Data protection is an important concern for the Technical University of Munich. We would like you to know when which data is stored and how we use it. Personal data is only recorded to the extent necessary. Data processing is subject to the applicable data protection regulations, in particular the General Data Protection Regulation GDPR (Datenschutz-Grundverordnung DSGVO), the Bavarian Data Protection Act (BayDSG) and the Telemedia Act (TMG). This data protection declaration refers to the processing of personal data within the scope of this website (duty to provide information according to Art. 13, 14 of the GDPR (DSGVO)). In the following, we inform you about the type, scope and purpose of the collection and use of personal data. This information can be retrieved from our website at any time.
Technische Universität München
Phone: +49 (0) 89 289 01
The purpose of processing personal data is to operate this website, in particular to implement a registration system ('matching') for applying for courses, especially seminars and workshops. The matching system allocates the students for the selected events (seminars, workshops). As soon as an instance has been created, students enter their preferences within a certain period of time. Afterwards, the courses' lecturers can also enter preferences. The system uses this information to calculate the assignment of students to courses, which takes all specified preferences into account as closely as possible and makes the result available for retrieval (assigned course for each student, list of participants for lecturer). The procedure thus serves the purpose of course administration according to Art. 6 Par. 1 lit. c GDPR (DSGVO), together with Art. 4 Par. 1 BayDSG, Art. 5 Par. 1 BayDSG, Art. 6 Par. 1 BayDSG.
Personal data (IP address) is only retrieved if it is necessary for the purpose of operating and securing this website. The legal basis for the processing of personal data is Art. 6 Par. 1 letter e, Par. 2 and 3 GDPR (DSGVO) and Art. 4 Par. 1 of the Bavarian Data Protection Act (BayDSG). If necessary, your data may be transmitted to the responsible supervisory and auditing authorities to exercise the respective rights of control. To prevent danger to security in information technology, electronically transmitted data may be forwarded to the State Office for Information Security to be processed on the basis of Art. 12 ff. of the Bavarian E-Government Act.
A purely informative use of our website is usually possible without providing personal data. Personal data provided via contact forms, registration forms, and similar web pages on our web servers will only be accepted with your consent and will only serve the purpose stated in the forms. Please note the corresponding information on these forms. Personal data is usually stored in a database of the Leibniz Supercomputing Centre and is accessible to the responsible TUM employees. If the purpose of the data collection is to make the data accessible to other members of TUM, the principle of data minimization is followed. Your data will not be passed on to third parties, unless this is explicitly stated in the form.
The users (students, lecturers and examiners who offer or administer a corresponding course) log on to the matching system via Shibboleth, the necessary information is then transferred and stored in the matching system. In particular, the system stores last names and first names as well as email addresses. Additionally, selected course and study semester are stored for students. Moreover, the system stores all data submitted via forms that is necessary for the matching process. This includes in particular data about preferred courses, preferred participants and their ranking.
The registration process via Shibboleth allows us to operate the system without a dedicated user and password management system. Confidentiality, integrity, availability and resilience of the system is therefore dependent on the regularly maintained, tested and monitored TUM-IDP system. Only the personal data that is absolutely necessary for the implementation of the purpose of this system (matching) is stored. The systems are updated on a regular basis.
Your data will only be stored as long as it is necessary for the fulfilment of the tasks in compliance with legal retention periods. Data that is no longer required will be deleted at the end of the respective semester, together with all data used for performing the matching.
As far as your personal data are processed, you, as the data subject, are entitled to the following rights:
- You have the right to be informed about the data stored about you (Art. 15 GDPR / DSGVO).
- If incorrect personal data is processed, you have the right to have it corrected (Art. 16 GDPR / DSGVO).
- If the legal requirements are met, you can demand the deletion of your data or the restriction of its processing (Art. 17 and 18 GDPR / DSGVO).
- If you have consented to the data processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have the right to transfer the data (Art. 20 GDPR / DSGVO).
- If you have consented to the processing of your data and the processing is based on this consent, you can revoke your authorization at any time in the future. This does not affect the legality of data processing based on consent before its withdrawal.
If processing of your data is executed solely on the basis of Art. 6 Par. 1 Letter e or f GDPR / DSGVO (Art. 21 Par. 1 Sentence 1 D GDPR / DSGVO), you have the right to object the processing at any time for reasons based on your personal situation. Restrictions and modifications of the aforementioned rights may result from Art. 9 and 10 BayDSG and Art. 20 BayDSG. If you have given us your consent, you can revoke it at any time in the future.
To exercise your rights to information, correction or deletion or to revoke a previously granted consent, please contact us at the following address:
Fakultät für Mathematik
85748 Garching bei München Email: firstname.lastname@example.org
You may at any time file a complaint with the Bavarian State Commissioner for Data Protection. Please use the following contact information:
Postal adress: Postfach 22 12 19, 80502 München
Adress: Wagmüllerstraße 18, 80538 München
Phone: +49 (0) 89 212672 0
Fax: +49 (0) 89 212672 50
When you access this or other websites, you transmit data to our web server via your internet browser. The server is operated by the Leibniz Supercomputing Centre (LRZ), Boltzmannstr. 1, 85748 Garching.
Whenever our website is accessed, the web servers temporarily store the following information in log files:
- IP address of the requesting computer
- Date and time of access
- Name, URL and amount of data transferred for each retrieved file
- Access status (requested files to be transferred, files not found etc.)
- Identification data of the browser and operating system used (if transmitted by the requesting web browser)
- Website from which the access was made (if transmitted by the requesting web browser)
The data in this log file is processed as follows:
- The log entries are automatically and continuously evaluated in order to detect attacks on the web servers and to be able to react accordingly.
- In individual cases, i.e. in case of reported malfunctions, errors and security incidents, a manual analysis is performed.
- Log entries older than seven days are anonymized by shortening the IP address. The anonymized logs are used to generate access statistics. The software used for the anonymization process is operated locally by the LRZ.
- The IP addresses contained in the log entries are not merged with other databases of the LRZ, thus no conclusions can be drawn about individual persons.
Unencrypted information sent to us by electronic mail (email) can possibly be read by third parties during the transmission process. As a rule, we cannot verify your identity and do not know who is behind an email address. A legally secure communication by simple email is therefore not guaranteed. Like many email providers, we use filters against unwanted advertising ('SPAM filters'), which in rare cases erroneously classify normal emails as unwanted advertising and delete them. In any case, we automatically delete emails that contain damaging programs ('viruses' / malware).
We do not use programs to evaluate user behaviour.
Cross-references (links) to the websites of other providers must be distinguished from our own content. Through these links, we merely enable access to the use of third-party content in accordance with § 8 Telemediengesetz / German Telemedia Act. When we first linked to these websites, we checked these third-party contents to see whether they might cause civil or criminal liability. However, we cannot constantly check this third-party content for changes and therefore cannot assume any liability for it. The respective provider of the site is solely liable for illegal, incorrect or incomplete content and in particular for damage resulting from the use or non-use of information from third parties.