-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
With the following data protection declaration I would like to inform you which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data I have carried out, both within the scope of the provision of my services as well as in particular on my websites, in mobile applications and within external online presences (hereinafter collectively referred to as "online offer")
In the following I share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which I process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or my country of residence and domicile may apply.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject that protect personal data Data require, outweigh.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany apply. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. State data protection laws of the individual federal states can also be applied.
I take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and their separation. Furthermore, I have set up procedures that guarantee the exercise of data subject rights, the deletion of data and reactions to the risk to the data. Furthermore, I take the protection of personal data into account when developing or selecting hardware, software and processes according to the principle of data protection, through technology design and through data protection-friendly default settings.
Shortening the IP address: When the IP address is saved, it is stored in shortened form. In this method, also referred to as "IP masking", the last octet, ie the last number of an IP address, is deleted (in this context the IP address is an individually assigned to an Internet connection by the online access provider ID). By shortening the IP address, the identification of a person based on their IP address is to be prevented or made significantly more difficult.
SSL encryption (https): In order to protect your data transmitted via my online offer, I use SSL encryption. You can recognize such encrypted connections by the prefix https: // in the address line of your browser.
In order to be able to provide my online offer securely and efficiently, I use the services of a web hosting provider, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, I can use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.
The data processed as part of the provision of the hosting offer can include all information relating to the users of our online offer, which is incurred in the context of use and communication. This regularly includes the (abbreviated) IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within my online offer or websites.
Email sending and hosting: The web hosting services I use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of e-mail (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of detecting SPAM. I ask you to note that emails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted during transport, but (unless an end-to-end encryption process is used) not on the servers from which they are sent and received. I can therefore not take any responsibility for the transmission path of the emails between the sender and the receipt on our server. For end-to-end encryption you can find my PGP key in the imprint.
Collection of access data and log files: I myself (or my web hosting provider) collects data on every access to the server (so-called server log files). The server log files can include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule (shortened ) IP addresses and the requesting provider belong.
The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (in particular in the event of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the server's load and stability.
As the person concerned, you have the right to lodge a complaint with the responsible supervisory authority in the event of a breach of data protection law. The responsible supervisory authority for data protection issues is the state data protection officer of the federal state in which my seat is located. The following link provides a list of data protection officers and their contact details.
You have the right to have data that I process automatically based on your consent or in fulfillment of a contract handed over to yourself or to third parties. It is provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.
You have the right to free information about your stored personal data, origin of the data, its recipient and the purpose of the data processing and, if necessary, the right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. You can contact me at any time using the contact options listed in the imprint if you have any questions about this or personal data.
|no: There are no deauthentication transmissions by the university to others..||no: There are no additional rules for handling WLANs in the university.|
|not anymore: In the past, the university sent deauthentication messages to others, but currently no longer.||soft: There are additional rules for dealing with WLANs in the university, but these are limited to a notification requirement or recommendations from the university.|
|twin: There are deauthentication broadcasts on WLANs by the university that have the same SSIDs as the university broadcasts.||medium: There are additional rules for handling WLANs in the university, with slight restrictions e.g. when choosing a channel.|
|yes: The university sends out deauthentication transmissions to all other WLANs (this includes measures of last resort).|
yes*: The university refused to provide this information. Deauthentication transmissions to other WLANs are probably taking place by the university.
|strict: There are additional rules for the use of WLANs in the university that require a permit.|
strict*: The university refused to provide this information. There are probably additional rules for the use of WLANs in the university that require a permit.
|nrta (not required to answer): The university has no legal obligation to make a statement and relies on it.||nrta (not required to answer): The university has no legal obligation to make a statement and relies on it.|
|empty: state unknown||empty: state unknown|