Privacy policy

General data protection policy for the internet pages of Ludwig-Maximilians-Universität München (hereinafter “LMU”)

Privacy Policy for LMU's Website

This Privacy Policy explains how personal data is processed by Ludwig-Maximilians-Universität München (hereinafter referred to as "LMU") in connection with its website. Furthermore, visitors and users of LMU's website will be informed about the rights they are entitled to. The information in Section A—General Data Protection Information—applies to all data processing operations in connection with LMU's website. Data protection information on specific data processing operations (e.g., Deutschlandstipendium, applications) can be found in Section B. Sections C and D of the Privacy Policy provide information on the validity, scope, and status of the Privacy Policy. If individual institutions or departments of LMU perform any additional data processing on their websites, a supplementary Privacy Policy is available on their respective website.

A) General Data Protection Information

The LMU is a state university of the Free State of Bavaria (Article 4(1), first sentence, no. 1).Bavarian University Innovation Act, BayHIG). It is a body governed by public law with the right of self-government within the framework of the laws and at the same time a state body (Article 4(1) of the BayHIG). The LMU carries out its own affairs as a corporation and state affairs as a state body (Article 4 BayHIG).

I. Contact Information in Connection with LMU's Website

I.1. Details of Those Responsible for Data Protection at LMU

LMU is responsible for data protection on LMU's website; it is legally represented by its president. The contact information can be found in the imprint.

The respective LMU institutions are responsible for the content offered on LMU's website. For questions relating to a relevant LMU website, please contact the respective responsible contact person, as mentioned in the imprint or in the contact information on the respective website.

I.2 Details of the Data Protection Officer at LMU

The contact details of LMU's data protection officer are available on LMU's website at https://www.lmu.de/datenschutz.

The data protection officer is available to answer questions about data protection at LMU. Please use the contact form on the web page of LMU's data protection officer at https://www.lmu.de/datenschutz. Please direct any questions regarding specific data processing (e.g., application) to the appropriate institution.

II. General Information on Data Processing on LMU's Web Pages

II.1 Scope of the Privacy Policy

This Privacy Policy applies to the processing of personal data in connection with LMU's website.

  • Pursuant to Article 4 no. 1 GDPR (General Data Protection Regulation), "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Pursuant to Article 4 no. 2 GDPR, "processing" means any operation or set of operations performed on personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, dissemination or otherwise making available, comparison or association, restriction, erasure, or destruction.

II.2 Purposes and Legal Bases for Processing Personal Data

We offer our services and administrative services as well as information for the public about our activities on our website pursuant to Article 2 BayHIG, Article 4, 5, 17, 19 Bavaria Digital Act (BayDiG).

In this respect, the purpose of the processing is the fulfillment of the public tasks and legal obligations assigned to us by law, in particular the provision of information to the public. Personal data is processed on LMU's website only to the extent necessary for the provision of a functioning website, for presentation of the respective content, for the provision of information to the public, or for the provision of specific services or the presentation of offers. We also process personal data that you have provided to us or that we have obtained about you in a lawful manner (Article 4 paragraph 2 of the Bavarian Data Protection Act (BayDSG)).

When processing your personal data, we take into account in particular the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. To the extent and provided that the purpose of processing is not impaired, we anonymize or pseudonymize personal data.

The legal basis for the processing of your data ensues, unless otherwise stated, from Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG. Accordingly, we are permitted to process the data required to fulfill a task incumbent upon us. We use cookies, log files, and web analysis tools to compile business statistics, to conduct organizational studies, to test or maintain our web service, and to ensure network and information security pursuant to Article 6 paragraph 1 BayDSG, §25 TDDDG, Article 43 BayDig.

II.3 Data Erasure and Storage Period

Your data will only be stored for as long as is necessary for the fulfillment of tasks, taking into account legal retention periods, or as long as you have given your consent. The personal data of users of LMU's website will be erased or anonymized as soon as and to the extent that the respective purpose of storage no longer applies and there is no archiving obligation. To the extent that this is provided for in the relevant regulations, storage may also extend beyond this.

II.4 Data Security

In order to adequately and comprehensively protect the security of your data during processing and in particular during transmission, we use appropriate encryption procedures (e.g., SSL/TLS) and secured technical systems where necessary and in line with the current state of the art.

The technical operation of the data processing system is carried out with the support of the Leibniz Supercomputing Center (LRZ) of the Bavarian Academy of Sciences and Humanities (Boltzmannstraße 1 D-85748 Garching near Munich, phone: +49 (0)89 35831 8000, fax: +49 (0)89 35831 9700, email: lrzpost@lrz.de, https://www.lrz.de/english/), with whom a contract for data processing exists.

All of our employees are subject to the statutory data secrecy pursuant to Article 11 BayDSG or are obligated to confidentiality.

II.5 Data Transmission

Data transmission takes place on the basis of the law or with your consent. If necessary, your data will be transmitted to the competent supervisory and auditing authorities for the exercise of the respective control rights.

In electronic transmission, data may be forwarded to the State Office for Information Security in order to avert threats to information technology security and processed there on the basis of Article 41 et seq. BayDiG.

Apart from that, we only transmit personal data to third parties if this is necessary in the context of the execution of a contract (Article 6 paragraph 1 letter b GDPR), for example to organizers of an event or to commissioned service providers. The disclosed data may be used by the respective contract data processor or third party exclusively for the stated purposes or within the scope of applicable law.

II.6 Protection of Minors

The websites of the LMU are not intended or designed for use by persons under the age of 16, in particular not for children. We do not knowingly collect personal information from or about persons under the age of 16.

Persons under the age of 16 should not transmit any personal data to the LMU without the consent of their parents or guardians. Processing can only take place with the appropriate consent or in the context of fulfilling a legal obligation.

Where necessary — in particular as far as paid Internet services are used — the date of birth or age will be collected or verified if necessary. This is indicated separately in the data protection information of the respective Internet service.

II.7 Evaluation

When you access LMU's website or access it from mobile devices, programs for evaluating user behavior are only used in anonymized form. Your IP address is first anonymized and can only then be evaluated.

III. Logging and the Creation of Log Files

Each time a page on LMU's website is accessed, LMU automatically collects data and information from the computer system of each computer accessing it. In addition, we process your personal data if you provide it on LMU's website. When processing your personal data, we take into account in particular the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

1. Purpose and Scope of Data Processing

Due to security-related events that have occurred, e.g., attempted hacker attacks, relevant access data is stored each time any of the centrally hosted websites are accessed. The stored data is used for the purposes of identifying and tracking unauthorized access attempts and access, for maintaining the functionality of the website on the web server and—in anonymized form—for optimizing the content.

Temporary storage of the IP address is also necessary to enable delivery of LMU's website to your computer. For this purpose, the IP address must also remain stored for the duration of the use of the session. Storage together with other personal data at LMU does not take place.

Depending on the access protocol used, the log record contains information with the following content:

  • IP address of the requesting computer
  • Date and time of the request
  • Access method/function requested by the requesting computer
  • Input values transmitted by the requesting computer (file name, etc.)
  • Access status of the web server (file transferred, file not found, command not executed, etc.)
  • Name of the requested file
  • URL from which the file was requested/the requested function was initiated
  • Information about the browser type
  • Operating system of the user
  • Website from which the user's system accesses LMU's website
  • Websites accessed from LMU's website

2. Legal Basis for Data Processing

Temporary data processing is performed pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG.

3. Duration of Data Processing

The logged data is stored for a maximum of 30 days and then deleted. The storage takes place for own purposes of IT security. This is necessary in view of the current IT threat caused by spam emails, espionage and malicious programs as well as other abuses for the purpose of efficient security against cyberattacks and to maintain service operation in accordance with the state of the art in accordance with Article 32 GDPR. Longer storage can take place on a case-by-case basis, provided that a security-relevant breach has been detected or if legal obligations of the LMU require this. Regardless of this, additional storage is possible. In this case, your IP address will be deleted or alienated, so that an assignment of the calling client is no longer possible.

4. Objection and Deletion Option

To the extent that the data for provision of the website and the storage of the data in the log files is absolutely necessary for the operation of the website, you have no right of objection.

IV. Use of Active Components and Cookies

1. Purpose and Scope of Data Processing

JavaScript applications are used in the information provided by LMU, mainly for navigational elements, e.g., field-dependent visibility in contact forms. No personal data is stored in the process.

In some cases, cookies are set on LMU's website to make the web pages user-friendly. Some elements of our website also require identifying user sessions.

In the cookies of the content provided, only a session ID is stored to identify the user session (session cookie). Session cookies are small units of information that a provider stores in the RAM of the visitor's computer. In addition to a randomly generated unique identification number, session cookies contain information about the source and the storage period. These cookies are unable to store any other data.

The following technically necessary cookies are used:

Cookie NamePurposeExpiration
document.cookieStores consent for embedding third-party content from Twitter, Facebook, YouTube, Vimeo, and Instagram for the duration of the website visitDeleted when the session ends or the browser is closed
MATOMO_SESSIDPrevents security incidents when users opt out of statistical analysis with Matomo.Deleted when the session ends or the browser is closed.
piwik_ignoreStores the decision of the visitor to be excluded from statistical trackingUntil the visitor's own browser preferences for storing cookies are changed (or the cookie is deleted).
mtm_consent
and
mtm_consent_removed
these cookies may be saved when you change your settings regarding consent to statistical analysis with MatomoUntil the visitor's own browser preferences for storing cookies are changed (or the cookie is deleted).
MWF_SESSIONIDStores the session ID for web formsDeleted when the session ends or the browser is closed
JSESSIONIDSave the session IDDeleted with the end of the session or closing the browser.
__stripe_midStores the session ID1 year
__stripe_sidStores the session ID30 minutes
AWSALBStores a session ID of the payment provider for the donation tool1 year
AWSALBCORSStores a session ID of the payment provider for the donation tool1 year

The following data is stored and transmitted in the cookies:

document.cookie

  • twitter=true
  • facebook=true
  • youtube=true
  • vimeo=true
  • instagram=true

MATOMO_SESSID, piwik_ignore, mtm_consentand mtm_consent_removed, __stripe_mid, __stripe_sid, AWSALB, AWSALBCORS

  • random, generated, non-personalized session ID

2. Legal Basis for Data Processing

Data processing is performed pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4, 16, 17 BayDig. If the processing of personal data is based on consent, it is done subject to Article 6 paragraph 1 letter a GDPR, §25 TTDSG.

3. Duration of Data Processing

Session cookies are automatically deleted at the end of your visit when you close your browser or leave the website.

4. Objection and Deletion Options

The cookies used are stored on your computer and transmitted from it to LMU's website. As a user, you therefore have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

5. How do I adjust the cookie settings in my browser?

Every browser is different when it comes to setting cookies and your preferences. Please learn about this on the respective pages:

The use of JavaScript applications can be disabled by configuring your browser. Disabling it may affect the display of some elements, for example, contact forms, video players, or collapsible elements.

However, some elements on our website require that the web browser accessing them can still be identified after switching pages. If cookies are disabled for LMU's website, it may no longer be possible to use all of the website's features.

The following services can only be used if cookies are stored:

  • Web forms
  • All content secured via the central authentication mechanism

The transmission of Flash cookies cannot be prevented via the web browser settings, but by changing the Flash Player setting.

V. Use of the Matomo website analysis tool

1. Purpose and Scope of Data Processing

We use the open source software tool Matomo (formerly PIWIK, https://www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo")) to analyse surfing behavior on some web pages. This enables us to learn how the website is used and to constantly improve our website and content. Matomo is also indispensable for necessary maintenance work, so that updates of page content may be carried out outside the most visited times, or - if particular content is largely accessed using mobile devices - so that it can be adapted accordingly (e.g. to ensure accessibility). In addition, server resources can be distributed efficiently with the help of Matomo web analytics and load management can be better coordinated. To fulfill the aforementioned tasks and to ensure data security, we operate Matomo on our own LMU server. generally do not use cookies for statistical analysis with Matomo. We also do not store any information on the requesting computers of our website visitors and do not access information that is already stored in the end devices of our visitors. Matomo at LMU is configuration so that no personal data are processed. The processing does not fall within the scope of the GDPR, nor does it fall under the legal provisions for a consent requirement pursuant to Art. 25 (1) TDDDG. Instead, Matomo uses already accrued log files that are automatically created when a web browser accesses an LMU website. Matomo processes the following data for purely statistical analysis:

  • IP address of the requesting computer -> this is anonymized before the analysis takes place
  • Browser type
  • Set language
  • Operating system
  • Time of the visit, time spent on the website
  • Pages accessed (URLs and page titles)
  • Content loaded during the visit (e.g. images, JavaScript or CSS files)
  • Frequency of visits to the website (aggregated file)

The Matomo software is configured so that 2 bytes of the IP address are masked before this information is evaluated. As a consequence, a unique assignment to the calling computer is no longer possible.

The statistical analysis only records visits to individual pages. Furthermore, it is not technically possible for us to track our website visitors with Matomo over several LMU websites or over several days. A profiling of our visitors by Matomo does not take place.

The data obtained with Matomo is not passed on to third parties or used for other purposes. In particular, it is not used for performance or behavior monitoring of website users. Further information on Matomo can be found at https://matomo.org/docs/privacy-how-to/ . Matomo's privacy policy can be found at https://matomo.org/privacy-policy/ .

Google Analytics is not used on LMU's web servers for data protection reasons.

2. Legal Basis for Data Processing

The data processing is carried out in accordance with articke 6 paragraph 1 letter e DSGVO, article 6 paragraph 1 BayDSG in conjunction with and Art. 2, 3 BayHIG. The data collected using Matomo technology (including your anonymized IP address) is processed on servers of the LRZ as part of the data processing agreement.

3. Duration of Data Processing

The use of the analysis data in the aforementioned form takes place as long as necessary for the purpose, for a maximum of one year.

4. Objection and Deletion Option

You can decide whether your visit to our website may be recorded by Matomo to enable the operator of the website to collect and analyze a variety of statistical—non-personal—data. If you do no longer agree or no longer agree with the processing of data by Matomo, you can object to storage and use at any time in the future by clicking below. The use of Matomo can be disabled in your web browser's settings. Most modern browsers have a "Do Not Track" option to instruct websites not to track your user activity. Matomo respects this option.

Please note: if you delete all of the cookies in your cookie settings, this will result in the opt-out cookie also being deleted and you may have to enable it again by clicking on the activation box.

5. How does Matomo track my visit to LMU Internet pages with this browser?

Personal Settings

Personal Settings

VI. Use of Provided Means of Communication

You can contact LMU electronically on LMU's website using the contact form, chat, or email. If necessary, you have the option of entering personal data. In addition, there will also be options to contact us via telephone, fax, and/or mail. Please refer to the websites of the respective LMU departments to find out which communication channels are available in each case.

VI.1 Use of a Contact Form

1. Scope and Purpose of Data Processing

If you select the contact form option, the data you provide will be transmitted to LMU and stored. This is usually the last name, first name, contact details, and the content of the message.

Please refer to the contact form or the notice of the institution responsible for the content of the respective website for specific details.

Required information, without which the request cannot be processed, is indicated as such in the contact form.

At the time the message is sent, the following data is also stored in addition to the data you have provided:

On the application server:

  • Email address of the user entered in the form
  • Recipient email address of the form

The personal data processed during the registration process is used to prevent the contact form from being misused and to ensure the security of our IT systems. When using the contact form, your data will be encrypted (https) and processed in internal systems (e.g. ticketing systems).

When using a contact form, you will be informed about the data collected at the time and your respective rights.

2. Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR. For the processing of data your consent will be obtained as part of the transmission process and reference will be made to this Privacy Policy and, if applicable, to additional specific data protection information. We would like to point out that the processing of data may also be done based on Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG. The processing of the personal data transmitted by you is necessary for the purpose of processing your request within the framework of the public tasks and legal obligations incumbent upon us.

3. Duration of Data Processing

The data is only processed for as long as your request is being handled and for the purpose of communication with you and will not be disclosed to third parties or used for other purposes unless further processing is permitted by law.

4. Objection and Deletion Options

You have the option to withdraw your consent for the processing of personal data at any time. If you contact us via the contact form, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further co nversation or correspondence will then no longer be possible.

VI.2 Use of an Email Address

1. Scope and Purpose of Data Processing

In addition to the contact form, it is also possible to send an email to an LMU email address provided for use on the respective website.

If you send us an email, we will process your email address and your message.

We would like to point out that you may only address inquiries to LMU email addresses, i.e., those that have been specified on LMU's website and made available for communication.

Please note that the use of unencrypted email is inherently insecure, i.e., it may be read, altered, or intercepted by third parties during transmission. Please take this into account when sending us information by email. For this reason, please use the postal service for sending messages requiring privacy, or use the public S/MIME (X509) certificate to encrypt your message. Please use only this key to encrypt your email sent to us as otherwise we may be unable to read your email. Courts, authorities, lawyers and all other legitimate users have the opportunity to communicate confidentially and securely with the LMU via the special administrative mailbox.

If you want to send us an unencrypted email, it is preferable to use a functional LMU address, provided that such an address is provided on the website or you have been informed of it. Please note that if you send us an email request, we will be unable to verify your identity and will not know who is behind the email address. Legally secure communication via an unsigned email is not guaranteed, even when encrypted. In order for us to be able to send you sensitive information, please also provide us with your postal address when making inquiries. It may otherwise not be possible to provide you with the required information. If you wish to receive an encrypted email from us, please provide the necessary information.

At LMU we sometimes use filters to prevent unsolicited commercial email (UCE or spam), which may also incorrectly identify emails as spam and delete them in some cases. Emails that might contain harmful programs, e.g. viruses, are deleted automatically. The use of contact data published in the context of the imprint obligation or on other websites of the LMU for sending unsolicited advertising and information materials is hereby expressly prohibited. The controller expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, including through spam e-mails.

2. Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR. Your consent will be obtained as part of the transmission process and reference will be made to the relevant Privacy Policies. We would like to point out that the processing of data may also be done based on Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG. Processing of the personal data you provide is necessary for the purpose of processing your request.

3. Duration of Data Processing

The data is only processed for as long as your request is being handled and for the purpose of communication with you and will not be disclosed to third parties or used for other purposes unless further processing is permitted by law.

4. Objection and Deletion Option

You have the option to withdraw your consent for the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further conversation or correspondence will then no longer be possible.

VI.3 Use of online appointment booking

1. Scope and purpose of data processing

Your data is collected in order to book an appointment and to be able to contact you. Only the data required for booking and processing the appointment will be processed, such as title, surname, first name, e-mail address, booking date (day, month, year, time), number of persons, request for the appointment. This is mandatory information, without which it is not possible to book an appointment. In addition, anny may collect technical data, e.g. cookies, IP address. Your data will be processed exclusively for the purpose of processing the appointment. The personal data collected will be forwarded to and processed by the relevant LMU department for the purpose of booking and processing appointments. The data will not be passed on to third parties.

2. Legal basis for data processing

Your personal data is processed in fulfillment of the tasks incumbent on LMU in accordance with Art. 6 para. 1 letter e, para. 2, 3 GDPR, Art. 4 para. 1 no. 1 BayDSG, Art. 19 BayDiG, § 10, 18 AGO Bayern. Insofar as the appointment booking is made for the initiation, execution or termination of a contract, the legal basis is Art. 6 para. 1 letter b GDPR. Voluntary information is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Technically, online appointment booking is implemented as part of order processing. The processor is anny GmbH, with which an order processing contract has been concluded (anny GmbH, Cäcilienstraße 30, 50667 Cologne, https://anny.eu/). Data processing takes place on servers in Germany. Insofar as the appointment booking is offered by a professional group that is subject to professional confidentiality, the processor anny has been obligated to professional confidentiality in accordance with section 203 StGB. Data transmission is encrypted. Further information on data protection at anny GmbH can be found at https://anny.eu/privacy/.

3. Duration of data processing

The data will be processed exclusively for the duration of the processing of your appointment and for communication with you and will not be passed on to third parties or used for other purposes, unless further processing is permitted by law. All personal data relating to appointment bookings will be anonymized 7 days after the end of the appointment.

4. Objection and removal options

You have the option of objecting to the processing of your personal data at any time and requesting its deletion. In this case, all relevant data will be deleted, provided that there are no legal regulations to the contrary. In such cases, further correspondence or attendance of the booked appointment is no longer possible. The appointment will be canceled without substitution.

5. Note on the possibilities of alternative appointment allocation

If you would like to make an appointment but do not want to or cannot use the online appointment system, the following alternatives are available to you:

  • by telephone (if provided by the relevant office)
  • electronically by e-mail (if provided by the relevant office)
  • by post (if provided by the relevant office).

VI.4 Use of the Chat Function

1. Scope and Purpose of Data Processing

On some of its websites, LMU offers a chat option during certain office hours. Chat is used by various LMU departments (e.g., University Library, Student Advisory Service) to communicate with you directly and informally using text messages, to quickly clarify simple and general inquiries, or to provide individual advice. The goal is to make customer service and administrative support efficient. It involves a live chat. You can therefore use the chat function like a contact form to get in touch with LMU employees almost in real time.

Using the chat function is not available for exchanging extensive data sets or documents (particularly if they are subject to professional or business secrecy), for processing special categories of personal data within the meaning of Article 9 paragraph 1 GDPR (e.g., health data), and for processing bank and payment data. No automated decision-making occurs during the chat, and no chatbots are used. A video chat will not take place, nor is it provided.

If you use the chat option, the following personal data is collected or transmitted to LMU: date when the chat was used for the first time, the current set status of the account (online/away/offline, also customizable by you), if necessary a profile picture that you have set. You decide yourself whether you want to provide us with personal data. Depending on the course of the conversation with our employees, personal data may be collected and processed during the chat. If you have a question about a personal matter (e.g., regarding your user account), personal data will be processed in order to provide the necessary authentication. The type of personal data required will depend on your request. Personal data will only be collected and processed within the scope of the purpose of your request.

The open source software Rocket.Chat (https://rocket.chat) is used as the technical platform. The chat is operated by the LRZ (Leibniz Supercomputing Centre). Use of the chat function is based on the applicable terms of use of LMU and Usage Regulations of the LRZ (https://www.lrz.de/wir/regelwerk/).

Communication will be encrypted. When the chat function is used, cookies (text files) are set, which are stored on your computer and are technically necessary for using the service. These are session cookies. Session cookies are automatically deleted when the browser is closed. The information generated by the cookie is stored exclusively on LRZ servers and will not be transmitted to third parties.

2. Legal Basis of Data Processing

As part of using the chat function, your personal data will be processed with your consent pursuant to Article 6 paragraph 1 letter a GDPR, which will be obtained prior to each chat use whenever necessary.

3. Duration of Data Processing

The data is only processed for as long as your request is being handled and for the purpose of chat communication with you and will not be disclosed to third parties unless further processing is permitted by law. The storage of chat data also serves the purpose of ensuring the security of our IT systems. All content, messages, and data are automatically erased permanently no later than after one year. Until then, the data will be used for the fulfillment of accountability. You can delete your own chat at any time—as long as the chat window is still open.

4. Objection and Deletion Option

You have the option to withdraw your consent at any time. To do so, contact the respective department with which you are using the chat function. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further conversation or correspondence within the chat will then no longer be possible.

VI.5 Use of other Means of Communication (e.g., Postal Mail, Telephone, Fax)

You can contact LMU using the contact details provided on the website.

If you send us a request or express an idea by mail, telephone, or fax, the information provided will be processed exclusively for the purpose of handling your request and for any follow-up questions and the exchange of ideas. We generally use the same communication channel for this purpose, unless you specify an alternative.

Personal data can only be communicated to authorized persons and if satisfactory identification and transmission security is ensured. A postal address is also generally required for communication and must be provided.

VI.6 Use of videoconferencing systems

If you participate in a video conference organised by us, a webinar or an online meeting, etc. (hereinafter referred to as “video conferencing”), we process your personal data as part of your participation. When participating in a video conference, different categories of data are processed. The scope of the data also depends on what data you provide before or when attending a video conference and which videoconferencing system is used. If you are attending a video conference organised by us, you usually have to provide at least one name when registering. In principle, however, you can also use a pseudonym, unless the name is required for participation or authentication. Your IP address will also be processed to enable your participation and to store login information and device/hardware information. E-mail address and profile picture will also be processed, if specified. If you dial in by phone, your phone number and IP address will be processed.

In order to allow you to participate in the video conferencing, the data will be processed by the microphone of your device as well as any video camera of the device and, if you share your screen, information from this “Screenshare”. You can switch off or mute the camera or microphone at any time. Whether and which parts of your screen are shared, determine for yourself. You can create audio and video recordings of the video conferencing. In this case, corresponding files of all video, audio and presentation recordings are processed. There is always a reference to the recording, if such is done and, if necessary, the explicit consent of the participants in the recording is always obtained. You may have the option of using the chat, question or survey functions in a video conference. In this respect, the text inputs you have made will be processed in order to display them in the videoconference and, if necessary, to log them.

If the participation takes place voluntarily, the legal basis is the consent in accordance with Art. 6 (1) (a) GDPR. Furthermore, the legal basis for data processing when performing videoconferencing is Article 6(1)(b) GDPR, insofar as the meetings are carried out in the context of contractual relationships or in order to initiate a contractual relationship (e.g. videoconferencing with our clients in the context of the implementation of a project or participating in a webinar).

Insofar as personal data of our employees are processed, Art. 6(1)(b) is the legal basis for data processing, provided that German law applies to the processing of employee data. If German law does not apply to the processing of employee data or if, in connection with the participation in videoconferencing, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but should nevertheless be an elementary part of participating in a videoconference, our performance of tasks is also the legal basis for data processing in accordance with Article 6(1)(e) GDPR. Our tasks arise primarily from the University Innovation Act.

For the performance of videoconferencing, we use one or more service providers as processors on the basis of a contract processing pursuant to Art. 28 GDPR. Personal data may be transferred to a third country outside the EU. If there is no adequacy decision by the EU Commission for the respective third country, we guarantee that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR (e.g. standard contractual clauses). Further information can be found in the data protection information referred to in the respective use.

VII. Newsletter Subscription

1. Scope and Purpose of Data Processing

You may have the option of subscribing to a free newsletter on our website. The department offering the newsletter is responsible for this. If personal data is collected for the purpose of sending a newsletter, it will only be processed for this purpose and will not be disclosed to third parties or processed for any other purpose. As a rule, only an email address is required and processed and it does not have to be a personal email address.

The registration system with an additional confirmation message including a link to final registration (double opt-in) ensures that you explicitly want to receive the newsletter and that it will be sent to the email address you have provided.

2. Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR. If a service provider is used to send the newsletter, this is done after concluding a data processing agreement and in compliance with the general principles for data transmission and the data protection guarantees pursuant to Article 44 et seq. GDPR.

3. Duration of Data Processing

Personal data will be processed for the duration of the newsletter subscription until it is canceled. The data will be deleted as soon as the newsletter is unsubscribed or discontinued or the deletion is legally mandatory for other reasons.

4. Objection and Deletion Option

A newsletter subscription can be canceled at any time. To do so, please use the email address or link provided by the person or persons responsible for sending the newsletter.

You will receive additional information when you subscribe to a newsletter.

VIII. Use of RSS News Feeds

An RSS news feed is a like a newsletter that we use to keep you informed about the latest events. A list of the main RSS news feeds is available at https://www.lmu.de/en/newsroom/index.html.

You can read the RSS feed in your browser or by using a dedicated program (RSS newsreader) without having to provide any contact details.

You can unsubscribe from an RSS news feed at any time. You will receive additional information when you subscribe to an RSS news feed.

IX. Google Custom Search

1. Scope and Purpose of Data Processing

To help you find information on our pages, we use Google Custom Search. No Google ads are displayed in the search results. The search field on this website ("Google Custom Search") is provided by Google LLC ("Google").

Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge or agree that Google may use the personal data for its own purposes pursuant to Google's privacy policy (available at https://policies.google.com/privacy?hl=en-GB). The use of Google Custom Search is the sole responsibility of the user.

2. Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR.

3. Duration of Data Processing

Data processing is based on Google's privacy policy (https://policies.google.com/privacy?hl=en-GB).

4. Objection and Deletion Options

If you do not want to transmit data to Google or do not want to accept Google's privacy policy, please refrain from using the search feature. Only if you use the search field will data be transmitted to Google.

If you do not want to use this service, you can use https://duckduckgo.com/?s ite=www.lmu.de or https://www.qwant.com/?q=site:www.lmu.de to search our website.

IX. Google Custom Search

a) Scope and Purpose of Data Processing

To help you find information on our pages, we use Google Custom Search. No Google ads are displayed in the search results. The search field on this website ("Google Custom Search") is provided by Google LLC ("Google").

Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge or agree that Google may use the personal data for its own purposes pursuant to Google's privacy policy (available at https://policies.google.com/privacy?hl=en-GB). The use of Google Custom Search is the sole responsibility of the user.

b) Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR.

c) Duration of Data Processing

Data processing is based on Google's privacy policy (https://policies.google.com/privacy?hl=en-GB).

d) Objection and Deletion Options

If you do not want to transmit data to Google or do not want to accept Google's privacy policy, please refrain from using the search feature. Only if you use the search field will data be transmitted to Google.

If you do not want to use this service, you can use https://duckduckgo.com/?s ite=www.lmu.de or https://www.qwant.com/?q=site:www.lmu.de to search our website.

Specific information on data processing on the LMU internet pages

X. Your Data Protection Rights

Personal data is processed to the extent described above on LMU's website. To this extent, you are a data subject as defined by the GDPR and you have the following rights with respect to LMU:

X.1 Right of Access

Pursuant to Article 15 GDPR, you may request confirmation from LMU as to whether we are processing personal data relating to you.

If such processing is taking place, you may request information about the personal data being processed and the following additional information:

  • The purposes for which the personal data is processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;
  • The planned duration of storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
  • The existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller or controllers, and a right to object to such processing;
  • The right to lodge a complaint with a supervisory authority; the data protection supervisory authority directly responsible for LMU is the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de/index.html.en).
  • Any available information about the source of the data, if the personal data is not collected from you;
  • The existence of automated decision-making, including profiling, pursuant to Article 22 paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject;
  • You have the right to request information about whether personal data relating to you is transmitted to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.
  • The right to access information is subject to legal restrictions and does not apply absolutely, but rather is limited in particular in the following cases:
  • If a large amount of information is stored about the data subject, LMU may require specification as to what information or processing operations the request for information specifically relates to.
  • Manifestly unfounded or excessive requests or frequent repetitions may lead to rejection or to an obligation to reimburse costs.
  • The provision of information must not infringe the rights of LMU or other persons (in this respect, professional secrecy, business secrecy, data relating to other persons are excluded).
  • Under the conditions specified in Article 10 BayDSG, information may be withheld.
  • If data is processed for scientific or historical research purposes and for statistical purposes, your right to access data may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

X.2 Right to Rectification

Pursuant to Article 16 GDPR, you have a right of rectification and/or completion with respect to LMU, if the personal data processed relating to you is inaccurate or incomplete. LMU will rectify the data without undue delay to the extent required by law.

If data is processed for scientific or historical research purposes and for statistical purposes, your right to rectification may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

X.3 Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data relating to you pursuant to Article 18 GDPR:

  • If you dispute the accuracy of the personal data relating to you for a period enabling LMU to verify the accuracy of the personal data;
  • Processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
  • LMU no longer requires the personal data for the purposes of processing, but you need them for the assertion, exercise, or defense of legal claims, or
  • If you have objected to the processing pursuant to Article 21 paragraph 1 GDPR and it has not yet been determined whether the legitimate grounds of LMU override your legitimate interests.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If processing has been restricted pursuant to the above conditions, you will be informed by LMU before the restriction is lifted.

If data is processed for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).

X.4 Right to Erasure ('Right To Be Forgotten')

Pursuant to Article 17 GDPR, you may demand that LMU immediately erase the personal data relating to you. LMU is obligated to immediately erase this data if one of the following reasons applies:

  • The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed, and processing for other purposes is unlawful.
  • You withdraw your consent on which processing was based pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.
  • You object to processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21 paragraph 2 GDPR.
  • The personal data relating to you has been processed unlawfully.
  • The erasure of the personal data relating to you is necessary for fulfillment of a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data relating to you has been collected in connection with information society services offered pursuant to Article 8 paragraph 1 GDPR.
  • If LMU has made public the personal data relating to you and is obligated to erase it pursuant to Article 17 paragraph 1 GDPR, it shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of such personal data, taking into account the available technology and the cost of implementation.
  • The right to erasure does not apply to the extent that processing is necessary for the exercise of the right to freedom of expression and information.
  • For compliance with a legal obligation which requires processing under Union law or the law of a Member State which LMU is subject to, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in LMU.
  • For reasons of public interest in the area of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 GDPR.
  • For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 GDPR, if the right referred to in (a) above is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
  • For the assertion, exercise, or defense of legal claims.

X.5 Right to Notification

If you have asserted the right to rectification, erasure, or restriction of processing with respect to LMU, we are obligated pursuant to Article 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right with respect to LMU to be notified about these recipients.

X.6 Right to Data Portability

Under the conditions of Article 20 GDPR, you have the right to receive the personal data concerning you that you have provided to LMU in a structured, common, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by LMU, provided that processing is based on consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract pursuant to Article 6 paragraph 1 letter b GDPR and processing is carried out with the help of automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from LMU to another controller if technically feasible. The freedoms and rights of others must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU.

X.7 Right to Object

Under the conditions of Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR.

LMU will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or for the assertion, exercise, or defense of legal claims.

You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated means using technical specifications.

Where personal data relating to you is processed for scientific or historical research purposes and for statistical purposes pursuant to Article 89 paragraph 1 GDPR, you also have the right to object to such data processing on grounds relating to your particular situation.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of those purposes (Article 25 BayDSG).

X.8 Right to Withdraw the Declaration of Consent under Data Protection Law

You have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The right of withdrawal will not affect the lawfulness of processing based on consent before its withdrawal (Article 7 paragraph 3 GDPR). Withdrawal must always be declared to the department at LMU that obtained the consent or to whom you gave your consent.

X.9 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).

The supervisory authority responsible for LMU is the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de). The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

X.10 Assertion of Rights

If you believe that the processing of the personal data relating to you violates the GDPR or if you wish to otherwise exercise your rights, please first get in touch with the contact person responsible for the content of the respective website — as named in the imprint — and/or the responsible department with which you have been in contact regarding the data processing in question, as this will make a prompt review and any necessary remedial action possible on your behalf. This particularly applies if you wish to withdraw your consent. You can also contact the data protection officer at LMU. It is our goal and ambition to immediately clarify any questions related to data protection and to resolve any data protection issues without delay.

B) Data Protection Information about Specific Data Processing

I. Use of Google Maps

1. Scope and Purpose of Data Processing

Some of LMU's websites use the map service Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The map service can be used to display geographical information for contacts and directions. The use of Google Maps is not absolutely required to get information from our website and therefore it is entirely up to you if you want to use it. However, embedding Google Maps on our website is done to increase the attractiveness of our website and to ensure that you can quickly and easily find the places we have indicated on our website. This is done as part of LMU's public relations work.

Embedding takes place exclusively using an API (2-click solution). In this programming interface, only when you click the "Switch to Google Maps" button will data be transmitted to Google.

When using Google's features, Google processes your IP address and possibly other personal data (e.g., information on the use of this website or sub-pages or the data provided in Google Maps, the language of the system, and various browser-specific details). When accessing the site with a GPS-enabled device, the location may also be transmitted. Google uses cookies.

This provides Google with information, among other things, that you have accessed our website or the sub-page. This information is usually transmitted to a Google server in the USA and stored there. This occurs regardless of whether Google provides a user account which you are logged into or whether there is no user account. If you are logged into Google, your data can be associated with your user account.

If you do not want this data to be associated with your profile at Google, you must first log out of your user account at Google before switching to Google Maps. However, Google stores your data (even for users who are not logged in or registered) as usage profiles and evaluates them for its own purposes of advertising, market research, and needs-based design of its websites and may also inform other users of the social network (e.g., Google+) about your activities on our website.

More information about the handling of usage data is available in Google's terms of service and privacy policy.

Google's terms of service are available at https://policies.google.com/terms?hl=en-GB and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.

Google's privacy policy is available at https://policies.google.com/privacy?hl=en-GB and https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.

2. Legal Basis of Data Processing

Data processing is done subject to Article 6 paragraph 1 letter a GDPR. When you access the respective pages, you will be asked for your consent to use the map service under these terms and conditions. You can withdraw this declaration of consent at any time.

3. Duration of Data Processing

LMU does not process any additional personal data on its website when Google Maps is used. LMU has no influence on the type, scope, and duration of the data processed by Google, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

4. Objection and Deletion Options

You have the right to object to the creation of these usage profiles, although you must contact Google directly and exclusively to exercise this right. As the provider of its website, LMU has no influence over this data processing. If you do not agree to the transmission of your personal data to Google, do not click on "Switch to Google Maps." No data will then be transmitted to Google, but no map will be opened either.

Alternatively, you also have the option of changing your personal settings in Google's Privacy Center (https://policies.google.com/privacy?hl=en).

II. Use of Social Media and Social Media Icons and Links

Our presence on social media is part of our public relations work. Our aim is to provide information tailored to the target group and to exchange ideas with you. This also enables us to make quick contact with you online and to communicate directly with you through the media of your choice, art. 16 BayDig, Section 5 paragraph 1 no. 2 DDG. When using social media icons from Facebook, Instagram, Twitter, and YouTube on LMU's website, no automatic transmission of your personal data takes place. To avoid automatic data transmission to social media providers, the content embedded on LMU's website is based on a link. No social media plugins are used on LMU's website for data protection reasons.

II.1 Data Protection Provisions on the Use and Application of Facebook and Facebook Icons

Our website uses social media icons of the social network facebook.com. The web pages at https://www.facebook.com/ and the services on these pages are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ("Facebook"). The icons feature a Facebook logo.

1. Scope and Purpose of Data Processing

We use social media icons from Facebook only in extended privacy mode. By default, no automated connection is made to Facebook's servers. This means that Facebook does not receive any data from website visitors when they access LMU's website.

If you are logged into Facebook while visiting our website, Facebook can associate the visit with your Facebook account. If you interact with Facebook, this information is transmitted directly from your browser to Facebook and stored there. We are not aware of what data Facebook associates with the personal data received and for what purpose Facebook uses this data.

If you are not a user of Facebook, there is still the possibility that Facebook will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Facebook.

The purpose and scope of data collection and the further processing and use of data by Facebook is available in Meta’s privacy policy at https://www.facebook.com/about/privacy/.

2. Legal Basis of Data Processing

The data processing takes place for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of public relations (Article 2 BayHIG).

For data processing by Meta in the USA, there is currently no recognised adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Meta to arrange the standard EU data protection clauses and provide for additional technical and organizational protective measures.

The use of Facebook is the responsibility of the user based on Meta’s privacy policy (https://www.facebook.com/about/privacy/; https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

3. Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Meta, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

4. Objection and Deletion Options

Please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/ for your rights and settings options for protecting your privacy on Facebook.

If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account, delete the respective cookies, and block the execution of script content from Facebook in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.2 Data Protection Provisions on the Use and Application of Instagram and Instragram Icons

Our website uses social media icons of the social network instagram.com. Instagram is an ad-supported online photo and video sharing service owned by Meta. The icons feature an Instagram logo.

1. Scope and Purpose of Data Processing

We use social media icons from Instagram only in extended privacy mode. By default, no automated connection is made to Instagram's servers. This means that Instagram does not receive any data from website visitors when they access LMU's website.

If you are logged into Instagram while visiting our website, Instagram can associate the visit with your Instagram account. If you interact with Instagram, this information is transmitted directly from your browser to Instagram and stored there. We are not aware of what data Instagram associates with the personal data received and for what purpose Instagram uses this data.

If you are not a user of Instagram, there is still the possibility that Instagram will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.

The purpose and scope of data collection and the further processing and use of data by Instagram is available in Instagram's privacy policy at https://help.instagram.com/519522125107875.

2. Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of performing public relations (Article 2 BayHIG)

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Instagram to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.

The use of Instagram is the responsibility of the user based on Instagram's privacy policy (https://help.instagram.com/519522125107875).

If you do not want Instagram to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account, delete the respective cookies, and block the execution of script content from Instagram in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.3 Data Protection Provisions on the Use and Application of Twitter and Twitter Icons

Our website uses social media icons of the provider Twitter (https://twitter.com). They are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. For those residing within the EU, the responsible company is the Irish company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The icons feature an Twitter logo.

1. Scope and Purpose of Data Processing

By using Twitter and the "re-tweet" feature, the websites you visit are associated with your Twitter account and disclosed to other users. Data is also transmitted to Twitter.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Twitter.

More information about this is available in Twitter's privacy policy at https://twitter.com/privacy.

2. Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the purpose of public relations (Article 2 BayHIG).

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Twitter to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.

The use of Twitter is the responsibility of the user based on Twitter's privacy policy (https://twitter.com/privacy).

3. Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Twitter, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

4. Objection and Deletion Options

For a detailed presentation of the forms of processing involved and the options to object (opt-out), please refer to the privacy policy and information provided by the operator Twitter Inc:

If you do not want Twitter to be able to associate your visit to our website with your Twitter account, please log out of your Twitter account, delete the respective cookies, and block the execution of script content from Twitter in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com/.

II.4 Data Protection Provisions on the Use and Application of YouTube and YouTube Icons

Embedded on some of our web pages are videos from the third-party video platform YouTube (https://www.youtube.com) operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. YouTube is a video portal owned by YouTube, LLC, a subsidiary of Google LLC. The icons feature a YouTube logo.

1. Scope and Purpose of Data Processing

We use embedded YouTube videos in extended privacy mode. By default, only disabled images from the YouTube channel are embedded, which do not automatically make a connection to YouTube's servers. This means that YouTube does not receive any data from website visitors when they access LMU's website.

You can decide for yourself whether the YouTube videos should be enabled. Only when you enable the playback of the videos by clicking "Permanent Activation" do you give your consent for the data required for this (including the URL of the current website and the IP address) to be transmitted to YouTube. When playing the videos, YouTube may store additional cookies via your browser and associate the data with its own user profiles or use the data for its own purposes. We have no influence over this storage.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by YouTube.

To save the setting you want, we set a cookie that saves the parameters. However, when setting these cookies, we do not store any personal data; they only contain anonymized data for adjusting the browser. The videos are then enabled and you can play them.

If you enable YouTube videos and are logged in as a member of YouTube, YouTube will associate this information with your personal user accounts. For more information on the collection and use of data by YouTube, please refer to YouTube's privacy policy at https://www.google.com/intl/de/policies/privacy/; https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

2. Legal Basis of Data Processing

Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the fulfillment of public relations (Article 2 BayHIG).

Due to data processing in the USA, however, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured.

The use of YouTube is the responsibility of the user based on YouTube's privacy policy (https://policies.google.com/privacy?hl=en-GB).

3. Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by YouTube, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

4. Objection and Deletion Options

If you would like to disable the automatic playing of YouTube videos again, you can uncheck the box for consent below the privacy icon. This will also update the cookie settings.

For any options to object, we refer to the privacy policy and information from the operator YouTube:

If you do not want YouTube to be able to associate your visit to our website with your YouTube account, please log out of your YouTube account, delete the respective cookies, and block the execution of script content from YouTube in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.

III. Data Processing as Part of the "Online Donation Tool to Support Research and Teaching at LMU Munich"

1. Scope and Purpose of Data Processing

On our websites https://www.lmu.de/stiftungen and https://www.lmu.de/en/workspace-for-students/student-support-services/finance-your-studies/scholarships/deutschlandstipendium/index.html (Stiftungen@LMU as well as the Deutschlandstipendium program coordination), we use the online donation tool to enable and process online donation payments (financial services). They are used for supporting research and teaching at LMU. Responsible for this are Stiftungen@LMU (https://www.uni-muenchen.de/kooperationen/stiftungen/index.html) and Deutschlandstipendium program coordination.

Your data will be collected in order to

  • Process online donation payments to LMU (in a business and accounting sense) and to manage the charitable contribution
  • Be able to contact donors in connection with the charitable contribution (e.g., for expressions of thanks) and for the transmission of information about LMU's activities

2. Legal Basis of Data Processing

The legal basis for processing is Art. 6 paragraph 1 letter b GDPR (charitable pledge pursuant to Section 516 et seq. of the German Civil Code (BGB)) on the basis of consent (Article 6 paragraph 1 letter a GDPR).

The charitable contribution is voluntary, but it is not possible without your personal data. Your personal data will be transmitted to the contract data processor Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany, as the technical operator of the online donation tool. A data processing agreement pursuant to Article 28 GDPR has been concluded. Transmission of your personal data to a third country or an international organization does not take place.

3. Duration of Data Processing

After being collected by LMU, your data is stored for as long as it is necessary to fulfill the purpose. This means that we retain your data for reasons of budgetary and tax law until the end of the statutory retention periods (currently up to ten years pursuant to Section 147 of the German Fiscal Code (AO)).

4. Objection and Deletion Options

You have the option of withdrawing, objecting to, and requesting the erasure of your data. The withdrawal, objection, or request for erasure will be considered as a withdrawal of the application for a scholarship or a waiver of a scholarship.

IV. Data Processing as Part of Submitting Applications

1. Scope and Purpose of Data Processing

LMU collects and processes personal data of applicants for the purpose of filling public positions at LMU and, for this purpose, to ensure a lawful examination of the applications as part of the application process and to be able to make a selection decision. The data provided is collected, stored, and processed electronically. In particular, this comprises:

  • Personal data (first name and last name, date of birth, address, school degree, severe disability, if applicable)
  • Communication data (telephone number, cell phone number, fax number, email address)
  • Education data (school, vocational training, university studies, doctoral studies, habilitation)
  • Data on your professional career to date, educational and work references
  • Information on other qualifications (e.g., language and PC skills)
  • Application photo, if applicable
  • Additional data required for the vacant position

The personal data you provide will be used exclusively for processing the application for the open position. The data will only be disclosed to persons involved in the application process. They may also include external experts, e.g., for appointment procedures, who are sworn to secrecy.

Unauthorized disclosure to third parties or third countries does not take place.

2. Legal Basis of Data Processing

Data processing is performed pursuant to Article 6 paragraph 1 sentence 1 letter b GDPR, Article 9 paragraph 2 letters b and h GDPR, Article 88 paragraph 1 GDPR, and Article 8 paragraph 1 sentence 1 nos. 2 and 3 BayDSG. By submitting your application, you confirm that you consent to data processing as part of and for the duration of the selection procedure. If an employment relationship is established following the application process, the personal data required in the context of employment will be processed in accordance with Article 88 paragraph 1 GDPR in conjunction with Article 8 BayDSG and, if applicable, in conjunction with Article 103 et seq. BayBG [Bavarian Civil Service Act].

3. Duration of Data Processing

If no employment relationship is established following the application process, the application documents are erased six months after notification of the rejection decision. The erasure period results from Article 17 paragraph 3 letter b GDPR in conjunction with Section 15 paragraph 4 AGG [General Equal Treatment Act], and Section 61b paragraph 1 ArbGG [Labor Court Act].

4. Objection and Deletion Options

You have the option of objecting to data processing and requesting the erasure of your data. Your objection or any request for erasure will prevent the data from being processed and will therefore be deemed to be a withdrawal of the application. Applicants will receive additional information on data protection from the department responsible for filling the position following receipt of the application.

V. Photo Publication

1. Scope and Purpose of Data Processing

During events and appointments, photos may be taken in which you may be identifiable. These photos may be published on LMU's website.

2. Legal Basis of Data Processing

Data processing is performed as part of public relations work pursuant to Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG, Article 2 BayHIG, or based on your consent pursuant to Article 6 paragraph 1 letter a GDPR.

3. Duration of Data Processing

Data processing will be performed as long as it is necessary for the fulfillment of the LMU's tasks or until your consent is withdrawn.

4. Objection and Deletion Option

You can object to photos being taken and/or published. You can withdraw your consent at any time with effect for the future.

VI. Processing of personal data in contractual relationships

LMU processes personal data as a contracting party under civil law or as a public law office. Examples of this are the procurement of office materials, IT or auxiliary services. In pursuing its own interests, LMU may also process the personal data of the contracting party's employees. LMU's interest lies in the initiation, conclusion and execution of such contractual relationships.

C) Validity of the Privacy Policy

LMU's Privacy Policy applies to all of LMU's websites for which LMU is responsible under data protection law.

It applies as a supplement to the extent that LMU processes personal data at its own responsibility on social networks:

When we provide links to websites of other organizations, this Privacy Policy does not apply to the processing of personal data by those organizations. We therefore recommend that you read the privacy policies on the other websites you visit.

A supplementary Privacy Policy may also apply to the respective LMU website, to the extent that the person or persons responsible for the content of the LMU website perform additional processing of personal data and provide information about this. This applies in particular if specific services are provided by individual departments or units. In each case, the supplementary data protection information on each of LMU's websites is part of LMU's Privacy Policy.

D) Version and Changes to the Privacy Policy

LMU's Privacy Policy for its website was last revised on 24/06/2024. We reserve the right to update this Privacy Policy from time to time to reflect current legal requirements and technical changes and to implement our services and offerings in a manner that complies with data protection laws. If this is the case, we will update the date in this statement. For your visit to an LMU website, the current version applies at the time of the visit.

Revised 24/06/2024