Privacy
The Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) is responsible for its websites within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations. It is legally represented by its President. For contact details, please consult the legal notice on FAU’s central website.
The respective FAU institutions are responsible for any content they make available on the websites of Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). For questions related to specific content, please contact the person responsible as named in the legal notice of this web page.
Name and address of the Data Protection Officer
Datenschutzbeauftragter FAUKlaus Hoogestraat
c/o ITM Gesellschaft für IT-Management mbH
Bürgerstraße 81
01127 Dresden
- Phone: +49 9131 85-25860
- Email: datenschutzbeauftragter@fau.de
General information on data processing
General information on data processing
Scope of processing of personal data
We only process our users' personal data to the extent necessary to provide services, content and a functional website. As a rule, personal data are only processed after the user gives their consent. An exception applies in those cases where it is impractical to obtain the user's prior consent and the processing of such data is permitted by law.
Legal basis for the processing of personal data
Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for us to obtain the consent of a data subject for their personal data to be processed.
When processing personal data required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1) (b) GDPR forms the legal basis. This also applies if data has to be processed in order to carry out pre-contractual activities.
Art. 6 (1) (c) GDPR forms the legal basis if personal data has to be processed in order to fulfil a legal obligation on the part of our organisation.
Art. 6 (1) (d) GDPR forms the legal basis in the case that vital interests of the data subject or another natural person make the processing of personal data necessary.
If data processing is necessary in order to protect the legitimate interests of our organisation or of a third party and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the interests mentioned above, Art. 6 (1) (f) GDPR forms the legal basis for such data processing.
Deletion of data and storage period
The personal data of the data subject are deleted or blocked as soon as the reason for storing them ceases to exist. Storage beyond this time period may occur if provided for by European or national legislators in directives under Union legislation, laws or other regulations to which the data controller is subject. Such data are also blocked or deleted if a storage period prescribed by one of the above-named rules expires, unless further storage of the data is necessary for entering into or performing a contract.
Log files
Provision of the website and generation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user's computer system.
In this context, the following data are collected:
- Address (URL) of the website from which the file was requested
- Name of the retrieved file
- Date and time of the request
- Data volume transmitted
- Access status (file transferred, file not found, etc.)
- Description of the type of web browser and/or operating system used
- Anonymised IP address of the requesting computer
The data stored are required exclusively for technical or statistical purposes; no comparison with other data or disclosure to third parties occurs, not even in part. The data are stored in our system's log files. This is not the case for the user's IP addresses or other data that make it possible to assign the data to a specific user: before data are stored, each dataset is anonymised by changing the IP address. These data are not stored together with other personal data .
Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO
Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage of such data in log files takes place in order to ensure the website's functionality. These data also serve to help us optimise the website and ensure that our IT systems are secure. They are not evaluated for marketing purposes in this respect.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. If data have been collected for the purpose of providing the website, they are deleted at the end of the respective session.
If data are stored in log files, they are deleted at the latest after seven days. A longer storage period is possible. In this case, the users' IP addresses are deleted or masked so that they can no longer be assigned to the client accessing the website.
Options for filing an objection or requesting removal
The collection of data for the purpose of providing the website and the storage of such data in log files is essential to the website's operation. As a consequence, the user has no possibility to object.
Cookies
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in the user's web browser or by the web browser on the user's computer system. When a user accesses a website, a cookie can be stored in the user's operating system. This cookie contains a character string that allows the unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some parts of our website require that the requesting browser can also be identified after changing pages.
During this process, the following data are stored in the cookies and transmitted:
- Log-in information (only in the case of protected information that is made available exclusively to FAU members)
- Search preferences (from October 2018)
Technical measures are taken to pseudonymise user data collected in this way. This means that the data can no longer be assigned to the user. The data are not stored together with other personal data of the user.
All cookies are used for technical reasons and are used only in the situations described above. If there are additional applications in the website, who need to set other cookies, they are described in the sections about the applications below.
Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO
Purpose of data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content. We learn through the analysis cookies how the website is used and in this way can continuously optimise our web presence.
Storage period, options for filing an objection or requesting removal
As cookies are stored on the user's computer and are transmitted from it to our website, users have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the cookie settings in your web browser or by clicking the cookie preferences link below. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that not all of the website's functions can be used in full.
Contact form and contact by email
Contact form and contact by email
Description and scope of data processing
Contact forms are available on our website that can be used to contact us electronically. If a user makes use of this possibility, the data they enter in the input form are transmitted to us and stored. The contact forms list and explain which data is required. The contact forms indicate if there are any deviations from or additions to the principles, purpose and duration of storage as presented here.
Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an email is Article 6 (1) lit. e DSGVO i.V.m. Art. 4 and 5 BayDSG for the fulfilment of the tasks of § 5 TMG, Art. 3 para. 1 BayEGovG and § 2 BayBITV
If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
Purpose of data processing
The personal data from the input form are processed solely for the purpose of contacting the user. If the user contacts us by email, this also constitutes our legitimate interests in processing the data.
All other personal data processed during the dispatch of an email serve to prevent misuse of the contact form and to ensure that our IT systems are secure.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. This is the case for the personal data from the input template of the contact form and those data sent by email when the respective conversation with the user has ended. The conversation is regarded to have ended when it can be seen from the circumstances that the subject matter in question has been conclusively settled.
Options for filing an objection
For reasons that arise from your particular situation, you may also object to the processing of personal data relating to us by us at any time (Art. 21 GDPR). If the legal requirements are met, we will no longer process your personal data in the following.
Obligation to provide
Insofar as the personal data required for the performance of the contract is not specified, this is not possible for us.
External Service Providers
Slideshare
Slideshare
On this website, various lectures are presented with the help of the Integrated online portal Slideshare. Slideshare is operated by LinkedIn Ireland Unlimited Company ("LinkedIn Ireland").
Description and scope of data processing
If you call up a page of the website that contains a lecture presentation by means of Slideshare embeds button, your browser builds a direct connection with the SlideShare servers. The content of the lecture presentation is transmitted directly to your browser by SlideShare and integrated into the website by this.
Slideshare logs usage data when the lecture presentation page is visited; for example, when you post content (like tutorial videos) or ads view or click (inside or outside our websites and apps), perform a search within or share the presentation screen. Get saved:
- Credentials
- Cookies
- Device Information
- Internet protocol ("IP" addresses) addresses
We therefore have no influence on the amount of data that SlideShare collects with the button. Purpose and scope of the data collection and the further processing and use of the data by SlideShare and your rights and setting options for protection in this regard For your privacy please refer to the LinkedIn privacy policy.
Legal basis for data processing
Slideshare is used in the interest of an attractive presentation of our online offers. This represents represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR corresponding consent was requested (e.g. consent to storage of cookies), the processing takes place exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
Further information on handling user data can be found in the YouTube privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Objection and removal option
You can opt out of having your information collected by Verifast by clicking the checkbox below.
Vimeo
Vimeo
This website includes videos from the video portal Vimeo. Provider is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with a Vimeo plugin, a Connection to the Vimeo servers established. In doing so, the Vimeo server communicated which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is sent to transmitted to the Vimeo server in the USA.
If you are in your Vimeo account are logged in, you allow Vimeo to share your surfing behavior directly with you assign to a personal profile. You can prevent this by yourself log out of your Vimeo account.
The use of Vimeo is in the interest an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
Further information on handling user data can be found in the Vimeo privacy policy at: https://vimeo.com/privacy.
Objection and removal option
You can object to the collection of your data by Vimeo by clicking on the following checkbox.
YouTube
YouTube
This website includes videos from the video portal YouTube. The operator of YouTube is the Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Description and scope of data processing
If you visit one of our pages on which YouTube is integrated, a connection to the YouTube servers is established. In doing so, the YouTube server communicated which of our pages you have visited.
The integration of YouTube videos takes place either
- via an RRZE plugin, which ensures that data only goes to YouTube when you play the video,
- via direct embedding, where the video is sent through the proxy service Youtube-Nocookie.com is sent. Although this prevents the Transmission of the data already when calling up the page, however, prevents this not after you start the video
- or by embedding the video using the original YouTube embedding codes.
When you call up the video, YouTube can set various cookies on your end device to save. With the help of these cookies YouTube receive information about visitors to this website. This information will include used to collect video statistics, ease of use to improve and prevent attempts at fraud. The cookies remain on your device until you delete it.
If you are in your YouTube account are logged in, you allow YouTube to share your surfing behavior directly with you assign to a personal profile. You can prevent this by using log out of your YouTube account.
Legal basis for data processing
YouTube is used in the interest of an attractive presentation of our online offers. This represents represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR corresponding consent was requested (e.g. consent to storage of cookies), the processing takes place exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
Further information on handling user data can be found in the YouTube privacy policy at: https://policies.google.com/privacy?hl=en.
Objection and removal option
You can object to the collection of your data by YouTube by clicking on the following checkbox.
Other services
Ergänzungen zum GitLab-Dienst
Was ist GitLab?
GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Git-Basis. GitLab bietet u.a. ein Issue-Tracking-System, ein System für Continuous Integration und Continuous Delivery (CI/CD) sowie eine Container-Registry. Dieser Server ist für Mitarbeiter und Studenten des Lehrstuhls Informatik 2 vorgesehen.
Verarbeitete Daten
GitLab verarbeitet drei Oberkategorien von Daten. Die personenbezogenen Daten, die im Gitlab vorkommen, sind im Folgenden in Kategorien aufgeführt zusammen mit der Herkunft des jeweiligen Datums, dem Zweck, zu dem das Datum erhoben oder verwendet wird und ob und an wen das Datum weitergegeben wird.
Benutzer
Jeder Benutzer im GitLab besteht aus einem Datensatz, der wie folgt aussieht:
| Kategorie | Herkunft | Zweck | Weitergabe |
|---|---|---|---|
| Vorname, Nachname, Benutzerkennung, Email, Passwort, kryptographische Schlüssel | Benutzerangaben | Anzeige, Identifikation, Kontakt | öffentliche oder private Anzeige auf Projekt- und Profilseiten, Einbettung in git commits und repositories |
| Zeitpunkt und IP-Addresse der aktuellen und letzten Anmeldung | intern | keine | |
| Logdaten des Webservers: IP-Addresse, Zeitpunkt, URL und Status | intern | keine | |
| Gruppen- und Projektzugehörigkeit | Benutzerangaben | Verwaltung von Sichtbarkeit und Berechtigungen, Darstellung von Kollaborationsbeziehungen | öffentliche oder private Anzeige auf Projekt- und Profilseiten |
| API-Schlüssel | intern | optional, Zugriff auf Gitlab-interne Daten durch externe Dienste bis auf Widerruf | nur durch den jeweiligen Benutzer |
Ein Benutzerdatensatz wird mit der ersten Anmeldung eines Benutzers erstellt und kann durch den Benutzer selbsttätig gelöscht werden. Benutzer die länger als ein Jahr inaktiv waren, werden von uns gelöscht werden.
Gruppen
Mitglieder der FAU können eigene Gruppen und Projekte anlegen und gemeinsam mit externen Nutzern an einem Softwareprojekt arbeiten. Benutzer und Projekte können in Gruppen zusammengefasst werden. Diese Gruppen umfassen folgende Daten:
| Kategorie | Herkunft | Zweck | Weitergabe |
|---|---|---|---|
| Gruppenmitglieder, Projekte | Benutzerangaben | Gruppierung, Rechteverwaltung, Anzeige | öffentliche oder private Anzeige auf Projekt- und Profilseiten, Einbettung in git commits und repositories |
| belegter Speicherplatz | intern | Resourcenverwaltung, Verhinderung von Missbrauch | keine |
Besitzer ist, wer eine Gruppe anlegt oder von einem Besitzer dazu gemacht wird. Die Sichtbarkeit, privat, intern oder öffentlich, kann vom Besitzer der Gruppe festgelegt werden. Dieser kann auch die Gruppe löschen.
Projekte
Projekte in Gitlab bestehen meist aus der Dokumentation und dem Programmcode der Benutzer. Neben einem Issue-Tracking-System kann hier auch Continuous Integration und Continuous Delivery (CI/CD) und eine Container-Registry genutzt werden.
| Kategorie | Herkunft | Zweck | Weitergabe |
|---|---|---|---|
| Inhalte | Benutzerangaben, automatisch erzeugt durch Test- und Buildinfrastruktur | Softwareentwicklung | öffentliche oder private Anzeige auf Projekt- und Profilseiten, Zugriff über git |
| belegter Speicherplatz | intern | Resourcenverwaltung, Verhinderung von Missbrauch | keine |
| Namen und Email-Addressen in Gitlab | Benutzerangaben | Zuordnung von git commits | öffentliche oder private Anzeige auf Projekt- und Profilseiten, Zugriff über git |
Mitglieder der FAU können eigene Gruppen und Projekte anlegen und gemeinsam mit externen Nutzern an einem Softwareprojekt arbeiten. Personen, die eine Gruppe oder Projekt anlegen, sind deren Besitzer. Benutzer können von dem Besitzer eines Projektes ebenfalls zu dem Besitzer des jeweiligen Projekts oder Gruppe gemacht werden. Der Gruppen/Projekt-Besitzer können diese jederzeit selbst löschen. Die Sichtbarkeit, privat, intern oder öffentlich, kann vom Besitzer des Projekts festgelegt werden. Für die Inhalte eines Projekts ist dessen Besitzer verantwortlich. Das bedeutet insbesondere auch, dass der Besitzer dafür Sorge zu tragen hat dass die Inhalte des Projekts keine Rechte anderer in unzulässiger Weise verletzen.
Löschung von Daten und Widerruf der Einwilligung zur Verarbeitung von Daten
Ein Nutzer kann durch Löschung seiner Daten und seines Zugangs die Zustimmung zur Verarbeitung dieser Daten widerrufen. Zwölf Monate nach der letzten Anmeldung werden die Daten des Benutzers automatisch von gitos gelöscht. Dies gilt auch für das Löschen von Projekten und Gruppen, die sechs Monate nach Löschung des letzen Mitglieds entfernt werden. Wir weisen darauf hin, dass durch die Zusammenarbeit an Projekten unter Verwendung von gitos jeweils Name und E-Mail-Adresse des Autors jedes Abschnitts im Quellcode ebenso wie der Quellcodeabschnitt selbst unveränderbarer Bestandteil der Historie des Projekts werden. Ebenso kann ein gemeinsames Urheberrecht der Autoren am Quellcode und der Historie vorliegen und die Historie kann der Nachverfolgung urheberrechtlicher Ansprüche dienen. Daher ist es uns im Allgemeinen nicht möglich, die genannten Daten aus Projekten anderer Nutzer zu entfernen. Da wir die Daten für den Falle eines Systemausfalls, für mindestens drei Monate sichern, können für diesen Zeitraum dort noch Daten gelagert sein, welche aus dem Produktivsystem bereits entfernt wurden.
Externe Schnittstellen
Verwendete externe Schnittstellen
GitLab bietet diverse Schnittstellen zum Datenaustausch, von denen einige in Verwendung sind.
Github
- Verwendung ist freiwillig
- Login per Github kann vom Benutzer selbst aktiviert werden und ist nur für die Github-Import-Funktion notwendig (passiert nur wenn man den Github-Logo-förmigen Knopf drückt)
- Bei Nichtverwendung der Github-Integration erhält Github keine Daten über euch
- Github ist eine externe Firma in einem Drittstaat
Ergänzungen zum Mattermost-Dienst
Was ist Mattermost?
Mattermost ist ein Chat-Dienst für Angestellte des Lehrstuhls Informatik 2.
Verarbeitete Daten
I.W. gelten die unter "Ergänzungen zum GitLab-Dienst" aufgeführten Angaben, wobei Mattermost nur eine Untermenge dieser Daten verarbeitet. Der Dienst benötigt für die Registrierung Name, Nickname und E-Mail-Adresse des Benutzers. Innerhalb von Mattermost sind diese sichtbar. Nachrichten sind für alle Benutzer des jeweiligen Kommunikationskanals sichtbar. Die eingangs erwähnten personenbezogenen Daten sowie die vom Benutzer verfassten Nachrichten werden nicht weitergegeben und nur auf Systemen der FAU gesichert.
Neben der Anmeldung über E-Mail-Adresse und Passwort ist auch ein Single-Sign-On (SSO) über den CS2-Gitlab-Dienst möglich (siehe auch hier "Ergänzungen zum GitLab-Dienst").
SSL encryption
SSL encryption
Our website uses SSL encryption for security reasons and to protect the transmission of confidential information, for example enquiries you send to us as operators of the website. You can recognise an encrypted connection when the browser's address line changes from http:// to https:// and a padlock appears in your web browser.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Rights of the data subject
Rights of the data subject
With regard to the processing of your personal data, you as a data subject are entitled to the following rights pursuant to Art. 15 et seq. GDPR:
- You can request information as to whether we process your personal data. If this is the case, you have the right to information about this personal data as well as further information in connection with the processing (Art. 15 GDPR). Please note that this right of access may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
- In the event that personal data about you is (no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).
- If the legal requirements are met, you can demand that your personal data be erased (Art. 17 GDPR) or that the processing of this data be restricted (Art. 18 DSGVO). However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply, inter alia, if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or in the exercise of official authority vested (Art. 17 para. 3 letter b GDPR).
- If you have given your consent to the processing, you have the right to withdrawal it at any time. The withdrawal will only take effect in the future; this means that the withdrawal does not affect the lawfulness of the processing operations carried out on the basis of the consent up to the withdrawal.
- For reasons arising from your particular situation, you may also object to the processing of your personal data by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Insofar as you have consented to the processing of your personal data or have agreed to the performance of the contract and the data processing is carried out automated , you may be entitled to data portability (Art. 20 GDPR).
- You have the right to lodge a complaint to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The responsible supervisory authority for Bavarian public authorities is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 Munich.