Prof. Dr. Uwe Sonnewald is responsible for the website within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations. It is legally represented by its President. For contact details.
Name and address of the Data Protection Officer
Prof. Dr. Uwe Sonnewald
Division of Biochemistry , Department of Biology
Friedrich-Alexander-University Erlangen-Nuremberg
Staudtstr. 5
91058 Erlangen , Germany
General information on data processing
Scope of processing of personal data
We only process our users’ personal data to the extent necessary to provide services, content and a functional website. As a rule, personal data are only processed after the user gives their consent. An exception applies in those cases where it is impractical to obtain the user’s prior consent and the processing of such data is permitted by law.
Legal basis for the processing of personal data
Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for us to obtain the consent of a data subject for their personal data to be processed.
When processing personal data required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1) (b) GDPR forms the legal basis. This also applies if data has to be processed in order to carry out pre-contractual activities.
Art. 6 (1) (c) GDPR forms the legal basis if personal data has to be processed in order to fulfil a legal obligation on the part of our organisation.
Art. 6 (1) (d) GDPR forms the legal basis in the case that vital interests of the data subject or another natural person make the processing of personal data necessary.
If data processing is necessary in order to protect the legitimate interests of our organisation or of a third party and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the interests mentioned above, Art. 6 (1) (f) GDPR forms the legal basis for such data processing.
Deletion of data and storage period
The personal data of the data subject are deleted or blocked as soon as the reason for storing them ceases to exist. Storage beyond this time period may occur if provided for by European or national legislators in directives under Union legislation, laws or other regulations to which the data controller is subject. Such data are also blocked or deleted if a storage period prescribed by one of the above-named rules expires, unless further storage of the data is necessary for entering into or performing a contract.
Provision of the website and generation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user’s computer system.
In this context, the following data are collected:
- Address (URL) of the website from which the file was requested
- Name of the retrieved file
- Date and time of the request
- Data volume transmitted
- Access status (file transferred, file not found, etc.)
- Description of the type of web browser and/or operating system used
- Anonymised IP address of the requesting computer
The data stored are required exclusively for technical or statistical purposes; no comparison with other data or disclosure to third parties occurs, not even in part. The data are stored in our system’s log files. This is not the case for the user’s IP addresses or other data that make it possible to assign the data to a specific user: before data are stored, each dataset is anonymised by changing the IP address. These data are not stored together with other personal data .
Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO
Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage of such data in log files takes place in order to ensure the website’s functionality. These data also serve to help us optimise the website and ensure that our IT systems are secure. They are not evaluated for marketing purposes in this respect.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. If data have been collected for the purpose of providing the website, they are deleted at the end of the respective session.
If data are stored in log files, they are deleted at the latest after seven days. A longer storage period is possible. In this case, the users’ IP addresses are deleted or masked so that they can no longer be assigned to the client accessing the website.
Options for filing an objection or requesting removal
The collection of data for the purpose of providing the website and the storage of such data in log files is essential to the website’s operation. As a consequence, the user has no possibility to object.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in the user’s web browser or by the web browser on the user’s computer system. When a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a character string that allows the unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some parts of our website require that the requesting browser can also be identified after changing pages.
During this process, the following data are stored in the cookies and transmitted:
- Log-in information (only in the case of protected information that is made available exclusively to FAU members)
- Search preferences (from October 2018)
Technical measures are taken to pseudonymise user data collected in this way. This means that the data can no longer be assigned to the user. The data are not stored together with other personal data of the user.
When accessing our website, a banner informs users that cookies are used for analysis purposes and makes reference to this data protection policy. In connection with this, users are also instructed how they can block the storage of cookies in their browser settings.
Legal basis for data processing
he legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO
Purpose of data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content. We learn through the analysis cookies how the website is used and in this way can continuously optimise our web presence.
Storage period, options for filing an objection or requesting removal
As cookies are stored on the user’s computer and are transmitted from it to our website, users have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that not all of the website’s functions can be used in full.
Use of script libraries (Google Webfonts)
In order to render our content correctly and visually appealing across browsers, we use script libraries and font libraries on this website. For example, Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web fonts or prohibits access, content will be displayed in a standard font.
The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – but currently also unclear whether and if so for what purposes – that operators of such libraries collect data.
The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/
Use of Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors. For more information about Google’s data processing, please refer to the Google Privacy Notice. There you can also change your personal privacy settings in the privacy center.
For detailed instructions on how to manage your own data related to Google products, click here.
Contact form and contact by e-mail
Description and scope of data processing
Contact forms are available on our website that can be used to contact us electronically. If a user makes use of this possibility, the data they enter in the input form are transmitted to us and stored. The contact forms list and explain which data is required. The contact forms indicate if there are any deviations from or additions to the principles, purpose and duration of storage as presented here.
Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. e DSGVO i.V.m. Art. 4 and 5 BayDSG for the fulfillment of the tasks of § 5 TMG, Art. 3 para. 1 BayEGovG and § 2 BayBITV
If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
Purpose of data processing
The personal data from the input form are processed solely for the purpose of contacting the user. If the user contacts us by e-mail, this also constitutes our legitimate interests in processing the data.
All other personal data processed during the dispatch of an e-mail serve to prevent misuse of the contact form and to ensure that our IT systems are secure.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. This is the case for the personal data from the input template of the contact form and those data sent by e-mail when the respective conversation with the user has ended. The conversation is regarded to have ended when it can be seen from the circumstances that the subject matter in question has been conclusively settled.
Options for filing an objection
For reasons that arise from your particular situation, you may also object to the processing of personal data relating to us by us at any time (Art. 21 GDPR). If the legal requirements are met, we will no longer process your personal data in the following.
Obligation to provide
Insofar as the personal data required for the performance of the contract is not specified, this is not possible for us.
Registration forms
Description and scope of data processing
You can register for seminars, events and courses via the forms available on our website. When you register, the data from the input form are transmitted to us.
In the course of the registration process, we request your consent for the processing of your personal data and draw your attention to this data protection policy.
No data are disclosed to third parties in connection with the data processing required for this purpose. Data are used exclusively for administration purposes related to seminars, courses and events.
Legal basis for data processing
Once the user has issued their consent, the legal basis for data processing following the user’s registration for a seminar, course or event is Art. 6 (1) (a) GDPR.
Purpose of data processing
The processing of personal data from the input form is solely for the purpose of allowing us to process the user’s registration for a seminar, course or event. If the user contacts us by e-mail, this also constitutes our legitimate interests in processing the data.
All other personal data processed during the dispatch of an e-mail serve to prevent misuse of the contact form and to ensure that our IT systems are secure.
Storage period
Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected.
Options for filing an objection or requesting removal
The user can withdraw their consent for the processing of their personal data at any time. If the user contacts us by email, they may withdraw their consent for the storage of their personal data at any time. In such cases, the conversation cannot continue
and all personal data which were stored when contact was made are deleted.
SSL encryption
Our website uses SSL encryption for security reasons and to protect the transmission of confidential information, for example enquiries you send to us as operators of the website. You can recognise an encrypted connection when the browser’s address line changes from http:// to https:// and a padlock appears in your web browser.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Cloudflare
We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
Cloudflare offers a globally distributed content delivery network with DNS. The information transfer between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare can also use cookies or other technologies to recognize Internet users, which are only used for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 Para. 1 lit. f GDPR).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.
For more information about security and privacy at Cloudflare, see: https://www.cloudflare.com/privacypolicy/
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies and does not carry out any independent analyses. It is only used for the administration and display of the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies”. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Wordfence
This site uses the WORDFENCE security plugin to protect the website from hacker attacks etc. Provider is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104. The provided GDPR-compliant data processing agreement has been concluded. WORDFENCE currently uses three cookies and below is an explanation of what each cookie does, who set the cookie and why the cookie helps protect the site. wfwaf-authcookie-(hash) What it does: This cookie is used by the WORDFENCE firewall to perform a skill check on the current user before loading WordPress. Who receives this cookie: This cookie is only set for users who are able to log into WordPress. How this cookie helps: With this cookie, the WORDFENCE firewall recognizes logged-in users and allows them increased access. WORDFENCE can also recognize users who are not logged in and restrict their access to secure areas. The cookie tells the firewall what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block. wf_loginalerted_ (hash) What it does: This cookie is used to notify the WORDFENCE admin when an admin logs in from a new device or location. Who receives this cookie: This cookie is only set for administrators. How this cookie helps: This cookie helps website operators to know if an admin login has occurred from a new device or location. What it does: WORDFENCE offers a site visitor the ability to bypass country blocking by accessing a hidden URL. This cookie can be used to track who is allowed to bypass the country block. Who receives this cookie: When a hidden url defined by the site administrator is accessed, this cookie is used to verify that the user can access the site from a country restricted by the country lockdown. This will be set for anyone who knows the URL that allows bypassing the default country blocking. This cookie is not set for someone who doesn’t know the hidden URL to bypass country blocking. How this cookie helps: This cookie gives website owners the ability to allow specific users to blocked countries even though their country has been blocked. More information on handling user data can be found in DEFIANT’s data protection declaration: https://www.wordfence.com/privacy-policy/.
Rights of the data subject
With regard to the processing of your personal data, you as a data subject are entitled to the following rights pursuant to Art. 15 et seq. GDPR:
- You can request information as to whether we process your personal data. If this is the case, you have the right to information about this personal data as well as further information in connection with the processing (Art. 15 GDPR). Please note that this right of access may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
- In the event that personal data about you is (no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).
- If the legal requirements are met, you can demand that your personal data be erased (Art. 17 GDPR) or that the processing of this data be restricted (Art. 18 DSGVO). However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply, inter alia, if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or in the exercise of official authority vested (Art. 17 para. 3 letter b GDPR).
- If you have given your consent to the processing, you have the right to withdrawal it at any time. The withdrawal will only take effect in the future; this means that the withdrawal does not affect the lawfulness of the processing operations carried out on the basis of the consent up to the withdrawal.
- For reasons arising from your particular situation, you may also object to the processing of your personal data by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Insofar as you have consented to the processing of your personal data or have agreed to the performance of the contract and the data processing is carried out automated , you may be entitled to data portability (Art. 20 GDPR).
- You have the right to lodge a complaint to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The responsible supervisory authority for Bavarian public authorities is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 Munich.