Technische Universität Berlin

Data Privacy Statement

Thank you for your interest in the Technische Universität Berlin (TU Berlin) website. The protection of the personal data of visitors to the TU Berlin website is very important to us. We therefore would like to inform you about data privacy for websites under *.tu.berlin.

Subject of data privacy

Data privacy addresses issues concerning personal data. According to Article 4 no. 1 of the General Data Protection Regulation (GDPR), these are data referring to an identified or identifiable individual, in other words all data which could be used to identify you. This applies to data such as your name, private address, email address, and telephone number but also to usage data such as your IP address.

As a matter of course Technische Universität Berlin observes the legal requirements of data privacy and other applicable regulations.

We are committed to ensuring that you can trust us concerning your personal data. For this reason transfers of personal or sensitive data are encrypted. In addition, our websites are protected by technical measures against damage or unauthorized access.

General data privacy

  1. When you visit the TU Berlin website or download data from its web pages, the following information is saved in a log file:
    - IP address of yor device,
    - the date and time you accessed the site,
    - the web page you visited or name of the downloaded file,
    - the amount of transferred data,
    - the “user agent-string” of your web browser,
    - the website from which you were referred to the current web page or file and
    - a status notification of successful or unsuccessful access.
    Non-depersonalized data will be deleted after two weeks and will not be stored. This data will only be used for non-commercial purposes: It will only be reviewed manually if necessary for error analysis, optimization or investigation of misuse or performance issues.
    This represents a legitimate interest within the meaning of Art. 6 (1) lit. f EU-DSGVO. A right of objection according to Art. 21 EU-DSGVO is not possible due to lack of technical feasibility.
  2. In order to protect your transmitted data as best as possible, we use SSL encryption for any data transmission. You can recognize such encrypted connections by the prefix "https://" in the page link in the address line or by the green/closed lock symbol of your browser. Unencrypted pages are marked by "http://" or an open or red lock symbol.
    All data that you transmit to this website - for example when making inquiries or logging in - cannot be read by third parties thanks to SSL encryption..
  3. Cookies are often additionally used for data collection and storage. Cookies are small data packets consisting of text that are stored by your web browser when you call up a website.
    Cookies are used by us to enable you to make optimal use of the websites. They are never used to track personal user actions or for behavioral analysis. They are only used where they are technically necessary or more useful than other techniques (in the sense of Art. 6 para. 1 lit. f EU-DSGVO): to record your login status, your consent to the display of external content (opt-in) and your deactivation of cookie-less Matomo tracking (opt-out). As a result, the use of the websites is mainly possible without the use of cookies. However, for functions or pages that require a login or password, cookies are technically necessary.
    We use temporary and permanent cookies. Temporary cookies (also known as session cookies) are automatically deleted when you close your web browser. Permanent cookies, on the other hand, have a set lifetime. You can set your web browser to delete cookies that have already been placed.

Overview of our used cookies

NamePurposeDomainDuration
be_lastLoginProvideris used to store information about the last login provider when logging into the TYPO3 backendredaktion.tu.berlin90 days
be_typo_userused to identify a backend session when a backend user logs into the TYPO3 backend or frontendredaktion.tu.berlinSESSION
MATOMO_SESSIDis used to process manual opt-out from Matomo tracking or opt-in again via this pagestats.tu-berlin.deSESSION
piwik_ignoreis used to remember the disabling of Matomo trackingstats.tu-berlin.de3 years
extcontent_optin_facebookUsed to identify that a user allows content from Facebookwww.tu.berlinSESSION
extcontent_optin_instagramis used to identify that a user allows content from Instagramwww.tu.berlinSESSION
extcontent_optin_twitteris used to identify that a user allows content from Twitterwww.tu.berlinSESSION
fe_typo_useris used to identify a session ID when a user logs in to the TYPO3 frontendwww.tu.berlinSESSION
libraryh3lp_consentis used to decide whether a popup indicating the chat will appear on a web page with chat enabledwww.tu.berlinSESSION
PHPSESSIDis used to remember access to protected pageswww.tu.berlinSESSION
shibfeauth_typo_useris used to remember if there is a frontend session over Shibbolethwww.tu.berlinSESSION
_shibsession_{HASH}is used to identify the login via Shibbolethwww.tu.berlinSESSION

Contact persons for general data privacy issues

Annette Hiller, Alexander Hoffmeier, Mattis Neiling

Data Protection Team

info@datenschutz.tu-berlin.de

+49 30 314-21784, -29595, -28973

Responsible persons of the TU Berlin

Please refer to our imprint for general responsibilities.

Scope of data collection and storage

For information about how we handle personal traffic data, please refer to the “General data policy” section and the section on “Usage data”.

The active communication of your personal data is not required for the use of our websites - in order for TU Berlin to fulfill its service mandate, however, we require personal data in individual cases, the processing of which is carried out in accordance with Art. 6 (1) lit. a EU-DSGVO. This applies in particular to answering individual e-mail inquiries or ordering special services.
If you commission us to provide a service, we will generally only collect and store your personal data to the extent necessary for the provision of the service.

In exceptional cases, e.g. in the context of event registrations, you will be asked whether your data may be stored for the purpose of providing information on similar events that go beyond pure event management. In this case, your consent is voluntary; refusal will not result in any disadvantages for you.
At the TU Berlin, mailing lists are used as an instrument for the targeted distribution of information. If you have subscribed to one of our mailing lists with your e-mail address or have given your consent for this, we will use your e-mail address to inform you about important and new information until you unsubscribe or are removed from the list.

You can revoke your consent at any time and without giving reasons and request the deletion of your data. You can request the latter by sending an e-mail to the institution holding the data.

Collection and storage of usage data

Log data

To optimize our website, we store data such as the IP address of your device, the page accessed, the date and time of the page access, the page from which you accessed our site. 
This data is held for error handling and to detect misuse attempts, automatically deleted after two weeks and not archived; permanent storage is excluded. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO. A right of objection according to Art. 21 EU-DSGVO is not possible due to lack of technical feasibility.

Chat

A chat reference service is used on selected pages at https://www.tu.berlin/ub. This is based on the LibraryH3lp service. The chat requests are transmitted to servers within the EU and thus in the spatial application area of the EU-DSVGO and logged there for quality assurance. The personal data contained therein (i.e. the IP address of your terminal device) is automatically anonymized on a daily basis. 
A data transmission takes place only with your consent by your active start of the chat in terms of Art. 6 para. 1 lit. a EU-DSGVO. When starting a chat, a session cookie is set, which is used to decide whether the hint popup for the chat is activated or not.

The logs of chat requests are deleted once a day by the University Library (UB). If your request cannot be answered, it will be forwarded via internal mail to other members of the chat team only in consultation with you.

Chat

Auf ausgewählten Seiten unter www.tu.berlin/ub/ wird ein Chat-Auskunftsdienst eingesetzt. Dieser basiert auf dem Angebot von LibraryH3lp. Die Chat-Anfragen werden an Server innerhalb der EU und damit im räumlichen Anwendungsraum der EU-DSVGO übertragen und dort zur Qualitätssicherung protokolliert. Die darin enthaltenen persönlichen Daten (d.h. die IP-Adresse Ihres Endgerätes) werden täglich automatisch anonymisiert. 
Eine Datenübertragung erfolgt erst mit Ihrer Zustimmung durch Ihren aktiven Start des Chats im Sinne von Art. 6 Abs. 1 lit. a EU-DSGVO. Beim Start eines Chats wird ein Session Cookie gesetzt, der dazu dient, zu entscheiden, ob der Hinweis-Popup zum Chat aktiviert ist oder nicht.

Die Protokolle der Chat-Anfragen werden einmal täglich von der Universitätsbibliothek (UB) gelöscht. Falls Ihre Anfrage nicht beantwortet werden kann, erfolgt eine Weiterleitung per interner Mail an andere Mitglieder des Chat-Teams nur in Rücksprache mit Ihnen.

Contact forms

The data you send us via contact form, including your contact details, will be stored so that we can process your request or ask follow-up questions. This data will not be passed on to third parties without your consent.

The processing of the data entered in the contact form is based exclusively on your consent (Article 6 paragraph 1 lit. a EU-GDPR). A revocation of your already given consent is possible at any time. For the revocation, an informal notification by e-mail to the institution providing the respective contact form is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with the institution contacted until there is no longer any need to store the data, you request us to delete it or revoke your consent to storage. Mandatory legal provisions - in particular retention periods - remain unaffected.

Matomo

Some websites additionally use the web analytics application Matomo (see www.matomo.org) to anonymously collect web statistics, based on the qualified interest of TU Berlin in the statistical analysis of user behavior for optimization and marketing purposes according to Art. 6 (1) lit. f GDPR. We use our own Matomo installation hosted on servers at TU Berlin following the recommendations of the "Unabhängiges Landeszentrum für Datenschutz” (ULD) Schleswig Holstein (Independent Center for Privcy Protection):
- Your data will be de-personalized directly upon visiting a web page,
- Matomo does not use cookies for tracking and instead works only on the basis of the de-personalized IPs and website visit.
- In addition to the web pages and files accessed, it saves information about your operating system, browser, browser plugins (e.g. whether flashplayer is available), screen resolution, your approximate location (e.g. "Berlin", but not your concrete address) and the duration of your visit.

If you have selected the “Do not track” option in your browser, Matomo will neither save nor process any information about your visit.

However, if you have not selected the “Do not track” option and do not consent to the storage and analysis of your data collected by Matomo, you can opt out. Below is a special iFrame, which is linked to our Matomo system and offers you the option to opt out from tracking. By checking the box to deactivate Matomo, an opt out cookie is placed in your browser thus disabling further data collection.
Please note that if you delete all of your cookies you must opt out again.

Matomo Tracking-Opt-Out

Nice URL Service with YOURLS

In order to be able to promote central topics via a short, concise and easily remembered URL, the open source software YOURLS (YOURLS: Your Own URL Shortener) is used. This service is accessible at go.tu.berlin and redirects a specific path in this namespace to a related web page at https://www.tu.berlin/ .

The paths are managed centrally by the press office in a non-public admin interface . 
Click statistics are also available here, based on the URL called up at go.tu.berlin, the pseudonymized client IP, the web page previously visited in each case, and the time of the request. 
In addition to the pure number of requests to a URL in a selected time window, an overview of the distribution of requests to the countries of the pseudonymized client IPs and an overview of the top referer websites are also available.
Personal user data is neither collected nor processed.

OpenStreetMap (OSM)

Some of our web pages use a plugin to integrate maps. For this purpose, we use the “OpenStreetMap” (OSM) tool
provided by the OpenStreetMap Foundation. When visiting a page with the embedded OSM plugin, a connection to the OpenStreetMap servers is established. The operators of OpenStreetMap receive information about which page with the OSM map you are currently viewing as well as your IP address. As the operator of https://www.tu.berlin/, TU Berlin does not have any influence on this data transmission.

We use OpenStreetMap to make our website more attractive to users and enable them to more easily find the offices and places listed on our web pages. This is lawful under Article 6 paragraph 1 lit. f EU-GDPR.

Specific details about how user data are handled are available on OpenStreetMap’s privacy page.

Social media content

We incorporate social media content in our web pages which is pulled from the servers of the respective third-party provider (Facebook, Instagram, Twitter - see third-party social media providers further below). This content may include graphics, videos, or social media buttons as well as posts relating to TU Berlin.

We request your consent to show you individual content from any of the providers named above before any data is transferred. Your consent forms the legal basis for processing your data. If this is granted by you, this forms the legal basis for processing your data (within the meaning of Art. 6 para. 1 lit. a EU-GDPR). The technical foundation for processing your declaration of consent is a cookie stored upon consent which you can delete at any time.

The display of embedded content from third-party providers requires that these providers process the IP address of your device, as they cannot send their content to your web browser without it. The processing of your IP address is therefore absolutely necessary for the presentation of these contents or functions.
We strive to only use content whose provider only uses the IP address to deliver content.

In addition: Third-party providers may use pixel tags (invisible graphics, also referred to as web beacons) for statistical or marketing purposes. Pixel tags enable information such as visitor traffic to our web pages to be analyzed. The pseudoynmous information may also be stored in the form of cookies on the user’s device and contain other technical information about the browser and operating system, linked websites, time of visit, and other information about the use of our website as well as linked to such information from other sources.

Social media links

On our web pages we link to TU Berlin accounts or profiles on social media networks of the third-party providers listed below. We also offer the option to share our website content on the social media networks of the third-party providers listed below. The social media account is embedded via a share button for the respective network, preventing a connection from automatically being established to the respective server of the social network when visiting any of our web pages with such linked social media content, for instance in order to display a post on the respective network itself. Only by your active click on the corresponding graphic you will be directed to the service of the respective social network. The legal basis is Art. 6 para. 1 lit. a EU-GDPR).

Information about you is then collected by the respective network. Initially this includes data such as your IP address, the date, time, and page visited. We do not know if or how this data is processed in the USA.
If you are signed in to your user account with the respective social network, the network provider is able to attribute the collected information about your visit to your personal account. If you interact via the respective network’s “share” button, this information may be saved to your user account and published. If you would like to prevent the collected information from being directly associated with your user account, you must first sign out before clicking the button. You also have the option of configuring your user account accordingly.

Third-party social media providers

facebook
Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA
Data policy: https://en-gb.facebook.com/policy.php
Opt-out settings for ads: https://en-gb.facebook.com/settings?tab=ads

Instagram
Instagram of Instagram LLC, now Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data policy: https://help.instagram.com/155833707900388

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of the LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy

twitter
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Privacy policy: https://twitter.com/en/privacy

xing
XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en 

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy policy: https://policies.google.com/privacy/?hl=en

Vimeo

To share video content, our website uses plugins from the Vimeo video sharing platform, a service provided by Vimeo LLC, 555 West 18th Street, New York, New York 10011.

When a page with an integrated Vimeo plugin is called up, a connection to the Vimeo servers is not immediately established. Instead, a local image ("thumbnail") is loaded to announce the video and refers to Vimeo as a third-party provider. Users must actively start the Vimeo video. Only then does Vimeo learn the IP address of your end device and the page with Vimeo video that you have just called up, even if you are not logged into the video portal or do not have an account there.
The information collected by Vimeo is transmitted to servers of the video portal in the USA.

If you are signed into your Vimeo account, Vimeo will be able to store this information in your user account. You can prevent this by first signing out of your Vimeo account.

The use of Vimeo takes place only with your consent through your active start of the video within the meaning of Article 6 paragraph 1 lit. a GDPR.

Specific details about how user data are handled are available on Vimeo’s privacy page: https://vimeo.com/privacy

YouTube

To share video content, our website uses plugins for YouTube videos from the video sharing platform operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When a page with an integrated YouTube plugin is called up, a connection to YouTube's servers is not immediately established. Instead, a local image ("thumbnail") is loaded to announce the video and refer to YouTube as a third-party provider. Users must actively start the YouTube video. Only then does YouTube learn the IP address of your end device and the page with the YouTube video that you have just called up, even if you are not logged into the video portal or do not have an account there.

If you are signed into your YouTube account, YoutTube will be able to store this information in your user account. You can prevent this by first signing out of your YouTube account.

The use of YouTube takes place only with your consent by your active start of the video within the meaning of Article 6 paragraph 1 lit. a GDPR.

Specific details about how user data are handled are available on YouTube’s privacy page: https://www.google.de/intl/de/policies/privacy

Storage location and data usage for a specific purpose

We collect, process and store your personal data exclusively internally (usually in the computer center of the TU Berlin) only for the purpose for which you have communicated it to us and thus observe the principle of purpose-bound data use. Your personal data will not be passed on to third parties without your express consent, unless this is necessary for the provision of the service or the execution of the contract. The transfer to state institutions and authorities requesting information will also only take place within the framework of the legal obligations to provide information or if we are obliged to provide information by a court decision.

We also take the University's internal data protection very seriously. Our employees and contracted service providers are bound to confidentiality and compliance with data protection law.

Right to information

You can obtain information about the data we have stored about you free of charge at any time without having to give a reason. For this purpose, please contact us at the address given in the imprint. We will be happy to answer any further questions you may have about our privacy policy.

In addition, you have the right to correct, delete, restrict and transfer your data.

You also have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6 paragraph 1 lit. e and f EU-GDPR. Thereafter, the institution responsible may no longer process the personal data concerning you, unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right of complaint

If you recognize any indications that we are not handling your data in a data protection-compliant manner, you can contact the Data Protection Team at Technische Universität Berlin or the supervisory authority at any time.

Of course, you also have the right to contact the supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219 / visitor entrance via Puttkamerstr. 16 -18
10969 Berlin Phone: +49 30 13889-0
Fax: +49 30 2155050
Email:

Final information

Please note that data privacy regulations and handling of data privacy are subject to change requiring you to regularly inform yourself about changes of data privacy laws and company policies.

This data privacy statement only applies for content of the domain *.tu.berlin and does not include the linked websites of secondary or external web servers.
For links to third-party applications and systems, such as the TU Berlin event calendar, the privacy policy of the respective site applies.