Inhalt

Privacy

General Information

The controller as described in the General Data Protection Regulation (GDPR) and other national data protection acts as a member states as well as other data protection provisions is:

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Tel.: +49 (531) 391 - 0
E-Mail: praesidentin(at)tu-braunschweig.de

Represented by the President

Prof. Dr. Angela Ittel
https://www.tu-braunschweig.de/en/president

Name and Address of the Data Protection Officer

The data protection officer at Technische Universität Braunschweig is:

Dr. Bernd Nörtemann
Tel.: +49 (531) 391 – 7654
E-Mail: datenschutz(at)tu-braunschweig.de
Internet: https://www.tu-braunschweig.de/datenschutz

Your Rights as a Data Subject

Article 15 of the EU General Data Protection Regulation (GDPR) provides the right of access to personal data for data subjects. Any natural person may request whether personal data related to him or her is being processed or not. If personal data is processed and no legal restriction to this right applies, the data subject may request a copy of personal data related to him or her. If personal data processed by a controller is incomplete or inaccurate, Art. 16 GDPR provides the data subject with the right to obtain rectification of this incorrect data from the controller (including the option for the data subject to provide a supplementary statement to be included)
Further Data Subject Rights:

Art. 17 GDPR: Right to erasure of personal data if requirements provided in Art. 17 para 1 lit a to f are fulfilled.
Art. 18 GDPR: Right to restriction of data processing if the requirements Art. 18 para 1 lit. a to d are fulfilled.
Art. 20 GDPR: Right to transfer personal data provided by the data subject to a controller chosen by the data subject on request and right to obtain the data in a structured, commonly used and machine-readable format, if the processing is based on consent or on a contract.
Art. 21 GDPR: Based on particular personal circumstances the data subject has a right to object to an otherwise lawful processing of his or her personal data.
Art. 22 GDPR: In cases of solely automated processing with legal effects, special rights are granted for data subjects.

Right to lodge a complaint

Any data subject has the right (stipulated in Art. 77 GDPR) to lodge a complaint with a data protection supervisory authority, including the supervisory authority in charge for the controller:
Ministry for Science and Culture of Lower Saxony

Information on selected processing activities affecting all users

Processing of Logfiles (Access Data): When using this webservice the following data set is processed to provide the service and to detect and resolve errors within the system: The requested URL, the timestamp when the request was processed, the amount of transmitted data and the IP address of the data subject. The IP address is stored in a shortened format, effectively making it impossible or at the very least requiring prohibitive and unreasonable amounts of effort to identify data subjects. All processing is carried out within the institution and is based on Art. 6 para. 1 lit. f GDPR, with the legitimate interest of the controller being the detection and resolution of system malfunctions and defence against attacks against its IT infrastructure. Logfile data is deleted after 7 days.

User Account

For using non-public parts of this webservice (e.g. application management) a user account is required. The following data set is mandatory for the account creation and organisation: Last name, first name, gender, date of birth, place of birth, nationality, street and street number, postcode, city, e-mail address and a password, chosen by the user.

Without providing this dataset a user account cannot be created and non-public parts of this webservice cannot be accessed. The processing is based on Art. 6 para. 1 lit. e GDPR, its purpose being limiting access to non-public parts of TU Braunschweig’s webservice to registered users only. Account data will not be made available to third parties unless to obey a legal obligation. The user account will be deleted on explicit request by the user or after the current application period.

Automated login using mobile devices

When using this webservice with a user account and with a mobile device (e.g. tablet computer or smartphone) you may request to stay logged in even after closing the web browser. A cookie with an encrypted string of username and password is stored on the particular device. A digital fingerprint of the device is stored on the server. The digital fingerprint comprises the following information:

SCREEN_SIZE_AND_COLOR_DEPTH (screen size and colour depth)
DEVICE_ATTRIBUTES: id, model, vendor, build, device_os_version (data of the device: model number [not IMEI], name of the model, manufacturer, type, version of the operating system)
ACCEPT_LANGUAGE (preferred languages)
TIME_ZONE (time zone)
DEVICE_TYPE (type of device)
BROWSER_TYPE (software used for access (i.e. web browser))

This data is used to identify and verify the device and is stored on a server owned and operated by the controller. The processing of this personal data is based on consent in line with Art. 6 para. 1 lit. a GDPR, which is granted by the user through activating the automated login for this device. No data is transmitted to a third party and data is processed for the singular purpose of distinctively identifying the device in connection with the automated login token. An automated login will take place only if the digital fingerprint of the device matches the digital fingerprint stored on the server, if username and password can be decrypted from the login token and if username and password are valid and can be used for a login.

If the automated login has not been used for a period of four weeks, corresponding data is deleted from the servers. The user may also deactivate the automated login for any particular device (e.g. the device got lost) using the settings section of the user account for this webservice. By storing the dataset listed above on the university’s server the user can distinguish devices for which the automated login is activated and may deactivate the automated login for each device through the web interface. The processing of personal data is lawful until the person withdraws his or her consent. This withdrawal of the consent does not affect the lawfulness of the prior processing.

Cookies

Our web application uses cookies. Cookies are small text files (or files utilizing other storage technologies) stored by your computer’s browser to retain information. By deploying cookies, we process certain information about you, such as your browser, location data, or IP address.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Name	Inhalt (Beispiel)	Zweck	Gültig bis
JSESSIONID	R5E0F8CC126518A2FF92F4614XYZABC	Identifikation der aktuellen Sitzung des Nutzers/der Nutzerin	Zum Ende der Sitzung
oam.Flash.RENDERMAP.TOKEN	-z4rkkxnzp	Sicherheitsmerkmal für einen temporären Zwischenspeicher der Benutzeroberfläche	Zum Ende der Sitzung
lastRefresh	1406342235039	Zeitstempel der letzten Aktualisierung bzw. der letzte Aufruf dieser Anwendung	Zum Ende der Sitzung
sessionRefresh	0	Ermöglicht die clientseitige Anzeige der (Rest-) Laufzeit der aktuellen Nutzersitzung	Zum Ende der Sitzung
download-complete		Das Vorhandensein des Cookies zeigt dem Browser an, dass ein (interner) Datei-Download abgeschlossen ist.	Zum Ende der Sitzung
cs.sys.hisinoneAutoLogin	abc1234___::___def5678	Wenn der automatische Login aktiv ist, wird hier ein Zugangsschlüssel gespeichert.	Zum Logout auf dem jeweiligen Gerät. Die serverseitigen Daten können in der Geräteverwaltung auch für andere Geräte gelöscht werden.