The Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) is responsible for its websites within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws, as well as other data protection regulations. It is legally represented by its President. For contact details, please consult the legal notice on the central FAU website.
The respective FAU institutions are responsible for any content they make available on the websites of the FAU. For questions related to specific content, please contact the person responsible as named in the legal notice of this application.
Name and address of the Data Security Official of the FAU
Data Security Official of the FAU
Klaus Hoogestraat
c/o ITM Gesellschaft für IT-Management mbH
Bürgerstraße 81
01127 Dresden
Phone: +49 9131 85-25860
E-Mail: datenschutzbeauftragter@fau.de
General information on data processing
General information on data processing
Scope of the processing of personal data
Generally, we only process our users' personal data to the extent necessary to provide services, content, and a functional virtual research environment. As a rule, personal data are only processed after the user has given their consent. An exception applies in those cases where obtaining prior consent is not feasible due to factual circumstances and the processing of the data is permitted by statutory provisions.
Legal basis for the processing of personal data
Art. 6 (1) (a) of the EU GDPR forms the legal basis for us to obtain the consent of a data subject for their personal data to be processed.
When processing personal data required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1) (b) GDPR forms the legal basis. This also applies if data must be processed to carry out pre-contractual activities.
Art. 6 (1) (c) GDPR forms the legal basis if personal data must be processed to fulfill a legal obligation on the part of our organization.
Art. 6 (1) (d) GDPR forms the legal basis in the case that vital interests of the data subject or another natural person make the processing of personal data necessary.
If data processing is necessary to protect the legitimate interests of our organization or of a third party and if the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the interests mentioned above, Art. 6 (1) (f) GDPR forms the legal basis for such data processing. Many of our duties and responsibilities arise from Art. 2 BayHSchG.
Deletion of data and storage period
We only store your personal data for as long as necessary to fulfill our legal obligations or the respective processing activity. As a rule, we keep personal data for ten years after it is created. A transfer to state archives remains unaffected. Storage beyond this time may occur if required by European or national legislators as stipulated in directives under Union legislation, laws, or other regulations to which the data controller is subject. Such data are also blocked or deleted if a storage period prescribed by one of the above-named rules expires unless further storage of the data is necessary for the conclusion or implementation of a contract.
Cookies
Use of cookies
Description and scope of data processing
Our virtual research environment uses cookies. Cookies are text files saved in the user's web browser or by the web browser on the user's computer system. A cookie can be stored in the user's operating system when accessing a website. This cookie contains a character string that allows the unique identification of the browser when the website is accessed again.
We use cookies to make our virtual research environment more user-friendly. Some parts of our application require that the
requesting browser can be identified even after changing pages.
During this process, the following data are stored in the cookies and transmitted:
- Log-in information (in the case of registered editors and authors)
Technical measures are taken to pseudonymize the collected user data. Thus, the data can no longer be attributed to the user. All cookies are used for technical reasons and only in the situations described above. The data are not stored together with other personal data of the user.
The cookies mentioned are necessary for the operation of the application and, therefore, cannot be
deactivated. They will only be set in the situations specified above.
If individual pages of the virtual research environment contain procedures
that require additional cookies that are not necessary for operational reasons, these will be
mentioned separately. These procedures, if used, are listed in the following chapters of this
data protection declaration.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the duties and responsibilities resulting from Art. 11 BayEGovG and Art. 7 and 34 BayHO.
Purpose of data processing
Analysis cookies are used to improve the quality of our virtual research environment and its content. Through these cookies, we learn how the application is used and, in this way, can continuously optimize our offer.
Storage period, options for filing an objection or requesting removal
As cookies are stored on the user's computer and are transmitted from it to our website, users have complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing the cookie settings in your web browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our virtual research environment, it may be the case that not all of the application's features can be used in their entirety.
Rights of the data subject
Rights of the data subject
Regarding the processing of your personal data, you, as a data subject, are entitled to the following rights under Art. 15 et seq. GDPR:
- You can request information as to whether we process your personal data. If this is the case, you have the right to information about this personal data as well as further information related to their processing (Art. 15 GDPR). Please note that this right of access may be restricted or excluded in certain cases (see in particular Art. 10 BayDSG).
- If personal data about you is incomplete or not/no longer accurate, you may request that this data be revised and, if necessary, completed (Art. 16 GDPR).
- Provided legal requirements are met, you can request the deletion of your personal data (Art. 17 GDPR) or that the processing of this data be restricted (Art. 18 GDPR). However, the right to erasure under to Art. 17 (1) and (2) GDPR does not apply, inter alia, if the processing of personal data is necessary for the performance of a task carried out in the public interest, the exercise of official authority, or in the exercise of vested official authority (Art. 17 para. 3 letter b GDPR).
- If you have given your consent to the processing of your personal data, you have the right to withdraw it at any time. The withdrawal will only take effect for the future; therefore, it does not affect the lawfulness of the processing operations conducted based on consent before its withdrawal.
- For reasons arising from your particular situation, you may also object to the processing of your personal data carried out by us at any time (Art. 21 GDPR). We will no longer process your personal data, provided the legal requirements are met.
- Insofar as you have consented to the processing of your personal data or have agreed to the performance of the contract and the data processing is conducted using automated procedures, you may be entitled to data portability (Art. 20 GDPR).
- You have the right to lodge a complaint to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The responsible supervisory authority for Bavarian public authorities is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich.
Last updated on: 01.04.2025