We appreciate your visit to our website. Data protection and data security are our top priority, therefore, and in order to fulfill our duty to inform you, you will find out below to what extent we process personal data, i.e. information relating to an identified or identifiable natural person (hereinafter “data subject”). In the following, you as a user of our offers will be informed in detail about, among other things, the type, scope and purpose of the data processing carried out by us (e.g. data collection, storage, etc.), for example during your visit to our website. If you have any questions regarding the data protection statement or wish to exercise the rights granted to you, you can contact the data protection officer (see below for contact details) at Chemnitz University of Technology.
For reasons of better readability, the generic masculine is generally used in the following. All personal designations naturally apply to all genders.
1. name and contact details of the responsible person
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
Chemnitz University of Technologyrepresented by the Rector: Prof. Dr. Gerd StrohmeierStreet of Nations 6209111 Chemnitz, GermanyE-mail: email@example.comPhone: +49 371 531-10000Fax: +49 371 531-10009Web: https://www.tu-chemnitz.de/
2. contact details of the data protection officer
The data protection officer of Chemnitz University of Technology is:
Gernot KirchnerStreet of Nations 6209111 ChemnitzE-mail: firstname.lastname@example.orgPhone: +49 371 531-12030Fax: +49 371 531-12039Web: https://www.tu-chemnitz.de/rektorat/dsb/
3. technical implementation of the website
The technical implementation of the website is carried out internally by the University Computer Center (URZ) of Chemnitz University of Technology, which can be reached via the following e-mail address: email@example.com
The support of the individual web presences is carried out by different webmasters.
4. general information on data processing
4.1 Scope of the processing of personal data
As a matter of principle, we only process personal data of our users – i.e. also of you – to the extent that this is necessary for the provision of a functional website as well as our content and services (including event registrations, evaluations, public relations, etc.).
This may include, but is not limited to, inventory data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers, home addresses), content data (e.g., text entries, photographs, videos, comments), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Personal data of our users is regularly processed only after their prior consent. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and/or the processing of the data is permitted by legal regulations.
4.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 p. 1 lit. a) DSGVO as the legal basis.
When processing personal data that is necessary for the performance of a contract with the data subject as a contracting party, Art. 6 para. 1 p. 1 lit. b) DSGVO as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which Chemnitz University of Technology is subject, Art. 6 para. 1 p. 1 lit. c) DSGVO as the legal basis. Accordingly, personal data may be stored, for example, if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which Chemnitz University of Technology is subject.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 Para. 1 p. 1 lit. d) DSGVO as the legal basis.
Art. 6 par. 1 p. 1 lit. e) GDPR is used as a legal basis for data processing when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
If the processing is necessary to protect a legitimate interest of Chemnitz University of Technology or a third party and if the interests, fundamental rights and freedoms of the data subject do not override our aforementioned legitimate interest, Art. 6 (1) sentence 1 lit. f) DSGVO serves as the legal basis for the processing. Art. 6 (1) sentence 1 lit. f) DSGVO does not apply to data processing carried out by public authorities in the performance of their duties, according to Art. 6 (1) sentence 2 DSGVO. However, according to the wording, this only includes tasks assigned by law, in particular within the framework of intervention and performance administration. Therefore, if public authorities act in a relationship of equilibrium, i.e. under private law, the application of Art. 6 (1) sentence 1 f) GDPR is not excluded. This particularly affects the public relations work of Chemnitz University of Technology.
4.3 Storage period (data deletion)
The personal data processed by us will be deleted or blocked as soon as the purpose of the data processing (including storage) ceases to apply, i.e. the processing is no longer necessary for the intended purpose and the deletion does not conflict with any statutory retention obligations.
If, for example, data processing is carried out on the basis of a legal obligation within the meaning of Art. 6 (1) p. 1 lit. c) DSGVO, the personal data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires. For example, an obligatory storage for 10 years of commercial books, inventories, management reports, accounting vouchers, etc. according to §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB as well as for 6 years for received and sent commercial letters according to § 257 para. 1 nos. 2 and 3, para. 4 HGB. In these cases, the data is not deleted, but data processing is merely restricted, i.e. the data is blocked and not used for other purposes.
Your data will also not be deleted if there is a need for further storage of the data, for example for the conclusion or fulfillment of a contract, and thus another legal basis for data processing exists (e.g. Art. 6 para. 1 p. 1 lit. b) DSGVO).
4.4 Statutory/contractual provisions on the provision of personal data and consequences of non-provision
We inform you that the provision of personal data is partly required by law or may also result from contractual provisions. For example, when a contract is concluded, it is regularly necessary for the data subject to provide us with personal data that must subsequently be processed by us. This concerns, for example, the obligation to provide personal data in the context of concluding a contract. Failure to provide the personal data would otherwise mean that the contract with the data subject could not be concluded.
Prior to the provision of personal data by the data subject in the above sense, you are very welcome to contact us, preferably our data protection officer mentioned above. We will then inform you in each specific individual case whether the provision of personal data is required by law/contract or necessary for the conclusion of the contract. We will also inform you whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be in this case.
4.5 Disclosure of personal data to third parties
Personal data is processed only by the following natural/legal persons: Chemnitz University of Technology. This also includes those persons who are authorized to process the personal data under the direct responsibility of Chemnitz University of Technology, e.g. employees of Chemnitz University of Technology. In contrast, personal data will not be disclosed to third parties – i.e. natural or legal persons, authorities, institutions or other bodies, with the exception of the data subject, the person responsible and, if applicable, existing processors – unless there is a legal obligation to do so to which Chemnitz University of Technology is subject (e.g. investigations by law enforcement or state protection authorities).
5. provision of the website and creation of log files
5.1 Description and scope of data processing
Each time our website is called up, our server systems automatically record data and information from the computer system of the user/calling computer, i.e. including your computer.
Basically, these are the following data:
The following data can be transmitted additionally depending on the configuration of your browser:
The aforementioned data (except those marked with *) are also stored temporarily – i.e. only temporarily – in the log files of our systems. The following information is also recorded in the log files:
This data is not stored or merged with other personal data of the user.
5.2 Legal basis for data processing
The legal basis for the collection and temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f) DSGVO (protection of a legitimate interest). In addition, Art. 6 para. 1 p. 1 lit. c) DSGVO in conjunction with. § 100 TKG also permits data storage.
5.3 Purpose of the data processing
The temporary storage of, among other things, the IP address by the system is necessary to enable delivery of our website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of our website for you. In addition, we use the data to optimize the websites and to maintain the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context under any circumstances.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO. Interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail in this respect. Data storage for the purpose of defending against disruptions to the telecommunications system is also expressly permitted by Art. 6 (1) p. 1 lit. c) DSGVO in conjunction with. § Section 100 TKG.
5.4 Security of data processing
Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, Chemnitz University of Technology has implemented appropriate technical and organizational measures to protect your personal data and to ensure a level of protection appropriate to the risk involved in providing the website offering.
For this purpose, our web servers enforce transport encryption via HTTP Strict Transport Security (HSTS). You can recognize this by the “Hypertext Transfer Protocol Secure” transmission protocol used (in your address bar: https://) and, for example, by the lock symbol in your browser bar. Currently, TLS 1.2 is required as a minimum standard. By also supporting older encryption standards, we ensure that the largest possible group of visitors can use our website offering. Encryption algorithms that are considered insecure are and will be disabled.
5.5 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. You end the session by closing your browser completely, that is, not just closing the tab in question.
In the case of storage of data in log files, deletion/anonymization takes place after half a year. Any additional storage in non-anonymized form, reduced to relevant data, only takes place to fulfill investigation requests. Furthermore, storage beyond this is possible. In this case, however, the IP addresses of the users are deleted or alienated/anonymized so that an assignment of the calling client is no longer possible under any circumstances.
5.6 Possibility of objection and removal
In case of processing of personal data concerning you on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or public authority) or lit. f) DSGVO (legitimate interest), you have a right to object at any time in accordance with Art. 21 DSGVO, for reasons arising from your particular situation (see also under right to object).
However, the collection of data for the provision of the website and the storage of the data in log files is – as described above – absolutely necessary for the operation of the website of Chemnitz University of Technology. If you therefore exercise your right to object, but regardless of this continue to access our website, there are compelling legitimate grounds for data processing that override the interests, rights and freedoms of the data subject – you – and thus limit the possibility of objecting as a result, so that pursuant to Art. 21 para. 1 p. 2 DSGVO your personal data can continue to be processed.
6.1 Description and scope of data processing
If a user takes advantage of the opportunity to contact us, including via the e-mail addresses provided, via telephone or social media, the personal data provided will be transmitted to us as part of the contact and stored if necessary. On our website, there is also a contact form for this purpose, which can be used for electronic contact.
For the processing of the contact via a contact form are mandatory in the input mask:
At the time of sending the message, this mandatory information as well as other information from the contact form and the data already listed under “Provision of the website and creation of log files” are transmitted and possibly stored in a database or sent by e-mail to the originator of the contact form.
Further information on the processing of your personal data in connection with contacting us via contact form will be provided by the person responsible for the respective contact form before or in connection with sending the respective contact form.
6.2 Legal basis for data processing
The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 p. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of any other contact (including via e-mail, telephone, etc.) is Art. 6 para. 1 p. 1 lit. f) DSGVO (legitimate interest). If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 p. 1 lit DSGVO.
6.3 Purpose of the data processing
The processing of personal data from the communication serves us solely to process your contact. As a rule, this also constitutes the necessary legitimate interest in the processing of the data within the meaning of Art. 6 Para. 1 p. 1 lit. f) GDPR. Your personal data will not be passed on to third parties without your consent.
The other personal data processed during the submission of the contact form serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
6.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from communication with us, this is usually the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts concerned have been conclusively clarified. In addition, other processing purposes may justify longer processing, including storage in a customer relationship management system (CRM system) for ongoing contact maintenance, storage due to relevance under auditing law, etc.
The data will also be deleted if you exercise your right of deletion or revoke your consent, provided that the data processing is based on consent. The foregoing shall apply only to the extent that no mandatory legal provisions continue to justify data processing in the future. In these cases, the statutory deletion/retention periods apply.
In the case of storage of the additional personal data collected during the submission process of the contact form in log files, the deletion/anonymization takes place after half a year. Any additional storage in non-anonymized form, reduced to relevant data, only takes place to fulfill investigation requests. Furthermore, storage beyond this is possible. In this case, however, the IP addresses of the users are deleted or alienated/anonymized so that an assignment of the calling client is no longer possible under any circumstances.
6.5 Possibility of objection/revocation and removal
The consent given, if any, is voluntary, i.e. free from coercion and pressure, and can be revoked at any time, either in whole or separately and without unreasonable disadvantages, with effect for the future. To exercise your revocation, please send us, for example, an e-mail to the e-mail address of our data protection officer. However, the revocation of consent and the resulting deletion of all personal data stored in the course of contacting us will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If the data processing is carried out for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1 p. 1 lit. e) DSGVO) or on the basis of a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f) DSGVO, you have the right to object at any time in accordance with Art. 21 DSGVO, for reasons arising from your particular situation (see also under Right to object). In this case, the Chemnitz University of Technology shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
In the event of a revocation or objection, the conversation with you cannot be continued because, as a rule, all personal data stored in the course of contacting you will be deleted.
7.1 Description and scope of data processing
For a more detailed understanding of how cookies work, however, a distinction must be made between different types of cookies. With regard to the “lifetime” of cookies, a distinction is made between so-called session cookies (temporary cookies, session cookies, transient cookies) and so-called persistent/permanent cookies – sometimes also referred to as permanent cookies. The former are automatically deleted when the browser is closed, while the latter remain on the user’s end device for the set period of time. Furthermore, based on the affiliation of the cookies to a specific server, a distinction is made between so-called first-party cookies and so-called third-party cookies. The former are set by the web server from which the visited page is also retrieved. The latter, on the other hand, are set by another web server from which content is used or integrated on the visited page and are irrelevant for the use of our web offer.
7.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies – esp. permanent cookies, regardless of whether they are first-party or third-party cookies – is generally Art. 6 para. 1 p. 1 lit. a) GDPR (consent of the data subject).
The legal basis for the processing of personal data using so-called first-party cookies, which are designed as technically necessary session cookies, on the other hand, is Art. 6 para. 1 p. 1 lit. f) DSGVO (legitimate interests). As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. This applies, for example, to be able to provide functions selected by you (e.g. language setting, login status, etc.).
7.3 Purpose of the data processing
7.4 Duration of storage, possibility of objection/revocation and elimination
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use or storage of cookies. The storage period of the cookies, i.e. before they are automatically deleted, depends on the respective settings of the cookie. You can find more information about the storage period in the following table.
However, if cookies for our website are deactivated or later deleted, e.g. due to the lack of/revoked consent or corresponding browser settings, it may no longer be possible to fully use all functions of the website, so that limited functionality of our website may be the result.
a) Possibility of revocation
b) Possibility of objection
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications. You can read more about this under “General elimination options”.
c) General elimination possibility
In addition, you can monitor and regulate the storage of cookies in your browser, so that you can, for example, define the automatic deletion of all cookies at the end of the session (closing the browser) or the general blocking of cookies of any kind. Sending the “Do-Not-Track” flag (“Do not follow” request) does not collect any profile data on pages that perform local tracking. However, these settings are generally only applied on a browser/device-specific basis, so you will have to make them for all of your end devices. Please also note that blocking any cookies may result in partial loss of the full functionality of our website.
In detail, the following cookies, among others, are used to access our website:
Owner of this website
Stores the settings of the visitors selected in the Cookie Box of Borlabs Cookie.
8. use of external web offers
8.1 Description and scope of data processing
a) User-friendly website design
We also integrate various external map services (OpenStreetMap) on our website, among other things to make the directions for contacting us as user- and operator-friendly as possible. Unfortunately, no comparable offers are currently available for this, taking into account a proportionate effort, although this is also evaluated and re-evaluated by us on an ongoing basis.
8.2 Legal basis for data processing
a) Declaration of consent
In the event that you had to declare your prior consent to data processing to us or to one of the above-mentioned external providers, e.g. by means of prior consent to web tracking by confirming a pop-up or in the case of redirection to our external search providers or map services, the data processing is based on Art. 6 (1) p. 1 lit. a) DSGVO, namely on the basis of your consent.
8.3 Purpose of the data processing
The sole purpose of data processing in connection with the integration of external search providers/map services on our website is to make it as efficient and user-friendly as possible for you to search our web offerings and plan your route. As a rule, this also constitutes a legitimate interest in the processing of the data within the meaning of Art. 6 (1) of the German Data Protection Act, irrespective of any consent given. 1 p. 1 lit. f) GDPR.
b) Joint responsibility
In this case, the external service provider is primarily responsible for data processing within the meaning of the GDPR and other national data protection laws of the member states of the European Union as well as other data protection provisions. For detailed information on the purposes of data processing by the above-mentioned external providers, please refer to the above-mentioned. Links to the privacy statements of the external providers.
8.4 Recipients / categories of recipients
The processing of personal data in connection with the use of external web offers (including search services, etc.) is generally only carried out by the natural/legal persons named below: Chemnitz University of Technology, in particular employees of the University Computer Center and the Center for People and Technology. Depending on the external service you have selected/used, your personal data will also be processed by the above-mentioned external providers.
Personal data will not be passed on by us to other third parties – not named here – nor will it be transferred to another EU country or to a third country or to an international organization, unless otherwise stated below.
8.5 Transfer to a third country
The transfer of personal data to a third country or an international organization may only be carried out if, inter alia, the European Commission has decided that the third country, territory or one or more specific sectors in that third country or international organization in question provides an adequate level of protection. Such data transfer does not require special authorization in this case. With respect to the above companies, an adequate level of protection is currently ensured due to the US-EU Privacy Shield.
Regarding the transfer of personal data to the United Kingdom (Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom and Wakelet Limited 76 Quay Street, Manchester, M3 4PR, United Kingdom), the Commission has decided that the third country in question provides an adequate level of protection (Adequacy Decision: https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf).
The requirements of Art. 45 GDPR (data transfer on the basis of an adequacy decision) are thus met for the aforementioned transfer operations to a third country. The transfer of personal data to the above-mentioned external providers and thus to third countries is therefore permissible, since the controller and the processor have complied with the conditions and also the requirements set out in Art. 44 et seq. DSGVO and also comply with the other provisions of the DSGVO. This ensures that the level of protection for natural persons guaranteed by the GDPR is not undermined.
8.6 Duration of storage
Personal data processed by us in this context will be deleted as soon as they are no longer required to achieve the above-mentioned purposes. Purposes of their collection are no longer necessary. You can find more details on data deletion at the above-mentioned external providers in the privacy statements of the external providers linked above.
8.7 Possibility of objection/revocation and removal
Any consent given in connection with the use of external web offerings is voluntary, i.e. free from coercion and pressure, consequently has no relevance whatsoever for your participation in TUC offerings, and can be revoked at any time, either in its entirety or separately, with effect for the future and without unreasonable disadvantages. To exercise your revocation regarding the social media channels used by Chemnitz University of Technology, please send us an email to firstname.lastname@example.org or use the cookie overview at www.forschungsnetzwerk-chim.de/datenschutzerklaerung. Please note, however, that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If your personal data is collected on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or in the exercise of official authority) or lit. f) DSGVO (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you; this also applies to profiling based on these provisions. To exercise your objection with respect to the external providers used, please follow the opt-out options linked below:
OpenStreetMap (Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom): https://wiki.osmfoundation.org/wiki/Privacy_Policy.
8.8 Embedding and displaying external content on our website
On our websites, external content (e.g. graphics, maps, etc.) from the above-mentioned third parties is partly integrated and displayed. Third-party providers are integrated and displayed, including OpenStreetmap etc.. In this context, too, the protection of your data is important to us. Therefore, the integration of such services is regularly carried out using the state-of-the-art data protection compliant solution from the c’t project Shariff (https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html) or similar technical procedures.
In this way, we ensure that no (personal) data is transmitted to the external providers when you visit our website. Otherwise, the integration of such external content would lead directly to the establishment of a connection with the external server when you visit the website and thus also to the transmission of your (personal) data, including your IP address, your browser type and your operating system, the websites from which your system accesses the external embedded offer pages, your visit time, etc., to the same, so that your activities on the Internet can be logged by the external provider and tracked for statistical or marketing purposes. This automatic connection to the external servers, which is established in the background without your intervention, is initially prevented by the above-mentioned solutions. Solutions initially prevented. You can thus decide yourself within the scope of consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO whether you want to transfer data to the external servers, which may be located in non-European countries (e.g. USA, see above). Once you have given your consent, it is then stored in a technically required cookie for a period of seven days – or 90 days in the case of search engine selection – if this is desired and expressly selected by you.
Only by actively, autonomously and voluntarily, i.e. free of coercion and pressure, clicking on the (“Shariff”) button to establish the connection to the external server, you transmit (personal) data, including your IP address, to the external server. For this reason, we have no influence on the collected data and data processing procedures at the external service provider, so that we can also not provide any information about the purpose and scope of data processing or the storage period/deletion. At this point, too, we would therefore like to refer you to the above-mentioned data protection statements. Data protection declarations, objection/revocation and removal options etc. of the above-mentioned external providers used by us.
9. rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR, so you have the following rights vis-à-vis Chemnitz University of Technology (data controller). To assert your rights against Chemnitz University of Technology or if you have further questions regarding data protection, you can contact our data protection officer at any time.
All notifications and measures pursuant to Articles 15 to 22 (including rights of access, rectification, erasure, restriction of processing, notification, data portability, right of objection) and Article 34 GDPR (right of notification in the event of data protection breaches) shall be provided free of charge. However, in the case of manifestly unfounded or – especially in the case of frequent repetition – excessive requests by a data subject, the controller may either charge a reasonable fee, taking into account the administrative costs of informing or notifying or implementing the requested measure, or refuse to act on the request. For these cases, however, Chemnitz University of Technology must provide evidence of the manifestly unfounded or excessive nature of the request.
In addition, it is pointed out that there are restrictions on the rights of the data subject according to §§ 7-10 SächsDSDG. This affects, among other things, the right of deletion and the right to information as well as the duty to provide information to the data subjects.
9.1 Right to information
You may request confirmation from the controller as to whether personal data concerning you are being processed by him. If there is such processing, you may request information from the controller about the following:
However, Chemnitz University of Technology, as the controller, naturally processes a large amount of information about data subjects, so you are required to specify which information or which processing operations your request for information relates to when asserting your right to information before you are provided with information, cf. p. 7 of the 63rd recital of the GDPR.
If personal data is transferred to a third country or to an international organization, you as the data subject also have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
9.2 Right to rectification
You have the right to request the controller to correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you as the data subject also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
9.3 Right to deletion
a) Obligation to delete, Art. 17 DSGVO (“right to be forgotten”)
You may request the controller to delete the personal data concerning you without undue delay. The data controller is also obliged to delete this data immediately if one of the following reasons applies:
b) Information to third parties
If the controller has made the personal data concerning you public and is responsible pursuant to. Art. 17 par. 1 DSGVO to erase them, it shall take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested from them – the further controller – to erase all links to or copies or replications of such personal data.
c) Exceptions to the right to erasure
The right to erasure does not exist insofar as the processing is necessary to
9.4 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
If the processing of personal data concerning you has been restricted in the sense described above, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
9.5 Right to information
The controller is obliged to provide all recipients to whom your personal data has been disclosed with any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, 17 para. 1 and Art. 18 DSGVO, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject about these recipients if the data subject so requests.
9.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format (including pdf, csv). You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
In exercising this right, you have in particular the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability is not affected by Article 17 of the GDPR (“right to be forgotten”). It does not apply, moreover, to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 p. 1 lit. e) (public interest or in the exercise of official authority) or lit. f) DSGVO (legitimate interests); this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
9.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent is as easy as granting consent, especially with regard to form requirements, so that in principle an informal communication by e-mail is sufficient. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permissible under Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a) or lit. g) DSGVO applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the previously mentioned in pt. 1 and Pkt. 3 above, the controller shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the controller, to express his point of view and to contest the decision.
9.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law.
The competent supervisory authority in the Free State of Saxony is pursuant to Art. 51 DSGVO in conjunction with. §§ 14 ff. SächsDSDG:
Saxon Commissioner for Data Protection and TransparencyDr. Juliane HundertDevrient Street 501067 DresdenE-mail: email@example.comPhone: +49 351 85471-101Fax: +49 351 85471-109Web: https://www.saechsdsb.de/
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
10. up-to-dateness/modification of this privacy statement
You can access, print out and save the current data protection declaration at any time on the website at https://chim.hrz.tu-chemnitz.de/datenschutzeklaerung.
Freepik (2021): 3d rendering of a low poly plex design – network communications Free Photo, Freepik, [online] https://de.freepik.com/fotos-kostenlos/3d-rendering-eines-low-poly-plexus-designs-netzwerkkommunikation_17560612.htm#query=network&position=3&from_view=search&track=sph.