeal
<p>
Users generally have the right to appeal to the supervisory body concerning any processing or #
transmission of their personal data.<br>
In case of the LMU Munich, the supervisory body is the above-mentioned Bavarian Data Protection #
Commissioner.<br>
Apart from that, any other above-mentioned legal contact person may be contacted concerning #
appeals and inquiries.
<h5>Obligation to Participate in the Processing of the Data
<p>
The user is obligated to provide the data and allow its processing when using this service.<br>
We reserve the right to exclude users from the service who do not provide the data.
<h4>3. Uni2work
<p>
In addition to the data mentioned in "2. LDAP", further data is acquired and processed by #
participating in courses and/or exams managed via Uni2work, e.g. files for exercise sheet submissions #
or exam results.<br>
This data is saved permanently on the Uni2work servers and may be passed on to authorized personnel.
<h5>Data Subjects
<p>
Every person that publishes data either directly themselves or indirectly via a third party is subject #
to the acquisition and processing of their data.
<h5>Which Data is Acquired
<p>
The following data will be stored permanently on the Uni2work servers:
<ul>
<li>Files regarding exercise sheet submissions
<li>Files regarding course material
<li>Files regarding applications to courses or central allocations
<li>Exam results
<h5>Appropriation
<p>
The acquired data is used exclusively to provide, maintain and enhance the services of Uni2work.<br>
Only system administrators have access to all of the above-mentioned data of all users of the system. #
Course administrators have access to exercise sheet submissions, course material and applications regarding #
their courses. #
Correctors have access to all files regarding an exercise sheet submission they are assigned to (as correctors).
<h5>Legal or Contractual Basis of Data Processing
<p>
<ul>
<li>
Obligation to sustainable and secure operation of IT services according to the state of the art #
(TMG, TKG, DSG, EUDGV, BayrDSG, BDSG)
<li>
Performing of a function that is of public interest
<h5>Disclosure
<p>
First point of contact is the above-mentioned responsible department.
<h5>Deletion
<p>
The data is stored permanently on the Uni2work servers.<br>
You have the right to request the data for deletion, if the deletion does not violate the rights #
of third parties and the data is not subject to an active retention period as per administrative law.
<h5>Consent, Correction, Revocation, Request for Deletion or Transmission
<p>
<ul>
<li>
Consent is given by using the Uni2work system.
<li>
Data subjects have the right to revoke the processing of the data and the right to request the #
data for deletion, if the deletion does not violate the rights of third parties and the data is #
not subject to a retention period as per administrative law. #
<li>
Data subjects have the right to have the data corrected, if the correction does not violate the rights #
of third parties and the data is not subject to a retention period as per administrative law.<br>
Data subjects have the right to have a copy of their data transmitted to them.
<h5>Right to Appeal
<p>
Users generally have the right to appeal to the supervisory body concerning any processing or #
transmission of their personal data.<br>
In case of Uni2work, the supervisory body is the above-mentioned responsible department.<br>
Apart from that, any other above-mentioned legal contact person may be contacted concerning #
appeals and inquiries.
<h5>Obligation to Participate in the Processing of the Data
<p>
The user is obligated to provide the data and allow its processing when using this service.<br>
We reserve the right to exclude users from the service who do not provide the data.
Reference in New Issue View Git Blame Copy Permalink