This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our Social Media Profile (hereinafter referred to collectively as “online offer”). With regard to the terms used, e.g. “processing” or “responsible person”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
Regensburg Center of Biomedical Engineering
Dr. Alexander Leis
alexander.leis (At) oth (Minus) regensburg.de
Types of data processed:
– Inventory data (e.g., names, addresses).
– Contact data (e.g., e-mail, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of affected people
Visitors and users of the online offer (in the following we refer to the persons concerned collectively also as “users”).
Purpose of the processing
– Provision of the online offer, its functions and contents.
– Answering of contact requests and communication with users.
– security measures.
– Range measurement/Marketing
“Personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all processing of data.
“pseudonymisation” means the processing of personal data in such a way that the personal data cannot be related to a specific data subject without the inclusion of supplementary information, provided that this supplementary information is kept separate and is subject to technical and organisational measures ensuring that the personal data is not related to an identified or identifiable natural person
Controller” shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Such measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through the design of technology and through data protection-friendly default settings (Art. 25 DSGVO).
Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone or similar) when you visit our website.
Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware. Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 6 para. 1 lit. f DSGVO. Art. 28 DSGVO (conclusion of contract processing agreement).
Collection of access data and log files
We, or our hosting provider, on the basis of our legitimate interests as defined in Art. 6 Par. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the requesting provider.
For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
Social media online presence
We maintain online presences within social networks and platforms in order to communicate with the interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Integration of third party services and content
Within our online offer, we set within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Par. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of these contents are aware of the IP address of the users, as without the IP address they would not be able to send the contents to their browsers. The IP address is therefore necessary for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.
Embedding of YouTube videos
For the integration of videos we use plugins from the provider YouTube.
YouTube is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit a website equipped with such a plugin, a connection to the YouTube servers is established and the plugin is displayed. This tells the YouTube server which of our websites you have visited.
If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When you use the plugin, e.g. when you click on the start button of a video, this information is also assigned to your user account. You can change this assignment
by logging out of your YouTube user account and other user accounts of the companies YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies of the companies. Further information on data processing and notes on data protection by YouTube (Google) can be found at https://www.google.de/intl/de/policies/privacy/
The legal basis is Art. 6 para. 1 sentence 1 letter f DSGVO. The embedding of YouTube videos is used to make the pages more attractive. The advertising purpose behind this is to be regarded as a legitimate interest in the sense of the DSGVO.