Data privacy

Data protection

We are pleased about your visit to our website. In the following, we will inform you about which personal data we collect and what happens to this data when you visit our website. Personal data is any data with which you can be personally identified. You will also receive information about your rights as a data subject arising from the EU General Data Protection Regulation (GDPR).

I. The responsible party within the meaning of the EU General Data Protection Regulation (EU-DSGVO) is the

NMI Natural and Medical Sciences Institute at the University of Tuebingen

Represented by the Executive Board Prof. Dr. Katja Schenke-Layland

Markwiesenstraße 55

72770 Reutlingen

info@nmi.de

II. Data Protection Officer

Our data protection officer is:

Columbus Consulting

Dr. Inge Rötlich

Mahdentalstr. 82

71065 Sindelfingen

Phone: 07031/7150900

Fax: 07031/4180970

E-Mail: datenschutz(at)columbus-consulting.eu

III. General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary for the provision of a functional website and our content and services.

2. Encryption

This website uses SSL encryption to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If this encryption is activated, the data you transmit to us cannot be read by third parties."

3. Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data and information from the calling computer. The following data is collected:

IP address of the user
Information about the browser type
Information about the version of the browser used
Operating system of the user
Internet service provider of the user
Date and time of access
Website from which the user has reached our site
Web pages that were accessed by the user's system via our website

The above-mentioned items are stored in the server logs. The server log files can be used on the one hand for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand, to ensure the utilization of the servers and their stability. This data is not stored together with other personal data of the user. The legal basis for this data processing is, on the one hand, our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO in the analysis of our website and its use, and, if applicable, also the legal permission to store data as part of the initiation of a contractual relationship pursuant to Art. 6 lit. b DSGVO.

Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

4. Processing of special data according to Art. 9 DSGVO

No special personal data is processed in connection with this website.

IV. Cookies

Our website uses cookies within the scope of our legitimate interest in a technically flawless online offer and its optimization pursuant to Art. 6 (1) lit. f DSGVO, so that our offer can be used better, more effectively and more securely.

Cookies are small text files that are stored on your computer. These may be so-called session cookies, which are automatically deleted at the end of your visit to our website. However, there are also cookies that are permanently stored on your computer unless you delete them yourself. In this case, it is possible for us to recognize your browser the next time you visit our website and to make you appropriate offers. You can prevent the storage of cookies altogether or when visiting certain websites in your browser settings. However, it is possible that then not all functions of our website can be used.

We use cookies to simplify the use of our website for the user, especially to remember the allowed services (currently only Matomo).

What are the types of cookies?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

We can distinguish 4 types of cookies:

Essential cookies

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and later goes to the checkout. Through these cookies, the shopping cart is not deleted even if the user closes his browser window.

Purpose cookies

These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Targeting cookies

These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying. Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

How can I delete cookies?

How and whether you want to use cookies, you decide. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome, see under:

https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=de

Safari: Manage cookies and website data with Safari, see under:

https://praxistipps.chip.de/safari-cookies-loeschen-so-gehts_35280

Firefox: Delete cookies to remove data that websites have placed on your computer, see under:

https://www.bitdefender.de/consumer/support/answer/12296/

Microsoft Edge: Delete and manage cookies, see under:

https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

V. E-Mail Contact

If you contact us by e-mail, your information will only be used to process your request. This data will not be disclosed to third parties.

In this case, the user's personal data transmitted with the e-mail will be stored.

The processing of the data is based on your consent (Art. 6 para. 1 lit. a DSGVO), which you give by sending the email. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you send us in the e-mail will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

VI. Customer survey

On our website you have the opportunity to rate our services using the customer survey form.
If you would like to take part in the customer survey, your contact person at the NMI, project name and company name are mandatory. All the data you enter in the input mask will be sent to our institute management by e-mail.
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest). We have a legitimate interest in using customer surveys to find out how satisfied you were with working with us and where we should make improvements.
Participation in the survey and the resulting provision of your personal data is voluntary. You will therefore not suffer any disadvantages if you do not provide your personal data and if you do not take part in the survey.
The personal data processed as part of the customer survey will be stored for five years and then deleted.

VII. Registration for events

On our website, you have the option of registering for our events via an input mask.

If you register for an event, the name of the event you wish to attend, your first and last name, the company you are attending for and your e-mail address are mandatory. All the data you enter in the input mask will be sent to the NMI by e-mail. The data will be processed for the planning and implementation of the event; you give your consent to this when you register for the event. Your data will be deleted after the event has taken place.

IX. Analyse-Tools

Web analysis through Matomo

This website uses the open source web analytics service Matomo. Matomo does not set any "cookies". Matomo is set to anonymize the last two bytes of the IP address.

VIII. Social Media

1. Twitter/X Plugin

We use plugins of the service Twitter. The provider is X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. In the EU, the responsible party is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

By using Twitter/X and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we do not receive any knowledge of the content of the transmitted data as well as its use by Twitter/X. For more information, please refer to the privacy policy of Twitter/X at: twitter.com/de/privacy.

You can change your privacy settings on Twitter/X in the account settings at twitter.com/account/settings.

2. Instagram Plugin

We use plugins of the service Instagram. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

The information collected by Instagram may also be stored on servers in the USA. Meta Platforms, Inc. is certified in accordance with the Privacy Framework, which means that the transfer of data to the third country USA is currently permissible in principle in accordance with the EU-US Data Privacy Framework and the adequacy decision of the European Commission of 10.07.2023.

3. LinkedIn Plugin

Our website uses functions of the LinkedIn network. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland Whenever one of our pages containing functions of LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the "Recommend button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We point out that we have no knowledge of the content of the transmitted data and its use by LinkedIn.

For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

X. Application portal

The protection of personal data is an important concern for us. The handling of your data provided to us is in accordance with the legal provisions, in particular those of the EU General Data Protection Regulation and the German Federal Data Protection Act (BDSG).

1. Application Information

We collect various application-relevant information via our application portal. This includes in particular your personal data with contact information as well as a description of your education, work experience and skills. In addition, you have the option of providing us with electronically stored documents such as certificates or cover letters.

With your application you assure that the information you provide is true. We point out that any false statement or deliberate omission may constitute grounds for rejection or subsequent dismissal.

We do not require any information from you that is not usable under the General Equal Treatment Act (race, ethnic origin, gender, religion or belief, disability, age or sexual identity). We also do not ask you to provide information about illnesses, pregnancy, political views, philosophical or religious convictions, membership in a trade union, physical or mental health or sexual life. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, press law or general rights of third parties).

2. Collection, processing, use and disclosure of your data

Personal data is only collected, stored, processed and used for purposes related to your interest in current or future employment with us and the processing of your application. Data will not be passed on to third parties. In order to use the online application process, data such as name, address, telephone number, e-mail address, etc. is collected. This data is basically used to contact you about your application.

If your application is successful, the data provided may be used for administrative matters related to employment.

Your online application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will third parties gain knowledge of your details. The processing of data takes place exclusively in Germany.

3. Storage

If we are unable to offer you employment, we will retain the data you submit for up to six months for the purpose of responding to questions related to your application and rejection.

However, if your application documents are of interest in principle and only no suitable employment is currently available, we will ask for your consent to retain and store your data accordingly. This will enable us to contact you in the event of future job offers.

4. Data security

We attach very great importance to the greatest possible security of our system and use modern data storage and security techniques to optimally protect your data. This includes measures such as anti-virus software or a firewall. Of course, our security measures are continuously improved in line with technological developments. Your data is transmitted in encrypted form and then stored in a database. All systems in which your personal data is stored are protected against access and are only accessible to a specific group of people responsible for personnel.

5. Change of the privacy policy

If we change the content of this privacy policy, we will announce these changes on our website.

6. Deletion of data, revocation of consent

You have the right at any time to request more detailed information about the data stored about you, to inspect this data and to request that inaccurate data about you be corrected or that the stored data be deleted in full or in part.

You can revoke your consent at any time with effect for the future. The relevant data will then be deleted immediately. In this case, please send your revocation to bewerbung@nmi.de, stating your full name and e-mail address. The deletion may be replaced by a blocking of the data in the cases provided for by law.

XI. Communication via video conferencing systems

1. Privacy notices for online meetings, teleconferences, and webinars with Microsoft Teams

We would like to inform you in the following about the processing of personal data in connection with the use of Microsoft Teams.

Purpose of processing

We use the Microsoft Teams tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: Online Meetings). Microsoft Teams is a service of Microsoft Corporation.

Responsible

The responsible party for data processing directly related to the implementation of the online meeting is the NMI Natural and Medical Sciences Institute at the University of Tübingen.

To the extent that you access the Microsoft Teams website, the Microsoft Teams provider is responsible for data processing. Microsoft Teams is part of Microsoft Office 365 which is software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

However, accessing the website is only required to download the software for using Microsoft Teams.

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then be provided via the "Microsoft Teams" website to that extent.

What data is processed?

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data are the subject of processing:

User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Microsoft Teams apps.

Scope of processing

We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will transparently communicate this to you in advance and - where necessary - ask for consent.

Chat content is logged when using Microsoft Teams. We store the chat content.

Automated decision-making within the meaning of Art. 22 of the GDPR is not used.

Legal bases of data processing

Insofar as personal data of employees is processed, Section 26 BDSG or Art. 6 (1) sentence 1 lit. b DSGVO is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Microsoft Teams, the legal basis for data processing is Art. 6 (1) f) DSGVO. In these cases, our interest is in the effective implementation of online meetings.

For the rest, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of online meetings.

Recipient / passing on of data

Personal data processed in connection with participation in online meetings will not be disclosed to third parties unless it is intended for disclosure. Please note that the content of online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

Other recipients: The Microsoft Teams provider necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with Microsoft.

Data processing outside the European Union

In principle, no data processing takes place outside the European Union (EU), as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via internet servers that are located outside the EU. This may be the case in particular if participants in Online Meeting are located in a third country.

However, the data is encrypted during transport over the Internet and thus secured against unauthorized access by third parties.

Microsoft Corporation, headquartered in the USA, is also certified in accordance with the Privacy Framework, which means that the transfer of data to the third country USA is currently permissible in principle in accordance with the EU-US Data Privacy Framework and the European Commission's adequacy decision of 10.07.2023.

2. Privacy notices for online meeting, conference calls and webinars with Webex

We would like to inform you in the following about the processing of personal data in connection with the use of Webex.

Data processing

We use the Webex tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings).

Webex by Cisco Inc. is based in the USA.

Responsible

The responsible party for data processing directly related to the implementation of the online meeting is the NMI Natural and Medical Sciences Institute at the University of Tübingen.

Insofar as you access the Webex website, the provider of Webex is responsible for data processing.

However, a call to the Internet site is only necessary for the use of Webex in order to download the software for the use of Webex.

If you do not want to or cannot use the Webex app, you can also use Webex via your browser. The service is then provided via the LogMein website to that extent.

What data is processed?

When using Webex, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an online meeting.

The following personal data are the subject of processing:

User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Scope of processing

We use Webex to conduct online meetings. If we want to record online meetings, we will transparently communicate this to you in advance and - if necessary - ask for consent.

The chat contents are logged when using Webex. We store the chat content for a period of one month. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 of the GDPR is not used.

Legal bases of data processing

Insofar as personal data of employees is processed, § 26 BDSG or Art. 6 para. 1 p.1 lit. b DSGVO is the legal basis for data processing. If, in connection with the use of GoToMeeting, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of GoToMeeting, Art. 6 para. 1 lit. f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of online meetings.

For the rest, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of online meetings.

Recipient / passing on of data

Data processing outside the European Union

Webex is provided by LogMein from the USA. A processing of personal data therefore also takes place there. We have concluded an order processing agreement with the provider that meets the requirements of Art. 28 DSGVO.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

XII. Your data subject rights

As far as we process personal data of you, you are a data subject in the sense of the GDPR. You are therefore entitled to the following rights:

1. Right of Access (Art. 15 DSGVO)

You can request information from us at any time and free of charge about the personal data we have stored about you. In order to prevent misuse, identification of your person is required.

2. Right to rectification (Art. 16 DSGVO)

You have the right at any time to have your personal data processed by us corrected and/or completed if it is inaccurate or incomplete.

3. Right to erasure - right to be forgotten (Art. 17 DSGVO)

You have the right to have your personal data processed by us deleted. This applies in particular if the purpose of processing has expired, a required consent has been revoked and no other legal basis exists or our data processing is unlawful. We will then delete your personal data immediately within the legal framework.

4. Right to restriction of processing (Art. 18 DSGVO)

You can request the restriction of the processing of your data.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5. Right to information (Art. 19 DSGVO)

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the data controller.

6. Right to data portability (Art. 20 DSGVO)

You can request us to transfer the data stored about you in machine-readable form.

7. Right of objection (Art. 21 DSGVO)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall then no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

Object to processing for direct marketing purposes so that your personal data will no longer be processed for these purposes.

8. Right to complain to a supervisory authority (Art. 77 DSGVO)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. You may exercise this right with a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.

The responsible supervisory authority is in Baden-Württemberg:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
Tel.: 0711/61 55 41 – 0
E-Mail: poststelle(at)lfdi.bwl.de

The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR

XIII. Changes to the privacy policy

If a change to the privacy policy becomes necessary for legal or factual reasons, we will update this page accordingly. No changes will be made to the consent given by the user.

NMI Natural and Medical Sciences Institute
at the University of Tübingen
Markwiesenstraße 55, 72770 Reutlingen
Tel.: +49 7121 51530-0
Mail: info@nmi.de

Subsidiary company

Member of