Thank you for your interest in the TUM Campus Heilbronn gGmbH, the TUM Campus in Heilbronn and the website www.chn.tum.de (hereinafter referred to as "website"). The protection of your privacy and the compliance of our collection, processing and use of your data with the applicable legal framework is important to us.
Please find below detailed information on how we collect, process and make use of your data.
1.1. Controller according to Art. 4 para. 7 of the General Data Protection Regulation (hereinafter „GDPR“) and Service Provider acc. to the German Telemedia Act (Telemediengesetz, TMG) is TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn, e-mail: info.hn@mgt.tum.de (hereinafter referred to as „us“ or „we“).
1.2. The contact details of our external data protection officer are as follows: Dr. Thomas A. Degen, attorney and specialist in IT law, certified TÜV Süd (DSB-TÜV) data protection officer, c/o Jordan & Wagner Rechtsanwaltsgesellschaft mbH, Alexanderstr. 8A, DE 70184 Stuttgart, e-mail: datenschutz@tumheilbronn-ggmbh.de.
2.1. If you use the Website for information purposes only, i.e. if you do not register or otherwise provide us with any information yourself, we only collect the personal data, which your browser transmits to our server. If you wish to browse our website, we collect the following data, which we require for technical reasons to display our website to you and to ensure stability and security:
2.2. We have access to these data as well as our IT service providers, including our host provider, who’s servers are located within the European Union. We have entered into a data processor contract acc. to Art. 28 GDPR.
2.3. We process said data for the following purposes:
2.4. Log file information is being stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of 10 days and deleted or anonymized thereafter. The storage of data required for evidence purposes is excluded from the deletion until final clarification of the respective incident.
2.5. Art. 6 para. 1 s. 1 lit. f GDPR is the legal basis for the data processing. Our legitimate interest follows from the data collection purposes as listed above.
2.6. We also use cookies, when you visit our website. More information on this is available under cipher 5 of this present data protection declaration.
3.1. In the event that you contact us, e.g. by way of e-mail, facsimile transmission or by use of a contact form, we will collect any data you provide to us. The processing and use of any such data that you provide when contacting us will be carried out for the purpose of answering your request and for any follow-on queries, only.
3.2. Processing of data for the purpose of contacting is carried out in accordance with Art. 6 para. 1 s. 1 lit. b GDPR.
4. HOSTING
Our web server is operated by the Leibniz Computing Center of the Bavarian Academy of Sciences (LRZ). The personal data you transmit when visiting our website is therefore processed by the LRZ on our behalf:
Leibniz Computing Center of the Bavarian Academy of Sciences (LRZ)
Boltzmannstraße 1
D-85748 Garching near Munich
Tel.: +49 (0)89 35831 8000
Fax: +49 (0)89 35831 9700
Mail: lrzpost@lrz.de
If necessary, your data will be transmitted to the responsible supervisory and auditing authorities for the exercise of the respective control rights.
In order to avert threats to information technology security, data may be forwarded to the State Office for Information Security in the case of electronic transmission and processed there on the basis of Art. 12 et seq. of the Bavarian E-Government Act.
5.1. If you wish to make use of our services, the respective advice or the conclusion of the respective contract requires that you provide your personal data, which we need in order to process your order in accordance with Art. 6 para. 1 p. 1 lit. b GDPR. We process the data you provide for the purpose of processing your order.
5.2. Provided you grant your consent, we will also include you in our database of interested parties. We will then store your data for any further orders. You are free to revoke your consent to this storage of customer data at any time. In such event, we will delete the respective data immediately, as soon as we are no longer entitled to or under an obligation of storing the data in accordance with ciphers 4.1, 4.3 of this present data protection declaration.
5.3. Commercial and tax law requires us to store your address, payment and order data for a period of ten years. However, after two years we will restrict such processing, i.e. your data will only be used to comply with the legal obligations.
6.1. When you visit our website for the first time from one of the devices you use, you will receive a notice that when using the website, so-called cookies may be loaded onto the hard disk of the device. Should you continue to use our website following receipt of this notice, you thereby declare your consent to our use of permanent cookies.
6.2. Cookies are alphanumeric identifiers that are transferred to the hard drive of the device upon visiting our website. They allow us to recognise your browser, when you visit the website again, and are primarily used to render your visit to the website a more pleasant and individual experience, e.g. by recognising the language used, as well as to protect the website from hacker attacks.
6.3. This website uses the following types of cookies, the scope and functionality of which are explained below:
6.4. Transient cookies are being deleted automatically, when you close your browser. They include in particular the session cookies. These cookies store a so-called session ID, which may be used to associate various requests from your browser with the shared session. This allows for your computer to be recognised, when you return to our website. The session cookies are being deleted upon logout or closing of your browser.
6.5. At any time, you can delete the cookies in the security settings of your browser. The help function in the menu bar of most web browsers explains, how to set up your browser so that new cookies are never being accepted, cookies are set only after notice and only by you or are being generated always automatically.
This website currently uses web fonts on its own servers only in order to provide a uniform display of fonts. This does in no way include any access to servers of Google LLC.
If you subscribe to our e-mail newsletter (hereinafter referred to as "newsletter"), we will collect your e-mail address and any additional data you may have provided. We use the data exclusively for the purpose of sending you the respective newsletter for the purposes stated in the course of the registration for the newsletter. The registration takes place using the double-opt-in procedure and may therefore only be completed, if you confirm the link provided in the confirmation e-mail and thereby confirm your consent to the newsletter dispatch. You may revoke your consent to the dispatch of a newsletter at any time. You may also unsubscribe using the link provided at the end of each newsletter. The legal basis for the provision of the newsletter is Art. 6 para. 1 s. 1 lit. a GDPR.
Our newsletters contain so-called tracking pixels. A tracking pixel is a tiny graphic embedded in emails sent in HTML format for log file recording and analysis. It serves the statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel allows us to determine, if and when an email was opened by a respective person and which hyperlinks in the email this person has used.
We store and evaluate such personal data collected using the tracking pixels contained in the newsletters in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the respective person. These personal data will not be passed on to third parties. The respective persons are entitled to revoke at any time the respective separate declaration of consent submitted via the double opt-in procedure. Following such revocation, we will delete these personal data. An unsubscription from the newsletter also represents such a revocation of consent.
9. REGISTRATION FOR OUR EVENTS/ REGISTRATION MASK
9.1. Description and scope of data processing
You may register for events via our website. For this purpose, you can provide personal information in the registration screen. Any such information, which is mandatory for registration, is marked with an asterisk "*". You cannot register without this information for the event. All other information is voluntary given and not required for the participation in our events.
Different data will be requested depending on the type of event. For certificate courses, for example, participants are required to provide a proof of knowledge gained, as opposed to Virtual Info Sessions, where there is no such requirement.
In addition, you may subscribe to our newsletter (please refer to our newsletter mailing information under "Email Newsletter" - in this present data protection declaration).
9.2. Legal basis for data processing
The legal basis for the processing of data is, in addition to Art. 6 para. 1 s. 1 lit. b GDPR (processing of necessary data), your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR.
9.3. Purpose of Data Processing
We only process your data for the purpose of carrying out the event you register for.
9.4. Duration of storage
The respective data will be deleted as soon as storage is no longer required to achieve the purpose for which the data were collected. Generally, this is the case after five years. Longer storage periods may result, in accordance with Art. 6 para. 1 s. 1. lit. c GDPR, where necessary due to tax and commercial law retention and documentation obligations as well as where due to regulations that apply to our company.
9.5. Widerspruchs- und Beseitigungsmöglichkeit
You may revoke your consent at any time. Following such revocation, we will only process your data insofar as necessary for the execution of the contract with you and/or where storage obligations beyond this point apply.
10. LINKING TO OTHER WEBSITES
On our website, we may include links - also by using icons - to websites of other providers such as TUM, TUM School of Management, TUM School of Computation, Information and Technology, Facebook, Instagram, LinkedIn, Xing or YouTube. If you follow such a link on our website, we have, unfortunately, no longer any influence on the collection, processing and use of your data by third parties. Therefore, we do not and, unfortunately, cannot assume any responsibility for any such collection, processing and use.
In the context of our Website, we provide links, if necessary - also by icon -, to web pages of other providers, e.g. on Twitter, Facebook or Youtube. If you click on such a link on the Website, we unfortunately no longer have any influence on the collection, processing and use of your data by third parties. Therefore, we cannot take any responsibility for such activity.
11. DATA DISCLOSURE
11.1. Your personal data will not be transferred to third parties for purposes other than those listed below.
11.2. We will only disclose your personal data to third parties if:
12. STATUTORY RIGHTS OF AFFECTED PERSONS
You are legally entitled to the following:
Should you wish to make use of your Right of Objection, please write to:
TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn
E-Mail: info.hn@mgt.tum.de
13. NO AUTOMATED DECISION-MAKING
We do not make use of automated decision making based on the collected data.
14. TOPICALITY AND AMENDING OF THIS PRESENT DATA PROTECTION DECLARATION
This present data protection declaration is currently valid and its status is June 2022. The further development of our website or changes of the legal or administrational requirements may require changes to this data protection declaration. You may access and print out the current data protection declaration at any time on the website under "Data protection declaration".