Privacy policy

Privacy Policy for LMU's Website

General Privacy Policy for the website of Ludwig-Maximilians-Universität München (hereinafter referred to as "LMU")

This Privacy Policy explains how personal data is processed by Ludwig-Maximilians-Universität München (hereinafter referred to as "LMU") in connection with its website. Furthermore, visitors and users of LMU's website will be informed about the rights they are entitled to.

The information in Section A—General Data Protection Information—applies to all data processing operations in connection with LMU's website.

Data protection information on specific data processing operations (e.g., Deutschlandstipendium, applications) can be found in Section B.

Sections C and D of the Privacy Policy provide information on the validity, scope, and status of the Privacy Policy.

If individual institutions or departments of LMU perform any additional data processing on their websites, a supplementary Privacy Policy is available on their respective website.

A) General Data Protection Information

LMU is a state university of the Free State of Bavaria (Art. 4(1), first sentence, no. 1). Bavarian University Innovation Act, BayHIG). It is a body governed by public law with the right of self-government within the framework of the laws and at the same time a state body (Art. 4 (1) of the BayHIG). LMU carries out its own affairs as a corporation and state affairs as a state body (Art. 4 BayHIG)

I. Contact Information in Connection with LMU's Website

I.1. Information on the Controller Responsible for Data Protection at LMU

LMU is responsible for data protection on LMU's website and is legally represented by its president. Contact details can be found in the Legal Notice.

The individual LMU institutions are responsible for the content provided on their respective web pages. For questions related to a specific LMU website, please contact the relevant person listed in the Legal Notice or in the contact section of that particular site.

I.2 Details of the Data Protection Officer at LMU

The contact details of LMU's data protection officer are available on LMU's website at https://www.lmu.de/datenschutz.

The data protection officer is available to answer questions about data protection at LMU. Please use the contact form on the web page of LMU's data protection officer at https://www.lmu.de/datenschutz. Please direct any questions regarding specific data processing (e.g., application) to the appropriate institution.

II. General Information on Data Processing on LMU's Web Pages

II.1 Scope of the Privacy Policy

This Privacy Policy applies to the processing of personal data in connection with LMU's website.

• Pursuant to Art. 4 (1) GDPR (General Data Protection Regulation), "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Pursuant to Art. 4 (2) GDPR, "processing" means any operation or set of operations performed on personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, dissemination or otherwise making available, comparison or association, restriction, erasure, or destruction.

II.2 Purposes and Legal Bases for Processing Personal Data

We offer our services and administrative services as well as information for the public about our activities on our website pursuant to Art. 2 BayHIG, Art. 4, 5, 17, 19 Bavarian Digital Act (BayDiG).

In this respect, the purpose of the processing is the fulfillment of the public tasks and legal obligations assigned to us by law, in particular the provision of information to the public. Personal data is processed on LMU's website only to the extent necessary for the provision of a functioning website, for presentation of the respective content, for the provision of information to the public, or for the provision of specific services or the presentation of offers. We also process personal data that you have provided to us or that we have obtained about you in a lawful manner (Art. 4 paragraph 2 of the Bavarian Data Protection Act (BayDSG)).

When processing your personal data, we take into account in particular the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. To the extent and provided that the purpose of processing is not impaired, we anonymize or pseudonymize personal data.

The legal basis for the processing of your data ensues, unless otherwise stated, from Art. 6 (1) (e), Art. 3 GDPR in conjunction with Art. 4 (1) 1 BayDSG. Accordingly, we are permitted to process the data required to fulfill a task incumbent upon us. We use cookies, log files, and web analysis tools to compile business statistics, to conduct organizational studies, to test or maintain our web service, and to ensure network and information security pursuant to Art. 6 (1) BayDSG, §25 TDDDG, Art. 43 BayDig.

II.3 Data Erasure and Storage Period

Your data will only be stored for as long as is necessary for the fulfillment of tasks, taking into account legal retention periods, or as long as you have given your consent.

The personal data of users of LMU’s websites will be deleted or anonymized as soon as, and to the extent that, the purpose for storing the data no longer applies and no legal archiving obligations exist. Where required by applicable regulations, the storage period may be extended accordingly.

II.4 Data Security

To adequately and comprehensively protect the security of your data during processing and especially during transmission, we use appropriate encryption technologies (e.g., SSL/TLS) and secure technical systems, where necessary and in line with the current state of the art.

The technical operation of our data processing systems is supported by the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences and Humanities (Boltzmannstraße 1, D-85748 Garching near Munich, phone: +49 (0)89 35831 8000, fax: +49 (0)89 35831 9700, email: lrzpost@lrz.de, https://www.lrz.de). For this purpose, LMU has concluded a data processing agreement with LRZ.

All our employees are subject to statutory data secrecy in accordance with Art. 11 BayDSG or are otherwise bound by confidentiality obligations.

II.5 Data Transmission

Data may be transmitted based on legal provisions or with your consent. Where necessary, your data may be transferred to the relevant supervisory or auditing authorities for the exercise of their official oversight duties.

To avert threats to IT security, data transmitted electronically may be forwarded to the State Office for Information Security and processed there in accordance with Art. 41 et seq. of the Bavarian Digital Act (BayDiG).

Otherwise, we only transmit personal data to third parties if this is necessary for the execution of a contract (Art. 6(1) (b) GDPR), for example to event organizers or contracted service providers. The transmitted data may only be used by the respective data processor or third party for the specified purposes or within the limits of applicable law.

II.6 Protection of Minors

LMU’s websites are not intended or designed for use by individuals under the age of 16, in particular by children.

Persons under the age of 16 should not disclose any personal data to LMU without the consent of their parents or legal guardians. Processing may only take place with such consent or if necessary to fulfill a legal obligation.

Where necessary—particularly when paid online services are used—age or date of birth may be collected or verified. Specific details regarding this are provided in the additional data protection information of the respective service.

II.7 Evaluation

When you access LMU’s website, including via mobile devices, programs for analyzing user behavior are used only in anonymized form. Your IP address is anonymized before any further processing takes place.

III. Logging and Log Files

Every time you visit an LMU website, LMU automatically collects data and information from the computer system of the computer you are using. In addition, we process any personal data you provide explicitly on LMU’s websites.

When processing your personal data, wwe take particular account of the data protection principles of lawfulness, processing in good faith, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

III.1 Purpose and Scope of Data Processing

Due to security-related incidents, e.g., attempted hacker attacks, relevant access data is stored each time all centrally hosted websites are accessed. This data is used for the purposes of identifying and tracking unauthorized access and access attempts, to maintain the functionality of the website on the internet server, and—in anonymized form—for optimizing the Internet offering.

Temporary storage of the IP address is also necessary for the LMU website to be delivered to your computer. For this purpose, the IP address must also be stored for the duration of the session. These data are not stored in combination with any other from of personal data.

Depending on the access protocol used, the log data record contains the following information:

• IP address of the requesting computer
• Date and time of the request
• Access method/function requested by the requesting computer
• Input values transmitted by the requesting computer (file name, etc.)
• Access status of the web server (file transferred, file not found, command not executed, etc.)
• Name of the requested file
• URL from which the file was requested/the desired function was initiated
• Information about the browser type
• User's operating system
• Internet pages from which the user's system accesses the LMU website
• Internet pages accessed from LMU's website

III.2 Legal Basis for Data Processing

Temporary data processing is carried out based on Ar. 6(1)(e), (3) of the GDPR in conjunction with Art. 4(1) of the Bavarian Data Protection Act (BayDSG).

III.3 Duration of Data Processing

The logged data is stored for a maximum of 30 days and then deleted. This storage is carried out for IT security purposes. This is necessary due to the current threats such as spam emails, spyware, malware, and other forms of misuse, to ensure effective protection against cyberattacks and to maintain service operations in accordance with the state of the art pursuant to Art. 32 GDPR.

In individual cases, storage periods may be extended if a security-related incident has been identified or if required by legal obligations require. Notwithstanding this, storage beyond this period is possible. In this case, your IP address will be deleted or anonymized so that it is no longer possible to identify the accessing client.

III.4 Objection and Deletion Options

To the extent that the data for provision of the website and the storage of the data in the log files is absolutely necessary for the operation of the website, you have no right to object.

IV. Use of Active Components and Cookies

IV.1 Purpose and Scope of Data Processing

JavaScript applications are used in LMU's information offerings, primarily for navigational elements, e.g., field-dependent visibility in contact forms. No personal data is stored in this process.

Cookies are sometimes used on LMU's website to make the pages more user-friendly. Some elements of our website also require identfying user sessions.

The cookies used in public offerings store only a session ID to identify the user session (session cookie). Session cookies are small pieces of information that a provider stores in the visitor's computer's working memory. In addition to a randomly generated unique identification number, session cookies contain information about the origin and storage period. These cookies cannot store any other data.

The following technically necessary cookies are used:

The following data is stored and transmitted in the cookies:

document.cookie

• twitter=true
• facebook=true
• youtube=true
• vimeo=true
• instagram=true

MATOMO_SESSID, piwik_ignore, mtm_consentand mtm_consent_removed, __stripe_mid, __stripe_sid, AWSALB, AWSALBCORS

• random, generated, non-personalized session ID

IV.2 Legal Basis for Data Processing

Data processing is carried out pursuant to:

• Art. 6(1)(e) and (3) GDPR in conjunction with Art. 4(1) BayDSG
• Art. 4, 16, and 17 BayDiG

If the processing of personal data is based on consent, it is performed in accordance with Art. 6(1)(a) GDPR and §25 TDDDG.

IV.3 Duration of Data Processing

Session cookies are automatically deleted at the end of your visit, either when you close your browser or leave the website.

IV.4 Objection and Deletion Options

The cookies used are stored on your computer and transmitted to LMU’s website. As a user, you therefore have full control over the use of cookies. By adjusting the settings in your web browser, you can disable or restrict the transmission of cookies. Stored cookies can be deleted at any time. This process can also be carried out automatically.

IV.5 How Do I Adjust the Cookie Settings in My Browser?

Each browser handles cookie and privacy settings differently. Please refer to the following support pages for more information:

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Apple Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d

JavaScript applications can be disabled in your browser settings. However, disabling JavaScript may affect the display of certain elements such as contact forms, video players, or accordion menus.

Some elements on our website require that the web browser accessing them can still be identified after switching page. If cookies are disabled for LMU's website, some features may not work.

The following services can only be used if cookies are enabled:

• Web forms
• All content secured via the central authentication mechanism

Flash cookie transmission cannot be prevented via your browser settings but must be managed directly from the Flash Player settings.

V. Use of the Matomo website analysis tool

V.1 Purpose and Scope of Data Processing

On some websites, we use the open-source software tool Matomo (formerly PIWIK, https://www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) to analyze data traffic on LMU websites and their reach. This allows us to learn how LMU websites are used and to continuously improve and develop our Internet presence and public offerings.

Matomo is also indispensable for necessary maintenance work, so that page content can be updated outside of peak traffic times or—if certain content is mostly accessed via mobile devices—so that it can be adapted accordingly (e.g., to ensure accessibility). In addition, Matomo web analytics can be used to distribute server resources economically and better coordinate load management. To fulfill the above tasks and ensure data security, we operate Matomo on our own LMU server.

We do not use cookies for statistical analysis with Matomo. We also do not store any information on the requesting computers of our website visitors, nor do we access information that is already stored on our visitors' end devices.

No personal data is processed for the configuration used for Matomo at LMU. The processing does not fall within the scope of the GDPR or the legal provisions for a consent requirement pursuant to Section 25 (1) TDDDG. Instead, Matomo uses log files that are automatically generated when a web browser accesses an LMU website. Matomo processes the following data for purely statistical purposes:

• anonymized IP address of the requesting computer
• browser type
• language settings
• operating system
• time and duration of visit
• pages visited (URLs and page titles)
• content loaded during the visit (e.g. images, JavaScript, or CSS files)
• frequency of visits to the website (aggregated data)

The Matomo software is set up to mask 2 bytes of the IP address before this information is evaluated. As a result, it is no longer possible to uniquely identify the requesting computer in the statistical evaluation with Matomo.

The statistical analysis only records visits to individual pages. Furthermore, it is not technically possible for us to track visitors to our website with Matomo across multiple LMU websites or over several days. Matomo does not create profiles of our visitors.

The data obtained with Matomo is not passed on to third parties or used for other purposes, in particular not for performance or behavior monitoring of website users. Further information about Matomo can be found at https://matomo.org/docs/privacy-how-to/. Matomo's privacy policy can be found at https://matomo.org/privacy-policy/.

Google Analytics is not used on LMU's web servers for data protection reasons.

V.2 Legal Basis for Data Processing

Data processing is carried out in accordance with:

• Art. 6 (1) (e) GDPR
• Art. 6 (1) BayDSG in conjunction with Art. 2 and 3 BayHIG

The data collected using Matomo technology (including your anonymized IP address) is processed on the servers of the Leibniz Supercomputing Centre (LRZ) under a data processing agreement.

V.3 Duration of Data Processing

The analysis data shall be used purely for internal purposes for as long as is necessary for this purpose, but for no longer than one year.

V.4 Objection and Deletion Option

You can decide whether your visit to our websites is recorded by Matomo. This allows those responsible for the website to collect and analyze various statistical, non-personal data.

If you do not or no longer consent to the processing of your data by Matomo, you can object to the storage and use of your data at any time with future effect by clicking on the link below. You can also prevent the use of Matomo from the outset by adjusting the settings in your internet browser. Most modern browsers have a “Do Not Track” option, which informs the websites you visit that user activities should not be tracked. The Matomo instance used by LMU respects this option.

Please note: If you delete your cookies, this will also remove the opt-out cookie. In that case, you may need to reselect the opt-out option to prevent tracking by Matomo.

V.5 How does Matomo track my visit to LMU Internet pages with this browser?

VI. Use of Provided Means of Communication

You can contact LMU electronically via the contact form, chat, or email available on the LMU websites. Where necessary, you may be asked to provide personal data.

You can also reach LMU by telephone, fax, or postal mail. Please refer to the websites of the respective LMU departments to find out which communication channels are available in each individual case.

VI.1 Use of a Contact Form

VI.1.1 Scope and Purpose of Data Processing

If you use the contact form, the data you provide will be transmitted to LMU and stored. Typically, this includes your last name, first name, contact details, and the content of your message.

Please refer to the contact form or the notice of the institution responsible for the content of the respective website for specific details.

Mandatory information is clearly marked in the contact form. Without it, your request cannot be processed.

When you submit your message, the following data is stored in addition to the data you have provided:

On the application server:

• The user's email address provided in the form
• The recipient's email address for the form

The personal data processed is requireds to prevent misuse of the contact form and to ensure the security of our IT systems. Your data is encrypted during transmission (https) and processed in internal systems (e.g., ticketing systems).

When using the contact form, you will be informed about the data collected and your respective rights.

VI.1.2 Legal Basis for Data Processing

Data processing is carried out in accordance with Art. 6 (1) (a) GDPR. Your consent will be obtained during the submission process. Reference will be made to this Privacy Policy and, if applicable, to further specific data protection information.

Please note that the processing of data may also take place based on Art. 6 (1) (e) in conjunction with Art. 4 (1) BayDSG. TThe processing of the personal data you have provided is necessary for the purpose of handling your request.

VI.1.3 Duration of Data Processing

The data will be processed exclusively for the duration of the processing of your request and for communication with you and will not be passed on to third parties or used for other purposes, unless further processing is permitted by law.

VI.1.4 Objection and Deletion Options

You have the option to withdraw your consent for the processing of personal data at any time. If you contact us via the contact form, you can object to the storage of personal data at any time or request its erasure. In this case, all relevant data will be deleted if there are no legal regulations to the contrary. In this case, any further communication or correspondence will no longer be possible.

VI.2 Use of an Email Address

VI.2.1 Scope and Purpose of Data Processing

In addition to the contact form, you can also send an email to an LMU email address provided on the respective website. If you send us an email, we will process your email address and your message.
Please note that you may only send inquiries to LMU email addresses, i.e., those provided on the LMU website and made available for communication purposes.
Please note that the use of unencrypted email is generally insecure, i.e., it may be read, altered, or intercepted by third parties during transmission.
Please take this into account when sending us information by email. Therefore, please use the postal service to send messages that require protection, or use the public S/MIME (X509) certificate to encrypt your message. Please only use this key to encrypt your email to us, as otherwise we may not be able to read your email.
Courts, authorities, lawyers, and all other authorized users have the option of communicating with LMU confidentially and securely via the special authority mailbox.
If you wish to send us an unencrypted email, please use a functional LMU address, if one is provided on the website or has been communicated to you. Please note that in the case of an email inquiry, we cannot verify your identity and do not know who is behind the email address.
Legally secure communication via a simple unsigned email is not guaranteed, even if it is encrypted. In order for us to send you messages that require protection, please also provide us with your postal address when making inquiries. Otherwise, we may not be able to provide you with any information. If you would like to receive an encrypted email from us, please provide us with the necessary information.
At LMU, we use filters against unwanted advertising (so-called spam filters), which in some cases may incorrectly classify emails as unwanted advertising and delete them. Emails that may contain harmful programs, e.g., viruses, are automatically deleted.
We hereby expressly object to the use of contact data published in the context of the legal notice obligation or on other LMU websites for the purpose of sending unsolicited advertising and information materials. The controller expressly reserves the right to take legal action in the event of unsolicited advertising information being sent, including via spam emails.

VI.2.2 Legal Basis of Data Processing

Data processing is carried out in accordance with Art. 6 (1) (a) GDPR. Your consent will be obtained for the processing of data during the sending process and reference will be made to the relevant data protection declarations. We would like to point out that the processing of data may also be carried out based onArt. 6 (1) (e) GDPR in conjunction with Art. 4 (1) BayDSG. The processing of the personal data you provide is necessary for the purpose of handling your request.

VI.2.3 Duration of Data Processing

The data will be processed exclusively for the duration of the processing concerning your request and for communicating with you and will not be disclosed to third parties or used for other purposes, unless further processing is permitted by law.

VI.2.4 Objection and Deletion Option

You may revoke your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time or request its deletion. In this case, all relevant data will be deleted, provided that there are no legal regulations to the contrary. Further conversation or correspondence will then no longer be possible.

VI.3 Use of online appointment booking

VI.3.1 Scope and purpose of data processing

Your data is collected in order to book an appointment and to contact you. Only the data required for booking and conducting the appointment will be processed, such as title, last name, first name, email address, booking date (day, month, year, time), number of persons, and purpose of the appointment. These are mandatory details without which an appointment cannot be booked. In addition, the appointment booking tool “anny” may collect technical data, such as cookies or IP addresses. Your data is processed exclusively for the purpose of managing the appointment. The personal data collected will be forwarded to and processed by the relevant LMU department responsible for conducting the appointment. The data will not be further disclosed to third parties.

VI.3.2 Legal Basis for Data Processing

Your personal data is processed in fulfillment of the tasks assigned to LMU in accordance with

• Art. 6 (1) (e), 2 and 3 GDPR,
• Art. 4 (1) (1) BayDSG,
• Art. 19 BayDiG, and
• §§ 10, 18 AGO Bayern.

If the appointment is booked for the purpose of initiating, executing, or termnating a legal contract, the legal basis is Art. 6 (1) (b) GDPR. Voluntary information you provide is processed based on your consent in accordance with Art. 6 (1) (a) GDPR.

Online appointment booking is technically implemented as part of commissioned data processing. The processor is anny GmbH, with whom a data processing agreement has been concluded (anny GmbH, Cäcilienstraße 30, 50667 Cologne, https://anny.eu/). Data processing takes place on servers located in Germany. Insofar as the appointment booking is offered by a professional group that is subject to professional confidentiality, the order processor anny has been obliged to professional confidentiality in accordance with § 203 StGB. Data transmission is encrypted. Further information on data protection at anny GmbH can be found at  https://anny.eu/privacy/.

VI.3.3 Duration of Data Processing

The data will be processed exclusively for the duration of the processing of your appointment and for communication with you. It will not be disclosed to third parties or used for any other purpose, unless further processing is permitted by law.

All personal data relating to appointment booking will be anonymized 7 days after the appointment has taken place.

VI.3.4 Objection and Deletion Options

You have the option to object to the processing of your personal data at any time and may request the deletion of your data. In this case, all relevant data will be deleted, provided provided that this does not conflict with any legal regulations. In this case, further correspondence or attendance of the booked appointment will no longer be possible. The appointment will be cancelled without replacement.

If you wish to book an appointment but do not want or are unable to use the online booking system, the following alternatives are available (if provided by the respective LMU department):

• by telephone
• electronically via email
• by post

Note on the possibilities of alternative appointment allocation

If you would like to make an appointment but do not want to or cannot use the online appointment system, the following alternatives are available to you:

• by telephone (if provided by the relevant office)
• electronically by e-mail (if provided by the relevant office)
• by post (if provided by the relevant office).

VI.4 Use of the Chat Function

VI.4.1 Scope and Purpose of Data Processing

On some of its websites, LMU offers a chat function during specific service hours. Individual LMU departments (e.g., University Library, Central Student Advisory Service) use the chat to enable direct and informal communication via text messages, to quickly respond to simple and general inquiries, or to provide individual advice. The aim is to make customer service and administrative support efficient. This is a live chat. You can use the chat similarly to a contact form to get in touch with LMU staff mostly in real time.

The chat function is not available for the exchange of large data sets or documents, particularly if they are subject to professional or business confidentiality, the processing of special categories of personal data as defined in Art. 9 (1) GDPR (e.g., health data), or the processing of bank and payment data. Automated decision-making is not used, and no chatbots are employed. Video chat is not conducted or offered.

If you use the chat, the following personal data will be collected and transmitted to LMU: the date of the first use of the chat, the current set status of the account (online/away/offline), and, if applicable, a profile picture set by you. You decide whether you want to provide personal data. Depending on the course of the conversation with our staff, personal data may be collected and processed. If you have a question concerning a personal matter (e.g., your user account), personal data will be processed for the necessary authentication. The collection and processing of personal data is carried out only within the scope of your request.

The technical platform used is the open-source app “Element” (https://element.io/open-source), based on the Matrix open-source project. The chat is operated by the LRZ (Leibniz Supercomputing Centre). Use of the chat is subject to the applicable terms of use of LMU and the LRZ user guidelines (https://www.lrz.de/wir/regelwerk/). Communication is encrypted.

VI.4.2 Legal Basis for Data Processing

Your personal data is processed based on your consent according to Art. 6 (1) (a) GDPR when using the chat function. If necessary, consent will be otained prior to each use of the chat.

VI.4.3 Duration of Data Processing

The data is processed only for the duration of handling your request and for the purpose of conducting the chat communication with you. It will not be processed beyond this purpose or disclosed tothird parties unless further processing is legally permitted.

Chat data is also stored to ensure the security of our IT systems. All content, messages, and data are permanently deleted automatically no later than one year after collection. Until then, the data is processed to fulfill accountability obligations.

You may delete your own chat manually at any time, as long as the chat window remains open.

VI.4.4 Objection and Deletion Option

You may withdraw your consent at any time. To do so, contact the LMU department you addressed when using the chat function.

In this case, all relevant data will be deleted, provided that this does not conflict with any legal regulations. Further conversation or correspondence within the chat will then no longer be possible.

VI.5 Use of other Means of Communication (e.g., Postal Mail, Telephone, Fax)

You can contact LMU using the contact details provided on the websites.

If you send us a request or share your opinion via postal mail, telephone, or fax, the information you provide will be processed exclusively for the purpose of handling your request, any necessary follow-up, and further communication.

We will generally respond using the same communication channel, unless you specify an alternative.

Personal data will only be disclosed to authorized persons and only if sufficient identification and secure transmission are ensured. Communication generally requires a postal address, which must be provided.

VI.6 Use of videoconferencing systems

If you participate in a video conference, webinar, or online meeting organized by us (hereinafter referred to as "videoconferences"), we process your personal data as part of your registration and participation.

Different categories of data are processed depending on the information you provide before or during participation, as well as the videoconferencie system used.

If you take part in a videoconference organized by us, you are usually required to provide at least a name when registering. In principle, you may use a pseudonym, unless your real name is required for participation or authentication.

Your IP address will be processed to enable your participation. Additionally, login and device or hardware information will be stored. If provided, your email address and profile picture will also be processed.

If you dial in by phone, your phone number and, where applicable, your IP address will be processed.

To enable participation in the videoconference, data from your device’s microphone, any connected video camera, and, if you share your screen, the screen content ("screenshare") will be processed as required. You can switch off or mute your camera and microphone at any time. You also decide which parts of your screen are shared.

Audio and video recordings of the videoconference may be created. In such cases, all relevant video, audio, and presentation recordings will be processed. If a recording takes place, you will always be informed in advance. Where required, the explicit consent of the participants will be obtained.

During the videoconference, you may also have the option to use the chat, Q&A, or poll functions. In this context, the text inputs you provide will be processed in order to display them in the videoconference.

Insofar as personal data of our employees is processed, Art. 6 (1) (b) is the legal basis for data processing. If German law is not applicable to the processing of employee data, or if the processing of personal data is not necessary for the establishment, implementation, or termination of the employment relationship, but is nevertheless an essential part of participation in a video conference, our performance of our tasks pursuant to Art. 6 (1) (e) GDPR is also the legal basis for data processing. Our tasks arise primarily from the Bavarian Higher Education Innovation Act (BayHIG).
We use one or more service providers as processors for the purpose of conducting video conferences on the basis of a data processing agreement in accordance with Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU. If no adequacy decision has been made by the EU Commission for the respective third country, we ensure that appropriate safeguards are in place for the transfer in accordance with Art. 46 GDPR (e.g., EU standard contractual clauses). Further information can be found in the data protection information provided in the context of the respective use.

VII. Newsletter Subscription

VII.1 Scope and purpose of data processing

You may have the option to subscribe to a free newsletter on our website. The offering the newsletter is responsible for this process. If personal data is collected for the purpose of sending a newsletter, it will only be processed for that purpose and will not be shared with third parties or used for other purposes. Typically, only an email address is required and it does not have to be a personal email address.

The registration system, which sends an additional confirmation message containing a link for final registration (double opt-in), ensures that you have explicitly requested the newsletter and that it will be sent to the email address you have provided.

VII.2 Legal Basis for Data Processing

Data processing is carried out in accordance with Art. 6 (1) (a) GDPR. If a service provider is used to send the newsletter, this is done after conclusion of a data processing agreement and in compliance with the general principles for data transfer and the data protection guarantees in accordance with Art. 44 ff. GDPR.

VII.3 Duration of Data Processing

Personal data will be processed for the duration of the newsletter subscription until termination. The data will be deleted as soon as the newsletter is unsubscribed or discontinued or the deletion is legally mandatory for other reasons.

VII.4 Objection and Deletion Options

You can unsubscribe from a newsletter at any time. To do so, please use the email address or internet link provided by the person responsible for sending the newsletter.

Further information is available when you subscribe to a newsletter.

VIII. Use of RSS News Feeds

An RSS news feed is a like a newsletter that we use to keep you informed about the latest events. A list of the main RSS news feeds is available at https://www.lmu.de/en/newsroom/index.html.

You can read the RSS feed in your browser or by using a dedicated program (RSS newsreader) without having to provide any contact details.

You can unsubscribe from an RSS news feed at any time. You will receive additional information when you subscribe to an RSS news feed.

IX. Google Custom Search

IX.1 Scope and Purpose of Data Processing

We use Google Custom Search to help you find information on our website. No Google ads are displayed in these search results. The search field on this website (“Google Custom Search”) is provided by Google LLC. (“Google”).
Your data will only be transmitted when you use the search field and submit the form entries. In this case, you acknowledge and agree that Google may use the personal data for its own purposes in accordance with Google's privacy policy (at https://policies.google.com/privacy?hl=en-US). The use of Google Custom Search is the sole responsibility of the user.

IX.2 Legal Basis for Data Processing

Data processing is carried out in accordance with Art. 6 (1) (a) GDPR.

IX.3 Duration of Data Processing

Data processing is based on Google's privacy policy (https://policies.google.com/privacy?hl=en-GB).

IX.4 Objection and Deletion Options

If you do not wish to transmit data to Google or do not wish to accept Google's privacy policy, please refrain from using the search function. Data is only transmitted to Google when you use the search field.

If you do not wish to use this service, you can search our website via https://duckduckgo.com/?s ite=www.lmu.de or https://www.qwant.com/?q=site:www.lmu.de

Specific information on data processing on the LMU internet pages

X. Your Data Protection Rights

LMU processes personal data within the scope described above in connection with its websites. In this respect, you are considered a data subject under the GDPR and have the following rights with respect to LMU:

X.1 Right of Access

Pursuant to Art. 15 GDPR, you may request confirmation from LMU as to whether personal data concerning you is being processed by us.

If such processing is taking place, you may request information about the personal data being processed and the following additional information:

• the purposes for which the personal data is being processed;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority; the data protection supervisory authority directly responsible for LMU is the Bavarian State Commissioner for Data Protection (https://www.datenschutz-bayern.de/index.html.en);
• all available information about the origin of the data if the personal data is not collected from you;
• the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and intended effects of such processing for the data subject;
• You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

The right to access is subject to legal restrictions and is not absolute, but is limited in particular in the following cases:

• If a large amount of information about the data subject is stored, LMU may request that the data subject specify the information or processing operations to which the request for information specifically relates.
• Manifestly unfounded or excessive requests or frequent repetitions may lead to rejection or an obligation to reimburse costs.
• The provision of information must not prejudice the rights of LMU or other persons (in this respect, professional secrets, trade secrets, and data relating to other persons are excluded).
• Under the conditions specified in Art. 10 BayDSG, the information may not be disclosed.
• In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to access may also be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG)

X.2 Right to Rectification

Pursuant to Art. 16 GDPR, you have the right to rectification and/or completion of your personal data with respect to LMU if the processed personal data concerning you is inaccurate or incomplete. LMU will rectify the data without undue delay to the extent permitted by law.

In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art, 25 BayDSG).

X.3 Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you in accordance with Art. 18 GDPR:

• if you dispute the accuracy of the personal data concerning you for a period enabling LMU to verify the accuracy of the personal data;
• if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• LMU no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims; or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether LMU's legitimate reasons outweigh your interests worthy of protection.

If the processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing has been restricted in accordance with the above conditions, LMU will inform you before the restriction is lifted.

In the case of data processing for scientific or historical research purposes and for statistical purposes, your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG).

X.4 Right to Erasure

In accordance with Art. 17 GDPR, you may request that LMU immediately erase personal data concerning you. LMU is obliged to erase this data without delay if one of the following reasons applies:

• The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed, and processing for other purposes is not permitted.
• You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you has been processed unlawfully.
• The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8(1) GDPR.
• If LMU has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account available technology and implementation costs, to inform the controllers that you have requested the erasure of any links to, or copies or replications of, that personal data.

The right to erasure does not apply

• if the processing is necessary for exercising the right of freedom of expression and information;
• to fulfill a legal obligation which requires processing under Union or Member State law to which LMU is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in LMU;
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
• for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in point (a) above is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
• for the establishment, exercise or defense of legal claims.

X.5 Right to Information

If you have asserted your right to rectification, erasure, or restriction of processing against LMU, we are obliged under Art. 19 GDPR to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by LMU about these recipients.

X.6 Right to Data Portability

Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to LMU in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by LMU, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from LMU to another controller within the meaning of Art. 4(7) GDPR, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in LMU.

X.7 Right to Object

Under the conditions of Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR.

LMU will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the assertion, exercise, or defese of legal claims.

You have the option, in the context of the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

Where personal data relating to you is processed for scientific or historical research purposes and for statistical purposes pursuant to Art. 89 paragraph 1 GDPR, you also have the right to object to such data processing on grounds relating to your particular situation.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes (Art. 25 BayDSG).

X.8 Right to Withdraw the Declaration of Consent under Data Protection Law

You have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The right of withdrawal will not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (3)GDPR). Withdrawal must always be declared to the department at LMU that obtained the consent or to whom you gave your consent.

X.9 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).

The supervisory authority responsible for LMU is the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de). The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

X.10 Assertion of Rights

If you believe that the processing of the personal data relating to you violates the GDPR or if you wish to otherwise exercise your rights, please first get in touch with the contact person responsible for the content of the respective website — as named in the imprint — and/or the responsible department with which you have been in contact regarding the data processing in question, as this will make a prompt review and any necessary remedial action possible on your behalf. This particularly applies if you wish to withdraw your consent. You can also contact the data protection officer at LMU. It is our goal and ambition to immediately clarify any questions related to data protection and to resolve any data protection issues without delay.

B) Data Protection Information about Specific Data Processing

I. Use of Google Maps

I.1 Scope and Purpose of Data Processing

Some LMU websites use the map service Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The map service can be used to display geographical information for contacts and directions. The use of Google Maps is not absolutely required to get information from our website and therefore it is entirely up to you if you want to use it. However, Google Maps is integrated into our websites in the interest of presenting our website in an appealing manner and ensuring that the locations specified on our websites can be found quickly and easily. This is done as part of LMU's public relations work.

Embedding takes place exclusively using an API (2-click solution). Data is only transferred to Google via this programming interface when you click on the “Switch to Google Maps” button.

When using Google's features, Google processes your IP address and, if applicable, other personal data (e.g., information on the use of this website or sub-pages or the data provided in Google Maps, the language of the system, and various browser-specific details). When accessing the site with a GPS-enabled device, the location may also be transmitted. Google uses cookies.

This provides Google with information, among other things, that you have accessed our website or the sub-page. This information is usually transmitted to a Google server in the USA and stored there. This occurs regardless of whether Google provides a user account which you are logged into or whether there is no user account. If you are logged into Google, your data can be associated with your user account.

If you do not want this data to be associated with your Google profile, you must first log out of your Google user account before switching to Google Maps. However, Google stores your data (even for users who are not logged in or registered) as usage profiles and evaluates them for its own purposes of advertising, market research, and the needs-based design of its websites, and may also inform other users of the social network (e.g., Google+) about your activities on our website.

More information about the handling of usage data is available in Google's terms of service and privacy policy.

Google's terms of service are available at

https://policies.google.com/terms?hl=en-GB and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.

Google's privacy policy is available at

https://policies.google.com/privacy?hl=en-GB and https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

and for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/.

I.2 Legal Basis for Data Processing

Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. When you visit the relevant pages, you will be asked for your consent to use the map service under these terms and conditions. You can withdraw this declaration of consent at any time.

The data collected about you when using the service is processed by Google and your personal data is transferred outside the European Union, primarily to the USA. The kbasis for this is Google's certification under the EU-US Data Privacy Framework (DPF) adequacy decision in accordance with Art. 45 GDPR.

I.3 Duration of Data Processing

LMU does not process any additional personal data on its website when Google Maps is used. LMU has no influence on the type, scope, and duration of the data processed by Google, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

I.4 Objection and Deletion Options

You have the right to object to the creation of these usage profiles, but you must contact Google directlyand exclusively to exercise this right. As the provider of its website, LMU has no influence over this data processing.

If you do not agree to the transmission of your personal data to Google, do not click on "Switch to Google Maps." No data will then be transmitted to Google, but no map will be opened either.

Alternatively, you also have the option of changing your personal settings in Google's Privacy Center (https://policies.google.com/privacy?hl=en).

II. Use of Social Media and Social Media Icons and Internet Links

Our social media presence is part of our public relations work. Our aim is to provide information tailored to targeted groups and to engage in dialogue with you. This also enables us to make quick contact with you online and to communicate directly with you through the media of your choice, Art. 16 BayDiG, § 5 (1) No. 2 DDG. When using social media icons from Facebook, Instagram, Bluesky, X (until July 2023 Twitter), and YouTube on LMU websites, no automatic transmission of your personal data takes place. To avoid automatic data transmission to social media providers, this embedded media content is displayed as a link on LMU websites. No social media plugins are used on LMU websites for data protection reasons.

Further information on social networks and how you can protect your data can be found on the website https://youngdata.de/. YoungData is a service provided by the Conference of the Federal and State Data Protection Authorities (DSK).

II.1 Data Protection Provisions on the Use and Application of Facebook and Facebook Icons

Our website uses social media icons of the social network facebook.com. The web pages at https://www.facebook.com/ and the services on these pages are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ("Facebook"). The icons feature a Facebook logo.

II.1.1 Scope and Purpose of Data Processing

We use social media icons from Facebook only in extended privacy mode. By default, no automated connection is made to Facebook's servers. This means that Facebook does not receive any data from website visitors when they access LMU's website.

If you are logged into Facebook while visiting our website, Facebook can associate the visit with your Facebook account. When you interact with Facebook, this information is transmitted directly from your browser to Facebook and stored there. We are not aware of what data Facebook associates with the personal data received and for what purpose Facebook uses this data.

Even if you are not a user of Facebook, Facebook may still store your IP address.

Please note that we have no knowledge of the content of the data transmitted or its use by Facebook.

The purpose and scope of the data collection and the further processing and use of data by Facebook is available in Meta's privacy policy at https://www.facebook.com/privacy/policy/.

II.1.2 Legal Basis for Data Processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 (1) (e) and (3) GDPR in conjunction with Art. 4 (1) BayDSG and serves the purpose of performing public relations (Art. 2 BayHIG).

The data collected about you when using the service is processed by Meta and your personal data is transferred outside the European Union, primarily to the USA. This is based on Meta's certification under the EU-US Data Privacy Framework (DPF) adequacy decision in accordance with Art. 45 GDPR.

In addition, we take appropriate measures to protect personal data. Where possible, we agree on the EU standard data protection clauses with Meta and provide for further technical and organizational protective measures.

Users are solely responsible for their use of Facebook, in accordance with Meta's privacy policy (https://www.facebook.com/about/privacy/policy).

II.1.3 Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Meta, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

II.1.4 Objection and Deletion Options

Please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/ for information on your rights and settings options for protecting your privacy on Facebook.

If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account. Then delete the corresponding cookies and block the execution of Facebook script content in your browser. This can be done, for example, with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.2 Data Protection Provisions on the Use and Application of Instagram and Instragram Icons

Our website uses social media icons of the social network instagram.com. Instagram is an ad-supported online photo and video sharing service owned by Meta. The icons feature an Instagram logo.

II.2.1 Scope and Purpose of Data Processing

We use social media icons from Instagram only in extended privacy mode. By default, no automated connection is made to Instagram's servers. This means that Instagram does not receive any data from website visitors when they access LMU's website.

If you are logged into Instagram while visiting our website, Instagram can associate the visit with your Instagram account. If you interact with Instagram, this information is transmitted directly from your browser to Instagram and stored there. We are not aware of what data Instagram associates with the personal data received and for what purpose Instagram uses this data.

If you are not a user of Instagram, there is still the possibility that Instagram will store your IP address.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.

The purpose and scope of data collection and the further processing and use of data by Instagram is available in Instagram's privacy policy at https://privacycenter.instagram.com/policy.

II.2.2 Legal Basis for Data Processing

Data processing is carried out for the performance of a public task and in the public interest in accordance with Art. 6 (1) (e) and (3) GDPR in conjunction with Art. 4 (1) BayDSG and serves the purpose of performing public relations (Art. 2 BayHIG).

Use of Instagram is the sole responsibility of the user, in accordance with Instagram's privacy policy (https://privacycenter.instagram.com/policy).

When you use the service, Meta processes the data collected about you and transfers your personal data outside the European Union, primarily to the USA. This is in accordance with Meta's certification under the EU-US Data Privacy Framework (DPF) adequacy decision in accordance with Art. 45 GDPR. In addition, we take appropriate measures to protect personal data. Where possible, we enter into EU standard data protection clauses with Meta and implement additional technical and organisational protective measures.

II.2.3 Duration of data processing

LMU has no influence on the type, scope, and duration of the data processed by Instagram, the type of processing and use of this data, or its disclosure to third parties. LMU also has no effective means of control.

II.2.4 Objection and Deletion Options

If you do not want Meta to associate your visit to our website with your Instagram account, please log out of your Instagram account, delete the relevant cookies, and block the execution of Instagram script content in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.

II.3 Data Protection Provisions on the Use and Application of Bluesky and Bluesky Icons

Our website uses social media icons from the provider Bluesky (https://bsky.social).

We use the technical platform and services of Bluesky PBLLC (Cherry St # 24821 Seattle, Washington 98104-2205, USA) for the short message service offered here at https://bsky.app/profile/lmu.bsky.social. Bluesky is a decentralized service consisting of a large number of servers (“Bluesky instances”) operated by private individuals or organizations. Our account is located on the Bluesky instance “bluesky.social”, which is operated by Bluesky PBLCC. Bluesky PBLLC has confirmed that it complies with European Union law (https://apps.apple.com/de/app/bluesky-social/id6444370199).

II.3.1 Scope and Purpose of Data Processing

When you visit our website at lmu.de, no data is transferred to Bluesky. Personal data will only be transferred to Bluesky when you explicitly confirm the Bluesky icon or use Bluesky and the “RePost” function. Your data may be assigned to the data of your Bluesky account or your Bluesky profile and disclosed to other users.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Bluesky. We have no influence on the type and scope of the data processed by Bluesky, the type of processing and use or disclosure of this data to third parties.

Information about which data is processed by Bluesky and for what purposes it is used and further data protection information can be found in Bluesky's privacy policy at Bluesky App Privacy Policy or at https://bsky.social/about/support/privacy-policy.

II.3.2 legal basis for Data Processing

Data processing by Bluesky is carried out for the purpose of performing a public task and in the public interest in accordance with Art. 6 (1) (e) and (3) GDPR in conjunction with Art. 4 (1) BayDSG and serves the purpose of public relations (Art. 2 BayHIG).

The use of Bluesky and its functions is the sole responsibility of the user on the basis of Bluesky's privacy policy (Bluesky App Privacy Policy). This applies in particular to the use of interactive functions (e.g., sharing, rating). Alternatively, you can also access the information offered on this page at https://www.lmu.de/de/newsroom/.

II.3.3 Duration of Data Processing

LMU has no influence on the type, scope and duration of the data processed by Bluesky, the type of processing and use or the transfer of this data to third parties. LMU also has no effective means of control.

As far as possible, your data will be deleted when we cease to operate our Bluesky website. Any further storage of this data by Bluesky is governed exclusively by the provisions of the Bluesky Privacy Policy and the Bluesky Terms of Use.

II.3.4 Objection and Deletion Options

For a detailed description of the respective forms of processing and the opt-out options, please refer to Bluesky's privacy policy and information:

• Information on what data is processed by Bluesky and for what purposes can be found in Bluesky's privacy policy: https://bsky.social/about/support/privacy-policy
• Further information on these points is available on the following Bluesky support pages: https://bsky.social/about/support.
• Information on the available personalization and data protection setting options can be found here (with further links): Privacy and Security - Bluesky
• You also have the option of requesting information via the Bluesky data protection form or via the archive: https://bsky.social/about/support/network-services-privacy-notice

If you do not want Bluesky to associate your visit to our website with your Bluesky account, please log out of your Bluesky account and delete the corresponding cookies. You should also block the execution of Bluesky script content in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com. On mobile devices (smartphones, tablet computers), you should restrict Bluesky's access to contact and calendar data, photos, location data, etc. in the settings. However, this depends on the operating system used.

You also have the option of contacting Bluesky directly regarding data protection issues: https://bsky.social/about/support/privacy-policy#contact.

II.4 Data protection provisions regarding the use of X (formerly Twitter) and X icons

Our website uses social media icons from the provider X
(https://x.com/). For persons residing within the EU, the Irish company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (https://legal.x.com/de/imprint) is responsible. The icons are marked with an X logo.

II.4.1 Scope and Purpose of Data Processing

By using X and the "re-tweet" feature, the websites you visit are associated with your X account and disclosed to other users. Data is also transmitted to X.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by X.

More information about this is available in X’s privacy policy at https://x.com/privacy.

II.4.2 legal basis for Data Processing

Data processing is carried out for the performance of a public task and in the public interest pursuant to Article 6 paragraph 1 letter e, paragraph 3 GDPR in conjunction with Article 4 paragraph 1 BayDSG and serves the purpose of public relations (Article 2 BayHIG).

For data processing in the USA, there is currently no adequate level of data protection within the meaning of Article 45 paragraph 1 GDPR, particularly because unauthorized access by third parties is not effectively excluded and the exercising of rights by data subjects is not effectively ensured. However, we take suitable measures to protect personal data. To the extent possible, we work with Twitter to arrange the EU standard contractual clauses and provide for additional technical and organizational protective measures.

The use of X is the responsibility of the user based onX’s privacy policy (https://x.com/privacy).

II.4.3 Duration of Data Processing

LMU has no influence on the type, scope, and duration of the data processed by Twitter, the way in which it is processed and used, or the disclosure of this data to third parties. LMU also has no effective means of control.

II.4.3 Objection and Deletion Options

For a detailed description of the respective forms of processing and the
opt-out options, please refer to the data protection declarations and information provided by operator X at https://x.com/de/privacy.

If you do not want X to be able to associate your visit to our website with your Twitter account, please log out of your Twitter account, delete the respective cookies, and block the execution of script content from Twitter in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com/.

II.5 Data Protection Provisions on the Use of YouTube and YouTube Icons

Some videos from the external video platform YouTube are embedded on our website. YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. YouTube is a video portal owned by the US company YouTube LLC, a subsidiary of Google LLC. The corresponding icons are marked with a YouTube logo.

II.5.1 Scope and Purpose of Data Processing

We use embedded YouTube videos in extended data protection mode. By default, only deactivated images from the YouTube channel are embedded, which do not automatically connect to YouTube's servers. This means that YouTube does not receive any data from website visitors when they visit LMU's website.

You can decide for yourself whether YouTube videos should be activated. Only when you enable video playback by clicking on pPermanent activation” do you give your consent for the necessary data (including the Internet address of the current website and your IP address) to be transmitted to YouTube. When playing the videos, YouTube may store additional cookies on your browser and assign the data to its own user profiles or use the data for its own purposes. We have no influence over this storage.

Please note that we have no knowledge of the content of the transmitted data or its use by YouTube.

In order to save your desired settings, we set a cookie that stores the parameters. However, we do not store any personal data when setting these cookies; they only contain anonymized data for customizing the browser. The videos are then active and can be played by you.

If you activate the YouTube videos and are logged in as a member of YouTube, YouTube assigns this information to your respective personal user accounts. For more information on the collection and use of data by YouTube, please refer to YouTube's privacy policy at https://www.google.com/intl/de/policies/privacy/; https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

II.5.2 Legal Basis for Data Processing

Data processing is carried out for the purpose of performing a public task and in the public interest in accordance with Art. 6 (1) (e) and (3) GDPR in conjunction with Art. 4 (1) BayDSG and serves the purpose of conducting public relations (Art. 2 BayHIG).

The data collected about you when using the service is processed by YouTube and your personal data is transferred outside the European Union, primarily to the USA. The basis for this is YouTube's certification under the EU-US Data Privacy Framework (DPF) adequacy decision in accordance with Art. 45 GDPR.

The use of YouTube is the sole responsibility sole responsibility of the user subject to YouTube's privacy policy (https://www.google.com/intl/de/policies/privacy/).

II.5.3 Duration of Data Processing

LMU has no influence on the type, scope, and duration of processing of the data processed by YouTube, the type of processing and use, or the transfer of this data to third parties. LMU also has no effective means of control.

II.5.4 Objection and Deletion Options

If you would like to deactivate the automatic loading of YouTube videos, you can remove the check mark for consent under the privacy icon. This will also update the cookie settings.

For any options to object, please refer to the privacy policy and information provided by YouTube:

• Information about which data is processed by YouTube/Google and for what purposes can be found in the privacy policy of YouTube or Google: https://policies.google.com/privacy
• Opt-out option (opt-out plugin): https://tools.google.com/dlpage/gaoptout?hl=de
• Settings for the display of advertisements: https://adssettings.google.com/authenticated

If you do not want YouTube to associate your visit to our website with your YouTube account, please log out of your YouTube account, delete the corresponding cookies, and block the execution of YouTube script content in your browser, e.g., with script blockers from https://www.noscript.net or https://www.ghostery.com.

III. Data processing within the framework of the “Online Donation Tool to Support Research and Teaching at LMU Munich”

III.1 Scope and Purpose of Data Processing

On our websites www.lmu.de/stiftungen and https://www.lmu.de/de/workspace-fuer-studierende/support-angebote/studienfinanzierung/stipendien/deutschlandstipendium/index.html (Stiftungen@LMU and the Germany Scholarship program coordination), we use an online donation tool to enable and process online donation payments. These donations are used to support research and teaching at LMU.

Stiftungen@LMU (https://www.lmu.de/de/die-lmu/foerdern-und-unterstuetzen/stiftungen-lmu/) and the Deutschlandstipendium program coordination team are responsible for this data processing.

Your data is collected in order to

• process online donations to LMU in terms of business and accounting and manage the contributions.
• These data are also used to contact donors in connection with the donation (e.g., for thank-you notes) and to provide information about LMU's activities.

III.2 legal basis for Data Processing

Data processing is carried out on the basis of Art. 6 (1) (b) GDPR (pledge of donation in accordance with § 516 ff BGB) or on the basis of consent (Art. 6 (1) (a) GDPR).

Donations are voluntary, but cannot be made without providing your personal data. Your personal data will be passed on to the processor Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, as the technical operator of the online donation tool. A data processing agreement has been concluded in accordance with Art. 28 GDPR. Your personal data will not be transferred to a third country or to an international organization.

III.3 Duration of Data Processing

After being collected by LMU, your data will be stored for as long as necessary to fulfill the purpose for which it was collected. This means that we will store your data for budgetary and tax reasons until the statutory retention periods expire (currently up to ten years in accordance with the German Fiscal Code, § 147 (AO)).

III.4 Objection and Deletion Options

You have the right to revoke or object to the processing of your data and to request that your data be deleted. Revocation, objection, or a request for deletion will be considered a withdrawal of your scholarship application or a waiver of your scholarship.

IV. Data Processing in Connection with the Submission of Applications

IV.1 Scope and Purpose of Data Processing

LMU collects and processes personal data from applicants in order to fill public positions at LMU, and to ensure that applications are lawfully reviewed as part of the application process, enabling a selection decision to be made.The data provided is collected stored, and processed electronically. In particular, the following data is collected:

• Personal data (first and last name, date of birth, address, school degree, severe disability, if applicable)
• Communication data (telephone number, mobile phone number, fax number, email address)
• Data on education (school, vocational training, university studies, doctorate, habilitation)
• Data on your professional career to date, training and work references
• Information on other qualifications (e.g., language and PC skills)
• Application photo, if applicable
• Additional data required for the position to be filled.

The personal data you provide will be used exclusively for the purpose of processing your application for the advertised position. Only persons involved in the application process will have access to the data. These may also include external experts, e.g., in the case of appointment procedures. These persons are bound to secrecy.

No unauthorized disclosure to third parties or third countries will take place.

IV.2 legal basis for Data Processing

Data processing is carried out in accordance with Art. 6 (1) sentence 1 letter b GDPR, Art. 9 (2) letters b and h GDPR, Art. 88 (1) GDPR, Art. 8 (1) sentence 1 nos. 2 and 3 BayDSG. By submitting your application, you confirm that you agree to the processing of your data within the scope and for the duration of the selection process. If the application process results in an employment relationship, the personal data required in the employment context will be processed in accordance with Art. 88 (1) GDPR in conjunction with Art. 8 BayDSG and, if applicable, in conjunction with Art. 103 ff., Art. 145 Bavarian Civil Service Act (BayBG).

IV.3 Duration of Data Processing

If no employment relationship is established following the application process, the application documents will generally be deleted six months after notification of the rejection decision. The deletion period is based on Art. 17 (3) (b) GDPR in conjunction with § 15 (4) of the General Equal Treatment Act (AGG) and § 61 b (1) of the Labor Court Act (ArbGG).

IV.4 Objection and Deletion Options

You have the right to object to the processing of your data and to request its deletion. Your objection or any request for deletion will prevent the processing of your data and will be considered as a withdrawal of your application. Applicants will receive further information on data protection from the department responsible for filling the position after their application has been received.

V. Export Control

V.1 Scope and Purpos of Data Processing

We process your data as (future) staff or (future) guests of LMU in order to contact you and assess whether any foreign trade law restrictions need to be taken into account for a collaboration.

The recipients of the personal data are the hiring or admitting department, the FISALIS sanctions list query system of the state of North Rhine-Westphalia, represented by the Ministry of Justice, and, if applicable, the International Office, Department II – Human Resources, and the Export Control Office of LMU.

V.2 Legal Basis for Data Processing

The legal obligation to conduct foreign trade checks on staff, applicants, and guests arises in particular from the Foreign Trade Act, the Foreign Trade Ordinance, Regulation (EU) 2021/821 (“Dual-Use Regulation”), and other EU regulations on country-specific embargo measures and country-independent sanctions against individuals and organizations.

The legal basis for foreign trade screening as part of the selection process for establishing a civil service or employment relationship is, in particular, Art. 6 (1) (e) in conjunction with (3) GDPR in conjunction with Art. 103 BayBG and Art. 145 BayBG. In the context of an admission procedure as a guest, Art. 6 (1) (c) in conjunction with (3) GDPR in conjunction with the respective EU regulation applies.

V.3 Duration of Data Processing

Your personal data will be deleted or destroyed after the relevant retention periods have expired. The retention period is one year for guests and for employees, the duration of the personnel file.

V.4 Objection and Deletion Options

The provision of personal data is necessary for the legality of the selection or admission process. The absence of relevant personal data, the inability to perform a foreign trade check, or the discovery of a relevant foreign trade restriction may result in the inability to employ someone as staff or admit them as a guest.

VI. Photo Publication

VI.1 Scope and Purpose of Data Processing

Photos may be taken at events and appointments in which you may be recognizable. These photos may be published on the LMU website.

VI.2 Legal Basis for Data Processing

Data processing is carried out in the context of public relations activities, in accordance with Art. 6 (1) (e) GDPR in conjunction with Art. 4 (1) BayDSG, Art. 2 BayHIG or based on your consent in accordance with Art. 6 (1) (a) GDPR.

VI.3 Duration of Data Processing

Data processing will take place for as long as it is necessary for LMU to perform its tasks or until you withdraw your consent.

VI.4 Objection and Deletion Options

You can object to your photo being taken and/or published. You can withdraw your consent at any time with effect for the future.

VII. Processing of personal data in contractual relationships

LMU processes personal data as a contracting party under civil law or as a public law office. Examples of this include the procurement of office supplies, IT or support services. In pursuing its own interests, LMU may also process the personal data of the contracting party's employees. LMU's interest lies in the initiation, conclusion, and execution of such contractual relationships.

C) Validity of the Privacy Policy

LMU's Privacy Policy applies to all of LMU's websites for which LMU is responsible under data protection law.

It applies as a supplement to the extent that LMU processes personal data at its own responsibility on social networks:

• https://de-de.facebook.com/
• https://www.instagram.com/
• https://www.youtube.com/
• https://bsky.app/
• https://www.instagram.com/lmu.muenchen/
• https://www.youtube.com/channel/UCmIoovqeiujBp1sZHI7-poQ
• https://de.linkedin.com/school/lmu.muenchen/
• https://de-de.facebook.com/lmu.muenchen/
• https://web-cdn.bsky.app/profile/lmumuenchen.bsky.social

When we provide links to websites of other organizations, this Privacy Policy does not apply to the processing of personal data by those organizations. We therefore recommend that you read the privacy policies on the other websites you visit.

A supplementary Privacy Policy may also apply to the respective LMU website, if the person or persons responsible for the content of the website at LMU carry out further processing of personal data and provide information about this. This applies in particular if specific services are offered by individual departments or areas. The supplementary privacy information on the respective LMU websites is part of LMU's Privacy Policy.

D) Data protection information for students

Specific data protection information for students regarding data processing at LMU in the context of their studies can be found athttps://www.lmu.de/en/workspace-for-students/abc-study-guide/data-protection/.

E) Version and Changes to the Privacy Policy

LMU's Privacy Policy for its website is current as of the date indicated at the end of this web page. We reserve the right to update this Privacy Policy from time to time to reflect current legal requirements and technical changes and to implement our services and offerings in a manner that complies with data protection laws. If this is the case, we will update the date in this statement. The current version at the time of your visit to LMU's website applies.

Revised 01/04/2025

Ludwig-Maximilians-University Munich

Geschwister-Scholl-Platz 1
80539 München
Telefon: +49 89 2180-0
Fax: +49 89 2180-2322

LMU Munich © 2021