General data protection policy for the internet pages of the Ludwig-Maximilians-Universität München (hereinafter the “LMU”)
General data protection policy for the internet pages of the Ludwig-Maximilians-Universität München (hereinafter the “LMU”)
The person responsible for LMU internet pages within the meaning of the General Data Protection Regulation (DSGVO) and of other national data protection laws or other provisions relating to data protection, is LMU, which is legally represented by their president. Contact information can be found here (copyright).
The particular facilities of LMU are each responsible for the content offered on the internet pages of LMU. Please direct any questions relating to a particular internet page of LMU to the particular contact party who is listed for the particular internet page in the copyright notice.
The contact data of the official LMU data protection officer is found on the internet page of LMU at www.lmu.de/datenschutz.
The official data protection officer is available to answer questions about data protection at LMU. Please use the contact form on the internet page of the official LMU data protection officer for any questions. Please also use this form to report any data protection events which become known to you from your use of LMU internet pages.
This data protection policy applies to the processing of personal data in connection with LMU internet presence.
In accordance with Art. 2 para. 6 BayHSchG, Art. 4 para. 1 lines 1 and 2 BayEGovG, on our web pages we offer our services and administrative services, and also information for the public about our activities. Personal data will only be processed on the LMU internet pages provided this is necessary to provide a functioning internet page, to present the particular content, or to provide certain services or offers. The processing of personal data occurs either owing to a legal requirement or based on the user’s consent. When processing of personal data is based on a consent, then such processing shall occur based on Art. 6 para. 1 (a) DSGVO. Art. 6 para. 1 (b) DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the user is a party. Insofar as processing personal data is required to fulfil a legal obligation to which LMU is subject, the applicable legal basis is provided by Art. 6 para. 1 (c) DSGVO. In the event that the vital interests of the affected person or other natural person require the processing of personal data, the applicable legal basis is provided by Art. 6 para. 1 lit. e, para. 3 lit. b DSGVO i.V.m. Art. 4 para. 1 BayDSG. The processing may also be required in fulfillment of a mission which has been assigned to LMU and which is in the public interest (Art. 6 para. 1 (b) DSGVO). Additional legal basis may also arise from special-legal or other legal regulations, to which reference is made in the particular, individual case.
The personal data of users of LMU internet pages will be deleted or anonymised inasmuch as and provided the particular purpose of the retention has expired and there is no archiving requirement. Deletion or erasure of the data will also occur when a retention period as specified by the European or domestic legislature in EU regulations, laws or other specifications to which LMU is subject, has expired, unless there is a requirement for continued retention of the data for completion of or fulfillment of a contract. If provided in the referenced regulation, retention for a longer period is possible.
In order to protect your data in a reasonable and comprehensive manner during the processing, and in particular to protect against its transmittal, where necessary and with reference to the prior art, we use appropriate encryption techniques and secure technical systems (e.g. SSL/TLS).
Every time you visit an LMU website, the LMU system automatically collects data and information from the computer system of the accessing computer. In addition, we process your personal data to the extent you provide such data via the LMU internet pages. In the processing of your personal data we take into account in particular the principles of data protection relating to necessity, purpose, data minimizing, legality, correctness and integrity.
Sometimes cookies are placed merely due to a visit to the LMU internet, for example, to identify user-sessions, and also to configure the internet pages in a user-friendly manner. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user's computer system. If a user visits an internet page, a cookie may be stored in the user's operating system. This cookie contains a unique character sequence that permits the browser to be specifically identified upon a subsequent visit to the internet page.
A session-ID is saved in the cookies for public offers exclusively for identification of the user-session (session-cookie). These session-cookies are automatically deleted at the end of your visit by closing your browser.
The saving of these cookies can be turned off at any time by making a corresponding setting in the internet browser; this can also be done automatically.
However, several elements of our internet pages require that the calling internet browser can also be identified even after a page-change. If cookies are deactivated for the LMU internet pages, it is possible that not all functions of the LMU internet pages can still be accessed.
The following services can only be used when the saving of cookies is allowed:
The transmission of flash-cookies cannot be disabled via the settings in your internet browser, but by changing the setting of the flash player.
Programs for evaluation of user behavior on the LMU internet pages are only used by the LMU in an anonymized form. On several internet pages we use the Open-Source-Software-Tool Matomo (formerly PIWIK) for analysis of your surfing behavior. This software places a cookie on your computer. If individual pages - even sub-pages - of our internet pages are called, then the following anonymized data is saved.
The software Matomo is set up so that full IP addresses are not saved, but rather two bytes of the IP address are masked. In this way an unambiguous association with the calling computer is not possible. Therefore, your IP address is also always anonymized before any evaluation.
The software runs exclusively on the servers of the LMU. Any saving of data occurs only on these servers. Any transmittal to third parties does not occur. Additional information on Matomo is found at https://matomo.org/docs/privacy/ (external link).
The use of Matomo can be disabled in general by making a corresponding setting in your internet browser.
You can decide whether an unambiguous internet analysis cookie may be saved in your browser in order to allow the operator of the internet page to acquire and analyze various statistical - not personal - data. The use of an internet analysis cookie serves the purpose of improving the quality of the internet pages and their content, and for improving user convenience. Web analysis cookies make it clear how the internet page is being used, so that the offering can be optimized.
However, if you decide against it, then please disable the checkbox to set the Matomo deactivation cookie in your browser.
Your visit to this webpage is currently detected and anonymized by the Matomo web analysis tool. Please click here so that your visit will no longer be detected.
The use of Google Analytics on the LMU web servers does not occur for reasons of data protection.
No automatic transmittal of your personal data occurs when using social media icons of Facebook, Twitter, Instagram, YouTube, etc. on the LMU internet pages. To prevent automatic data transmission to the vendor of social media, an internet link to these media is disabled on the internet pages of the LMU. For reasons of data security, active social media plugins are not used.
Our social media presence is a part of our publicity work. Our endeavor is to provide and to exchange information with specific target groups.
All our social media vendors are certified under the EU-US Privacy Shield and are transparent to any person, so that a legally reasonable level of protection exists for personal data, for example:
An RSS feed is a form of the classical newsletter that you can read either with your browser or with a special program (RSS reader). When we offer an RSS feed, we will use it to inform you about current events.
If personal data is collected within the scope of an application for an RSS feed, then this information will be processed exclusively for the purpose of performing the RSS, and will be deleted as soon as it is no longer needed, that is, either after you log off, or after cessation of the RSS.
Due to occurring security-related events, e.g. attempted hacking attacks, relevant access data will be saved for every access on all central hosted webpages. The LMU internet server is operated for the LMU by its IT department (Department VI), Geschwister-Scholl-Platz 1, 80539 München, E-Mail: firstname.lastname@example.org).
Depending on the used access protocol, the protocol data set contains data with the following content:
a) Purpose of the protocol
The saved data are used for purposes of identification and tracking of allowed access and of impermissible access attempts, for maintenance of the internet page functionality on the internet server, and - in anonymized form - for optimizing of the internet offering. Temporary saving of the IP address is also necessary in order to enable delivery of the LMU internet page to your computer. For this purpose the user’s IP address must remain stored for the duration of the session. This data is not stored by the LMU together with other personal data.
b) Retention period
The recorded data are saved for a maximum of seven days and then deleted. A longer retention period may occur in an individual case, provided a violation related to security was discovered. Irrespective thereof, retention for an even longer period is possible. In such a case, your IP address will be deleted or scrambled so that an allocation to the calling client is no longer possible.
c) Evaluation of the protocol
Evaluation of the protocol occurs by the authorized employee of the IT department (Department VI), Geschwister-Scholl-Platz 1, 80539 München, E-Mail: email@example.com) under contract with the LMU and observing the provisions of data protection law.
If the data is urgently required for maintenance of the internet page and the saving of the data in logfiles is required for operation of the internet page, then you will not be entitled to a right of objection.
You can contact the LMU via the LMU internet pages. Please use the contact form found on the particular internet page, or the email address mentioned on the internet page.
a) Use of a contact form
In addition to the data you provide, the following data is also stored at the time the message is sent:
On the application server:
The personal data processed during the application process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
By using a contact form you will be informed about the data collected and about your particular rights.
b) Use of an email address
In addition to the contact form, it is also possible to send an email to an LMU email address provided for use of the particular internet page. If you send us an email, then your email address and the other data provided by you will only be used for correspondence with you, and will be saved only as long as necessary for this purpose, unless some other legal grounds will justify its continuing retention.
Please note that the use of a non-encrypted email is fundamentally unsecure, that is, it may possibly be read, changed or captured by third parties along the transmission route. Please remember this when you send us information in an email. Therefore the sending of confidential messages should be either by regular mail or by S/MIME (X509-) encryption.
In the event that you wish to send us an encrypted message, please use the public X509-certificate for encryption of your message.
In order that we may also send you confidential messages, please also give us your postal address, if requested. Otherwise there is the possibility that no information can be shared.
In the event that you want to send us a non-encrypted email, then please use preferably a function address at the LMU, provided such an address is provided on the internet page.
Please note that in the case of an email inquiry, we cannot verify your identity and do not know who is concealed behind the email address. A legally secure communication by means of a simple, unsigned email is not ensured, not even if it is encrypted.
At the LMU we sometimes use filters against unwanted advertising (spam filters) that can also sometimes wrongly classify and delete emails as advertising. Emails that can contain harmful programs, e.g. viruses, are deleted automatically.
If you want to receive an encrypted email from us, then please provide us with the necessary information.
It is possible to input your personal data on the LMU internet pages. Your data basically will be encrypted (https) along the transmission route, unless the particular offers specifically make reference thereto.
If personal data is collected for a newsletter subscription, then it will be processed only for the purpose of sending you the newsletter. The particular newsletter can be canceled at any time. To do so, please use the email address oder website provided for the person responsible for sending the newsletter. Additional information will be provided together with your subscription to the newsletter.
The search field on this webpage (“Google Custom Search”) is provided by Google Inc. (“Google”). The use of this search field, where personal data is also transmitted to Google, is governed by the Google Data Protection Regulations (at www.google.de/privacy.html). Your data will be transmitted when you send the form. If you do not want to accept these foreign data protection regulations, then please refrain from using the search function.
Some of the LMU internet pages use the Google Maps service. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The referral occurs exclusively by means of an API (two-click method). The data will only be sent to Google by this program interface after you click on the “Switch to Google Maps” button.
When using the Google functions, Google will process your IP address and possibly other personal data (e.g. information about your use of this internet page or subsequent pages or the data offered in Google Maps). Google thus obtains information that you have called up our internet page or the corresponding subsequent pages. This information is usually sent to and saved on a Google server in the USA. This will occur independently of whether Google has set up a user account that you have requested, or whether no user account exists at all. If you are logged in to Google, your data will probably be assigned directly to your user account. If you do not want this data to be assigned to your profile at Google, then you must first log off your user account at Google before you switch to Google Maps. But Google will save your data (even for users not logged on or registered) as a user profile and will evaluate this data for their own internal purposes for advertising, market research and needs-based structuring of their internet pages, and may also inform other users of the social network about your activities on our internet page.
You have a right to object to the formation of this usage profile; to exercise this right you must apply directly and exclusively to Google. The LMU as provider of our internet pages has no influence on this data processing. If you do not agree to the transfer of your personal data to Google, then do not click on “Switch to Google Maps.” Then no data will be transferred to Google, however, a map will also not be opened.
Your personal data will only be collected and transferred to Google by our internet page if you click on the button “Continue to Google Maps.” The use of Google Maps is not absolutely necessary to obtain information about our internet pages and is thus voluntary for you. The incorporation of Google Maps into our internet pages occurs in the interest of a responsive presentation of our internet offers and to ensure a fast and convenient finding of sites available on our internet pages. This represents a justifiable interest within the meaning of Art. 6 para. 1 f) GDPR. In addition, Google Inc. is certified under the EU-US “Privacy Shield” Data Protection Agreement, whereby Google ensures a level of data protection equivalent to that of the EU in regard to data processing.
More information on the handling of usage data is found in the Google terms of usage at
As a part of the LMU internet presence, personal data is processed within the scope stated above. To this extent you are an affected person within the meaning of the DSGVO and are entitled to the following rights with respect to the LMU:
You can ask the LMU to confirm whether we process personal data concerning you.
If such data is processed, you can request the following information from the LMU:
You have the right to request information concerning whether your personal data will be transferred to a third country or international organization. In such cases, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO as related to this transfer.
Your right to information is subject to legal restrictions and is not absolute, rather, it is limited in particular in the following cases:
You have the right to rectify and/or to complete inaccurate and/or incomplete personal data saved by the LMU. The LMU will make the correction without delay.
In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to rectification may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
Under the following circumstances you may request a restriction of processing of your personal data:
Where processing personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing personal data concerning you has been restricted, you will be informed by the LMU before the restriction of processing is lifted.
In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
a) Deletion requirement
You can request the LMU to delete your personal data without delay. The LMU is required to delete this data without delay, provided one of the following reasons applies:
b) Notification to third parties
Where the LMU has made the personal data public and is obliged pursuant to Art. 17 para. 1 DSGVO to erase the personal data, the responsible officer, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform officers who are processing the personal data, that you have requested the deletion by such officers of any links to, or copy or replication of, that personal data.
The right to erasure does not apply to the extent processing is necessary
If you have asserted your right to rectification, erasure or restriction of processing vis-a-vis the LMU, then we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort (Art. 19 DSGVO).
You have the right to be informed by the LMU about such recipients.
Regarding the demands of Art. 21 DSGVO you have the right to receive the personal data concerning you which you provided to the LMU, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to one or another responsible officer without hindrance by the LMU, provided
In exercising your right to data portability, you have the right to have the personal data transmitted directly from the LMU to another responsible officer, where technically feasible. The exercise of this right cannot adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the LMU.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para.1 (e) or (f) DSGVO.
In such cases, the LMU shall no longer process the personal data concerning you unless the LMU can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In the context of the use of information company services, and notwithstanding Directive 2002/58/EC, you are entitled to exercise your right to object by using automated means, in which technical specifications are applied.
In the case of processing of your personal data for scientific or historical research purposes and for statistical purposes pursuant to Art. 89 para. 1 DSGVO, you have the right to object to this data processing for reasons relating to your particular situation.
Your right to objection may be restricted if it is likely that the completion of the research or statistical work will be made impossible or seriously hampered, and the restriction is necessary to complete the research or statistical work (Art. 25 BayDSG).
You have the right to revoke your consent to data processing with future effect; however, this revocation shall not affect the legitimacy of the data processing already occurred based on your consent given until the time of revocation. This revocation must always be submitted to the agency within the LMU which has received the consent.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection oversight authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the DSGVO. In the case of the LMU the directly cognizant data protection oversight authority is the Bavarian State Officer for Data Protection (https://www.datenschutz-bayern.de) (external link); The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.
If you believe that the processing of your personal data is in violation of the DSGVO, then we request that you first turn to the officer responsible for the content of the particular internet page, who is named in the copyright statement, and/or to the official data protection officer at the LMU, since this will allow a rapid examination or remedy, if necessary, of your concerns. It is our goal and responsibility to examine all arriving questions of data protection immediately and to solve potential problems under data protection law.
The general data protection policy applies to those internet pages of the LMU for which the LMU bears responsibility. A supplemental data protection policy may also apply to a particular internet page of the LMU, provided the person responsible for the content of the internet page is performing additional processing of personal data and gives notice of such processing. This applies in particular when specific services are offered by individual departments. The supplemental data protection policy can expand, but not replace, the general data protection policy. The general data protection policy is a part of any supplemental data protection policy.
This general data protection policy was created on 03/2019. We reserve the right to update this data protection policy on a regular basis in order to take proper account of current legal requirements and technical changes, and also to implement our services and offers in compliance with data protection. The most recent version of this policy applies to your visit to an LMU web page.