Personal Settings
VI. Use of Provided Means of Communication
You can contact LMU electronically on LMU's website using the contact form, chat, or email. If necessary, you have the option of entering personal data. In addition, there will also be options to contact us via telephone, fax, and/or mail. Please refer to the websites of the respective LMU departments to find out which communication channels are available in each case.
VI.1 Use of a Contact Form
1. Scope and Purpose of Data Processing
If you select the contact form option, the data you provide will be transmitted to LMU and stored. This is usually the last name, first name, contact details, and the content of the message.
Please refer to the contact form or the notice of the institution responsible for the content of the respective website for specific details.
Required information, without which the request cannot be processed, is indicated as such in the contact form.
At the time the message is sent, the following data is also stored in addition to the data you have provided:
On the application server:
- Email address of the user entered in the form
- Recipient email address of the form
The personal data processed during the registration process is used to prevent the contact form from being misused and to ensure the security of our IT systems. When using the contact form, your data will be encrypted (https) and processed in internal systems (e.g. ticketing systems).
When using a contact form, you will be informed about the data collected at the time and your respective rights.
2. Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR. For the processing of data your consent will be obtained as part of the transmission process and reference will be made to this Privacy Policy and, if applicable, to additional specific data protection information. We would like to point out that the processing of data may also be done based on Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG. The processing of the personal data transmitted by you is necessary for the purpose of processing your request within the framework of the public tasks and legal obligations incumbent upon us.
3. Duration of Data Processing
The data is only processed for as long as your request is being handled and for the purpose of communication with you and will not be disclosed to third parties or used for other purposes unless further processing is permitted by law.
4. Objection and Deletion Options
You have the option to withdraw your consent for the processing of personal data at any time. If you contact us via the contact form, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further co nversation or correspondence will then no longer be possible.
VI.2 Use of an Email Address
1. Scope and Purpose of Data Processing
In addition to the contact form, it is also possible to send an email to an LMU email address provided for use on the respective website.
If you send us an email, we will process your email address and your message.
We would like to point out that you may only address inquiries to LMU email addresses, i.e., those that have been specified on LMU's website and made available for communication.
Please note that the use of unencrypted email is inherently insecure, i.e., it may be read, altered, or intercepted by third parties during transmission. Please take this into account when sending us information by email. For this reason, please use the postal service for sending messages requiring privacy, or use the public S/MIME (X509) certificate to encrypt your message. Please use only this key to encrypt your email sent to us as otherwise we may be unable to read your email. Courts, authorities, lawyers and all other legitimate users have the opportunity to communicate confidentially and securely with the LMU via the special administrative mailbox.
If you want to send us an unencrypted email, it is preferable to use a functional LMU address, provided that such an address is provided on the website or you have been informed of it. Please note that if you send us an email request, we will be unable to verify your identity and will not know who is behind the email address. Legally secure communication via an unsigned email is not guaranteed, even when encrypted. In order for us to be able to send you sensitive information, please also provide us with your postal address when making inquiries. It may otherwise not be possible to provide you with the required information. If you wish to receive an encrypted email from us, please provide the necessary information.
At LMU we sometimes use filters to prevent unsolicited commercial email (UCE or spam), which may also incorrectly identify emails as spam and delete them in some cases. Emails that might contain harmful programs, e.g. viruses, are deleted automatically. The use of contact data published in the context of the imprint obligation or on other websites of the LMU for sending unsolicited advertising and information materials is hereby expressly prohibited. The controller expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, including through spam e-mails.
2. Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR. Your consent will be obtained as part of the transmission process and reference will be made to the relevant Privacy Policies. We would like to point out that the processing of data may also be done based on Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG. Processing of the personal data you provide is necessary for the purpose of processing your request.
3. Duration of Data Processing
The data is only processed for as long as your request is being handled and for the purpose of communication with you and will not be disclosed to third parties or used for other purposes unless further processing is permitted by law.
4. Objection and Deletion Option
You have the option to withdraw your consent for the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further conversation or correspondence will then no longer be possible.
VI.3 Use of online appointment booking
1. Scope and purpose of data processing
Your data is collected in order to book an appointment and to be able to contact you. Only the data required for booking and processing the appointment will be processed, such as title, surname, first name, e-mail address, booking date (day, month, year, time), number of persons, request for the appointment. This is mandatory information, without which it is not possible to book an appointment. In addition, anny may collect technical data, e.g. cookies, IP address. Your data will be processed exclusively for the purpose of processing the appointment. The personal data collected will be forwarded to and processed by the relevant LMU department for the purpose of booking and processing appointments. The data will not be passed on to third parties.
2. Legal basis for data processing
Your personal data is processed in fulfillment of the tasks incumbent on LMU in accordance with Art. 6 para. 1 letter e, para. 2, 3 GDPR, Art. 4 para. 1 no. 1 BayDSG, Art. 19 BayDiG, § 10, 18 AGO Bayern. Insofar as the appointment booking is made for the initiation, execution or termination of a contract, the legal basis is Art. 6 para. 1 letter b GDPR. Voluntary information is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
Technically, online appointment booking is implemented as part of order processing. The processor is anny GmbH, with which an order processing contract has been concluded (anny GmbH, Cäcilienstraße 30, 50667 Cologne, https://anny.eu/). Data processing takes place on servers in Germany. Insofar as the appointment booking is offered by a professional group that is subject to professional confidentiality, the processor anny has been obligated to professional confidentiality in accordance with section 203 StGB. Data transmission is encrypted. Further information on data protection at anny GmbH can be found at https://anny.eu/privacy/.
3. Duration of data processing
The data will be processed exclusively for the duration of the processing of your appointment and for communication with you and will not be passed on to third parties or used for other purposes, unless further processing is permitted by law. All personal data relating to appointment bookings will be anonymized 7 days after the end of the appointment.
4. Objection and removal options
You have the option of objecting to the processing of your personal data at any time and requesting its deletion. In this case, all relevant data will be deleted, provided that there are no legal regulations to the contrary. In such cases, further correspondence or attendance of the booked appointment is no longer possible. The appointment will be canceled without substitution.
5. Note on the possibilities of alternative appointment allocation
If you would like to make an appointment but do not want to or cannot use the online appointment system, the following alternatives are available to you:
- by telephone (if provided by the relevant office)
- electronically by e-mail (if provided by the relevant office)
- by post (if provided by the relevant office).
VI.4 Use of the Chat Function
1. Scope and Purpose of Data Processing
On some of its websites, LMU offers a chat option during certain office hours. Chat is used by various LMU departments (e.g., University Library, Student Advisory Service) to communicate with you directly and informally using text messages, to quickly clarify simple and general inquiries, or to provide individual advice. The goal is to make customer service and administrative support efficient. It involves a live chat. You can therefore use the chat function like a contact form to get in touch with LMU employees almost in real time.
Using the chat function is not available for exchanging extensive data sets or documents (particularly if they are subject to professional or business secrecy), for processing special categories of personal data within the meaning of Article 9 paragraph 1 GDPR (e.g., health data), and for processing bank and payment data. No automated decision-making occurs during the chat, and no chatbots are used. A video chat will not take place, nor is it provided.
If you use the chat option, the following personal data is collected or transmitted to LMU: date when the chat was used for the first time, the current set status of the account (online/away/offline, also customizable by you), if necessary a profile picture that you have set. You decide yourself whether you want to provide us with personal data. Depending on the course of the conversation with our employees, personal data may be collected and processed during the chat. If you have a question about a personal matter (e.g., regarding your user account), personal data will be processed in order to provide the necessary authentication. The type of personal data required will depend on your request. Personal data will only be collected and processed within the scope of the purpose of your request.
The open source software Rocket.Chat (https://rocket.chat) is used as the technical platform. The chat is operated by the LRZ (Leibniz Supercomputing Centre). Use of the chat function is based on the applicable terms of use of LMU and Usage Regulations of the LRZ (https://www.lrz.de/wir/regelwerk/).
Communication will be encrypted. When the chat function is used, cookies (text files) are set, which are stored on your computer and are technically necessary for using the service. These are session cookies. Session cookies are automatically deleted when the browser is closed. The information generated by the cookie is stored exclusively on LRZ servers and will not be transmitted to third parties.
2. Legal Basis of Data Processing
As part of using the chat function, your personal data will be processed with your consent pursuant to Article 6 paragraph 1 letter a GDPR, which will be obtained prior to each chat use whenever necessary.
3. Duration of Data Processing
The data is only processed for as long as your request is being handled and for the purpose of chat communication with you and will not be disclosed to third parties unless further processing is permitted by law. The storage of chat data also serves the purpose of ensuring the security of our IT systems. All content, messages, and data are automatically erased permanently no later than after one year. Until then, the data will be used for the fulfillment of accountability. You can delete your own chat at any time—as long as the chat window is still open.
4. Objection and Deletion Option
You have the option to withdraw your consent at any time. To do so, contact the respective department with which you are using the chat function. In this case, all relevant data will be erased if there are no legal regulations to the contrary. Further conversation or correspondence within the chat will then no longer be possible.
VI.5 Use of other Means of Communication (e.g., Postal Mail, Telephone, Fax)
You can contact LMU using the contact details provided on the website.
If you send us a request or express an idea by mail, telephone, or fax, the information provided will be processed exclusively for the purpose of handling your request and for any follow-up questions and the exchange of ideas. We generally use the same communication channel for this purpose, unless you specify an alternative.
Personal data can only be communicated to authorized persons and if satisfactory identification and transmission security is ensured. A postal address is also generally required for communication and must be provided.
VI.6 Use of videoconferencing systems
If you participate in a video conference organised by us, a webinar or an online meeting, etc. (hereinafter referred to as “video conferencing”), we process your personal data as part of your participation. When participating in a video conference, different categories of data are processed. The scope of the data also depends on what data you provide before or when attending a video conference and which videoconferencing system is used. If you are attending a video conference organised by us, you usually have to provide at least one name when registering. In principle, however, you can also use a pseudonym, unless the name is required for participation or authentication. Your IP address will also be processed to enable your participation and to store login information and device/hardware information. E-mail address and profile picture will also be processed, if specified. If you dial in by phone, your phone number and IP address will be processed.
In order to allow you to participate in the video conferencing, the data will be processed by the microphone of your device as well as any video camera of the device and, if you share your screen, information from this “Screenshare”. You can switch off or mute the camera or microphone at any time. Whether and which parts of your screen are shared, determine for yourself. You can create audio and video recordings of the video conferencing. In this case, corresponding files of all video, audio and presentation recordings are processed. There is always a reference to the recording, if such is done and, if necessary, the explicit consent of the participants in the recording is always obtained. You may have the option of using the chat, question or survey functions in a video conference. In this respect, the text inputs you have made will be processed in order to display them in the videoconference and, if necessary, to log them.
If the participation takes place voluntarily, the legal basis is the consent in accordance with Art. 6 (1) (a) GDPR. Furthermore, the legal basis for data processing when performing videoconferencing is Article 6(1)(b) GDPR, insofar as the meetings are carried out in the context of contractual relationships or in order to initiate a contractual relationship (e.g. videoconferencing with our clients in the context of the implementation of a project or participating in a webinar).
Insofar as personal data of our employees are processed, Art. 6(1)(b) is the legal basis for data processing, provided that German law applies to the processing of employee data. If German law does not apply to the processing of employee data or if, in connection with the participation in videoconferencing, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but should nevertheless be an elementary part of participating in a videoconference, our performance of tasks is also the legal basis for data processing in accordance with Article 6(1)(e) GDPR. Our tasks arise primarily from the University Innovation Act.
For the performance of videoconferencing, we use one or more service providers as processors on the basis of a contract processing pursuant to Art. 28 GDPR. Personal data may be transferred to a third country outside the EU. If there is no adequacy decision by the EU Commission for the respective third country, we guarantee that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR (e.g. standard contractual clauses). Further information can be found in the data protection information referred to in the respective use.
VII. Newsletter Subscription
1. Scope and Purpose of Data Processing
You may have the option of subscribing to a free newsletter on our website. The department offering the newsletter is responsible for this. If personal data is collected for the purpose of sending a newsletter, it will only be processed for this purpose and will not be disclosed to third parties or processed for any other purpose. As a rule, only an email address is required and processed and it does not have to be a personal email address.
The registration system with an additional confirmation message including a link to final registration (double opt-in) ensures that you explicitly want to receive the newsletter and that it will be sent to the email address you have provided.
2. Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR. If a service provider is used to send the newsletter, this is done after concluding a data processing agreement and in compliance with the general principles for data transmission and the data protection guarantees pursuant to Article 44 et seq. GDPR.
3. Duration of Data Processing
Personal data will be processed for the duration of the newsletter subscription until it is canceled. The data will be deleted as soon as the newsletter is unsubscribed or discontinued or the deletion is legally mandatory for other reasons.
4. Objection and Deletion Option
A newsletter subscription can be canceled at any time. To do so, please use the email address or link provided by the person or persons responsible for sending the newsletter.
You will receive additional information when you subscribe to a newsletter.
VIII. Use of RSS News Feeds
An RSS news feed is a like a newsletter that we use to keep you informed about the latest events. A list of the main RSS news feeds is available at https://www.lmu.de/en/newsroom/index.html.
You can read the RSS feed in your browser or by using a dedicated program (RSS newsreader) without having to provide any contact details.
You can unsubscribe from an RSS news feed at any time. You will receive additional information when you subscribe to an RSS news feed.
IX. Google Custom Search
1. Scope and Purpose of Data Processing
To help you find information on our pages, we use Google Custom Search. No Google ads are displayed in the search results. The search field on this website ("Google Custom Search") is provided by Google LLC ("Google").
Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge or agree that Google may use the personal data for its own purposes pursuant to Google's privacy policy (available at https://policies.google.com/privacy?hl=en-GB). The use of Google Custom Search is the sole responsibility of the user.
2. Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR.
3. Duration of Data Processing
Data processing is based on Google's privacy policy (https://policies.google.com/privacy?hl=en-GB).
4. Objection and Deletion Options
If you do not want to transmit data to Google or do not want to accept Google's privacy policy, please refrain from using the search feature. Only if you use the search field will data be transmitted to Google.
If you do not want to use this service, you can use https://duckduckgo.com/?s ite=www.lmu.de or https://www.qwant.com/?q=site:www.lmu.de to search our website.
IX. Google Custom Search
a) Scope and Purpose of Data Processing
To help you find information on our pages, we use Google Custom Search. No Google ads are displayed in the search results. The search field on this website ("Google Custom Search") is provided by Google LLC ("Google").
Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge or agree that Google may use the personal data for its own purposes pursuant to Google's privacy policy (available at https://policies.google.com/privacy?hl=en-GB). The use of Google Custom Search is the sole responsibility of the user.
b) Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR.
c) Duration of Data Processing
Data processing is based on Google's privacy policy (https://policies.google.com/privacy?hl=en-GB).
d) Objection and Deletion Options
If you do not want to transmit data to Google or do not want to accept Google's privacy policy, please refrain from using the search feature. Only if you use the search field will data be transmitted to Google.
If you do not want to use this service, you can use https://duckduckgo.com/?s ite=www.lmu.de or https://www.qwant.com/?q=site:www.lmu.de to search our website.
Specific information on data processing on the LMU internet pages
X. Your Data Protection Rights
Personal data is processed to the extent described above on LMU's website. To this extent, you are a data subject as defined by the GDPR and you have the following rights with respect to LMU:
X.1 Right of Access
Pursuant to Article 15 GDPR, you may request confirmation from LMU as to whether we are processing personal data relating to you.
If such processing is taking place, you may request information about the personal data being processed and the following additional information:
- The purposes for which the personal data is processed;
- The categories of personal data being processed;
- The recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;
- The planned duration of storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
- The existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller or controllers, and a right to object to such processing;
- The right to lodge a complaint with a supervisory authority; the data protection supervisory authority directly responsible for LMU is the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de/index.html.en).
- Any available information about the source of the data, if the personal data is not collected from you;
- The existence of automated decision-making, including profiling, pursuant to Article 22 paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject;
- You have the right to request information about whether personal data relating to you is transmitted to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.
- The right to access information is subject to legal restrictions and does not apply absolutely, but rather is limited in particular in the following cases:
- If a large amount of information is stored about the data subject, LMU may require specification as to what information or processing operations the request for information specifically relates to.
- Manifestly unfounded or excessive requests or frequent repetitions may lead to rejection or to an obligation to reimburse costs.
- The provision of information must not infringe the rights of LMU or other persons (in this respect, professional secrecy, business secrecy, data relating to other persons are excluded).
- Under the conditions specified in Article 10 BayDSG, information may be withheld.
- If data is processed for scientific or historical research purposes and for statistical purposes, your right to access data may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).
X.2 Right to Rectification
Pursuant to Article 16 GDPR, you have a right of rectification and/or completion with respect to LMU, if the personal data processed relating to you is inaccurate or incomplete. LMU will rectify the data without undue delay to the extent required by law.
If data is processed for scientific or historical research purposes and for statistical purposes, your right to rectification may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).
X.3 Right to Restriction of Processing
Under the following conditions, you may request the restriction of the processing of personal data relating to you pursuant to Article 18 GDPR:
- If you dispute the accuracy of the personal data relating to you for a period enabling LMU to verify the accuracy of the personal data;
- Processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
- LMU no longer requires the personal data for the purposes of processing, but you need them for the assertion, exercise, or defense of legal claims, or
- If you have objected to the processing pursuant to Article 21 paragraph 1 GDPR and it has not yet been determined whether the legitimate grounds of LMU override your legitimate interests.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If processing has been restricted pursuant to the above conditions, you will be informed by LMU before the restriction is lifted.
If data is processed for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be further restricted to the extent that it is likely to render impossible or seriously impair achievement of the research or statistical purposes and restriction is necessary for fulfillment of those purposes (Article 25 BayDSG).
X.4 Right to Erasure ('Right To Be Forgotten')
Pursuant to Article 17 GDPR, you may demand that LMU immediately erase the personal data relating to you. LMU is obligated to immediately erase this data if one of the following reasons applies:
- The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed, and processing for other purposes is unlawful.
- You withdraw your consent on which processing was based pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.
- You object to processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21 paragraph 2 GDPR.
- The personal data relating to you has been processed unlawfully.
- The erasure of the personal data relating to you is necessary for fulfillment of a legal obligation under Union or Member State law to which the controller is subject.
- The personal data relating to you has been collected in connection with information society services offered pursuant to Article 8 paragraph 1 GDPR.
- If LMU has made public the personal data relating to you and is obligated to erase it pursuant to Article 17 paragraph 1 GDPR, it shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of such personal data, taking into account the available technology and the cost of implementation.
- The right to erasure does not apply to the extent that processing is necessary for the exercise of the right to freedom of expression and information.
- For compliance with a legal obligation which requires processing under Union law or the law of a Member State which LMU is subject to, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in LMU.
- For reasons of public interest in the area of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 GDPR.
- For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 GDPR, if the right referred to in (a) above is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
- For the assertion, exercise, or defense of legal claims.
X.5 Right to Notification
If you have asserted the right to rectification, erasure, or restriction of processing with respect to LMU, we are obligated pursuant to Article 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right with respect to LMU to be notified about these recipients.
X.6 Right to Data Portability
Under the conditions of Article 20 GDPR, you have the right to receive the personal data concerning you that you have provided to LMU in a structured, common, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by LMU, provided that processing is based on consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract pursuant to Article 6 paragraph 1 letter b GDPR and processing is carried out with the help of automated means.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from LMU to another controller if technically feasible. The freedoms and rights of others must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU.
X.7 Right to Object
Under the conditions of Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR.
LMU will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or for the assertion, exercise, or defense of legal claims.
You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated means using technical specifications.
Where personal data relating to you is processed for scientific or historical research purposes and for statistical purposes pursuant to Article 89 paragraph 1 GDPR, you also have the right to object to such data processing on grounds relating to your particular situation.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of those purposes (Article 25 BayDSG).
X.8 Right to Withdraw the Declaration of Consent under Data Protection Law
You have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The right of withdrawal will not affect the lawfulness of processing based on consent before its withdrawal (Article 7 paragraph 3 GDPR). Withdrawal must always be declared to the department at LMU that obtained the consent or to whom you gave your consent.
X.9 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).
The supervisory authority responsible for LMU is the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de). The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
X.10 Assertion of Rights
If you believe that the processing of the personal data relating to you violates the GDPR or if you wish to otherwise exercise your rights, please first get in touch with the contact person responsible for the content of the respective website — as named in the imprint — and/or the responsible department with which you have been in contact regarding the data processing in question, as this will make a prompt review and any necessary remedial action possible on your behalf. This particularly applies if you wish to withdraw your consent. You can also contact the data protection officer at LMU. It is our goal and ambition to immediately clarify any questions related to data protection and to resolve any data protection issues without delay.
B) Data Protection Information about Specific Data Processing
I. Use of Google Maps
1. Scope and Purpose of Data Processing
Some of LMU's websites use the map service Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The map service can be used to display geographical information for contacts and directions. The use of Google Maps is not absolutely required to get information from our website and therefore it is entirely up to you if you want to use it. However, embedding Google Maps on our website is done to increase the attractiveness of our website and to ensure that you can quickly and easily find the places we have indicated on our website. This is done as part of LMU's public relations work.
Embedding takes place exclusively using an API (2-click solution). In this programming interface, only when you click the "Switch to Google Maps" button will data be transmitted to Google.
When using Google's features, Google processes your IP address and possibly other personal data (e.g., information on the use of this website or sub-pages or the data provided in Google Maps, the language of the system, and various browser-specific details). When accessing the site with a GPS-enabled device, the location may also be transmitted. Google uses cookies.
This provides Google with information, among other things, that you have accessed our website or the sub-page. This information is usually transmitted to a Google server in the USA and stored there. This occurs regardless of whether Google provides a user account which you are logged into or whether there is no user account. If you are logged into Google, your data can be associated with your user account.
If you do not want this data to be associated with your profile at Google, you must first log out of your user account at Google before switching to Google Maps. However, Google stores your data (even for users who are not logged in or registered) as usage profiles and evaluates them for its own purposes of advertising, market research, and needs-based design of its websites and may also inform other users of the social network (e.g., Google+) about your activities on our website.
More information about the handling of usage data is available in Google's terms of service and privacy policy.
Google's terms of service are available at https://policies.google.com/terms?hl=en-GB and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.
Google's privacy policy is available at https://policies.google.com/privacy?hl=en-GB and https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.
2. Legal Basis of Data Processing
Data processing is done subject to Article 6 paragraph 1 letter a GDPR. When you access the respective pages, you will be asked for your consent to use the map service under these terms and conditions. You can withdraw this declaration of consent at any time.
3. Duration of Data Processing
LMU does not process any additional personal data on its website when Google Maps is used. LMU has no influence on the type, scope, and duration of the data processed by Google, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.
4. Objection and Deletion Options
You have the right to object to the creation of these usage profiles, although you must contact Google directly and exclusively to exercise this right. As the provider of its website, LMU has no influence over this data processing. If you do not agree to the transmission of your personal data to Google, do not click on "Switch to Google Maps." No data will then be transmitted to Google, but no map will be opened either.
Alternatively, you also have the option of changing your personal settings in Google's Privacy Center (https://policies.google.com/privacy?hl=en).
II. Use of Social Media and Social Media Icons and Links
Our presence on social media is part of our public relations work. Our aim is to provide information tailored to the target group and to exchange ideas with you. This also enables us to make quick contact with you online and to communicate directly with you through the media of your choice, art. 16 BayDig, Section 5 paragraph 1 no. 2 DDG. When using social media icons from Facebook, Instagram, Twitter, and YouTube on LMU's website, no automatic transmission of your personal data takes place. To avoid automatic data transmission to social media providers, the content embedded on LMU's website is based on a link. No social media plugins are used on LMU's website for data protection reasons.
II.1 Data Protection Provisions on the Use and Application of Facebook and Facebook Icons
Our website uses social media icons of the social network facebook.com. The web pages at https://www.facebook.com/ and the services on these pages are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ("Facebook"). The icons feature a Facebook logo.
1. Scope and Purpose of Data Processing
We use social media icons from Facebook only in extended privacy mode. By default, no automated connection is made to Facebook's servers. This means that Facebook does not receive any data from website visitors when they access LMU's website.
If you are logged into Facebook while visiting our website, Facebook can associate the visit with your Facebook account. If you interact with Facebook, this information is transmitted directly from your browser to Facebook and stored there. We are not aware of what data Facebook associates with the personal data received and for what purpose Facebook uses this data.
If you are not a user of Facebook, there is still the possibility that Facebook will store your IP address.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by Facebook.
The purpose and scope of data collection and the further processing and use of data by Facebook is available in Meta’s privacy policy at https://www.facebook.com/about/privacy/.
2. Legal Basis of Data Processing
The data processing takes place for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of public relations (Article 2 BayHIG).
For data processing by Meta in the USA, there is currently no recognised adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Meta to arrange the standard EU data protection clauses and provide for additional technical and organizational protective measures.
The use of Facebook is the responsibility of the user based on Meta’s privacy policy (https://www.facebook.com/about/privacy/; https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
3. Duration of Data Processing
LMU has no influence on the type, scope, and duration of the data processed by Meta, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.
4. Objection and Deletion Options
Please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/ for your rights and settings options for protecting your privacy on Facebook.
If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account, delete the respective cookies, and block the execution of script content from Facebook in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.
II.2 Data Protection Provisions on the Use and Application of Instagram and Instragram Icons
Our website uses social media icons of the social network instagram.com. Instagram is an ad-supported online photo and video sharing service owned by Meta. The icons feature an Instagram logo.
1. Scope and Purpose of Data Processing
We use social media icons from Instagram only in extended privacy mode. By default, no automated connection is made to Instagram's servers. This means that Instagram does not receive any data from website visitors when they access LMU's website.
If you are logged into Instagram while visiting our website, Instagram can associate the visit with your Instagram account. If you interact with Instagram, this information is transmitted directly from your browser to Instagram and stored there. We are not aware of what data Instagram associates with the personal data received and for what purpose Instagram uses this data.
If you are not a user of Instagram, there is still the possibility that Instagram will store your IP address.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.
The purpose and scope of data collection and the further processing and use of data by Instagram is available in Instagram's privacy policy at https://help.instagram.com/519522125107875.
2. Legal Basis of Data Processing
Data processing is carried out for the performance of a public task and in the public interest in accordance with Article 6(1)(e), (3) GDPR in conjunction with Article 4(1) of the BayDSG and serves the purpose of performing public relations (Article 2 BayHIG)
For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Instagram to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.
The use of Instagram is the responsibility of the user based on Instagram's privacy policy (https://help.instagram.com/519522125107875).
If you do not want Instagram to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account, delete the respective cookies, and block the execution of script content from Instagram in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.
II.3 Data Protection Provisions on the Use and Application of Twitter and Twitter Icons
Our website uses social media icons of the provider Twitter (https://twitter.com). They are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. For those residing within the EU, the responsible company is the Irish company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The icons feature an Twitter logo.
1. Scope and Purpose of Data Processing
By using Twitter and the "re-tweet" feature, the websites you visit are associated with your Twitter account and disclosed to other users. Data is also transmitted to Twitter.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by Twitter.
More information about this is available in Twitter's privacy policy at https://twitter.com/privacy.
2. Legal Basis of Data Processing
Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the purpose of public relations (Article 2 BayHIG).
For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Twitter to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.
The use of Twitter is the responsibility of the user based on Twitter's privacy policy (https://twitter.com/privacy).
3. Duration of Data Processing
LMU has no influence on the type, scope, and duration of the data processed by Twitter, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.
4. Objection and Deletion Options
For a detailed presentation of the forms of processing involved and the options to object (opt-out), please refer to the privacy policy and information provided by the operator Twitter Inc:
If you do not want Twitter to be able to associate your visit to our website with your Twitter account, please log out of your Twitter account, delete the respective cookies, and block the execution of script content from Twitter in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com/.
II.4 Data Protection Provisions on the Use and Application of YouTube and YouTube Icons
Embedded on some of our web pages are videos from the third-party video platform YouTube (https://www.youtube.com) operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. YouTube is a video portal owned by YouTube, LLC, a subsidiary of Google LLC. The icons feature a YouTube logo.
1. Scope and Purpose of Data Processing
We use embedded YouTube videos in extended privacy mode. By default, only disabled images from the YouTube channel are embedded, which do not automatically make a connection to YouTube's servers. This means that YouTube does not receive any data from website visitors when they access LMU's website.
You can decide for yourself whether the YouTube videos should be enabled. Only when you enable the playback of the videos by clicking "Permanent Activation" do you give your consent for the data required for this (including the URL of the current website and the IP address) to be transmitted to YouTube. When playing the videos, YouTube may store additional cookies via your browser and associate the data with its own user profiles or use the data for its own purposes. We have no influence over this storage.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by YouTube.
To save the setting you want, we set a cookie that saves the parameters. However, when setting these cookies, we do not store any personal data; they only contain anonymized data for adjusting the browser. The videos are then enabled and you can play them.
If you enable YouTube videos and are logged in as a member of YouTube, YouTube will associate this information with your personal user accounts. For more information on the collection and use of data by YouTube, please refer to YouTube's privacy policy at https://www.google.com/intl/de/policies/privacy/; https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
2. Legal Basis of Data Processing
Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the fulfillment of public relations (Article 2 BayHIG).
Due to data processing in the USA, however, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured.
The use of YouTube is the responsibility of the user based on YouTube's privacy policy (https://policies.google.com/privacy?hl=en-GB).
3. Duration of Data Processing
LMU has no influence on the type, scope, and duration of the data processed by YouTube, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.
4. Objection and Deletion Options
If you would like to disable the automatic playing of YouTube videos again, you can uncheck the box for consent below the privacy icon. This will also update the cookie settings.
For any options to object, we refer to the privacy policy and information from the operator YouTube:
If you do not want YouTube to be able to associate your visit to our website with your YouTube account, please log out of your YouTube account, delete the respective cookies, and block the execution of script content from YouTube in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.
III. Data Processing as Part of the "Online Donation Tool to Support Research and Teaching at LMU Munich"
1. Scope and Purpose of Data Processing
On our websites https://www.lmu.de/stiftungen and https://www.lmu.de/en/workspace-for-students/student-support-services/finance-your-studies/scholarships/deutschlandstipendium/index.html (Stiftungen@LMU as well as the Deutschlandstipendium program coordination), we use the online donation tool to enable and process online donation payments (financial services). They are used for supporting research and teaching at LMU. Responsible for this are Stiftungen@LMU (https://www.lmu.de/de/die-lmu/foerdern-und-unterstuetzen/stiftungen-lmu/index.html) and Deutschlandstipendium program coordination.
Your data will be collected in order to
- Process online donation payments to LMU (in a business and accounting sense) and to manage the charitable contribution
- Be able to contact donors in connection with the charitable contribution (e.g., for expressions of thanks) and for the transmission of information about LMU's activities
2. Legal Basis of Data Processing
The legal basis for processing is Art. 6 paragraph 1 letter b GDPR (charitable pledge pursuant to Section 516 et seq. of the German Civil Code (BGB)) on the basis of consent (Article 6 paragraph 1 letter a GDPR).
The charitable contribution is voluntary, but it is not possible without your personal data. Your personal data will be transmitted to the contract data processor Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany, as the technical operator of the online donation tool. A data processing agreement pursuant to Article 28 GDPR has been concluded. Transmission of your personal data to a third country or an international organization does not take place.
3. Duration of Data Processing
After being collected by LMU, your data is stored for as long as it is necessary to fulfill the purpose. This means that we retain your data for reasons of budgetary and tax law until the end of the statutory retention periods (currently up to ten years pursuant to Section 147 of the German Fiscal Code (AO)).
4. Objection and Deletion Options
You have the option of withdrawing, objecting to, and requesting the erasure of your data. The withdrawal, objection, or request for erasure will be considered as a withdrawal of the application for a scholarship or a waiver of a scholarship.
IV. Data Processing as Part of Submitting Applications
1. Scope and Purpose of Data Processing
LMU collects and processes personal data of applicants for the purpose of filling public positions at LMU and, for this purpose, to ensure a lawful examination of the applications as part of the application process and to be able to make a selection decision. The data provided is collected, stored, and processed electronically. In particular, this comprises:
- Personal data (first name and last name, date of birth, address, school degree, severe disability, if applicable)
- Communication data (telephone number, cell phone number, fax number, email address)
- Education data (school, vocational training, university studies, doctoral studies, habilitation)
- Data on your professional career to date, educational and work references
- Information on other qualifications (e.g., language and PC skills)
- Application photo, if applicable
- Additional data required for the vacant position
The personal data you provide will be used exclusively for processing the application for the open position. The data will only be disclosed to persons involved in the application process. They may also include external experts, e.g., for appointment procedures, who are sworn to secrecy.
Unauthorized disclosure to third parties or third countries does not take place.
2. Legal Basis of Data Processing
Data processing is performed pursuant to Article 6 paragraph 1 sentence 1 letter b GDPR, Article 9 paragraph 2 letters b and h GDPR, Article 88 paragraph 1 GDPR, and Article 8 paragraph 1 sentence 1 nos. 2 and 3 BayDSG. By submitting your application, you confirm that you consent to data processing as part of and for the duration of the selection procedure. If an employment relationship is established following the application process, the personal data required in the context of employment will be processed in accordance with Article 88 paragraph 1 GDPR in conjunction with Article 8 BayDSG and, if applicable, in conjunction with Article 103 et seq. BayBG [Bavarian Civil Service Act].
3. Duration of Data Processing
If no employment relationship is established following the application process, the application documents are erased six months after notification of the rejection decision. The erasure period results from Article 17 paragraph 3 letter b GDPR in conjunction with Section 15 paragraph 4 AGG [General Equal Treatment Act], and Section 61b paragraph 1 ArbGG [Labor Court Act].
4. Objection and Deletion Options
You have the option of objecting to data processing and requesting the erasure of your data. Your objection or any request for erasure will prevent the data from being processed and will therefore be deemed to be a withdrawal of the application. Applicants will receive additional information on data protection from the department responsible for filling the position following receipt of the application.
V. Photo Publication
1. Scope and Purpose of Data Processing
During events and appointments, photos may be taken in which you may be identifiable. These photos may be published on LMU's website.
2. Legal Basis of Data Processing
Data processing is performed as part of public relations work pursuant to Article 6 paragraph 1 letter e GDPR in conjunction with Article 4 paragraph 1 BayDSG, Article 2 BayHIG, or based on your consent pursuant to Article 6 paragraph 1 letter a GDPR.
3. Duration of Data Processing
Data processing will be performed as long as it is necessary for the fulfillment of the LMU's tasks or until your consent is withdrawn.
4. Objection and Deletion Option
You can object to photos being taken and/or published. You can withdraw your consent at any time with effect for the future.
VI. Processing of personal data in contractual relationships
LMU processes personal data as a contracting party under civil law or as a public law office. Examples of this are the procurement of office materials, IT or auxiliary services. In pursuing its own interests, LMU may also process the personal data of the contracting party's employees. LMU's interest lies in the initiation, conclusion and execution of such contractual relationships.
C) Validity of the Privacy Policy
LMU's Privacy Policy applies to all of LMU's websites for which LMU is responsible under data protection law.
It applies as a supplement to the extent that LMU processes personal data at its own responsibility on social networks:
When we provide links to websites of other organizations, this Privacy Policy does not apply to the processing of personal data by those organizations. We therefore recommend that you read the privacy policies on the other websites you visit.
A supplementary Privacy Policy may also apply to the respective LMU website, to the extent that the person or persons responsible for the content of the LMU website perform additional processing of personal data and provide information about this. This applies in particular if specific services are provided by individual departments or units. In each case, the supplementary data protection information on each of LMU's websites is part of LMU's Privacy Policy.
D) Version and Changes to the Privacy Policy
LMU's Privacy Policy for its website was last revised on 24/06/2024. We reserve the right to update this Privacy Policy from time to time to reflect current legal requirements and technical changes and to implement our services and offerings in a manner that complies with data protection laws. If this is the case, we will update the date in this statement. For your visit to an LMU website, the current version applies at the time of the visit.