Privacy

Privacy Policy

Thank you for visiting our website. In the following, we inform you about which personal data we collect and what happens with this data when you visit our website. Personal data is any data by which you can be personally identified. You will also receive information about your rights as a data subject arising from the EU General Data Protection Regulation (EU GDPR).

I. The Controller within the meaning of the EU General Data Protection Regulation (EU-GDPR) is the

NMI Natural and Medical Science Institute at the University of Tübingen
Represented by the director Ms. Prof. Dr. Katja Schenke-Layland
Markwiesenstraße 55
72770 Reutlingen
info@nmi.de

II. Data Protection Officer

Our Data Protection Officer is:

Columbus Consulting
Dr. Inge Rötlich
Mahdentalstr. 82
71065 Sindelfingen
Tel.: 07031/418090
Fax: 07031/4180970
Email: datenschutz@columbus-consulting.eu


III. General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary for the provision of a functional website as well as our content and services.


2. Encyrption

This website uses SSL encryption to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the address line of the browser changing from "http://" to "https://" and by the lock symbol in your browser line. If this encryption is activated, the data you transmit to us cannot be read by third parties.


3. Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the accessing computer. The following data is thereby collected:

IP address of the user
Information about the browser type
Information about the version of the browser type used
Operating system of the user
Website from which the user has accessed our site
Web pages that were accessed by the user's system via our website.

This data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place. The legal basis for this data processing is, on the one hand, our legitimate interests in accordance with Art. 6 para. 1 lit. f of the EU GDPR in the analysis of our website and its use, and, if applicable, also the legal permission to store data in the context of the initiation of a contractual relationship in accordance with Art. 6 lit. b of the EU GDPR. Server log files are deleted every 39 days.

The IP address is also stored in log files, which will be deleted after 7 days.

4. Processing of special data according to Art. 9 GDPR
In our company, we process data in accordance with Article 9 (2) of the GDPR if the processing is necessary to enable us or the data subject to exercise the rights conferred on him or her by labor law and social security and social protection law and to comply with his or her obligations in this regard, to the extent permitted by Union law or Member State law or by a collective agreement under Member State law that provides appropriate safeguards for the fundamental rights and interests of the data subject.
No special personal data is processed in connection with this website.


IV. Cookies

Our website uses cookies within the scope of our legitimate interest in a technically flawless online offer and its optimization pursuant to Art. 6 (1) lit. f. EU-GDPR, so that our offer can be used better, more effectively and more securely.

Cookies are small text files that are stored on your computer. These may be so-called session cookies, which are automatically deleted at the end of your visit to our website. However, there are also cookies that are permanently stored on your computer unless you delete them yourself. It is then possible for us to recognize your browser the next time you visit our website and to make you appropriate offers. You can prevent the storage of cookies altogether or when visiting certain web pages in your browser settings. However, it is possible that not all functions of our website can then be used.

We use cookies to simplify the use of our website for the user. Thus, the cookies are used for the creation of a shopping cart and to store search terms. We also use redirect cookies to catch errors in the shop. Other shop control information is also stored via cookies.
Furthermore, the cookies are used to manage your settings and to recognize cookie support.
In addition, we use transient cookies, i.e. cookies that are automatically deleted when the browser is closed (= session cookie) as well as persistent cookies, i.e. cookies that initially remain even after the browser is closed.
We use analysis cookies to analyze the surfing behavior of users. For this purpose, we obtain the consent of the users. The following data is transmitted for the analysis:

Search terms entered
Frequency of page views

What are the different types of cookies?

The question of which cookies we use in particular depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential cookies

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages and later goes to the checkout. Through these cookies, the shopping cart is not deleted even if the user closes his browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website with different browsers.

Purpose cookies

These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies

Diese Cookies werden auch Targeting-Cookies genannt. Sie dienen dazu dem User individuell angepaßte Werbung zu liefern. Das kann sehr praktisch, aber auch sehr nervig sein. Üblicherweise werden Sie beim erstmaligen Besuch einer Webseite gefragt, welche dieser Cookiearten Sie zulassen möchten. Und natürlich wird diese Entscheidung auch in einem Cookie gespeichert.

How can I delete cookies?

How and whether you want to use cookies, you decide yourself. Regardless of which service or which website the cookies originate from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:


Chrome: Delete, activate and manage cookies in Chrome, see under:
https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=de

Safari: Manage cookies and website data with Safari, see under:
https://praxistipps.chip.de/safari-cookies-loeschen-so-gehts_35280

Firefox: Delete cookies to remove data that websites have placed on your computer, see under
https://www.bitdefender.de/consumer/support/answer/12296/

Internet Explorer: Delete and manage cookies, see under
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Microsoft Edge: Delete and manage cookies, see under
https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. The best way is to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.


V. Newsletter
On our site there is the possibility to subscribe to a free newsletter. In doing so, the data you provide in the input mask will be transmitted to us. To subscribe to the newsletter, only the e-mail address is required, further data is voluntary.
The following data is collected upon newsletter registration:
Email-Address

Our system also automatically collects the following data:
Date and time of registration
As part of the newsletter registration process, you will receive a confirmation email containing a link that you must click to complete the registration for our newsletter (double opt-in). The newsletter can be unsubscribed at any time by clicking on the unsubscribe link in each newsletter.
The data you provide for the newsletter will be stored by us until you unsubscribe from the newsletter. We do not pass this data on to third parties. After unsubscribing from the newsletter, the data will be deleted. Data that has been stored by us for other purposes (e.g. email address for registration) remains unaffected by this. When sending the newsletter, user behavior is evaluated.

Newsletter dispatch via SendinBlue
We use the SendinBlue service for sending newsletters. The provider in Germany is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, a subsidiary of the French parent company SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. SendinBlue is a service for organizing and analyzing newsletter delivery. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on SendinBlue's servers.
Our newsletters sent with SendinBlue allow us to analyze the behavior of newsletter recipients. Here, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. All links in the email are so-called tracking links, with which your clicks can be counted.
If you do not want any analysis by SendinBlue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the address given in this declaration (see above).
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for lottery entries) remain unaffected by this.
For more details, please refer to SendinBlue's privacy policy at: de.sendinblue.com/legal/privacypolicy/.
We have concluded a corresponding contract with SendinBlue in which we oblige SendinBlue to protect our customers' data and not to pass it on to third parties.
Right of withdrawal at any time
You can unsubscribe from the newsletter at any time. For this purpose, you will find a link at the end of each newsletter sent by us, without any costs being incurred other than the transmission costs according to the basic rates.
Your email address will only be used by us or our service providers and will not be passed on to other third parties.
The legal basis of the processing for the newsletter dispatch is Art. 6 para. 1 lit. a) GDPR.

VI. Registration

We also offer the possibility on our website to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during registration:
Date and time of registration
Salutation (optional)
Title (optional)
First name
Last name
Date of birth
Language (optional)
Company
Address: Street, postal code, city
Country (optional)
E-mail address
Phone number(optional)
Mobile phone number(optional)
Website (optional)
Password

The registration of the user takes place for the fulfillment of the contract or for the execution of pre-contractual measures for orders via our homepage. An order without registration as a guest is also possible.

The data collected during registration will be stored by us for as long as you are registered with us and will then be deleted. Legal retention periods remain unaffected. You have the option to delete your account by submitting a deletion request to the customer service. The legality of the data processing already carried out remains unaffected by the revocation.


VII. Online Shop

1. Transmission of data to third parties
In connection with our online shop, we transmit personal data to third parties only if this is necessary in the context of the contract, such as to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.
The basis for the data processing is Art. 6 para. 1 lit. b of the EU GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

2. Payment options in the online shop
Purchase on account

VIII. E mail contact

If you send us inquiries by email, your data will only be used for processing your inquiry. This data will not be passed on to third parties.
In this case, the user's personal data transmitted with the email will be stored.
The processing of the data is based on your consent (Art. 6 para. 1 lit. a of the EU GDPR), which you give by sending the email. You can revoke this consent at any time. For this purpose, an informal communication by email to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you send us in the e-mail will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

IX. Analysis tools and advertising

1. Web analysis via Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and allow an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage. Matomo cookies remain on your terminal device until you delete them. A storage with us takes place for 365 days.
The storage of Matomo cookies is based on Art. 6 para. 1 lit. f of the EU GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising.
The information generated by the cookie about the use of this website will not be disclosed to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be placed in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this has the consequence that the Matomo opt-out cookie is also deleted. The opt-out must be reactivated when you visit our site again.

X. Social Media


1. Twitter plugin
We use plugins of the service Twitter. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we do not receive any knowledge of the content of the transmitted data as well as its use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/privacy.
You can change your privacy settings on Twitter in your account settings at https://twitter.com/account/settings.

2. LinkedIn plugin
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the "Recommend button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We point out that we have no knowledge of the content of the transmitted data and its use by LinkedIn.
or more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.


XI. Your rights as a data subject

Insofar as we process your personal data, you are a data subject within the meaning of the EU Data Protection Regulation. You are therefore entitled to the following rights:

1. Right of access (Art. 15 EU-GDPR)
You can request information from us at any time and free of charge about the personal data we have stored about you. In order to prevent misuse, identification of your person is required.

2. Right to rectification (Art. 16 EU-GDPR)
You have the right at any time to have your personal data processed by us corrected and/or completed if it is incorrect or incomplete.

3. Right to erasure – Right to be forgotten (Art. 17 EU-GDPR)
You have the right to have your personal data processed by us deleted. This applies in particular if the purpose of processing has expired, a required consent has been revoked and no other legal basis exists or our data processing is unlawful. We will then delete your personal data immediately within the legal framework.

4. Right to restriction of processing (Art. 18 EU-GDPR)
You may request the restriction of the processing of your data.
If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.

5. Notification obligation (Art. 19 EU-GDPR)

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the Controller.

6. Right to data portability (Art. 20 EU-GDPR)

You can request us to transfer the data stored about you in machine-readable form.

7. Right to object (Art. 21 EU-GDPR)

You have the right to object at any time, based on reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

8. Right to lodge a complaint with a supervisory authority (Art. 77 EU-GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the EU GDPR. You can assert this right with a supervisory authority in the Member State of your residence, workplace or the location of the alleged infringement. In Baden-Württemberg, the competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz
und die Informationsfreiheit Baden-Württemberg/
The State Commissioner for Data Protection
and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel.: 0711/61 55 41 – 0
Email: poststelle@lfdi.bwl.de
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 EU GDPR.

XII. Modification of the privacy policy
If a change to the privacy policy becomes necessary for legal or factual reasons, we will update this page accordingly. In doing so, no changes will be made to the consents given by the user.

XIII. Application procedure
The protection of personal data is an important concern for us. The handling of your data provided to us takes place in accordance with the legal regulations, in particular those of the EU Data Protection Regulation and the Federal Data Protection Act (BDSG).
1. Application Information
We collect different types of information. This includes in particular your personal data with contact information as well as a description of your education, work experience and skills. In addition, you have the option of providing us with electronically stored documents such as references or cover letters.
With your application you assure that the information you provide is true. Please note that any false statement or deliberate omission may constitute grounds for rejection or subsequent termination.
We do not require any information from you that is not usable under the General Act on Equal Treatment (race, ethnic origin, gender, religion or belief, disability, age or sexual identity). We also do not ask you to provide information about illnesses, pregnancy, ethnic origin, political views, philosophical or religious beliefs, trade union membership, physical or mental health or sexual life. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, press law or general rights of third parties).
2. Collection, processing, use and transmission of your data
Personal data is only collected, stored, processed and used for purposes related to your interest in current or future employment with us and the processing of your application. Data will not be passed on to third parties. To use the online application process, data such as salutation, first name, last name, email address and telephone number (optional) are collected. This data is basically used to contact you about your application. Furthermore, there is an upload option for an application photo, cover letter, certificates (optional) and the resume.
If your application is successful, the data provided may be used for administrative matters related to employment.
Your online application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will third parties gain knowledge of your details. The processing of data takes place exclusively in Germany. We have concluded a data processing agreement with the provider of the online application portal coveto ATS GmbH, Zeppelinstraße 9, 63667 Nidda, Germany, and fully implement the strict requirements of the German data protection authorities when using it.
3. Retention
If we are unable to offer you employment, we will retain the data you submit for up to six months for the purpose of responding to questions related to your application and rejection.
However, if your application documents are of interest in principle and only no suitable employment is currently available, we will ask for your consent to retain and store your data accordingly. This will enable us to contact you in the event of future job offers.
4. Data security
We place very high value on the greatest possible security of our system and use modern data storage and security techniques to optimally protect your data. This includes measures such as anti-virus software or a firewall. Of course, our security measures are continuously improved according to technological developments. Your data is transmitted in encrypted form and then saved in a database. All systems in which your personal data are saved are protected against access and are only accessible to a specific group of persons responsible for personnel.
5. Modification of the privacy policy
If we change the content of this privacy policy, we will announce these changes on our website.
6. Deletion of data, revocation of consent
You have the right at any time to request more detailed information about the data stored about you, to view this data and to request that inaccurate data about you be corrected or that the stored data be deleted in full or in part.
You can revoke your consent at any time with effect for the future. The relevant data will then be deleted immediately. In this case, please send your revocation to datenschutz@columbus-consulting.eu, stating your full name and e-mail address. The deletion may be replaced by a blocking of the data in the cases provided for by law.

XIV. Communication via video conferencing systems:

1. Privacy notices for online meetings, telephone conferences and webinars via "GoToMeeting"

We would like to inform you below about the processing of personal data in connection with the use of "GoToMeeting". The provider is LogMeIn, Inc, 320 Summer Street Boston, MA 02210, USA.

1. Data processing
For communication with our customers, we use, among others, online conferencing tools. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
Insofar as content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service..
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

2. Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 p. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

3. Storage period

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
For details on data processing, please refer to the GoToMeeting privacy policy: https://www.logmeininc.com/de/legal/privacy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.