Privacy Policy

Information on the Collection of Personal Data

Personal data are all data that can be related to you personally, such as name, address, email addresses, and user behavior (information referring to an identifiable natural person (Art. 4, No. 1 of the EU General Data Protection Regulation (GDPR))).

Controller according to Art. 4, par. 7 GDPR is the Acting President of KIT, Prof. Dr. Oliver Kraft, Kaiserstrasse 12, 76131 Karlsruhe, Germany, info∂kit edu (see Legals). Our Data Protection Commissioner can be contacted at datenschutzbeauftragter∂kit edu or by ordinary mail with “Die Datenschutzbeauftragte” (the data protection commissioner) being indicated on the envelope.

When you contact us by electronic mail or via a contact form, the data given by you (your email address and, if applicable, your name and your phone number) will be stored by us to answer your questions. The data arising in this connection will be erased as soon as storage will no longer be required or processing will be restricted, if legal obligations to retain the data exist.

We would like you to note that internet-based data transmission (e.g. when communicating by electronic mail) may have security gaps. Absolute protection of data against access by third parties may not be guaranteed.

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the graduate school on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

Your Rights

As far as your personal data stored by us are concerned, you have the following rights:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to data processing
- Right to data portability
(2) In addition, you have the right to complain about the processing of your personal data by us with a supervisory authority.
(3) In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).
(4) In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).

Hosting

This Website is hosted as a GitHub Pages website.

Collection of Personal Data

When you visit our website, the web server, which is the computer on which this website is stored, usually automatically stores data such as
- the complete internet address (URL) of the website you are visiting
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and IP address of the device from which access is being made
- the date and time
in web server log files.

As a rule, the above data is stored for a two-week period and then automatically deleted. We do not have direct access to this data and thus do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful behaviour.

Hosting with GitHub Pages

We use the web hosting service GitHub Pages for our website. The service provider is the American company GitHub Inc., 88 Colin P. Kelly Jr. St., San Francisco, CA 94107, USA.

GitHub also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of the data processing.

GitHub uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, GitHub undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The GitHub Data Processing Terms, which correspond to the standard contractual clauses, can be found at https://docs.github.com/en/site-policy/privacy-policies/github-data-protection-agreement. You can find out more about the data processed through the use of GitHub in the Privacy Policy at https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.

All texts within this section are protected by copyright. Source: Created with the data protection generator from AdSimple.

SSL Encryption

For reasons of security and for the protection of the transmission of confidential contents, such as inquiries sent to us as website operator, this website uses SSL encryption. In case of an encrypted connection, the address line of the browser changes from http:// to https:// and the lock symbol is indicated in your browser line. When SSL encryption is activated, third parties cannot read the data you transmit to us as a rule. You can find more information on the SSL encryption provided by GitHub pages on https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https

Legal information

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary. to be able to pursue attacks and claims from this.

In principle, an order processing contract must be concluded with the hoster. The Bavarian State Office for Data Protection Supervision has made an exception for the hosting of purely static websites. In the event that the website serves the purpose of self-expression, e.g. of associations or small businesses, no personal data flows to the operator and no tracking takes place, there is no commissioned processing. It goes on to say: "The fact that IP addresses, i.e. personal data, must inevitably be processed even when hosting static websites does not lead to the assumption of commissioned processing. That would not be appropriate. Rather, the (short-term) IP address storage is still attributable to the website hoster's telecommunications access provision under the TKG and primarily serves the hoster's security purposes" (Source). We assume that this exception applies to GitHub Pages.

Sources: Texts within the sections "Information on the Collection of Personal data", "Your Rights", and "SSL Encryption" were taken from the KIT Mobility Systems Center's Privacy Policy. The second paragraph of the "Legal Informatio" section was taken from the GitHub pages data protection template of opr.vc. All others texts are protected by copyright and created with the data protection generator from AdSimple. Where necessary, texts have been translated with DeepL Translator.