Data protection of the Automation working group

Basic information on data processing and legal bases. Information pursuant to §5 TMG (German Telemedia Act)

Name and address of the data controller

Responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Ostbayerische Technische Hochschule (OTH) Amberg-Weiden
Kaiser-Wilhelm-Ring 23
92224 Amberg
Germany
Tel.: +49 (9621) 482-3618
Email: hp.schmidt@oth-aw.de
Internet: www.aut-oth.de

Represented by:
Prof. Dr. Hans-Peter Schmidt

1. Data protection enquiries

We are not obliged to appoint a data protection officer. Please send your data protection enquiries to:
Ostbayerische Technische Hochschule (OTH) Amberg-Weiden
Kaiser Wilhelm Ring 23
92224 Amberg
Germany
Prof. Dr. Hans Peter Schmidt
Tel.: +49 (9621) 482-3618 
Email: hp.schmidt@oth-aw.de
Internet: www.aut-oth.de

2. General data processing information

Scope of the processing of personal data
We collect and utilise your personal data only insofar as this is necessary to provide a functioning website, our content and our services. We regularly collect and use your personal data, but only with your consent. An exception applies in cases in which circumstances prevent us from obtaining prior consent and the processing of the data is permitted by law.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing their personal data, Art. 6 Para. 1 lit. (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for its processing. For the processing of personal data necessary for performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. (b) GDPR is the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. (c) GDPR is the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit (d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. (f) GDPR is the legal basis for the processing.

4. Data deletion and storage duration

Your personal data will be deleted or blocked as soon as the purpose for its storage no longer applies. In addition, the data may be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.

5. Provision of the website and creation of log files

Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The provider of these pages also automatically collects and stores information in “server log files” that your browser automatically transmits to us.

The following data is collected:

  1. visited website;
  2. date and time of access;
  3. volume of data sent in bytes;
  4. source/reference from which you accessed the page;
  5. browser used;
  6. operating system used;
  7. IP address.

The data is also stored in our system’s log files. This data is not stored together with any other personal data pertaining to the user.

6. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. (f) GDPR.

7. Purpose of data processing

The system needs to temporarily store the IP address to enable the website to be delivered to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session. Log files are saved to ensure the functionality of the website. Data is also used to optimise the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. (f) GDPR.

8. Storage duration

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data was collected in order to provide the website, it will be deleted once your session on our site ends. If the data is stored in log files, this will be undertaken after thirty days at the latest. However, it may be retained for a longer period. In this case, the user’s IP address will be deleted or distorted, so that the accessing client can no longer be identified.

9. Objection and deletion options

Collection of data required to make the website available and storage of the data in log files is essential for the operation of the website. Consequently, users have cannot object to its collection.

10. Use of cookies

We do not use cookies on our website.

11. Email contact

Description and scope of data processing
Alternatively, you can contact us via the email address provided. If you use this option, the personal data transmitted with the email will be stored. This may include:

  • sender’s address;
  • date and time;
  • recipient’s address;
  • IP address and, if applicable, its routes;
  • subject;
  • message text;
  • attachments, if applicable.

Such data will not be disclosed to third parties in this context. This data will be used exclusively to respond to your enquiry.

12. Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 Para. 1 lit. (f) GDPR. If you email us with the intention of entering into a contract, this creates an additional legal basis for its processing per Art. 6 Para. 1 lit. (b) GDPR.

13. Purpose of data processing

If contact is made via email, this is also because of our required legitimate interest in processing the data.

14. Storage duration

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. If the conversation results in the conclusion of a contract, the data will be deleted after the statutory period of 6–10 years.

15. Objection and deletion options

The user has the option of revoking his or her consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. If this right is exercised, it will not be possible to continue the conversation. The objection can be made by email or post. The contact details required for this are available in the Legal Notice. In such cases, all personal data that was stored when contact was made with us will be deleted.

16. Applications by email

16.1 Description and scope of data processing
You have the option of sending us an application by email. During the sending process by email, our servers will log the following data:

  • sender’s address;
  • date and time;
  • recipient’s address;
  • IP address and, if applicable, its routes;
  • subject;
  • message text;
  • attachments, if applicable.

Your data will not be passed on to third parties in connection with your application. The data will only be used for processing within the context of the application process.

16.2 Legal basis for data processing
The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 lit. (a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 Para. 1 lit. (f) GDPR. In addition, the legal basis for sending an email for the purpose of concluding an employment or training contract is Art. 6 Para. 1 lit. (b) GDPR.

16.3 Purposes of data processing
The processing of the personal data from your application documents and from your email only serves to process your application and to contact you. In the case of recruitment, and contact is thus made via email, there is also a required, legitimate interest in processing the data.

16.4 Storage duration
The application data, including attachments, will be stored for up to three months after the application process has been completed. If you are hired, this data will be saved as part of the contractual relationship with you.

16.5 Objection and deletion options
The user has the option of revoking his or her consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the application process cannot be continued.The objection can be made by email or post. The contact details required for this are available in the Legal Notice. In such cases, all personal data that was stored when contact was made with us will be deleted.

17. Data subject’s rights

Should your personal data be processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

Right to information
You may request confirmation from the data controller as to whether we are processing or have processed personal data concerning you.
If this is the case, you can request the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you has been disclosed or is still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the data controller or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to be informed as to whether your personal information will be transmitted to a third-party country or an international organisation. In this regard, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in relation to the transmission.

18. Right to correction

You have a right to correct and/or add to the personal data held by the data controller if it is incorrect or incomplete. We are required to make the correction immediately.

19. Right to restriction of processing

You may ask for the processing of your personal data to be restricted under the following conditions:
(1) if you dispute the correctness of the personal data concerning you for a period that enables the data controller to check the correctness of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer requires the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims;
(4) if you have submitted an objection to the processing in accordance with Art. Para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller to process your data outweigh your reasons.

If the processing of personal data concerning you has been restricted, then – apart from its storage – this data may only be processed with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If the limitation of the processing has been restricted for any of the grounds listed above, you will be notified by the data controller before the restriction has been lifted.

20. Right to deletion

Deletion obligation
You have the right to demand that the data controller delete your personal data, and the data controller must do so without delay if any of the following reasons applies:
(1) your personal data is no longer necessary for the purposes for which it was originally collected or otherwise processed;
(2) you revoke your consent upon which its processing was based in accordance with Art. 6 Para. 1 lit. (a) or Art. 9 Para. 2 lit. (a) GDPR, and there is no other legal basis for its continued processing;
(3) you object to its processing in accordance with Art. 21 Para. 1 GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Art. 21 Para. 2 GDPR;
(4) your personal data has been processed unlawfully;
(5) the deletion of personal data relating to you is required in order to comply with legal obligations according to EU law or national law of the Member States to which the data controller is subject;
(6) the personal data concerning you was provided in relation to information society services offered under Article 8 Para. 1 GDPR.

21. Transfer of personal data to third parties

If the data controller has made your personal data public and is required to delete it in accordance with Art. 17 Para. 1 of the GDPR, the data controller will take appropriate measures, including those of a technical nature, while taking into account available technology and implementation costs, to inform the data controllers who are processing the personal data that you as the data subject have requested that they delete all links to this personal data, or copies or replications of this personal data.

22. Exceptions

The right to deletion does not exist if processing is necessary:
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation that requires processing under the law of the Union or of the Member States to which the data controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the data controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. (h) and (i), as well as Art. 9 Para. 3 GDPR;
(4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in section (a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing;
(5) to assert, exercise or defend legal claims.

23. The right to information

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, they are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed as to these recipients by the data controller.

24. The right to data portability

You have the right to obtain a copy of the personal data you have supplied to the data controller concerning you in a structured, commonly used, machine-readable format. Furthermore, you have the right to transfer this data to another data controller without hindrance by the data controller who was initially provided with the personal data, provided that:
(1) the processing is based upon consent in accordance with Art. Art. 6 Para. 1 lit. (a) GDPR or Art. 9 Para. 2 lit. (a) GDPR or on the basis of a contract in accordance with Art. 6 Para. 1 lit. (b) GDPR;
(2) the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the data controller transfer your personal data directly to another data controller if this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to personal data processing that is required for the performance of a task that falls within the public interest or that occurs in the exercise of public authority that has been transferred to the data controller.

25. Right to object

You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time and which is carried out in accordance with Art. 6 Para. 1 lit. (e) or (f) GDPR, including profiling based upon those provisions. The data controller will no longer process the personal data relating to you unless they can prove a compelling, legitimate reason for this that outweighs your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object using an automated process involving the use of technical specifications.

26. The right to revoke consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the legality of processing carried out based upon consent before its withdrawal.

27. The right to submit a legal complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the location of the supposed violation, if you believe that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint is submitted shall inform the complainant about the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 GDPR.
The supervisory authority responsible for us is the Bayerische Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Tel. +49 (0)981 53 1300; email: poststelle@lda.bayern.de; Internet: www.lda.bayern.de

Plugins and tools

Google maps
We use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our website. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.

Even when opening subpages that include the Google Maps map, information about your use of our website (such as your IP address) is transferred to a Google server in the USA and stored there. This takes place, regardless of whether Google makes a user account available, via which you are logged in, or whether no user account exists. If you are logged into Google, your information will be directly associated with your account. If you do not wish to be associated with your Google profile, you must first log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. An evaluation of this nature is carried out in particular in accordance with Art. 6 Para. 1 lit. (f) GDPR upon the basis of Google’s legitimate interest in the placement of personalised advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles. In order to exercise this right, you must contact Google.

Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you can completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. In this case, Google Maps and, thus, the map display on this website cannot be used.

You can view Google’s Terms of Use at http://www.google.com/intl/en/policies/terms/regional.html the additional Terms of Use for Google Maps can be found at https://www.google.com/intl/en_US/help/terms_maps.html

Detailed information on data protection in connection with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): http://www.google.com/intl/en/policies/privacy/