The person responsible for the LMU internet pages within the meaning of the General Data Protection Regulation (DSGVO) and of other national data protection laws or other provisions relating to data protection, is the LMU, which is legally represented by their president. Contact information can be found here (copyright).
The particular facilities of the LMU are each responsible for the content offered on the internet pages of the LMU. Please direct any questions relating to a particular internet page of the LMU to the particular contact party who is listed for the particular internet page in the copyright notice.
The contact data of the official LMU data protection officer is found on the internet page of the LMU at https://www.uni-muenchen.de/einrichtungen/orga_lmu/beauftragte/dschutz/index.html.
The official data protection officer is available to answer questions about data protection at the LMU. Please use the contact form on the internet page of the official LMU data protection officer for any questions: https://www.uni-muenchen.de/einrichtungen/orga_lmu/beauftragte/dschutz/Datenschutzkontaktformular.html. Please also use this form to report any data protection events which become known to you from your use of the LMU internet pages.
This data protection policy applies to the processing of personal data in connection with the LMU internet presence.
In accordance with Art. 2 para. 6 BayHSchG, Art. 4 para. 1 lines 1 and 2 BayEGovG, on our web pages we offer our services and administrative services, and also information for the public about our activities. Personal data will only be processed on the LMU internet pages provided this is necessary to provide a functioning internet page, to present the particular content, or to provide certain services or offers. The processing of personal data occurs either owing to a legal requirement or based on the user’s consent. When processing of personal data is based on a consent, then such processing shall occur based on Art. 6 para. 1 (a) DSGVO. Art. 6 para. 1 (b) DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the user is a party. Insofar as processing personal data is required to fulfil a legal obligation to which the LMU is subject, the applicable legal basis is provided by Art. 6 para. 1 (c) DSGVO. In the event that the vital interests of the affected person or other natural person require the processing of personal data, the applicable legal basis is provided by Art. 6 para. 1 lit. e, para. 3 lit. b DSGVO i.V.m. Art. 4 para. 1 BayDSG. The processing may also be required in fulfillment of a mission which has been assigned to the LMU and which is in the public interest (Art. 6 para. 1 (b) DSGVO). Additional legal basis may also arise from special-legal or other legal regulations, to which reference is made in the particular, individual case.
The personal data of users of the LMU internet pages will be deleted or anonymised inasmuch as and provided the particular purpose of the retention has expired and there is no archiving requirement. Deletion or erasure of the data will also occur when a retention period as specified by the European or domestic legislature in EU regulations, laws or other specifications to which the LMU is subject, has expired, unless there is a requirement for continued retention of the data for completion of or fulfillment of a contract. If provided in the referenced regulation, retention for a longer period is possible.
In order to protect your data in a reasonable and comprehensive manner during the processing, and in particular to protect against its transmittal, where necessary and with reference to the prior art, we use appropriate encryption techniques and secure technical systems (e.g. SSL/TLS).
Every time you visit an LMU website, the LMU system automatically collects data and information from the computer system of the accessing computer. In addition, we process your personal data to the extent you provide such data via the LMU internet pages. In the processing of your personal data we take into account in particular the principles of data protection relating to necessity, purpose, data minimizing, legality, correctness and integrity.
Sometimes cookies are placed merely due to a visit to the LMU internet, for example, to identify user-sessions, and also to configure the internet pages in a user-friendly manner. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user's computer system. If a user visits an internet page, a cookie may be stored in the user's operating system. This cookie contains a unique character sequence that permits the browser to be specifically identified upon a subsequent visit to the internet page.
A session-ID is saved in the cookies for public offers exclusively for identification of the user-session (session-cookie). These session-cookies are automatically deleted at the end of your visit by closing your browser.
The saving of these cookies can be turned off at any time by making a corresponding setting in the internet browser; this can also be done automatically.
However, several elements of our internet pages require that the calling internet browser can also be identified even after a page-change. If cookies are deactivated for the LMU internet pages, it is possible that not all functions of the LMU internet pages can still be accessed.
The following services can only be used when the saving of cookies is allowed:
The transmission of flash-cookies cannot be disabled via the settings in your internet browser, but by changing the setting of the flash player.
This website uses the open source web analytics tool Awstats to get access statistics. Only the server log files (see below) are used for the evaluation. The IP address is thereby anonymized, an assignment of data to specific persons is no longer possible.
An RSS feed is a form of the classical newsletter that you can read either with your browser or with a special program (RSS reader). When we offer an RSS feed, we will use it to inform you about current events. A list of central RSS feeds is provided at https://www.en.uni-muenchen.de/funktionen/rss.
If personal data is collected within the scope of an application for an RSS feed, then this information will be processed exclusively for the purpose of performing the RSS, and will be deleted as soon as it is no longer needed, that is, either after you log off, or after cessation of the RSS.
Due to occurring security-related events, e.g. attempted hacking attacks, relevant access data will be saved for every access on all central hosted webpages. The Faculty internet server is operated by the IT Services Group of the Faculty.
Depending on the used access protocol, the protocol data set contains data with the following content:
a) Purpose of the protocol
The saved data are used for purposes of identification and tracking of allowed access and of impermissible access attempts, for maintenance of the internet page functionality on the internet server, and - in anonymized form - for optimizing of the internet offering. Temporary saving of the IP address is also necessary in order to enable delivery of the LMU internet page to your computer. For this purpose the user’s IP address must remain stored for the duration of the session. This data is not stored by the LMU together with other personal data.
b) Retention period
The recorded data are saved for a maximum of ten days and then deleted. A longer retention period may occur in an individual case, provided a violation related to security was discovered. Irrespective thereof, retention for an even longer period is possible. In such a case, your IP address will be deleted or scrambled so that an allocation to the calling client is no longer possible.
c) Evaluation of the protocol
Evaluation of the protocol occurs by the authorized employee of the Faculty IT Services Group under contract with the LMU and observing the provisions of data protection law.
If the data is urgently required for maintenance of the internet page and the saving of the data in logfiles is required for operation of the internet page, then you will not be entitled to a right of objection.
You can contact the LMU via the LMU internet pages. Please use the contact form found on the particular internet page, or the email address mentioned on the internet page.
a) Use of a contact form
In addition to the data you provide, the following data is also stored at the time the message is sent:
On the application server:
The personal data processed during the application process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
By using a contact form you will be informed about the data collected and about your particular rights.
b) Use of an email address
In addition to the contact form, it is also possible to send an email to an LMU email address provided for use of the particular internet page. If you send us an email, then your email address and the other data provided by you will only be used for correspondence with you, and will be saved only as long as necessary for this purpose, unless some other legal grounds will justify its continuing retention.
Please note that the use of a non-encrypted email is fundamentally unsecure, that is, it may possibly be read, changed or captured by third parties along the transmission route. Please remember this when you send us information in an email. Therefore the sending of confidential messages should be either by regular mail or by S/MIME (X509-) encryption.
In the event that you wish to send us an encrypted message, please use the public X509-certificate for encryption of your message.
In order that we may also send you confidential messages, please also give us your postal address, if requested. Otherwise there is the possibility that no information can be shared.
In the event that you want to send us a non-encrypted email, then please use preferably a function address at the LMU, provided such an address is provided on the internet page.
Please note that in the case of an email inquiry, we cannot verify your identity and do not know who is concealed behind the email address. A legally secure communication by means of a simple, unsigned email is not ensured, not even if it is encrypted.
At the LMU we sometimes use filters against unwanted advertising (spam filters) that can also sometimes wrongly classify and delete emails as advertising. Emails that can contain harmful programs, e.g. viruses, are deleted automatically.
If you want to receive an encrypted email from us, then please provide us with the necessary information.
It is possible to input your personal data on the LMU internet pages. Your data basically will be encrypted (https) along the transmission route, unless the particular offers specifically make reference thereto.
If personal data is collected for a newsletter subscription, then it will be processed only for the purpose of sending you the newsletter. The particular newsletter can be canceled at any time. To do so, please use the email address oder website provided for the person responsible for sending the newsletter. Additional information will be provided together with your subscription to the newsletter.
As a part of the LMU internet presence, personal data is processed within the scope stated above. To this extent you are an affected person within the meaning of the DSGVO and are entitled to the following rights with respect to the LMU:
You can ask the LMU to confirm whether we process personal data concerning you.
If such data is processed, you can request the following information from the LMU:
You have the right to request information concerning whether your personal data will be transferred to a third country or international organization. In such cases, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO as related to this transfer.
Your right to information is subject to legal restrictions and is not absolute, rather, it is limited in particular in the following cases:
You have the right to rectify and/or to complete inaccurate and/or incomplete personal data saved by the LMU. The LMU will make the correction without delay.
In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to rectification may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
Under the following circumstances you may request a restriction of processing of your personal data:
Where processing personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing personal data concerning you has been restricted, you will be informed by the LMU before the restriction of processing is lifted.
In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
a) Deletion requirement
You can request the LMU to delete your personal data without delay. The LMU is required to delete this data without delay, provided one of the following reasons applies:
b) Notification to third parties
Where the LMU has made the personal data public and is obliged pursuant to Art. 17 para. 1 DSGVO to erase the personal data, the responsible officer, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform officers who are processing the personal data, that you have requested the deletion by such officers of any links to, or copy or replication of, that personal data.
The right to erasure does not apply to the extent processing is necessary
If you have asserted your right to rectification, erasure or restriction of processing vis-a-vis the LMU, then we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort (Art. 19 DSGVO).
You have the right to be informed by the LMU about such recipients.
Regarding the demands of Art. 21 DSGVO you have the right to receive the personal data concerning you which you provided to the LMU, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to one or another responsible officer without hindrance by the LMU, provided
In exercising your right to data portability, you have the right to have the personal data transmitted directly from the LMU to another responsible officer, where technically feasible. The exercise of this right cannot adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the LMU.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para.1 (e) or (f) DSGVO.
In such cases, the LMU shall no longer process the personal data concerning you unless the LMU can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In the context of the use of information company services, and notwithstanding Directive 2002/58/EC, you are entitled to exercise your right to object by using automated means, in which technical specifications are applied.
In the case of processing of your personal data for scientific or historical research purposes and for statistical purposes pursuant to Art. 89 para. 1 DSGVO, you have the right to object to this data processing for reasons relating to your particular situation.
Your right to objection may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
You have the right to revoke your consent to data processing with future effect; however, this revocation shall not affect the legitimacy of the data processing already occurred based on your consent given until the time of revocation. This revocation must always be submitted to the agency within the LMU which has received the consent.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection oversight authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the DSGVO. In the case of the LMU the directly cognizant data protection oversight authority is the Bavarian State Officer for Data Protection (https://www.datenschutz-bayern.de) (external link); The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.
If you believe that the processing of your personal data is in violation of the DSGVO, then we request that you first turn to the officer responsible for the content of the particular internet page, who is named in the copyright statement, and/or to the official data protection officer at the LMU, since this will allow a rapid examination or remedy, if necessary, of your concerns. It is our goal and responsibility to examine all arriving questions of data protection immediately and to solve potential problems under data protection law.
The general data protection policy applies to those internet pages of the LMU for which the LMU bears responsibility. A supplemental data protection policy may also apply to a particular internet page of the LMU, provided the person responsible for the content of the internet page is performing additional processing of personal data and gives notice of such processing. This applies in particular when specific services are offered by individual departments. The supplemental data protection policy can expand, but not replace, the general data protection policy. The general data protection policy is a part of any supplemental data protection policy.
This general data protection policy was created on 03/2019. We reserve the right to update this data protection policy on a regular basis in order to take proper account of current legal requirements and technical changes, and also to implement our services and offers in compliance with data protection. The most recent version of this policy applies to your visit to an LMU web page.