Data Privacy

Privacy policy for the LMU website

This privacy policy explains how personal data is processed by the Ludwig Maximilian University of Munich (hereinafter referred to as “LMU”) in connection with its website. It also informs visitors and users of the LMU website about the rights to which they are entitled. The information contained in Section A – General data protection information – applies to all data processing operations in connection with the LMU website. Data protection information on specific data processing (e.g. German Scholarship, applications) can be found in Section B. Sections C and D of the data protection declaration contain information on the validity, scope and status of the data protection declaration. Insofar as individual LMU institutions or departments carry out further data processing via their websites, a supplementary data protection declaration can be found on the relevant websites.

A) General data protection information

LMU is a state university of the Free State of Bavaria (Art. 4 para. 1 sentence 1 no. 1 Bavarian Higher Education Innovation Act, BayHIG). It is a public corporation with the right of self-administration within the framework of the law and at the same time a state institution (Art. 4 para. 1 BayHIG). LMU manages its own affairs as a corporation and state affairs as a state institution (Art. 4 BayHIG).

I. Contact information in connection with the LMU website

I.1. Information on the person responsible for data protection at LMU

LMU is responsible for the LMU website under data protection law; it is legally represented by its President. You can find contact information in the imprint.

The respective LMU institutions are responsible for the content provided on the LMU website. If you have any questions in connection with a relevant LMU website, please get in touch with the responsible contact person named in the legal notice or in the contact information on the respective website.

I.2 Details of the LMU data protection officer

The contact details of LMU’s Data Protection Officer can be found on the LMU website at https://www.lmu.de/datenschutz.

The data protection officer is available to answer questions about data protection at LMU. Please use the contact form on the LMU Data Protection Officer’s website at https://www.lmu.de/datenschutz. If you have any questions about specific data processing (e.g. applications), please contact the institution concerned.

II. General information on data processing on the LMU website

II.1 Scope of application of the data protection declaration

This privacy policy applies to the processing of personal data in connection with the LMU website.

• According to Art. 4(1) GDPR, “personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• According to Art. 4 No. 2 GDPR, “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

II.2 Purposes and legal bases for the processing of personal data

In accordance with Art. 2 BayHIG, Art. 4, 5, 17, 19 of the Bavarian Digital Act (BayDiG), we offer our services and administrative services as well as information for the public about our activities on our website. In this respect, the purpose of the processing is to fulfill the public tasks and legal obligations assigned to us by the legislator, in particular to inform the public. Personal data is only processed on the LMU website insofar as this is necessary to provide a functional website, to display the respective content, to inform the public or to provide certain services or to present offers. We also process personal data that you have made available to us or that we have obtained about you in a lawful manner (Art. 4 para. 2 BayDSG).

When processing your personal data, we take particular account of the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. We anonymize or pseudonymize personal data if and as soon as the purpose of processing is not impaired.

Unless otherwise stated, the legal basis for the processing of your data results from Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG. Art. 4 para. 1 BayDSG. Accordingly, we are permitted to process the data required to fulfill a task incumbent upon us. We use cookies, log files and web analysis tools to compile business statistics, to carry out organizational studies, to test or maintain our web service and to ensure network and information security in accordance with Art. 6 para. 1 BayDSG, § 25 TDDDG, Art. 43 BayDiG.

II.3 Data deletion and storage duration

Your data will only be stored for as long as this is necessary for the fulfillment of tasks in compliance with statutory retention periods or if consent has been given. The personal data of users of the LMU website will be deleted or anonymized as soon as and insofar as the respective purpose of storage no longer applies and there is no archiving obligation. If this is provided for in the relevant regulations, data may also be stored beyond this point.

II.4 Data security

In order to adequately and comprehensively protect the security of your data during processing and in particular during transmission, we use appropriate encryption methods (e.g. SSL/TLS) and secure technical systems where necessary and in line with the current state of the art.

The technical operation of the data processing system is carried out with the support of the Leibniz Computing Center (LRZ) of the Bavarian Academy of Sciences and Humanities (Boltzmannstraße 1 D-85748 Garching near Munich, phone: (089) 35831 8000, fax: (089) 35831 9700, e-mail: lrzpost@lrz.de, https://www.lrz.de), with which an order processing contract exists.

All our employees are subject to statutory data secrecy in accordance with Art. 11 BayDSG or are obliged to maintain confidentiality.

II.5 Data transfers

Data is transferred on the basis of the law or with your consent. If necessary, your data will be transmitted to the responsible supervisory and auditing authorities to exercise the respective control rights.

In order to avert threats to information technology security, data may be forwarded to the State Office for Information Technology Security in the event of electronic transmission and processed there on the basis of Art. 41 et seq. BayDiG may be processed. Otherwise, we only transfer personal data to third parties if this is necessary in the context of contract processing (Article 6 (1) (b) GDPR), for example to event organizers or contracted service providers. The data passed on may only be used by the respective processor or third party for the stated purposes or within the framework of the applicable law.

II.6 Protection of minors

These LMU websites are not intended or designed for use by persons under the age of 16, in particular not for children. Persons under the age of 16 should not transmit any personal data to LMU without the consent of their parents or legal guardians. Processing can only take place with the appropriate consent or in the context of fulfilling a legal obligation. Where necessary – in particular if Internet services subject to a charge are used – the date of birth or age is collected. This is indicated separately in the data protection information of the respective internet service.

Where necessary – in particular if fee-based internet services are used – age will be collected or verified if required. This is indicated in the data protection information of the respective internet service.

II.7 Evaluation

When you access the LMU homepage or call it up from mobile devices, programs for evaluating user behavior are only used in anonymized form. Your IP address is first anonymized and can only then be evaluated.

III. Logging and creation of log files

Each time an LMU website is accessed, LMU automatically collects data and information from the computer system of the accessing computer. We also process your personal data if you provide it via the LMU website. When processing your personal data, we take particular account of the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

1. Purpose and scope of data processing

Due to security-relevant events that have occurred, e.g. attempted hacker attacks, relevant access data is stored each time all centrally hosted websites are accessed. The stored data is used for the purposes of identifying and tracking unauthorized access attempts and accesses, for maintaining the functionality of the website on the Internet server and – in anonymized form – for optimizing the Internet offering.

Temporary storage of the IP address is also necessary to enable delivery of the LMU website to your computer. For this purpose, the IP address must also remain stored for the duration of the session. It is not stored together with other personal data at LMU. Depending on the access protocol used, the log data record contains information with the following content:

• IP address of the requesting computer
• Date and time of the request
• Access method/function requested by the requesting computer
• Input values transmitted by the requesting computer (file name etc.)
• Access status of the web server (file transferred, file not found, command not executed, etc.)
• Name of the requested file
• URL from which the file was requested/the desired function was initiated
• Information on the browser type
• Operating system of the user
• Internet pages from which the user’s system accesses the LMU website
• Websites that are accessed via the LMU website

2. Legal basis for data processing

Temporary data processing is carried out in accordance with Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG.

3. Duration of data processing

The logged data is stored for a maximum of 30 days and then deleted. The data is stored for our own IT security purposes. This is necessary in view of the current IT threat situation posed by spam emails, espionage and malware programs as well as other abuses for the purpose of efficient security against cyber attacks and to maintain service operations in accordance with the state of the art within the meaning of Art. 32 GDPR. Longer storage may take place in individual cases if a security-relevant breach has been detected or if LMU’s legal obligations require this. Irrespective of this, further storage is possible. In this case, your IP address will be deleted or alienated so that it is no longer possible to assign it to the calling client.

4. Possibility of objection and removal

Insofar as the data for the provision of the website and the storage of the data in the log files are absolutely necessary for the operation of the website, you have no option to object.

IV. Use of active components and cookies

1. Purpose and scope of data processing

JavaScript applications are used in the LMU information offering, mainly for navigational elements, e.g. field-dependent visibility in contact forms. No personal data is stored in the process.

In some cases, cookies are used on the LMU website to make the web pages more user-friendly. Some elements of our Internet pages also require the identification of user sessions.

Only a session ID to identify the user session (session cookie) is stored in the cookies of the public offers. Session cookies are small units of information that a provider stores in the working memory of the visitor’s computer. In addition to a randomly generated unique identification number, session cookies contain information about the origin and the storage period. These cookies cannot store any other data.

The following technically necessary cookies are used:

Cookie name	Purpose	Procedure
document.cookie	Saving consent for the integration of external content from Twitter, Facebook, YouTube, Vimeo and Instagram for the duration of the website visit	Is deleted when the session is ended or the browser is closed.
MATOMO_SESSID	Serves to prevent security incidents if users decide against statistical analysis with Matomo	Is deleted when the session is ended or the browser is closed
piwik_ignore	Saves the visitor’s decision to be excluded from statistical tracking	Until the visitor’s own browser preferences for storing cookies are changed (or the cookie is deleted)
mtm_consent und mtm_consent_removed	these cookies can be created if you change your settings regarding your consent to statistical analysis with Matomo	Until the visitor’s own browser preferences for storing cookies are changed (or the cookie is deleted)
MWF_SESSIONID	Saving the session ID for web forms	Wird mIs deleted when the session is ended or the browser is closed.
JSESSIONID	Saving the session ID	Is deleted when the session is ended or the browser is closed.
__stripe_mid	Saving the session ID	1 year
__stripe_sid	Saving the session ID	30 minutes
AWSALB	Saving a session ID of the payment provider for the donation tool	1 year
AWSALBCORS	Saving a session ID of the payment provider for the donation tool	1 year

The following data is stored and transmitted in the cookies: document.cookie

document.cookie

• twitter=true
• facebook=true
• youtube=true
• vimeo=true
• instagram=true

MATOMO_SESSID, piwik_ignore , mtm_consentund mtm_consent_removed, __stripe_mid, __stripe_sid, AWSALB, AWSALBCORS

• random, generated, non-personalized session ID

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 (1) (e), (3) GDPR in conjunction with Art. Art. 4 para. 1 BayDSG, Art. 4, 16, 17 BayDiG. If the data processing is based on consent, this is done in accordance with Art. 6 para. 1 letter a GDPR, § 25 TDDDG.

3. Duration of data processing

The session cookies are automatically deleted at the end of your visit when you close your browser or leave the website.

4. Objection and removal options

The cookies used are stored on your computer and transmitted by it to the LMU website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

5. How do I adjust the cookie settings in my browser?

Every browser is different when it comes to setting cookies and your preferences. Please refer to the respective pages for more information:

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Apple Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
• Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

The use of Java Script applications can be switched off by setting your browser program. Disabling this may affect the display of some elements, e.g. contact forms, video player or accordion.

However, some elements of our Internet pages require that the accessing Internet browser can be identified even after a page change. If cookies are deactivated for the LMU website, it may no longer be possible to use all the functions of the LMU website.

The following services can only be used if cookies are stored:

• Web forms
• All services secured via the central authentication mechanism

The transmission of Flash cookies cannot be prevented via the Internet browser settings, but by changing the Flash Player settings.

V. Use of the website analysis tool Matomo

1. Purpose and scope of data processing

We use the open source software tool Matomo (formerly PIWIK, https://www.matomo.org ), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”)) on some Internet pages to analyze the data traffic on LMU pages and their reach. This enables us to find out how the LMU websites are used and to constantly improve and develop our Internet presence and our public offering. The use of Matomo is also essential for necessary maintenance work, so that page content is updated outside of the most frequently visited pages or – if certain content is largely accessed using mobile devices – so that it can be adapted accordingly (e.g. to ensure accessibility). In addition, server resources can be distributed economically with the help of Matomo web analytics and load management can be better coordinated. To fulfill the aforementioned tasks and to ensure data security, we operate Matomo on our own LMU server. We do not use cookies for statistical analysis with Matomo. We also do not store any information on the requesting computers of our website visitors and do not access information that is already stored in the end devices of our visitors. No personal data is processed for the use of the configuration used by Matomo at LMU. The processing falls neither within the scope of the GDPR nor under the legal provisions for a consent requirement pursuant to Art. 25 para. 1 TDDDG. Instead, Matomo uses log files that have already been created automatically when a web browser accesses an LMU website. Matomo processes the following data for purely statistical analysis:

• IP address of the requesting computer -> this is anonymized before the analysis takes place
• Browser type
• Set language
• Operating system
• Time of the visit, time spent on the website
• Pages accessed (URLs and page titles)
• Content loaded during the visit (e.g. images, JavaScript or CSS files)
• Frequency of visits to the website (aggregated file)

The Matomo software is set so that 2 bytes of the IP address are masked before this information is evaluated. As a result, it is no longer possible to clearly identify the accessing computer in the statistical analysis with Matomo.

The statistical analysis only records visits to individual pages. Furthermore, it is not technically possible for us to track our website visitors with Matomo across several LMU websites or over several days. Matomo does not create a profile of our visitors. The data obtained with Matomo is not passed on to third parties or used for other purposes, in particular not for performance or behavioral monitoring of website users. Further information about Matomo can be found at https://matomo.org/docs/privacy-how-to/. You can find Matomo’s privacy policy at https://matomo.org/privacy-policy/.

Google Analytics wird auf den Webservern der LMU aus datenschutzrechtlichen Gründen nicht eingesetzt.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter e GDPR, Art. 6 para. 1 BayDSG in conjunction with Art. 2, 3 BayHIG. The data collected with Matomo technology (including your anonymized IP address) is processed on servers of the LRZ within the framework of the order processing contract.

3. Duration of data processing

The purely internal use of the analysis data in the aforementioned form takes place as long as this is necessary for the purpose, for a maximum of one year.

4. Possibility of objection and removal

You can decide whether your visit to our website is generally recorded by Matomo so that those responsible for the website can collect and analyze various statistical – non-personal – data. If you do not or no longer agree to the processing of data by Matomo, you can object to the storage and use of this data at any time with effect for the future by clicking below. You can prevent the use of Matomo from the outset by changing the settings in your Internet browser. Most modern browsers have a so-called “Do Not Track” option, which informs the websites accessed not to track user activities. The Matomo instance used by LMU respects this option.

Please note: If you delete your cookies in your cookie settings, your opt-out cookie will also be deleted. You may have to check the box again in order not to be recorded by Matomo.

Exercise of my objection

5. How does Matomo record my visit to the LMU website with this browser?

Personal settings

https://web-analytics.lmu.de/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=f5f5f5&fontColor=&fontSize=&fontFamily=arial

VI. Use of the means of communication provided

You can contact LMU electronically via the LMU website using the contact form, chat or e-mail. If necessary, it is possible to enter personal data. You can also contact us by telephone, fax or post. Please refer to the websites of the respective LMU departments to find out which communication channels are available in individual cases.

VI.1 Use of a contact form

1. Scope and purpose of data processing

1 Scope and purpose of data processing

If you use a contact form, the data you provide will be transmitted to LMU and stored. This is usually your surname, first name, contact details and the content of the message.

The specific details can be found in the respective contact form or in the respective notice of the institution responsible for the content of the respective website.

Mandatory information, without which the request cannot be processed, is marked as such in the contact form.

When the message is sent, the following data is stored in addition to the data you provide: On the application server:

• E-mail address of the user specified in the form
• Recipient e-mail address of the form

The personal data processed during the registration process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. When using the contact form, your data is encrypted in transit (https) and processed in internal systems (e.g. ticketing systems).

When using a contact form, you will be informed about the data collected and your respective rights.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter a GDPR. Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy and, if applicable, to further specific data protection information. We would like to point out that the processing of the data is also based on Article 6(1)(e) GDPR in conjunction with Art. 4(1) BayDSGVO. Art. 4 para. 1 BayDSG can take place. The processing of the personal data transmitted by you is necessary for the purpose of processing your request within the scope of the public tasks and legal obligations incumbent on us.

3. Duration of data processing

The data will be processed exclusively for the duration of the processing of your request and for communication with you and will not be passed on to third parties or used for other purposes, unless further processing is permitted by law.

4. Objection and removal options

You have the option to withdraw your consent to the processing of personal data at any time. If you contact us via the contact form, you can object to the storage of your personal data or request its deletion at any time. In this case, all relevant data will be deleted, provided there are no legal regulations to the contrary. Further conversation or correspondence is then no longer possible.

VI.2 Use of an e-mail address

1. Scope and purpose of data processing

In addition to the contact form, it is also possible to send an e-mail to an LMU e-mail address provided for use on the respective website.

If you send us an e-mail, we will process your e-mail address and your message.

Please note that you may only send inquiries to LMU e-mail addresses, i.e. to those specified on the LMU website and made available for communication.

Please note that the use of an unencrypted e-mail is fundamentally insecure, i.e. it can possibly be read, changed or intercepted by third parties during transmission. Please bear this in mind when sending us information by e-mail. Therefore, please use the postal service to send messages that require protection, or use the public S/MIME (X509) certificate to encrypt your message. Please only use this key to encrypt your e-mail sent to us, as otherwise we may not be able to read your e-mail. Courts, authorities, lawyers and all other authorized users have the option of communicating confidentially and securely with LMU via the special public authority mailbox.

If you wish to send us an unencrypted e-mail, please preferably use a functional address of the LMU, if such an address is given on the website or has been communicated to you. Please note that we cannot verify your identity in the case of an e-mail inquiry and do not know who is behind the e-mail address. Legally secure communication is not guaranteed by a simple unsigned e-mail, even if it is encrypted. So that we can also send you messages worthy of protection, please also provide us with your postal address for inquiries. Otherwise it is possible that no information can be provided. If you wish to receive an encrypted e-mail from us, please provide us with the necessary information.

At LMU, we sometimes use filters against unwanted advertising (so-called spam filters), which can also erroneously classify e-mails as unwanted advertising in individual cases and delete them. E-mails that may contain harmful programs, e.g. viruses, are automatically deleted. The use of contact data published in the context of the imprint obligation or on other LMU websites for sending unsolicited advertising and information material is hereby expressly prohibited. The person responsible expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information, including spam e-mails.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter a GDPR. Your consent is obtained for the processing of the data as part of the sending process and reference is made to the relevant data protection declarations. We would like to point out that the processing of the data is also based on Art. 6 para. 1 letter e GDPR in conjunction with Art. 4 para. 1 BayDS. Art. 4 para. 1 BayDSG can take place. The processing of the personal data transmitted by you is necessary for the purpose of processing your request.

3. Duration of data processing

The data will be processed exclusively for the duration of the processing of your request and for communication with you and will not be passed on to third parties or used for other purposes, unless further processing is permitted by law.

4. Possibility of objection and removal

You have the option to withdraw your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data or request its deletion at any time. In this case, all relevant data will be deleted, provided there are no legal regulations to the contrary. Further conversation or correspondence is then no longer possible.

VI.3 Use of online appointment booking

1. Scope and purpose of data processing

Your data is collected in order to book an appointment and to be able to contact you. Only the data required for booking and processing the appointment will be processed, such as title, surname, first name, e-mail address, booking date (day, month, year, time), number of persons, request for the appointment. This is mandatory information, without which it is not possible to book an appointment. In addition, anny may collect technical data, e.g. cookies, IP address. Your data will be processed exclusively for the purpose of processing the appointment. The personal data collected will be forwarded to and processed by the relevant LMU department for the purpose of booking and processing appointments. Your data will not be passed on to third parties.

Legal basis for data processing

The processing of your personal data is carried out in fulfillment of the tasks incumbent on LMU in accordance with Art. 6 para. 1 letter e, para. 2, 3 GDPR, Art. 4 para. 1 no. 1 BayDSG, Art. 19 BayDiG, § 10, 18 AGO Bayern. Insofar as the appointment booking is made for the initiation, execution or termination of a contract, the legal basis is Art. 6 para. 1 letter b GDPR. Voluntary information is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Technically, the online appointment booking is implemented as part of order processing. The processor is anny GmbH, with whom an order processing contract has been concluded (anny GmbH, Cäcilienstraße 30, 50667 Cologne, https://anny.eu/). Data processing takes place on servers in Germany. Insofar as the appointment booking is offered by a professional group that is subject to professional confidentiality, the processor anny has been obligated to professional confidentiality in accordance with Section 203 StGB. Data transmission is encrypted. [WM1] Further information on data protection at anny GmbH can be found at https://anny.eu/privacy/.

3. Duration of data processing

The data will be processed exclusively for the duration of the processing of your appointment and for communication with you and will not be passed on to third parties or used for other purposes unless further processing is permitted by law. All personal data relating to appointment bookings will be anonymized 7 days after the end of the appointment.

4. Objection and removal options

You have the option of objecting to the processing of your personal data at any time and requesting deletion. In this case, all relevant data will be deleted, provided there are no legal regulations to the contrary. In such cases, further correspondence or attendance of the booked appointment is no longer possible. The appointment will be canceled without substitution.

5. Note on options for alternative appointment allocation

If you would like to make an appointment but do not want to or cannot use the online appointment system, the following alternatives are available to you:

• by telephone (if provided by the relevant office)
• electronically by e-mail (if provided by the relevant office)
• by post (if provided by the relevant department).

VI.4 Use of the chat

1. Scope and purpose of data processing

On some of its websites, LMU offers the option of using a chat during certain office hours. Individual LMU departments (e.g. University Library, Central Student Advisory Service) use the chat to communicate directly and informally with you using text messages, to clarify simple and general queries at short notice or to provide individual advice. The aim is to make customer service and administrative support more efficient. This is a live chat. In this respect, you can use the chat like a contact form to get in touch with LMU employees almost in real time.

The use of the chat is not available for the purpose of exchanging extensive data sets or documents, in particular if these are subject to professional or business secrecy, the processing of special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data) and the processing of bank and payment data. No automated decision-making takes place in the chat and no chatbots are used. Video chat does not take place and is not offered.

If you use the chat option, the following personal data will be collected or transmitted to LMU: Date of first use of the chat, current set status of the account (online/absent/offline, also customizable by you), possibly a profile picture set by you. You decide whether you wish to provide us with personal data. Depending on the course of the conversation with our employees, personal data may be collected and processed in the chat. If you have a question about your personal request (e.g. about your user account), personal data will be processed as part of the necessary authentication process. The type of personal data required depends on your request. The collection and processing of personal data only takes place within the scope of the purpose of your request. The open source software Rocket.chat (https://rocket.chatserves as the technical platform. The chat is operated by the LRZ. The chat is used on the basis of the applicable LMU terms of use and LRZ user guidelines (https://www.lrz.de/wir/regelwerk/).

Communication is encrypted. When using the chat, cookies are set (text files) that are stored on your computer and are technically necessary for the use of the service. This is a session cookie. Session cookies are automatically deleted when you close your browser. The information generated by the cookie is stored exclusively on LRZ servers and is not transmitted to third parties.

2. Rechtsgrundlage der Datenverarbeitung

Die Verarbeitung Ihrer personenbezogenen Daten im Rahmen der Nutzung des Chats erfolgt mit Ihrer Einwilligung gemäß Art. 6 Abs. 1 Buchst. a DSGVO. Diese wird vor der jeweiligen Chatnutzung soweit erforderlich eingeholt.

3. Duration of data processing

The data will be processed exclusively for the duration of the processing of your request and for the chat communication with you and will not be passed on to third parties unless further processing is permitted by law. The storage of chat data also serves the purpose of ensuring the security of our information technology systems. All content, messages and data are automatically and permanently deleted after one year at the latest. Until then, the data will be processed to fulfill accountability obligations. You can delete your own chat at any time as long as the chat window is still open.

4. Possibility of objection and removal

SYou have the option of withdrawing your consent at any time. To do so, please contact the respective department with which you use the chat. In this case, all relevant data will be deleted, provided there are no legal regulations to the contrary. Further conversation or correspondence within the chat is then no longer possible.

VI.5 Use of other means of communication (e.g. post, telephone, fax)

You can get in touch with LMU using the contact details provided on the website.

If you send us a request or an opinion by post, telephone or fax, the information you provide will be processed exclusively for the purpose of dealing with your request and for possible follow-up questions and the exchange of opinions. We generally use the same communication channel for this purpose, unless you specify an alternative communication channel.

Personal data can only be communicated to authorized persons and if sufficient identification and transmission security is ensured. A postal address is also required for the communication and must be provided.

VI.6 Use of video conferencing systems

If you participate in a video conference, webinar or online meeting etc. (hereinafter “video conferences”) organized by us, we will process your personal data as part of your participation. Various categories of data are processed when you participate in a video conference. The scope of the data also depends on what data you provide before or when participating in a video conference and which video conference system is used. If you take part in a video conference organized by us, you must usually provide at least a name when you register. However, you can also use a pseudonym, unless the name is required for participation or authentication. Your IP address will also be processed to enable your participation and information about your login and device/hardware information will be stored. If provided, your e-mail address and profile picture will also be processed. If you dial in by telephone, your telephone number and, if applicable, IP address will be processed.

To enable participation in the video conference, the data from your end device’s microphone and any video camera on the end device and, if you share your screen, information from this “screen share” will be processed. You can switch off or mute the camera or microphone yourself at any time. You decide whether and which parts of your screen are shared, and audio and video recordings of the video conference can be made. In this case, corresponding files of all video, audio and presentation recordings are processed. There will always be a reference to the recording if one is made and, if necessary, the explicit consent of the participants will always be obtained for the recording. You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make will be processed in order to display them in the video conference and, if necessary, to record them.

If participation is voluntary, the legal basis is consent pursuant to Art. 6 (1) (a) GDPR. Otherwise, the legal basis for data processing when conducting video conferences is Art. 6 para. 1 letter b GDPR, insofar as the meetings are conducted within the framework of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients as part of the implementation of a project or participation in a webinar).

Insofar as personal data of our employees is processed, Art. 6 para. 1 letter b is the legal basis for data processing, provided that German law is applicable to the processing of employee data. If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, performance or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our fulfillment of tasks pursuant to Art. 6 para. 1 letter e GDPR is also the legal basis for data processing. Our tasks arise primarily from the Higher Education Innovation Act.

We use one or more service providers as processors for the implementation of video conferences on the basis of an order processing agreement in accordance with Art. 28 GDPR. Personal data may be transferred to a third country outside the EU. If there is no adequacy decision by the EU Commission for the respective third country, we ensure that suitable guarantees are provided for the transfer in accordance with Art. 46 GDPR (e.g. standard contractual clauses). Further information can be found in the data protection information to which reference is made in the context of the respective use.

VII. Newsletter dispatch

1. Scope and purpose of data processing

You may have the option of subscribing to a free newsletter via our website. The respective department offering the newsletter is responsible for this. If personal data is collected for sending a newsletter, it will only be processed for the purpose of sending the newsletter and will not be passed on to third parties or processed for other purposes. As a rule, only an e-mail address is required and processed, although it does not have to be a personal e-mail address. The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that the newsletter is explicitly requested by you and is sent to the e-mail address you have provided.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter a GDPR. If a service provider is used to send the newsletter, this is done after the conclusion of an order processing contract and in compliance with the general principles for data transmission and the data protection guarantees pursuant to Art. 44 et seq. GDPR.

3. Duration of data processing

The personal data will be processed for the duration of the newsletter mailing until it ends. The data will be deleted as soon as the newsletter is canceled or discontinued or deletion is required by law for other reasons.

4. Possibility of objection and removal

You can unsubscribe from the newsletter at any time. To do so, please use the e-mail address or internet link provided by the person responsible for sending the newsletter.

You will receive further information when you order a newsletter.

VIII. Use of RSS

An RSS feed is a form of newsletter through which we inform you about current events. A list of the main RSS feeds can be found at https://www.lmu.de/de/newsroom/index.html.

You can read the RSS feed either with your browser or with a special program (RSS reader) without having to provide contact details. The respective RSS feed can be terminated at any time. You will receive further information when you order an RSS feed.

IX. Google Custom Search

1. Scope and purpose of data processing

We use Google Custom Search to help you find information on our website. No Google advertisements are displayed in these search results. The search field on this website (“Google Custom Search”) is provided by Google LLC. (“Google”). Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge or agree that Google may use the personal data for its own purposes in accordance with Google’s privacy policy (at www.google.de/privacy.html) nutzen darf. The use of Google Custom Search is the sole responsibility of the user.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter a GDPR.

3. Duration of the data processing

Data processing is carried out on the basis of Google’s privacy policy (www.google.de/privacy.html).

4. Objection and removal options

If you do not wish to transmit data to Google or do not wish to accept Google’s privacy policy, please refrain from using the search function. Data will only be transmitted to Google if you use the search field.

If you do not wish to use this service, you can, for example, search our website via https://duckduckgo.com/?s ite=www.lmu.de oder https://www.qwant.com/?q=site:www.lmu.de unsere Webseite durchsuchen.

X. Your rights under data protection law

The LMU website processes personal data to the extent described above. In this respect, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis LMU:

X.1 Right to information

In accordance with Art. 15 GDPR, you can request confirmation from LMU as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request information about the personal data processed and the following further information:

• the purposes for which the personal data are processed
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
• the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority; the data protection supervisory authority directly responsible for LMU is the Bavarian State Commissioner for Data Protection (https://www.datenschutz-bayern.de)
• all available information about the origin of the data if the personal data is not collected from you
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

The right of access is subject to legal restrictions and is not absolute, but is limited in particular in the following cases

• In the case of a large amount of stored information about the data subject, LMU may request that it be specified to which information or processing operations the request for information specifically relates.
• Obviously unfounded or excessive requests or frequent repetitions may lead to rejection or to an obligation to reimburse costs.
• The provision of information must not impair the rights of LMU or other persons (in this respect, professional secrets, business secrets and data relating to other persons are excluded).
• Information may be withheld under the conditions specified in Art. 10 BayDSG.
• In the case of data processing for scientific or historical research purposes and for statistical purposes, your right of access may also be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG).

X.2 Right to rectification

In accordance with Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis LMU if the processed personal data concerning you is incorrect or incomplete. LMU will make the correction without delay to the extent required by law.

In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG).

X.3 Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you in accordance with Art. 18 GDPR

• if you contest the accuracy of the personal data concerning you for a period enabling LMU to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
• LMU no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of LMU outweigh your interests worthy of protection.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by LMU before the restriction is lifted. In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG)..

X.4 Right to erasure

In accordance with Art. 17 GDPR, you have the right to obtain from LMU the erasure of personal data concerning you without undue delay. LMU is obliged to delete this data immediately if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed, and processing for other purposes is unlawful.
• You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you has been processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
• Where LMU has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, it shall take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
• The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which LMU is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR in so far as the right referred to in point (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defense of legal claims.

X.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against LMU, we are obliged under Art. 19 GDPR to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis LMU to be informed about these recipients.

X.6 Right to data portability

Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to LMU, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from LMU, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from LMU to another controller or another controller, where technically feasible. The freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU.

X.7 Right to object

Under the conditions of Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

LMU will no longer process the personal data concerning you unless LMU can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you have the option of exercising your right to object by means of automated procedures using technical specifications.

Where personal data concerning you is processed for scientific or historical research purposes and for statistical purposes pursuant to Art. 89 (1) GDPR, you also have the right to object to this data processing on grounds relating to your particular situation.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG).

X.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time with effect for the future, whereby the revocation does not affect the legality of the data processing carried out on the basis of the consent until the revocation (Art. 7 para. 3 GDPR). The revocation must always be declared to the office within LMU that obtained the consent or to which you gave the consent.

X.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).

The data protection supervisory authority directly responsible for LMU is the Bavarian State Commissioner for Data Protection (https://www.datenschutz-bayern.de). The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

X.10 Assertion of rights

If you believe that the processing of personal data concerning you violates the GDPR or you wish to exercise your rights in other respects, please first contact the contact person responsible for the content of the respective website, as named in the legal notice, and/or the responsible department with which you have been in contact with regard to the data processing in question, as this will enable a prompt examination and, if necessary, remedy in your interest. This applies in particular if you wish to withdraw your consent. You can also contact the LMU data protection officer. It is our aim and aspiration to clarify all data protection issues that arise immediately and to resolve any data protection problems without delay.

B) Data protection information on specific data processing

I. Use of Google Maps

1. Scope and purpose of data processing

Some LMU websites use the map service Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The map service can be used to display geographical information for contact and directions purposes. The use of Google Maps is not mandatory for receiving information about our website and is therefore voluntary for you. However, Google Maps is integrated into our website in the interest of an appealing presentation of our website and to ensure that the places we indicate on our website can be found quickly and easily. This is done as part of LMU’s public relations work.

The integration takes place exclusively via an API (2-click solution). Data is only transferred to Google via this programming interface when you click on the “Switch to Google Maps” button yourself.

When using Google’s functions, Google processes your IP address and possibly other personal data (e.g. information on the use of this website or subpages or the data specified in Google Maps, the language of the system and various browser-specific information). When accessing the site with a GPS-enabled device, the location position may also be transmitted. Google uses cookies.

Among other things, Google receives information that you have accessed our website or the corresponding subpage. This information is usually transmitted to a Google server in the USA and stored there. This takes place regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data can be assigned to your user account. If you do not want this data to be assigned to your Google profile, you must first log out of your Google user account before switching to Google Maps. However, Google stores your data (even for users who are not logged in or registered) as user profiles and evaluates them for its own advertising, market research and needs-based design of its website and can also inform other users of the social network (e.g. Google+) about your activities on our website.

You can find more information on the handling of user data in Google’s terms of use and data protection information.

You can find Google’s terms of use at

https://www.google.de/intl/de/policies/terms/regional.html or from Google Maps at

https://www.google.com/intl/de_US/help/terms_maps.html.

You can find Google’s privacy policy at

https://www.google.de/intl/de/policies/privacy/ und https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active and from Google Maps at

https://www.google.com/intl/de_de/help/terms_maps.html.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 letter a GDPR. When you access the relevant pages, you will be asked for your consent to use the map service under these conditions. You can revoke this consent at any time.

3. Duration of data processing

LMU does not process any additional personal data in connection with the use of Google Maps on its website. LMU has no influence on the type, scope and duration of the data processed by Google, the type of processing and use or the transfer of this data to third parties. LMU also has no effective control options.

4. Objection and removal options

You have the right to object to the creation of these user profiles, whereby you must contact Google exclusively and directly to exercise this right. As the provider of its website, LMU has no influence on this data processing. If you do not agree to the transfer of your personal data to Google, do not click on “Switch to Google Maps”. In this case, no data will be transmitted to Google, but no map will be opened.

Alternatively, you also have the option of changing your personal settings in Google’s data protection center (https://www.google.com/policies/privacy/).

II. Use of social media and social media icons or internet links

Our social media presence is part of our public relations work. Our aim is to provide information tailored to the target group and to exchange information with you. We also enable you to make contact quickly and communicate directly via the media of your choice, Art. 16 BayDiG, § 5 Para. 1 No. 2 DDG. When using social media icons from Facebook, Instagram, Twitter and YouTube on LMU websites, your personal data is not automatically transferred. To avoid automatic data transfer to the social media providers, the integration of these offers on the LMU website is based on an Internet link. Active social media plugins are not used on LMU websites for data protection reasons.

II.1 Data protection provisions about the application and use of Facebook and Facebook icons

Our website uses social media icons from the social network facebook.com. The websites at www.facebook.com (external link) and the services on these pages are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, (“Facebook”). The icons are marked with a Facebook logo.

1. Scope and purpose of data processing

We only use social media icons from Facebook in extended data protection mode. By default, no automated connection is established with the Facebook servers. This means that Facebook does not receive any data from website visitors when they access the LMU website.

If you are logged in to Facebook while visiting our website, Facebook can assign the visit to your Facebook account. If you interact with Facebook, corresponding information is transmitted directly from your browser to Facebook and stored there. We do not know what data Facebook links to the personal data received and for what purpose Facebook uses this data.

If you are not a Facebook user, there is still the possibility that Facebook will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Facebook. The purpose and scope of the data collection and the further processing and use of the data by Facebook can be found in Meta’s data protection information at https://www.facebook.com/about/privacy/.

2. Legal basis for data processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG and serves the purpose of public relations (Art. 2 BayHIG).

For data processing by Meta in the USA, there is currently no recognized adequate level of data protection within the meaning of Art. 45 para. 1 GDPR, as in particular unauthorized access by third parties is not effectively excluded and the exercise of rights by the data subjects is not effectively ensured. However, we take appropriate measures to protect personal data. As far as possible, we agree the EU standard data protection clauses with Meta and provide for further technical and organizational protective measures. The use of Facebook is the responsibility of the respective user on the basis of Meta’s privacy policy (https://www.facebook.com/about/privacy/).

3. Duration of data processing

LMU has no influence on the type, scope and duration of the data processed by Meta, the type of processing and use or the disclosure of this data to third parties. LMU also has no effective control options.

4. Objection and removal options

For your rights and settings options to protect your privacy, please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/.

If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account, delete the relevant cookies and block the execution of script content from Facebook in your browser, e.g. with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.2 Data protection provisions about the application and use of Instagram and Instagram icons

Our website uses social media icons from the social network Instagram.com. Instagram is an ad-financed online service for sharing photos and videos that belongs to Meta. The icons are marked with an Instagram logo.

1. Scope and purpose of data processing

We only use Instagram social media icons in extended data protection mode. By default, no automated connection is established with Instagram’s servers. This means that Instagram does not receive any data from website visitors when they access the LMU website.

If you are logged in to Instagram while visiting our website, Instagram can assign the visit to your Instagram account. When you interact with Instagram, corresponding information is transmitted directly from your browser to Instagram and stored there. We do not know what data Instagram links to the personal data received and for what purpose Instagram uses this data.

If you are not an Instagram user, there is still the possibility that Instagram will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.

The purpose and scope of the data collection and the further processing and use of the data by Instagram can be found in Instagram’s privacy policy at https://help.instagram.com/519522125107875.

2. Legal basis for data processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG. Art. 4 para. 1 BayDSG and serves the purpose of public relations (Art. 2 BayHIG).

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Art. 45 para. 1 GDPR, as in particular unauthorized access by third parties is not effectively excluded and the exercise of rights by the data subjects is not effectively ensured. However, we take appropriate measures to protect personal data. As far as possible, we agree the EU standard contractual clauses with Instagram and take further technical and organizational protective measures.

The use of Instagram is the sole responsibility of the respective user on the basis of Instagram’s privacy policy (https://help.instagram.com/519522125107875).

If you do not want Instagram to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account, delete the corresponding cookies and block the execution of script content from Facebook in your browser, e.g. with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.3 Data protection provisions about the application and use of Twitter and Twitter icons

Our website uses social media icons from the provider Twitter (https://www.twitter.com). These are offered by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. For persons living within the EU, the Irish company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible. The icons are marked with a Twitter logo.

1. Scope and purpose of data processing

By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in the process.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Twitter.

Further information on this can be found in Twitter’s privacy policy at https://twitter.com/privacy.

2. Legal basis for data processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG. Art. 4 para. 1 BayDSG and serves the purpose of public relations (Art. 2 BayHIG).

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Art. 45 para. 1 GDPR, as in particular unauthorized access by third parties is not effectively excluded and the exercise of rights by the data subjects is not effectively ensured. However, we take appropriate measures to protect personal data. As far as possible, we agree the EU standard contractual clauses with Twitter and take further technical and organizational protective measures.

The use of Twitter is the responsibility of the respective user on the basis of Twitter’s privacy policy (https://twitter.com/privacy).

3. Duration of data processing

LMU has no influence on the type, scope and duration of the data processed by Twitter, the type of processing and use or the disclosure of this data to third parties. LMU also has no effective control options.

4. Objection and removal options

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data privacy statements and information provided by the operator Twitter Inc:

• Information on what data is processed by Twitter and for what purposes can be found in Twitter’s privacy policy: https://twitter.com/de/privacy
• Further information on these points is available on the following Twitter support pages: https://support.twitter.com/articles/105576# and https://help.twitter.com/de/search?q=datenschutz
• You can find out more about the possibility of viewing your own data on Twitter here: https://support.twitter.com/articles/20172711#
• Information about the conclusions Twitter draws about you can be found here: https://twitter.com/your_twitter_data
• Information on the available personalization and data protection setting options can be found here (with further links): https://twitter.com/personalization
• You also have the option of requesting information via the Twitter data protection form or the archive requests: https://support.twitter.com/forms/privacy and https://support.twitter.com/articles/20170320#

If you do not want Twitter to be able to associate your visit to our website with your Twitter account, please log out of your Instagram account, delete the corresponding cookies and block the execution of script content from Twitter in your browser, e.g. with script blockers https://www.noscript.net or https://www.ghostery.com.

II.4 Data protection provisions about the application and use of YouTube and YouTube icons

Some of our web pages include videos from the external video platform YouTube (https://www.youtube.com), which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. YouTube is a video portal of the US company YouTube, LLC, a subsidiary of Google LLC. The icons are marked with a YouTube logo.

1. Scope and purpose of data processing

We use embedded YouTube videos in extended data protection mode. By default, only deactivated images from the YouTube channel are embedded, which do not establish an automated connection with YouTube’s servers. This means that YouTube does not receive any data from website visitors when they access the LMU website.

You can decide for yourself whether the YouTube videos should be activated. Only when you allow the videos to be played by clicking on “Permanent activation” do you give your consent for the necessary data (including the Internet address of the current website and the IP address) to be transmitted to YouTube. When you play the videos, YouTube can store additional cookies on your browser and assign the data to its own user profiles or use the data for its own purposes. We have no influence on this storage.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by YouTube.

In order to save your desired setting, we set a cookie that saves the parameters. When these cookies are set, however, we do not store any personal data; they only contain anonymized data for browser customization. The videos are then active and can be played by you. If you activate the YouTube videos and are logged in to YouTube as a member, YouTube assigns this information to your personal user accounts. Further information on the collection and use of data by YouTube can be found in YouTube’s privacy policy at https://www.google.com/intl/de/policies/privacy/; https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

2. Legal basis for data processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 para. 1 letter e, para. 3 GDPR in conjunction with Art. 4 para. 1 BayDSG. Art. 4 para. 1 BayDSG and serves the fulfillment of public relations work (Art. 2 BayHIG).

However, due to data processing in the USA, there is currently no adequate level of data protection within the meaning of Art. 45 para. 1 GDPR, as in particular unauthorized access by third parties is not effectively excluded and the exercise of rights by the data subjects is not effectively ensured. The use of YouTube is the responsibility of the respective user on the basis of YouTube’s privacy policy (https://www.google.com/intl/de/policies/privacy/).

3. Duration of data processing

LMU has no influence on the type, scope and duration of the data processed by YouTube, the type of processing and use or the transfer of this data to third parties. LMU also has no effective control options.

4. Objection and removal options

If you wish to deactivate the automatic loading of YouTube videos again, you can uncheck the consent box under the data protection symbol. This will also update the cookie settings. For possible objection options, please refer to the data protection declarations and information provided by the operator YouTube:

• Information on what data is processed by YouTube/Google and for what purposes it is used can be found in the privacy policy of YouTube or Google: https://policies.google.com/privacy
• Option to object (opt-out plugin): https://tools.google.com/dlpage/gaoptout?hl=de
• Settings for the display of advertisements: https://adssettings.google.com/authenticated

If you do not want YouTube to be able to associate your visit to our website with your YouTube account, please log out of your YouTube account, delete the relevant cookies and block the execution of script content from YouTube in your browser, e.g. with script blockers from https://www.noscript.net or https://www.ghostery.com.

III. Data processing in the context of the “Online donation tool to support research and teaching at LMU Munich”

1. Scope and purpose of data processing

We use the online donation tool on our websites www.lmu.de/stiftungen and https://www.lmu.de/de/workspace-fuer-studierende/support-angebote/studienfinanzierung/stipendien/deutschlandstipendium/index.html (Stiftungen@LMU and the Deutschlandstipendium program coordination) to enable and process online donation payments (financial services). These are used to support research and teaching at LMU.

Responsible for this are Stiftungen@LMU (https://www.uni-muenchen.de/kooperationen/stiftungen/index.html) or the program coordination Deutschlandstipendium.

Your data is collected in order to

• process online donation payments to LMU for commercial and accounting purposes and manage the donations
• to be able to contact donors in connection with the donation (e.g. for thank-you notes) and to send information about LMU’s activities

2. Legal basis for data processing

Data processing is carried out on the basis of Art. 6 para. 1 letter b GDPR (promise to make a donation in accordance with Section 516 et seq. of the German Civil Code) or on the basis of consent (Art. 6 para. 1 letter a GDPR).

The donation is voluntary, but it is not possible without providing your personal data. Your personal data will be passed on to the processor Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany, as the technical operator of the online donation tool. An order processing contract in accordance with Art. 28 GDPR has been concluded. Your personal data will not be transferred to a third country or an international organization.

3. Duration of data processing

Your data will be stored after collection by LMU for as long as is necessary to fulfill the purpose. This means that we store your data for budgetary and tax law reasons until the expiry of the statutory retention periods (currently up to ten years in accordance with § 147 AO).

4. Objection and removal options

You have the option of revoking or objecting to data processing and requesting the deletion of your data. The revocation, objection or request for deletion will be regarded as a withdrawal of the application for a scholarship or as a waiver of a scholarship.

IV. Data processing in the context of sending applications

1. Scope and purpose of data processing

LMU collects and processes personal data of applicants for the purpose of filling public positions at LMU and to ensure a lawful examination of the applications within the framework of the application procedure and to be able to make a selection decision. The data provided is collected, stored and processed electronically. In particular, the following data is collected

• Personal data (first and last name, date of birth, address, school-leaving qualification, severe disability if applicable)
• Communication data (telephone number, mobile phone number, fax number, e-mail address)
• Education data (school, vocational training, studies, doctorate, habilitation)
• Data on previous professional career, training and job references
• Information on other qualifications (e.g. language and PC skills)
• Application photo, if applicable
• Other data required for the position to be filled.

The personal data you provide will only be used to process your application for the advertised position. Only persons involved in the application process will have access to the data. These may also be external experts, e.g. in the case of appointment procedures. These persons are obliged to maintain confidentiality.

Unauthorized disclosure to third parties or to third countries does not take place.

2. Legal basis for data processing

Data processing is carried out in accordance with Art. 6 para. 1 sentence 1 letter b GDPR, Art. 9 para. 2 letters b and h GDPR, Art. 88 para. 1 GDPR, Art. 8 para. 1 sentence 1 no. 2 and 3 BayDSG. By submitting your application, you confirm that you consent to data processing in the context and for the duration of the selection procedure. If the application procedure is followed by an employment relationship, the personal data required in the employment context will be processed in accordance with Art. 88 para. 1 GDPR in conjunction with Art. 8 BayDSG and, if applicable, Art. 8 BayDSG. Art. 8 BayDSG and, if applicable, in conjunction with Art. Art. 103 ff. Bavarian Civil Service Act (BayBG) processed.

3. Duration of the data processing

If no employment relationship is established following the application procedure, the application documents will generally be deleted six months after notification of the rejection decision. The deletion period results from Art. 17 para. 3 letter b GDPR in conjunction with § Section 15 (4) of the General Equal Treatment Act (AGG) and Section 61 b (1) of the Labor Court Act (ArbGG).

4. Objection and removal options

You have the option of objecting to data processing and requesting deletion of the data. Your objection or any request for deletion will prevent data processing and will therefore be considered as withdrawal of your application. Applicants will receive further information on data protection from the department responsible for recruitment once their application has been received.

V. Publication of photos

1. Scope and purpose of data processing

At events and appointments, photos may be taken in which you may be recognizable. These photos may be published on the LMU website.

2. Legal basis for data processing

Data processing is carried out as part of public relations work in accordance with Art. 6 para. 1 letter e GDPR in conjunction with Art. 4 para. 1 BayDSG, Art. 2 BayHIG or on the basis of your consent pursuant to Art. 6 para. 1 letter a GDPR.

3. Duration of data processing

Data will be processed for as long as is necessary for LMU to perform its tasks or until you withdraw your consent.

4. Possibility of objection and removal

You can object to the recording and/or publication. You can withdraw your consent at any time with effect for the future.

VI. VProcessing of personal data in contractual relationships

LMU processes personal data as a contracting party under civil law or as a public law office. Examples of this are the procurement of office materials, IT or auxiliary services. In pursuing its own interests, LMU may also process the personal data of the contracting party’s employees. LMU’s interest lies in the initiation, conclusion and execution of such contractual relationships.

C) Validity of the privacy policy

LMU’s privacy policy applies to those LMU websites for which LMU is responsible under data protection law.

It applies as a supplement insofar as LMU processes personal data on its own responsibility in social networks:

• https://de-de.facebook.com/
• https://www.instagram.com/
• https://www.youtube.com/
• https://www.instagram.com/lmu.muenchen/
• https://www.youtube.com/channel/UCmIoovqeiujBp1sZHI7-poQ
• https://de.linkedin.com/school/lmu.muenchen/
• https://de-de.facebook.com/lmu.muenchen/
• https://www.instagram.com/

If we provide links to websites of other organizations, this privacy policy does not apply to the processing of personal data by that organization. We therefore recommend that you read the data protection notices on the other websites you visit.

A supplementary data protection declaration may also apply to the respective LMU website, insofar as the person responsible for the content of the LMU website carries out further processing of personal data and provides information about this. This applies in particular if specific services are offered by individual departments or divisions. The supplementary data protection information on the respective LMU websites is part of LMU’s data protection declaration.

D) Status of and changes to the privacy policy

LMU’s privacy policy for the website is dated 24.06.2024. We reserve the right to update this privacy policy from time to time in order to take account of current legal requirements and technical changes and to implement our services and offers in compliance with data protection regulations. If this is the case, we will update the date in this statement. When you visit an LMU website, the current version at the time of your visit applies.

Status 24.06.2024