Privacy Policy:

With the following information, we would like to provide you, as the “data subject,” with an overview of the processing of your personal data by us and your rights under the data protection laws. The use of our website is generally possible without entering personal data. However, if you would like to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address, or email address, always complies with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to “Bauhaus-Universität Weimar”. This privacy statement aims to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transfers can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, e.g., by telephone or mail.

You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Hence, we would like to provide you with some tips for handling your data securely:

• Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords.
• Ensure that only you have access to these passwords.
• Use your passwords exclusively for one account (login, user, or customer account).
• Do not use a password for multiple websites, applications, or online services.
• Especially when using publicly accessible or shared IT systems, make sure to log out after each session on a website, application, or online service.

Passwords should be at least 12 characters long and chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or names of relatives, but a mix of upper and lower case letters, numbers, and special characters.

Data Controller:

The data controller under the GDPR is:

Bauhaus-Universität Weimar Geschwister-Scholl-Straße 8 99423 Weimar Germany

Phone: +49.3643.581110

Representative of the Data Controller: President

Data Protection Officer:

You can contact the Data Protection Officer as follows:

Office of the Chancellor

Phone: +49.3643.581222 Email: datenschutz@uni-weimar.de

You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection.

Legal Basis for Processing:

Art. 6 (1) lit. a) GDPR (in conjunction with § 25 (1) TTDSG) serves as our company's legal basis for processing operations for which we obtain consent for a specific processing purpose.

If processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of any other service or consideration, then the processing is based on Art. 6 (1) lit. b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example, in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, then the processing is based on Art. 6 (1) lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our facility were injured and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6 (1) lit. d) GDPR.

Finally, processing operations could be based on Art. 6 (1) lit. f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds, if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are permitted to us particularly because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).

Our offer is fundamentally aimed at adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect it, and do not pass it on to third parties.

SSL/TLS Encryption:

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. We use this technology to protect the data transmitted by you.

Data Collection When Visiting the Website:

When you use our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). Each time a page is accessed by you or by an automated system, our website collects a series of general data and information. These general data and information are stored in the server log files. The following can be recorded:

• The types and versions of browsers used,
• The operating system used by the accessing system,
• The website from which an accessing system reaches our website (so-called referrer),
• The sub-websites accessed via an accessing system on our website,
• The date and time of access to the website,
• An Internet protocol address (IP address),
• The Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about you. Rather, this information is needed to:

• Correctly deliver the contents of our website,
• Optimize the content of our website and the advertising for it,
• Ensure the long-term viability of our IT systems and website technology, and
• Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

Therefore, we analyze the collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) Sentence 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

Right to Confirmation:

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

Right to Information Art. 15 GDPR:

You have the right to receive information about your personal data stored by us at any time free of charge as well as a copy of this data in accordance with the statutory provisions.

Deletion Art. 17 GDPR:

You have the right to demand that the personal data concerning you be deleted immediately, provided that one of the legally prescribed reasons applies and insofar as processing or storage is not necessary.

Complaint to a Supervisory Authority:

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

Routine Storage, Deletion, and Blocking of Personal Data:

We process and store your personal data only for the period necessary to achieve the storage purpose or as far as this is granted by the laws or regulations to which our company is subject. As soon as the storage purpose is omitted or a storage period prescribed by the aforementioned standards expires, the personal data are routinely blocked or deleted in accordance with legal requirements.

Duration of the Storage of Personal Data:

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Currentness and Modification of the Privacy Policy:

This privacy policy is currently valid and has the status of November 2023.

Due to the further development of our website and offers or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on the website at “uni-weimar.de/b-a-d.cloud/legal-notice-privacy-policy”.

This privacy policy was created with the support of the data protection software audatis MANAGER.