Privacy Policy
Information on the Collection of Personal Data
Personal data are all data that can be related to you
personally, such as name, address, email addresses, and user
behavior (information referring to an identifiable natural
person (Art. 4, No. 1 of the EU General Data Protection
Regulation (GDPR))).
Controller according to Art. 4, par. 7 GDPR is the the President of KIT, Prof. Dr. Jan S. Hesthaven, Kaiserstrasse 12,
76131 Karlsruhe, Germany, info∂kit edu (see Legals). Our Data
Protection Commissioner can be contacted at
datenschutzbeauftragter∂kit edu or by ordinary mail with “Die
Datenschutzbeauftragte” (the data protection commissioner)
being indicated on the envelope.
When you contact us by electronic mail or via a contact form,
the data given by you (your email address and, if applicable,
your name and your phone number) will be stored by us to
answer your questions. The data arising in this connection
will be erased as soon as storage will no longer be required
or processing will be restricted, if legal obligations to
retain the data exist.
We would like you to note that internet-based data
transmission (e.g. when communicating by electronic mail) may
have security gaps. Absolute protection of data against access
by third parties may not be guaranteed.
Legal basis
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the graduate school on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
Your Rights
As far as your personal data stored by us are concerned, you
have the following rights:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to data processing
- Right to data portability
(2) In addition, you have the right to complain about the
processing of your personal data by us with a supervisory
authority.
(3) In the case of manifestly unfounded or excessive requests,
we can charge a reasonable fee. Otherwise, information will be
provided free of charge (Article 12, par. 5 GDPR).
(4) In the case of reasonable doubts concerning the identity
of the natural person asserting the above rights, we may
request the provision of additional information necessary to
confirm the identity of the data subject (Article 12, par. 6
GDPR).
Hosting
This Website is hosted as a GitHub Pages website.
Collection of Personal Data
When you visit our website, the web server, which is the
computer on which this website is stored, usually
automatically stores data such as
- the complete internet address (URL) of the website you are
visiting
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer
URL)
- the host name and IP address of the device from which access
is being made
- the date and time
in web server log files.
As a rule, the above data is stored for a two-week period and
then automatically deleted. We do not have direct access to
this data and thus do not pass on this data, but we cannot
rule out the possibility that this data may be viewed by the
authorities in the event of unlawful behaviour.
Hosting with GitHub Pages
We use the web hosting service GitHub Pages for our website.
The service provider is the American company GitHub Inc., 88
Colin P. Kelly Jr. St., San Francisco, CA 94107, USA.
GitHub also processes data from you in the USA, among other
places. We would like to point out that according to the
opinion of the European Court of Justice, there is currently
no adequate level of protection for the transfer of data to
the USA. This may be associated with various risks for the
lawfulness and security of the data processing.
GitHub uses so-called standard contractual clauses (= Art. 46.
para. 2 and 3 DSGVO) as the basis for data processing for
recipients located in third countries (outside the European
Union, Iceland, Liechtenstein, Norway, i.e. in particular in
the USA) or a data transfer there. Standard Contractual
Clauses (SCC) are templates provided by the EU Commission and
are intended to ensure that your data comply with European
data protection standards even if they are transferred to
third countries (such as the USA) and stored there. Through
these clauses, GitHub undertakes to comply with the European
level of data protection when processing your relevant data,
even if the data is stored, processed and managed in the US.
These clauses are based on an implementing decision of the EU
Commission. You can find the decision and the corresponding
standard contractual clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The GitHub Data Processing Terms, which correspond to the
standard contractual clauses, can be found at
https://docs.github.com/en/site-policy/privacy-policies/github-data-protection-agreement.
You can find out more about the data processed through the
use of GitHub in the Privacy Policy at
https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.
All texts within this section are protected by copyright.
Source: Created with the
data protection generator
from AdSimple.
SSL Encryption
For reasons of security and for the protection of the transmission of confidential contents, such as inquiries sent to us as website operator, this website uses SSL encryption. In case of an encrypted connection, the address line of the browser changes from http:// to https:// and the lock symbol is indicated in your browser line. When SSL encryption is activated, third parties cannot read the data you transmit to us as a rule. You can find more information on the SSL encryption provided by GitHub pages on https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https
Legal information
The lawfulness of the processing of personal data in the
context of web hosting results from Art. 6 para. 1 lit. f
DSGVO (protection of legitimate interests), because the use of
professional hosting with a provider is necessary in order to
present the company on the Internet in a secure and
user-friendly manner and to be able to pursue attacks and
claims from this if necessary. to be able to pursue attacks
and claims from this.
In principle, an order processing contract must be concluded
with the hoster. The Bavarian State Office for Data Protection
Supervision has made an exception for the hosting of purely
static websites. In the event that the website serves the
purpose of self-expression, e.g. of associations or small
businesses, no personal data flows to the operator and no
tracking takes place, there is no commissioned processing. It
goes on to say: "The fact that IP addresses, i.e. personal
data, must inevitably be processed even when hosting static
websites does not lead to the assumption of commissioned
processing. That would not be appropriate. Rather, the
(short-term) IP address storage is still attributable to the
website hoster's telecommunications access provision under the
TKG and primarily serves the hoster's security purposes"
(Source).
We assume that this exception applies to GitHub Pages.
Sources: Texts within the sections "Information on the Collection of Personal data", "Your Rights", and "SSL Encryption" were taken from the KIT Mobility Systems Center's Privacy Policy. The second paragraph of the "Legal Informatio" section was taken from the GitHub pages data protection template of opr.vc. All others texts are protected by copyright and created with the data protection generator from AdSimple. Where necessary, texts have been translated with DeepL Translator.