Data Privacy Statement of the University of the Bundeswehr Munich

With this Data Privacy Statement, the University of the Bundeswehr Munich complies with its obligation to inform the users of the university’s website and other online services about how, to what extent, and for what purposes data is processed.


Further chapters address the following specific processing tasks:


Data processing is subject to the applicable provisions of data protection law, in particular the EU General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG) (Federal Data Protection Act (FDPA)). In the following, we will be informing you about how, to what extent, and for what purpose personal data is collected and used.

How do we collect your data?

One way we collect your data is by processing the information you send us. This can be data that you include in a contact form or send to us in an e-mail, for example. Other data is collected automatically by our IT systems when you visit our website. This is mainly technical data (e.g. web browser, operating system, or time of page view). This data is collected automatically and is for the most part technically necessary to provide our services as soon as you visit our website (see chapter on "Logging and technical processing of the website/web services").

The following is a list of the purposes for which your data is processed:

  • to provide our online services, e.g.
    • homepage
    • internal area (in-house)
    • AtheneForschung
    • surveys (SoSci Survey)
    • video conference (BBB & Jitsi)
  • for logging/security measures (metadata, communication and procedural data, and usage data (e.g. cookies))
  • to manage and answer contact requests and for other communication purposes
  • to process applications/application procedures
  • for your participation in surveys/studies
  • for your participation in events/information on filming and photographing
  • for (external) data exchange (TeamDrive).

What rights do you have with regard to your data?

You are entitled to receive information free of charge at any time about the source and recipients of your stored personal data and about the purpose of storing it. You also have the right to ask for this data to be corrected, blocked or deleted. If you have any questions about your rights or about any other matters concerning data protection, you can contact us at any time at the address specified in the site notice. You are also entitled to lodge a complaint with the competent supervisory authority for the University of the Bundeswehr Munich. Many data processing procedures are only possible with your explicit consent. You have the right to withdraw your consent at any time. Informal notification of this can be sent to us by e-mail. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If we as a public entity should process your data to perform a task assigned to us or to exercise official authority invested in it (Section 3 FDPA in conjunction with Article 6 (1) (e) and Article 6 (3) (b) GDPR), you have the right, for reasons arising from your special situation, to lodge an objection at any time to the processing of your personal data.


Contact details

The controller’s contact details as specified in the General Data Protection Regulation and those of the data protection commissioner, the administrative data protection commissioner and the supervisory body of the University of the Bundeswehr Munich can be found in the site notice.

Alternatively, you can send an email to datenschutz@unibw.de.


Logging and technical processing of the website/web services

As soon as you call up our services to register/log on or generally while you are using the website, a connection is established with our relevant web servers on which the respective services are operated. Certain data are processed in accordance with the HTTP and TCP/IP protocol to enable your terminal’s browser to display the website. These data include

  • IP address,
  • visited site (from which the file was requested),
  • name of downloaded file,
  • date and time of request,
  • amount of data transmitted,
  • access status, i.e. a message to inform whether access/download was successful,
  • description of the type of web browser used,
  • recognition data of the browser and operating system used (if transmitted by the requesting web browser),
  • website from which access was made (if transmitted by the requesting web browser).

Each time the website is called up, some of these data are stored in logs. We process these data for server maintenance and (IT) security purposes. In addition, the data are aggregated or anonymized and used to improve the information provided by the University of the Bundeswehr Munich (e.g. usage statistics). The log data are entirely deleted within 14 days (exception: from 21 December to 21 January, a one-month data protocolling process takes place; to gather information relating to cyber crime, the security management team of the University of the Bundeswehr Munich reserves the right in certain cases to keep log files beyond this period for analysis purposes (e.g. Quick-Freeze)). The data will not be used for any other purposes and will not be disclosed to third parties.

The data collected is processed as follows:

  • The log entries are continuously analyzed automatically (IT security systems) to detect attacks on the web server and to be able to react accordingly.
  • In individual cases, i.e. with reported errors, faults and security incidents, the entries are analyzed manually.

JavaScript

This website uses JavaScript. You can deactivate this function by adjusting your browser settings. This could, however, limit our website’s scope of functions.

Cookies

As a basic principle, the website of the University of the Bundeswehr Munich does not use cookies that are technically unnecessary or functionally unwanted.

Some services offered by the University of the Bundeswehr Munich (e.g. SoSci Survey) use cookies to provide core functions or to ensure IT security (e.g. prevention of CSRF attacks). Amongst other things, these cookies enable the web service to recognize your browser and, provided you have a registered account, to link it with that account. All these cookies are technically necessary to enable the services to be used (easily and in line with expectations) (Section 25 (2) (2) TTDSG (New German Telecommunications-Telemedia Data Protection Act)).


Handling requests and contacts

If you contact the University of the Bundeswehr Munich with the options provided (e.g. contact form, e-mail, social media), your information is stored for a maximum period of six months provided you have given consent (Article 6 (1) (a), GDPR). These data are only used to process and answer your request or your case and if there are ensuing questions. If you use the website’s contact form, the data entered on the form is forwarded to us via the mail system. (Your database is not stored). These data are: First name, surname, e-mail address (mandatory), telephone number, message (mandatory). The date and time are also automatically recorded when the message is sent. These personal data are not forwarded to third parties without your explicit consent.

In addition to employees’ personal work e-mail addresses and various functional mailboxes, the central e-mail address of the University of the Bundeswehr Munich (info@unibw.de) can also be used to establish contact.

You have the right to revoke your consent to the processing of your personal data at any time. In such a case, the conversation cannot be continued. All personal data stored as part of the process of establishing contact are in this case deleted provided there are no other legal deadlines. To accelerate the revocation process, please quote the DATAV-V no. 10063425.

The personal data sent to the central address and stored in the organizational element responsible for central message distribution are deleted a week after they have been forwarded to the responsible organizational elements. In the organisational elements, the data provided by you (e.g. surname, first name, address) – or at least the e-mail address and the information in the e-mail (including any personal data provided by you) – will be stored and processed for the purpose of establishing contact and handling your request. If you use your own e-mail client, no personal data will be stored on the homepage.

If we receive a message from you by e-mail, we will assume that you would like to receive a response to your request also by e-mail. The data in the message and the e-mail address are then used for correspondence purposes or in order to process your case with you. If you wish to receive a response by post, please inform us and provide your address.

Security information with regard to e-mail communication

The University of the Bundeswehr Munich would like to point out to you that although it aims at providing full data security, this cannot be fully guaranteed with e-mail communication. To send confidential information via e-mail, please ask the recipient beforehand about the possibility of encrypting the data. Alternatively, you can send confidential information by post.

We use filters to protect against unwanted advertisements (SPAM filter). In rare cases, these filters automatically but wrongly categorize normal e-mails as unwanted advertisements and sometimes refuse to deliver them. We always delete e-mails that contain harmful programs (viruses etc.).


Data protection regarding job applications and the application process

Personal data handled as part of the application procedure are processed for the purpose of reaching a decision on whether to establish an employment relationship.

We only process data that are related to your application. These can be general personal data (name, address, contact details etc.), information about your professional qualifications and school education, information on vocational training, and any other data you might send to us in connection with your application, e.g. by mail or by post, or information gathered during the interview.

Legal basis for processing data

For employees – Article 88 GDPR in conjunction with Section 26 (1) FDPA; for civil servants Section 106 BBG (Federal Civil Servants Act).

Recipients or categories of recipients of personal data

As part of the application procedure, data are processed by the offices responsible at the University of the Bundeswehr Munich for processing applications. If necessary to process the case, your data are forwarded within the Bundeswehr to the offices that are to be involved in the application and selection procedure.

Storage period

We store your personal data for as long as is necessary to reach a decision about your application. Your personal data or application documents are deleted at the latest six months after the application procedure has been completed (e.g. after you have been informed that you have not been successful). In addition, we only store your personal data insofar as is required by law or as is necessary in a specific case to enforce, exercise, or defend legal rights (e.g. Section 15 (4) of the Allgemeines Gleichbehandlungsgesetz (AGG) (General Act on Equal Treatment) for the duration of a legal dispute. If you have given your consent for your personal data to be stored for a longer period, we store these data in accordance with your declaration of consent (Article 6 (1) (a) GDPR).

If the application procedure leads to an employment relationship, training relationship or a placement relationship between you and us, we can, in accordance with Article 88 GDPR in conjunction with Section 26 FDPA or Section 106 Federal Civil Servants Act, further process the personal data we have already received from you for employment relationship purposes (e.g. for your personal records) insofar as is necessary to carry out or end the employment relationship or to exercise or fulfil rights and duties relating to employee representation of interests laid down in a law or collective labor contract or a company or work agreement (collective agreement). Your data is only forwarded to offices outside the Bundeswehr as part of legal obligations (e.g. tax law, social security law, collective labor agreement, company or work agreement (collective agreement)).


Participation in surveys/studies

Data privacy information provided in almost all surveys/studies mainly relate to the purposes of data collection for the survey/study in question.

For empirical surveys, for example, the University of the Bundeswehr Munich offers the software “SosciSurvey” (https://survey.unibw.de). This system also collects log data (see chapter on "Logging and technical processing of the website/web services").

Unless it is possible to participate in them anonymously from the outset, most scientific surveys and studies require your prior consent (legal basis: Article 6 (1) (a) EU-GDPR in conjunction with Article 89 (1) GDPR, and with certain categories of personal data: Article 6 (1) (a), Article 9 (2) (a) GDPR in conjunction with Article 89 (1 and 2) GDPR, Section 27 (3 and 4) FDPA).

Your consent is voluntary and there are no disadvantages if you do not give your consent (in which case it will, as a rule, not be possible for you to participate in a survey/study) or subsequently revoke your consent.

If you have any questions relating to data protection law about a survey/study, please contact the director of studies or the data protection commissioner of the University of the Bundeswehr Munich (for contact details, see site notice), specifying the name of the study (and, if applicable, a corresponding DATAV-V no.).


Participation in events/information on film recordings and photographs

The University of the Bundeswehr Munich provides the option of organizing events via our Event Management System (https://events.unibw.de).

The data you enter in the registration portal are usually processed so that you can take part.

In the case of paid events, personal data are processed (legal basis: Article 6 (1) (b) GDPR)) to check invoicing needs, produce a nameplate for the event, and, if necessary, forward your first name and surname to the guard personnel to ensure you are allowed onto the event premises. If the event is free of charge, your data is only processed with your consent (legal basis: Article 6 (1) (a)).

If an invoice is issued, your invoice data – unless specified otherwise – is forwarded to our legally independent data processing institute ITIS e.V. at the University of the Bundeswehr Munich.

At many events, film and possibly audio recordings are made and photographs are taken. It cannot be ruled out that you might be identified on the recordings, either directly or indirectly. As a rule, the recordings are needed for public relations activities at the University of the Bundeswehr Munich (legal basis Article 6 (1) (1) (e), (2) and (3) GDPR in conjunction with Section 3 FDPA).

If you do not wish to be photographed or filmed, you can speak to the photographers themselves. Any photographs that are not used after the event are immediately deleted.


Using TeamDrive – (external) data exchange service

A joint workspace (referred to as Space) installed on the university’s TeamDrive server can also be made available to external users.

A Space is a data facility (a monitored folder with contents). TeamDrive synchronizes the Space content and all changes made in it with the Space members’ client installations (terminals). Before users leave the client, all data (new data or changes) are stored in highly encrypted and encrypted form in the Cloud of the University of the Bundeswehr Munich. Space members’ authorized clients (also as external user via the web client) download the encrypted data and decode them with the keys to which only members of a Space have access. All encryption and synchronization processes work fully automatically.

Our TeamDrive web client uses functional cookies (see explanation of cookies in the chapter on “Logging and technical processing of the website/web services”).

You can find further information on technical functionality here: https://privacy.teamdrive.net/en/


Further legal requirements

As the provider of electronic services, the University of the Bundeswehr Munich is subject to the principle of data reduction and data economy. This is why, in most cases, we do not collect any personal data or collect as little personal data as possible. In cases where our software does collect personal data, we delete the data automatically within a short period.

(1) Liability for content

As provider, we are, in accordance with Section 7 (1) of the German Act on Telemedia (from 17 February 2024: Article 4, Digital Services Act (DSA))  responsible for some of the content of our services in compliance with the general laws. However, in accordance with Sections 8 to 10 TMG (German Act on Telemedia) (from 17 February 2024: Articles 4-6 and 8 DSA), we as service provider are not responsible for monitoring third party information that has been sent or stored nor are we responsible for investigating circumstances that suggest illegal activity. Commitments to remove or block the use of information in accordance with the general laws remain unaffected. However, any liability to this effect is only possible from the moment a concrete violation of the law is established. If we become aware of such violations of the law, we will take appropriate action immediately.

(2) Liability for links

This homepage and some services contain links to external websites, on whose content we have no influence. We therefore cannot assume liability for this third-party content. Responsibility for any linked content always lies with the respective provider or operator of the sites. Without clear evidence to indicate a violation of the law, it cannot reasonably be required for the linked pages to be permanently monitored. If we become aware of any violations of the law, we will take appropriate action immediately.

(3) Copyright

The content compiled here by the University of the Bundeswehr Munich is subject to German copyright law. As a rule, reproduction, editing, distribution and any form of utilization outside the limits of copyright law require the written consent of the respective author or creator. Content may only be downloaded or copied for private non-commercial purposes. If you become aware of a copyright violation, please inform us. If you become aware of any violations of the law, we will take appropriate action immediately regarding such content.


Updating of data protection regulations

We reserve the right to occasionally update our data protection regulations to ensure that they always comply with the current legal requirements and to implement modifications on our website in the Data Protection Declaration. We advise you to check these data protection regulations on a regular basis in order to stay up-to-date about the protection of personal data collected by us. By continuing to use the service, you declare that you agree to these data protection regulations and any updates thereof.