Data protection

Last changed 19.02.2019

The LMU as a corporate body of public law is subject to the BayDSG (bavarian legislation on data-protection), in some points the BDSG (Federal Data Protection Act), the GDPR (General Data Protection Regulation), and the corresponding articles of special laws (Telemedia, Telecommunication, Employment Law, etc.) relevant to data protection.
This data privacy statement fulfills the obligations to inform the user as result from the formalities mentioned above.

Contact

Data Protection Official of the LMU Munich

Supervisory body for data protection in the public sector

Data Protection Coordinator of the department Institut für Informatik of the LMU

Legal person responsible for data processing

  • Ludwig-Maximilians-Universität München
  • Geschwister-Scholl-Platz 1
  • 80539 München
  • Telefon: +49 (0) 89 / 2180 - 0
  • E-Mail: praesidium@lmu.de
  • The LMU Munich is a corporate body of the public law.
    It is legally represented by its president, Prof. Dr. Bernd Huber.

    Responsible department

    • IT Operations Team (RBG) of the department Institut für Informatik of the LMU Munich
    • Oettingenstraße 67
    • D-80538 München
    • E-Mail: rbg@ifi.lmu.de
    • Tel.: +49 (0) 89 / 2180 - 9198

Processing of Personal Data

The IT service and organization at the department Institut für Informatik follows the state of the art and best practices regarding security and IT operations.
The protection of personal data as well as the sustainable operation of services in the scope of their possibilities is therefore guaranteed.

1. Webserver protocol

Data subjects

Every user of this webserver is affected by the acquisition and processing of the data.

Which data is acquired

The webserver records
  • Pseudonym corresponding to the IP address of the user's webclient
  • Date and time of the request of an element of the website
  • Address of the requested element
  • Amount of requested data
  • Info on whether the request was successful
  • Type and version of the webclient
  • Error messages if applicable
  • Text of any search, filter, or sorting parameter as applicable

In case of a disturbance or security incident, the pseudonymisation of the IP address will be temporarily suspended.

ipscrub (http://www.ipscrub.org) is used to generate pseudonyms for IP addresses.

Appropriation

The collected data is only used for statistical analysis (in anonymised form), for enhancing Uni2work, for analysis, elimination and protection against disturbances, and in case of security incidents.
Only the IT administrators responsible for the operation of the department Institut für Informatik have access to the data.

Legal or Contractual Basis of Data Processing

  • Obligation to sustainable and secure operation of IT services according to the state of the art (TMG, TKG, DSG, EUDGV, BayDSG, BDSG)
  • Legislation pertaining to the retention period and type of webserver protocols
  • Performing of a function that is of public interest

Disclosure

First point of contact is the above-mentioned responsible department.

Deletion

Entries of the webserver protocol will be automatically deleted after seven days.
Data that is processed due to a disturbance or a security incident will be deleted after the incident has been concluded.

Consent, Correction, Revocation, Request for Deletion or Transmission

Consent is not required for the processing of the data due to the type of the collected data, its designated use, the automated deletion and the basis of the collection (GDPR, Art. 6 Para. 1 e+f).
The right of withdrawal for data processing, the right of petition for deletion, the right of petition for correction, and the right of petition for transmission are not applicable due to the consent to data processing not being necessary as well as the type and use of the collected data.

Right to appeal

Users generally have the right to appeal to the supervisory body concerning any processing or transmission of their personal data.
In case of the LMU Munich, the supervisory body is the above-mentioned Bavarian Data Protection Commissioner.
Apart from that, any other above-mentioned legal contact person may be contacted concerning appeals and inquiries.

Obligation to participate in the processing of the data

The user is obligated to provide the data and allow its processing when using this service.
We reserve the right to exclude users from the service who do not provide the data.