General Preliminary Remarks
The organizational unit mentioned above and the IT and Media Center (ITMC) of TU Dortmund University take the protection of personal data very seriously. We process personal data which are collected when visiting our websites in compliance with the applicable data protection regulations. In particular, the North-Rhine Westphalia Data Protection Act (DSG NRW), the General Data Protection Regulation (GDPR) and the German Teleservices Act (TMG) apply.
1. Scope of Processing of Personal Data
We only process personal data of our users if this is necessary to provide a functional website and if this is required to make our contents and services available. The processing of personal data of our users takes place as a rule only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted under statutory regulations.
2. Data Erasure and Duration of Storage
The personal data of the data subject will be erased or made unavailable as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other ordinances to which the responsible person is subject. The data will also be made unavailable or erased if a storage period prescribed by the named norms expires, unless the continued storage of the data is necessary for the conclusion or fulfillment of a contract.
3. Provision of the Website and Creation of Log Files
3.1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are collected here:
- Information about the browser type and version used
- Operating system of the user
- IP address of the user
- Date and time of access
The data are also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
3.2. Purpose and legal basis for data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session. (Necessity for the fulfillment of the task of the university Art. 6 (1) (e) GDPR)
Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. (Necessity for the fulfillment of the task of the university Art. 6 (1) (e) GDPR).
3.3. Duration of storage
Processing will take place during use until the end of each session. If the data are stored in log files, this is the case for a maximum of 24 hours. After that, the IP addresses of the users are anonymized, so that an assignment to the accessing client is no longer possible.
4. Web analytics by TU
4.1. Scope of processing of personal data
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software works with session cookies, which assign online activities to a single browser session and are usually deleted after the browser is closed. The following data is saved when individual pages of our website are accessed:
- Two bytes of the IP address of the accessing user system
- The website accessed
- The website from which the user accesses the requested page (referrer)
- The sub-pages accessed from the website visited
- The time spent on the webpage
- How often the website is accessed
The software only runs on our website servers. The user’s personal data is only saved to the website server. The data is not shared with third parties.
4.2. Preventing data recording
You can prevent the above-mentioned recording of data by activating the "Do-not-track" setting in your browser. Our Matomo system is configured to respect this setting.
5. Use of embedded content
5.1. Use of YouTube Videos
On our website, we offer users the opportunity to view selected videos from YouTube directly on the site. In order to protect user data, a link to YouTube is established by clicking on a link and the video is started. Only then will data be sent to the provider. If you do not click on the link, there will be no exchange between the user and YouTube. Information about the collection and use of your data on YouTube can be found here:
5.2. Further embeddings
Further embedding of external content is currently not planned.
6. Contact/Suggestion Forms and E-mail Contact
6.1. Description and scope of data processing
On TU Dortmund University websites, there are contact/suggestion forms that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask are transmitted to us and stored. After sending the form, the following data will also be stored:
- Date and time
- URL from which the contact form was sent
Alternatively, it is possible to contact us via the provided e-mail addresses. In this case, the user's personal data that are transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data are used exclusively for processing the conversation.
6.2. Purpose of data processing and legal basis
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The legal basis for the processing of the data is Art. 6 (1) (a) GDPRif the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (e) GDPR.
6.3. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
7. Rights of the person concerned
If your personal data are processed, you are affected within the meaning of the GDPR, and you have the following rights vis-à-vis the responsible person. If you want to exercise your rights, please contact the Data Protection Officer of TU Dortmund University.
7.1. Right of access by the data subject (Art. 15 GDPR)
You have the right to information about personal data concerning you that is collected, processed or, if relevant, transferred to third parties.
7.2. Right to object (Art. 21 GDPR)
You have the right to object to the processing of your personal data if the processing is based on Art. 6 (1) e or f GDPR.
7.3. Right to erasure (Art. 17 GDPR)
In particular, after the legally prescribed retention periods have expired, you have the right to have your data erased.
7.4. Right to restriction of processing (Art. 18 GDPR)
In special cases, you have the right to restrict processing. This is the case if the data processing is unlawful, if you dispute the accuracy of the data collected or if you have filed an objection to the processing. You can also request a restriction of the processing if the data are subject to an erasure obligation because the purpose of the processing has been achieved, but you need these data to assert legal claims. You must request a processing restriction.
7.5. Right to rectification (Art. 16 GDPR)
You have the right to have incorrect personal data rectified.
7.6. Right to revoke the data protection consent declaration (Art. 7 GDPR)
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
7.7. Right to complain to a supervisory authority
If you have any questions or complaints regarding data protection, you can always contact a data protection supervisory authority. In our case, the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia is responsible.