Privacy Policy According to Article 13 of the General Data Protection Regulation (GDPR)

The Privacy Policy is to provide information on the processing of your personal data in connection with this website and on your rights according to data protection legislation. According to Article 4, No. 1 of the EU General Data Protection Regulation (GDPR), personal data are all data that can be related to an identified or identifiable natural person.

Overview

  1. Controller and Data Protection Commissioner
  2. Accessing the Website and Server Log Files
  3. Cookies
  4. Contact (Email, Phone, Form)
  5. Newsletter
  6. Links to Other Websites
  7. Encrypted Transmission (TLS Encryption)
  8. Your Rights

Information

  1. Controller and Data Protection Commissioner

    According to the GDPR (Art. 4, No. 7) and other data protection regulations, the controller is:

    Karlsruhe Institute of Technology (KIT)

    Kaiserstraße 12
    76131 Karlsruhe
    Germany
    Phone: +49 721 608-0
    Fax: +49 721 608-44290
    Email: info@kit.edu

    Karlsruhe Institute of Technology is a corporation governed by public law. It is represented by its President.

    Our Data Protection Commissioner may be contacted at datenschutzbeauftragte@kit.edu or by ordinary mail with “Die Datenschutzbeauftragte“ (the Data Protection Commissioner) being indicated on the envelope.

  2. Accessing the Website and Server Log Files

    Scope and purpose: When using the website for information only, i.e. when you neither register nor transmit information to us in any other way, we will only collect your personal data that are transmitted by your browser to our server after the settings you have made. These are:

    • The IP address of the user
    • Date and time of access
    • Accessed website or URL
    • Access data / HTTP status code
    • Data volume transmitted
    • Websites from which the user’s system accesses our Internet site, if the user’s browser transmits these data actively
    • Information on the browser type and the version used
    • Operation system of the user
    • Information on the encryption protocol and the used encryption algorithm

    These data serve to technically optimize the website and to ensure security of our IT systems. The IP address is required for the operation and delivery of the website, it is written into the log files in abbreviated form, and is no longer available in its entirety after the request. From these data, we cannot draw any direct conclusions with respect to individual persons. In anonymized form, the data are processed for statistical purposes. The data are not compared with other data sets.

    If we have concrete evidence of illegal use, we reserve the right to collect and store full IP addresses.

    Recipients: Data will not be forwarded to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3 lit. b GDPR in conjunction with Article 4 LDSG (State Data Protection Act) and Article 20, par. 1 KITG (Act on KIT) in conjunction with Article 12, par. 1 LHG (Act of Baden-Württemberg on Universities and Colleges).

    Storage period: The personal data are stored as long as they are needed for reaching the purpose of their collection. After seven days at the latest will the data be deleted.

  3. Cookies

    Scope and purpose: In addition to the data listed above, cookies are stored on your computer when using our website. Cookies are small text files stored by your browser on your PC, via which certain information is transmitted to us (the server of our website). We use so-called session cookies (transient cookies) that are technically required to make the website functional. In the cookies used by us, the following data are stored and transmitted.

    • Session-ID („PHPSESSID“)

    Recipient: The data are not transmitted to third parties.

    Legal basis: The legal basis for processing personal data using technically required cookies in the sense of Art. 25, par. 2 TDDDG (Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services) is Art. 6, par. 1, lit. e and par. 3, lit. b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG.

    Storage period: The session cookies will be deleted at the latest when you close your browser.

    Tip: You can set your browser such that you are informed about the setting of cookies and you can allow cookies in the individual case only, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when closing your browser. If you deactivate cookies, functionality of this website may be limited.

  4. Contact (Email, Phone, Form)

    Scope and purpose: When contacting us by email, phone, or by sending a form, your contact data transmitted to us, such as email address, phone number, and name, are stored for the purpose of processing and answering your inquiry.

    Please note that data transmission (e.g. when communicating by email) may be subject to security deficiencies. It is not possible to completely protect the data from access by third parties.

    Recipient: If needed for responding to your inquiry, personal data may be forwarded to competent offices of KIT. The responsible KIT employees will use your personal data for processing your inquiry exclusively. The data will not be transmitted to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3, lit b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG as well as other pertinent legal provisions.

    Storage period: The personal data will be stored as long as they are needed for fulfilling the above purpose. This means that the data will be deleted when it must be assumed that an exchange is no longer desired.

  5. Newsletter

    Scope and purpose: We process your personal data from the corresponding form / registration mask for the purpose of sending you the newsletter and the associated administration work. For registration, we use the double opt-in procedure, i.e., your registration will only be completed after you have confirmed your registration by clicking the link contained in a confirmation email sent to you for this purpose. If you do not confirm within 48 hours, your registration will be deleted automatically from our database.

    Recipient: The data will not be transmitted to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. a GDPR (consent).

    Consent is given voluntarily. Consent may be revoked anytime with effect for the future. Effect for the future means that revocation of your consent will not affect the lawfulness of processing that was based on the consent until revocation. Your refusal or revocation of the consent will not result in any disadvantages. However, without your giving your personal data, it will no longer be possible to send the newsletter to you.

    Storage period: The personal data will be stored as long as they are needed for the above purposes. This means that we will store the data as long as you have given your consent.

  6. Links to Other Websites

    When we link to websites outside of KIT, the privacy policies and information provided there apply.

  7. Encrypted Transmission (TLS Encryption)

    This site uses TLS encryption to protect the transmission of all contents as well as of the inquiries you sent to us as the site operator.

    With TLS encryption, the data you transmit to us cannot be read by third parties as a rule. Please note, however, that when transmitting data via the Internet, complete protection against access by third parties can never by guaranteed.

  8. Your Rights

    As regards your personal data, you have the following rights:

    • Right to withdrawal of your consent with effect for the future, if processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a GDPR (Art. 7, par. 3 GDPR),
    • right to confirmation as to whether data about you are processed and right to information about the data processed and to further information about data processing as well as right to obtain copies of the data (Art. 15 GDPR),
    • right to rectification or completion of incorrect or incomplete data (Art. 16 GDPR),
    • right to immediate erasure of your personal data (Art. 17 GDPR),
    • right to restriction of processing (Art. 18 GDPR),
    • right to portability of the data in a structured, common, and machine-readable format, provided that processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a or Art. 9, par. 2, lit. a GDPR or on an agreement according to Art. 6, par. 1, sub-par. 1, lit. b GDPR (Art. 20 GDPR),
    • right to object to the future processing of your personal data, if the data are processed according to Art. 6, par. 1, lit. e or f GDPR (Art. 21 GDPR).

    In addition, you have the right to complain about the processing of your personal data by KIT with its supervisory authority (Art. 77 GDPR). According to Art. 25, par. 1 LDSG, the supervisory authority of KIT according to Art. 51, par. 1 GDPR is:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (Baden-Württemberg State Commissioner for Data Protection and Freedom of Information) (https://www.baden-wuerttemberg.datenschutz.de/, in German).

Privacy Policy Video Conferencing with BigBlueButton (BBB)

This privacy policy is intended to enable you to inform yourself about the processing of your personal data when using the BigBlueButton communication tool at the Karlsruhe Institute of Technology (KIT).

I. Processing of personal data and recipients

The processing of personal data is necessary for the operation of BigBlueButton. According to Article 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any data relating to an identified or identifiable natural person.
When participating in a web conference via BigBlueButton, the video and audio data recorded via the camera and microphone of the end device or the chat content together with the IP address and device/hardware information are transmitted to the KIT servers used for BigBlueButton. The video and audio data as well as the chat content and other shared content are forwarded to the end devices of the recipients. All of the aforementioned data transmissions are transport-encrypted via TLS.

Depending on which functions of BigBlueButton are used, the following processing of personal data may occur:

1. User Data

  • KIT account (concerns KIT employees)
  • Self-selected name (concerns guests)

2. video, audio and text data

  • Video data, if you have enabled the camera of your end device.
  • Audio data, if you have enabled the microphone of your end device
  • Text data, if the chat, note, drawing, or survey function is used
  • Data from shared content

3. meeting metadata

  • Duration of the meeting
  • Start and end (time) of participation of people
  • Name and description of the web conference
  • Time of the web conference
  • Chat status
  • IP addresses of the end devices used for participation as well as other device/hardware information (MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection, etc.)

In any case, video and audio data contain your likeness as well as your voice as personal data within the meaning of Article 4 number 1 of the EU General Data Protection Regulation (GDPR), as the data relate to you as an identified or identifiable natural person. In addition, the content of your posts may allow conclusions to be drawn about your person. IP address and device/hardware information also generally allow conclusions to be drawn about your person and are therefore to be treated as personal data.

4. storage duration

The data provided above will be stored for as long as it is required for the performance of the web conferences and related services. The IP address and device information are stored in the log files of the servers used for up to 14 days for the purpose of troubleshooting.

5. consignee

In addition to the participants of the web conference, the employees of the Steinbuch Centre for Computing (SCC) of KIT who are entrusted with the operation of BigBlueButton have access to the data in order to be able to manage the systems.

6. cookies

In addition to the previously mentioned data, cookies are stored on your computer when you use BigBlueButton. Cookies are small text files that are stored by the browser you are using and through which we (the server of our website) receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective, especially faster. A distinction is made between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

We only use session cookies. We do not use persistent cookies or flash cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of the service may be limited.

II. Responsibility

The person responsible for data processing within the meaning of the DS-GVO and other data protection regulations is:

Karlsruher Institut für Technologie
Kaiserstraße 12
76131 Karlsruhe
Deutschland
Tel.: +49 721 608-0
Fax: +49 721 608-44290
E-Mail: info∂kit.edu

The Karlsruhe Institute of Technology is a public corporation. It is represented by the President Prof. Dr. Holger Hanselka. You can reach our data protection officer at datenschutzbeauftragter∂kit.edu or the postal address with the addition "Die Datenschutzbeauftragte".

III. Legal basis

For KIT employees, the legal basis for the processing of personal data arises from Article 88(1) DS-GVO in conjunction with Section 15(1) of the State Data Protection Act (LDSG), as the data processing is necessary for the performance of the employment relationship if BigBlueButton is used for official purposes.

For students, the legal basis arises from Article 6 (1) subparagraph 1 letter e, (3) subparagraph 1 letter b DS-GVO in conjunction with § 4 LDSG in conjunction with §§ 2, 12 State University Act in conjunction with § 2 (1) and (2) KIT Act, as the data processing is necessary for their participation in university operations.

For guests, the legal basis results from Article 6(1) subparagraph 1 letter e, (3) subparagraph 1 letter b DS-GVO in conjunction with Section 4 LDSG, as the data processing is necessary for the KIT to perform its tasks.

In individual cases, the legal basis may arise from consent pursuant to Article 6(1), first subparagraph, letter a DS-GVO, provided that the above-mentioned legal bases are not relevant.

IV. Your Rights

With regard to the personal data concerning you, you have the following rights vis-à-vis us as well as vis-à-vis Microsoft:

  • Right to withdraw your consent with effect for the future, where the processing is based on consent pursuant to Article 6(1), first subparagraph, point (a) of the GDPR (Article 7(3) of the GDPR).
  • Right to obtain confirmation as to whether data concerning you are being processed and to obtain information about the data processed, further information about the data processing and copies of the data (Article 15 DS-GVO)
  • Right to rectification or completion of inaccurate or incomplete data (Article 16 DS-GVO)
  • Right to erasure of data concerning you without delay (Article 17 DS-GVO)
  • Right to restriction of processing (Article 18 DS-GVO)
  • Right to receive the data in a structured, commonly used and machine-readable format, provided that the processing is based on consent pursuant to Article 6(1), first subparagraph, point (a) or Article 9(2)(a) or on a contract pursuant to Article 6(1), first subparagraph, point (b) and no exception applies (Article 20 DS-GVO)
  • The right to object to the future processing of data concerning you, where the data are processed pursuant to Article 6(1)(e) or (f) of the GDPR (Article 21 of the GDPR).
  • You also have the right to lodge a complaint with the supervisory authority about the processing of personal data concerning you by Karlsruhe Institute of Technology (KIT) (Article 77 DS-GVO). The supervisory authority within the meaning of Article 51 (1) of the DS-GVO regarding KIT is pursuant to Section 25 (1) of the LDSG:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

adress:

Königstraße 10a
 

70173 Stuttgart

post adress:

Postfach 10 29 32
 

70025 Stuttgart

Tel.:

0711/615541-0

Fax:

0711/615541-15

E-Mail:

poststelle∂lfdi.bwl.de