Skip to Content
View of TUM Campus Heilbronn from the bridge at sunset

Privacy Policy

Thank you for your interest in the TUM Campus Heilbronn gGmbH, the TUM Campus in Heilbronn and the website www.chn.tum.de (hereinafter referred to as "website"). The protection of your privacy and the compliance of our collection, processing and use of your data with the applicable legal framework is important to us.

Please find below detailed information on how we collect, process and make use of your data.

1. CONTROLLER/SERVICE PROVIDER

 

1.1. Controller according to Art. 4 para. 7 of the General Data Protection Regulation (hereinafter „GDPR“) and Service Provider acc. to the German Telemedia Act (Telemediengesetz, TMG) is TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn, email: info.hn@chn.tum.de (hereinafter referred to as „us“ or „we“).

 

1.2. The contact details of our external data protection officer are as follows: Dr. Thomas A. Degen, attorney and specialist in IT law, certified TÜV Süd (DSB-TÜV) data protection officer, c/o Jordan & Wagner Rechtsanwaltsgesellschaft mbH, Alexanderstr. 8A, DE 70184 Stuttgart, e-mail: datenschutz@tumheilbronn-ggmbh.de.


2. COLLECTION, PROCESSING AND USE OF DATA UPON YOUR VISIT TO OUR WEBSITE

 

2.1. If you use the Website for information purposes only, i.e. if you do not register or otherwise provide us with any information yourself, we only collect the personal data, which your browser transmits to our server. If you wish to browse our website, we collect the following data, which we require for technical reasons to display our website to you and to ensure stability and security:

  • the name of your internet service provider,
  • the IP address assigned to you,
  • the address of the website, your visit to our website originated from,
  • the browser used and, if applicable, the operating system of your computer system,
  • the amount of data transferred at each instance
  • the individual webpages of our website, which you have browsed, as well as
  • date and time of your visit to our website.

 

2.2. We have access to these data as well as our IT service providers, including our host provider, who’s servers are located within the European Union. We have entered into a data processor contract acc. to Art. 28 GDPR.

 

2.3. We process said data for the following purposes:

  • safeguarding a smooth connecting to the website,
  • safeguarding a comfortable use of our website,
  • evaluation of system safety and stability as well as
  • other administrative purposes.

 

2.4. Log file information is being stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of 10 days and deleted or anonymized thereafter. The storage of data required for evidence purposes is excluded from the deletion until final clarification of the respective incident.

 

2.5. Art. 6 para. 1 s. 1 lit. f GDPR is the legal basis for the data processing. Our legitimate interest follows from the data collection purposes as listed above.

 

2.6. We also use cookies, when you visit our website. More information on this is available under cipher 5 of this present data protection declaration.


3. COLLECTION; PROCESSING AND USE OF DATA PROVIDED BY YOU IN THE COURSE OF THE USE OF THE WEBSITE

 

3.1. In the event that you contact us, e.g. by way of e-mail, facsimile transmission or by use of a contact form, we will collect any data you provide to us. The processing and use of any such data that you provide when contacting us will be carried out for the purpose of answering your request and for any follow-on queries, only.

 

3.2. Processing of data for the purpose of contacting is carried out in accordance with Art. 6 para. 1 s. 1 lit. b GDPR.


4. HOSTING

 

Our web server is operated by OVH GmbH. The personal data you transmit when visiting our website is therefore processed by OVH GmbH on our behalf:

 

OVH GmbH
Oskar-Jäger-Str. 173/K6,
50825 Köln
Deutschland
USt-IdNr.: DE245768940
Handelsregister: Amtsgericht Saarbrücken - HRB 15369

Phone : +49 681 906730
Fax : +49 681 8761827
Email : kundendienst@ovh.de

 

If necessary, your data will be transmitted to the responsible supervisory and auditing authorities for the exercise of the respective control rights.


5. USE OF OUR SERVICES

 

5.1. If you wish to make use of our services, the respective advice or the conclusion of the respective contract requires that you provide your personal data, which we need in order to process your order in accordance with Art. 6 para. 1 p. 1 lit. b GDPR. We process the data you provide for the purpose of processing your order.

 

5.2. Provided you grant your consent, we will also include you in our database of interested parties. We will then store your data for any further orders. You are free to revoke your consent to this storage of customer data at any time. In such event, we will delete the respective data immediately, as soon as we are no longer entitled to or under an obligation of storing the data in accordance with ciphers 4.1, 4.3 of this present data protection declaration.

 

5.3. Commercial and tax law requires us to store your address, payment and order data for a period of ten years. However, after two years we will restrict such processing, i.e. your data will only be used to comply with the legal obligations.


6. COOKIES

 

6.1. When you visit our website for the first time from one of the devices you use, you will receive a notice that when using the website, so-called cookies may be loaded onto the hard disk of the device. Should you continue to use our website following receipt of this notice, you thereby declare your consent to our use of permanent cookies.

 

6.2. Cookies are alphanumeric identifiers that are transferred to the hard drive of the device upon visiting our website. They allow us to recognise your browser, when you visit the website again, and are primarily used to render your visit to the website a more pleasant and individual experience, e.g. by recognising the language used, as well as to protect the website from hacker attacks.

 

6.3. This website uses the following types of cookies, the scope and functionality of which are explained below:

  • transient cookies (see 6.4 below)

 

6.4. Transient cookies are being deleted automatically, when you close your browser. They include in particular the session cookies. These cookies store a so-called session ID, which may be used to associate various requests from your browser with the shared session. This allows for your computer to be recognised, when you return to our website. The session cookies are being deleted upon logout or closing of your browser.

 

6.5. At any time, you can delete the cookies in the security settings of your browser. The help function in the menu bar of most web browsers explains, how to set up your browser so that new cookies are never being accepted, cookies are set only after notice and only by you or are being generated always automatically.


7. OWN WEB FONTS

 

This website currently uses web fonts on its own servers only in order to provide a uniform display of fonts. This does in no way include any access to servers of Google LLC.


8. E-MAIL-NEWSLETTER

 

If you subscribe to our e-mail newsletter (hereinafter referred to as "newsletter"), we will collect your e-mail address and any additional data you may have provided. We use the data exclusively for the purpose of sending you the respective newsletter for the purposes stated in the course of the registration for the newsletter. The registration takes place using the double-opt-in procedure and may therefore only be completed, if you confirm the link provided in the confirmation e-mail and thereby confirm your consent to the newsletter dispatch. You may revoke your consent to the dispatch of a newsletter at any time. You may also unsubscribe using the link provided at the end of each newsletter. The legal basis for the provision of the newsletter is Art. 6 para. 1 s. 1 lit. a GDPR.

 

Our newsletters contain so-called tracking pixels. A tracking pixel is a tiny graphic embedded in emails sent in HTML format for log file recording and analysis. It serves the statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel allows us to determine, if and when an email was opened by a respective person and which hyperlinks in the email this person has used.

 

We store and evaluate such personal data collected using the tracking pixels contained in the newsletters in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the respective person. These personal data will not be passed on to third parties. The respective persons are entitled to revoke at any time the respective separate declaration of consent submitted via the double opt-in procedure. Following such revocation, we will delete these personal data. An unsubscription from the newsletter also represents such a revocation of consent.


9. REGISTRATION FOR OUR EVENTS/REGISTRATION MASK

 

9.1. Description and scope of data processing

You may register for events via our website. For this purpose, you can provide personal information in the registration screen. Any such information, which is mandatory for registration, is marked with an asterisk "*". You cannot register without this information for the event. All other information is voluntary given and not required for the participation in our events.

Different data will be requested depending on the type of event. For certificate courses, for example, participants are required to provide a proof of knowledge gained, as opposed to Virtual Info Sessions, where there is no such requirement.

  • Depending on the event, the following data is processed:
  • First name, last name
  • Telephone number
  • Email address
  • Title
  • Date of birth
  • Position/department
  • Organization/company
  • Billing address
  • Evidencing knowledge: resume or link to a LinkedIn profile

 

In addition, you may subscribe to our newsletter (please refer to our newsletter mailing information under "Email Newsletter" - in this present data protection declaration).

 

9.2. Legal Basis for Data Processing

The legal basis for the processing of data is, in addition to Art. 6 para. 1 s. 1 lit. b GDPR (processing of necessary data), your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR.

 

9.3. Purpose of Data Processing

We only process your data for the purpose of carrying out the event you register for.

 

9.4. Duration of Storage

The respective data will be deleted as soon as storage is no longer required to achieve the purpose for which the data were collected. Generally, this is the case after five years. Longer storage periods may result, in accordance with Art. 6 para. 1 s. 1. lit. c GDPR, where necessary due to tax and commercial law retention and documentation obligations as well as where due to regulations that apply to our company.

 

9.5. Possibility of Objection and Removal

You may revoke your consent at any time. Following such revocation, we will only process your data insofar as necessary for the execution of the contract with you and/or where storage obligations beyond this point apply.

10. LINKING TO OTHER WEBSITES

 

On our website, we may include links - also by using icons - to websites of other providers such as TUM, TUM School of Management, TUM School of Computation, Information and Technology, Facebook, Instagram, LinkedIn, Xing or YouTube. If you follow such a link on our website, we have, unfortunately, no longer any influence on the collection, processing and use of your data by third parties. Therefore, we do not and, unfortunately, cannot assume any responsibility for any such collection, processing and use.

In the context of our Website, we provide links, if necessary - also by icon -, to web pages of other providers, e.g. on Twitter, Facebook or Youtube. If you click on such a link on the Website, we unfortunately no longer have any influence on the collection, processing and use of your data by third parties. Therefore, we cannot take any responsibility for such activity.


11. GOOGLE ANALYTICS 4, GOOGLE TAG MANAGER, GOOGLE ADS AND GOOGLE MAPS

 

11.1  We use the web analysis service Google Analytics 4 of Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland (“Google”) on our website to analyze and optimize its use. We use Google cookies for this purpose. The processing may also take place outside the European Union (EU) or the European Economic Area (EEA).

 

11.2  he legal basis is, insofar and to the extent that you are affected by data processing with personal reference, your consent (§ 6 para. 1 lit. a GDPR).

 

11.3  The decision for and basis of use are based on the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework of 10.07.2023, according to which certified companies expressly guarantee the same level of protection of the GDPR (https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721, as of 02.07.2024). Google is certified (https://policies.google.com/privacy/frameworks?hl=en-US, as of 02.07.2024).

 

11.4  Alternatively, the following also applies to third country transfers: In order to guarantee the level of data protection in a third country, EU standard contractual clauses exist with the provider.

 

11.5  Google acts as a data processor for Google Analytics in accordance with the data processing conditions for Google Ads.

 

11.6  We use tags on websites and an SDK for mobile apps in order to be able to use Google's analysis products. Based on the measurement data collected, we can better understand the needs of our users and, if necessary, offer them a personalized experience and relevant advertising. Google tags use cookies or app instance IDs to measure user interactions. These identifiers provide information about user behavior. However, no personally identifiable information is sent to Google Analytics, which includes the data listed here: https://support.google.com/analytics/answer/7686480?sjid=17481075517372667980-EU, as of 02.07.2024. The “Best Practices” issued by Google (https://support.google.com/analytics/answer/6366371?sjid=17481075517372667980-EU#zippy=%2Cthemen-in-diesem-artikel, as of 02.07.2024) are observed.

 

11.7  Google's privacy policy can be found here: https://policies.google.com/privacy?hl=en-US, as of 02.07.2024.

 

11.8  The systems, applications, people, technologies, processes and data centers behind a variety of Google products, including Google Analytics, are ISO 27001 certified. For certification: https://support.google.com/analytics/answer/3407084?sjid=17481075517372667980-EU, as of 02.07.2024. For ISO 27001: https://www.iso.org/standard/27001?sjid=17481075517372667980-EU.

 

11.9  In Google Analytics, your interactions on our website are primarily recorded using our own cookies. You can deactivate cookies or delete them individually. Google Analytics also supports an optional browser add-on (https://tools.google.com/dlpage/gaoptout/?sjid=17481075517372667980-EU). If you install and activate it, your data will be prevented from being collected by Google Analytics when you visit websites. However, the add-on only deactivates data collection by Google Analytics. If the Google Analytics for Apps SDK or the Google Analytics for Firebase SDK is used on a website or in an app, an app instance ID is recorded in Google Analytics. This is a randomly generated number that identifies an individual app installation. If a user resets their advertising ID under Android or iOS, the app instance ID is also reset.

 

11.10. Google Analytics sets its own cookies, collects data on the device or browser, IP addresses and website or app activities as follows. This is used to analyze and report on user interactions on websites and apps that use Google Analytics. By default, location and device data is collected, namely: city, latitude (of the city), longitude (of the city), minor version of the browser, user agent string of the browser, device brand, device model, device name, minor version of the operating system, minor version of the platform, screen resolution. For IP addresses, see section 11.11 below.

 

11.11. IP anonymization takes place, whereby this is shortened by the last octet. In principle, all IP addresses collected from users in the EU are deleted in Google Analytics before they are recorded via EU domains and servers. IP address data is used to derive location data in accordance with section 11.10. and then deleted immediately. The location indicated by the IP address is decisive.

 

11.12. The data retention period on Google's servers is: 1 year. We will delete your data from Google Analytics on request by sending your ID to Google Analytics User Deletion API or using the User Explorer report. However, aggregated data linked to you, such as page URLs visited, will not be deleted. We have the option of retrieving event data for your ID via the User Explorer report or the User Activity API. This allows us to analyze and export data at event level for individual users.

 

11.13. Our website uses Google Ads in conjunction with Google Analytics 4 and the data collected through it. The provisions set out for Google Analytics 4 apply accordingly. Anonymous statistics are compiled by using cookies to record the traffic to our website from activated Google Ads. You can deactivate this function in the advertising settings and change your settings for this cookie.

 

11.14. Our website uses Google Maps to display map material and/or show directions. If you use the plugin shown, data such as your IP address and data relating to the use of our website may be collected and stored on Google servers and cookies may be set. The privacy policy under section 11.7 applies.


12. DATA DISCLOSURE

 

12.1. Your personal data will not be transferred to third parties for purposes other than those listed below.

 

12.2. We will only disclose your personal data to third parties if:

  • you provided express consent to such disclosure pursuant to Art. 6 para. 1 s. 1 lit. a GDPR,
  • such disclosure is, pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, necessary for the assertion, exercise or defence of legal claims, provided that there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • there is a legal obligation to disclose data pursuant to Art. 6 para. 1 s. 1 lit. c GDPR, and/or
  • it is legally permissible and required for the execution of contractual relationships with you acc. to Art. 6 para. 1 s. 1 lit. b GDPR.

13. STATUTORY RIGHTS OF AFFECTED PERSONS

 

You are legally entitled to the following:

  • acc. to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been, are or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless the data have been collected by us directly, as well as the existence of any automated decision-making process including profiling, and, if applicable, meaningful information on its details;
  • acc. to Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us;
  • acc. to Art. 17 GDPR, to demand the deletion of any of your personal data stored by us, unless such processing is necessary for the exercise of the right to freedom of expression and to information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • acc. to Art. 18 GDPR, to demand the restriction of the processing of your personal data, should you dispute the correctness of the data, should the processing be unlawful and you, despite all of this, refuse its deletion and should we no longer need the data, but you need the data to assert, exercise or defend legal claims or have lodged an objection against the data processing in accordance with Art. 21 GDPR;
  • acc. to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transfer to another Controller;
  • acc. to Art. 7 para. 3 GDPR, to revoke your consent given to us at any time. The consequence is that we may no longer continue the data processing based on this consent in the future,
  • acc. to Art. 77 GDPR, to complain to a supervisory authority. Generally, you may contact the competent supervisory authority at your usual place of residence, at your workplace or at our company headquarters, and
  • acc. to Art. 21 GDPR, to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR and if there are reasons for such objection, which result from your particular situation (hereinafter referred to as Right of Objection).

 

Should you wish to make use of your Right of Objection, please write to:
TUM Campus gGmbH, Bildungscampus 2, DE-74076 Heilbronn

Email: info.hn@chn.tum.de


14. NO AUTOMATED DECISION-MAKING

 

We do not make use of automated decision making based on the collected data.


15. TOPICALITY AND AMENDING OF THIS PRESENT DATA PROTECTION DECLARATION

 

This present data protection declaration is currently valid and its status is September 2024. The further development of our website or changes of the legal or administrational requirements may require changes to this data protection declaration. You may access and print out the current data protection declaration at any time on the website under "Data protection declaration".