A) General information

Name and contact details of person responsible

Bavarian Research Institute for Digital Transformation (bidt) – an institute of the Bavarian Academy of Sciences

Gabelsbergerstr. 4
80333 Munich

Tel. +49 (0)89 540 2356 40
E-mail: info@bidt.digital

Contact details for the data protection officer

Our data protection officer can be reached at:
Official data protection officer of the bidt –
Bavarian Research Institute for Digital Transformation

– confidentially –
Gabelsbergerstr. 4
80333 Munich
Tel. +49 (0)89 6080 7600
E-mail: bidt@rehm-datenschutz.de

Aims of, and legal basis for, the processing of personal data

The purpose of the data processing is to fulfil the official responsibilities assigned to us by the legislature – in particular to inform the public.

Unless otherwise stated, the legal basis for the processing of personal data is derived from Art. 4 para. 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Art. 6 para. 1 subpara. 1 (e) of the General Data Protection Regulations (GDPR), in accordance with which we are permitted to process data to the extent necessary to meet our obligations.

Recipients of personal data

Our data processing systems are operated by the Leibniz-Rechenzentrum (LRZ), Boltzmannstraße 1, 85748 Garching.

If necessary, your data will be transferred to supervisory and/or auditing authorities for checking.

In the event of electronic transmission, and in order to avert IT security risks, data may be forwarded to the State Office for IT Security and processed there on the basis of Art. 12 ff. of the Bavarian E-Government Act.

Duration of storage of personal data

Your data will be stored only for as long as is necessary for the fulfilment of our responsibilities in compliance with legal retention periods.

Your rights

Insofar as we process your personal data, you have the following rights:

  • You have the right to information about the data stored about you (Art. 15 GDPR).
  • Should your personal data be inaccurate, you have the right to have it corrected (Art. 16 GDPR).
  • If the legal requirements are met, you can request the deletion of your data or the restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data transferability (Art. 20 GDPR).
  • If you have consented to the processing and the processing is based on this consent, you can revoke your consent at any time with future effect. The legality of the data processing carried out on the basis of consent prior to revocation shall remain unaffected.

If your data is processed exclusively on the basis of Article 6 paragraph 1 letter e or f GDPR (Article 21 paragraph 1 sentence 1 GDPR), you have the right to object at any time, on grounds of your personal circumstances, to the processing of your data.

Right of appeal to the supervisory authorities

You also have the right to complain to the Bavarian State Commissioner for Data Protection at:

Postal address: Postfach 22 12 19, 80502 Munich
Street address: Wagmüllerstr. 18, 80538 Munich

Tel. +49 (0)89 212 6720
Fax: +49 (0)89 2126 7250

E-mail:   poststelle@datenschutz-bayern.de
Internet: https://www.datenschutz-bayern.de/

Further information

For further information on the processing of your data and on your rights, please contact us at the above addresses.

B) Information about this website

Technical implementation

Our web server is operated by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany, who therefore process on our behalf the personal data you provide when visiting our website.

Logging

When you access this or other pages of our website, you transmit data to our web server via your Internet browser. During an ongoing connection for communication between your Internet browser and our web server, the following data are recorded:

  • IP address of the user
  • Directory protection user
  • Date
  • Time
  • Pages accessed
  • Protocols
  • Status code
  • Data volume
  • Speaker
  • User Agent
  • Host name

IP addresses are anonymised at domain level so that they cannot be linked to individual users. Anonymised IP addresses are kept for sixty days. Information on the directory protection user is anonymised after one day.

Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website accessed.

Access via FTP is logged with anonymised information on username and IP address and kept for sixty days.

The mail logs for sending e-mails from the web environment are anonymised after one day and then retained for sixty days. During anonymisation, all data regarding the sender/recipient etc. is removed. Only data on the time of sending and information on how the e-mail was processed (queue ID or not sent) are retained.

Mail logs for mail sent via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of mail services and prevent spam.

Active components

We use active components such as Javascript, Java Applets and Active-X-Controls. This function can be switched off by adjusting your browser settings. 

Cookies

When you access this website, we store cookies (small files) on your device, which are valid for the duration of your visit (“session cookies”). We use these cookies only during your visit to our website. Most browsers are set to accept the use of cookies. This function can, however, be deactivated temporarily or permanently by adjusting your browser settings. At the end of your visit, your browser will automatically delete these cookies.

Integration of YouTube videos and social plugins

When you visit our website, additional services from YouTube and social plugins (e.g. LinkedIn) are offered via a two-click process. When the website is first accessed, no data are transmitted to the operators. Only after users have agreed to the LinkedIn logo by clicking on it in the opt-in procedure will data (including the URL of the page you are on and your IP address) be transmitted to the operator, including for subsequent visits. As a user, you can therefore decide for yourself whether to use these services and whether your data are transferred. You can revoke this consent at any time and stop further data transmission to the operators by clicking on the relevant link on the homepage (opt-in procedure).

Integration of YouTube videos

Videos from the external video platform YouTube are integrated on our website. By default, only deactivated images, which do not establish an automated connection with YouTube’s servers, are embedded from YouTube. This means that the operator does not receive any data from the user when the user accesses the websites.

You can decide for yourself whether to activate YouTube videos. Only when you approve the playing of videos by clicking on “Permanent activation” do you give your consent for your data (including the Internet address of the page you are on and your IP address) to be transmitted to the operator.

In order to save the settings you request, we will create a cookie that stores parameters. However, when these cookies are set, no personal data are stored by us; they contain only anonymised data for browser adjustment. The videos are then active and you can play them. If you wish to deactivate the automatic loading of YouTube videos, you can untick the consent box under the data protection symbol. This will also update your cookie settings.

YouTube is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA. For more information on the purpose and scope of data processing (including outside the EU and the US) and information on options for protecting your privacy, please refer to the data protection statement at https://policies.google.com/privacy?hl=de&gl=de. Google processes your personal data in the US (and elsewhere) and has therefore complied with the EU-US Privacy Shield.

Integration of Google Maps

We integrate Google Maps in such a way that data are not automatically sent to Google. On our events page there is a link to Google Maps. If you click on the Google Maps logo, a new browser window will open and you will find the venue on a Google map.

Evaluation of user behaviour (web tracking systems; coverage measurement) 

Use of Matomo (formerly PIWIK)

To design our website in line with requirements, we use the Matomo works analysis tool to evaluate user behaviour. Your IP address is first anonymised and then evaluated by us. You can deactivate this function by adjusting your browser settings.

You can decide whether a unique web analysis cookie can be stored in your browser to enable the operator of the website to collect and analyse various statistical data.

To opt out, click the following link to place the Matomo deactivation cookie in your browser.

C) Information on processing operations

Applications

If you send us application documents, we will use this personal data solely to meet your wishes and requirements and to process your application. Personal data will be shared only within the bidt, only with persons involved in the application process and only as part of the application process.

We will use and store your data only as long as is strictly necessary for the processing of your application. Our right to use data to establish an employment relationship is based on Art. 6 para. 1 para. 1 (b) GDPR. As part of the application procedure, we also process special categories of personal data. The legal basis for this is Art. 9 para. 2 (b) and (h) GDPR, Art. 88 para. 1 GDPR and Art. 8 para. 1 sentence 1 nos. 2 and 3 BayDSG. Applicant data will be deleted at the end of the procedure (i.e. six months after the acceptance or rejection of the application). We comply with the time limits for bringing an action before the employment courts, as we always have to consider the possibility of impending proceedings.

Newsletter, requesting publications

You can have our regular newsletter sent to you. Your e-mail address will be stored for the purpose of sending the newsletter and will be processed solely for that purpose.

You can stop receiving the newsletter at any time by e-mailing info@bidt.digital or by simply clicking on the “Unsubscribe” link in the newsletter. Your e-mail address will then be deleted from the newsletter distribution list.

At present, we do not use a contractor for the administration and dispatch of newsletters. This is done by us in-house.

Event management

You can register for events via our website, in which case the legitimacy of our data processing is based on Art. 6 Par. 1 (b) and (f) GDPR. We will use your data solely for the purpose of the event and will not share it with any third parties. However, we may be obliged by law to disclose your data to third parties (e.g. as part of an inspection process).

Unless you have agreed to further contact, we will hold your data only to the extent legally permitted.

For registration for bidt events, we have commissioned contractors to process your data solely in accordance with our instructions and not for their own purposes. We currently use the following contractor for event management:

  • eveeno, Andreas Bothe, Ellenbogen 8, D-91056 Erlangen. eveeno is an event management platform that enables event organisers to organise events and sell tickets.

Photography

  • As part of our press and public relations work, photos are taken at events and on dates where you may be personally recognisable.
  • To opt out of such recording and publication, please contact us at the addresses provided above.

 

Last updated: 26-03-2020