For reasons of better readability, the use of gender-specific language forms is dispensed with. All personal designations apply to all persons regardless of gender, irrespective of the grammatical formulation.

Part 1: General information on data processing

1. Contact person

Controller within the meaning of the EU General Data Protection Regulation:

Technische Universität Bergakademie Freiberg
Akademiestraße 6
09599 Freiberg
Telephone: 03731 39-0
Internet: https://tu-freiberg.de/

The controller is hereinafter referred to as "TU Bergakademie Freiberg". The organisational structure of TU Bergakademie can be viewed here.

Data Protection Officer of TU Bergakademie Freiberg:

Ms Ulrike Unger
Phone: 03731 39-3243
Email: datenschutz [at] zuv [dot] tu-freiberg [dot] de

Competent supervisory authority for data protection:

Saxon Data Protection and Transparency Officer
Dr. Juliane Hundert
Maternistraße 17
01067 Dresden
Phone: 0351 85471-101
Telefax: 0351 85741-109
Email: post [at] sdtb [dot] sachsen [dot] de
Internet: https://www.datenschutz.sachsen.de/

2. Purpose and legal basis for data processing

The TU Bergakademie Freiberg processes personal data only insofar as this is necessary to provide a functional website and the content and services of the TU Bergakademie Freiberg. The processing of personal data takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions (such as the Saxon University Freedom Act and the Saxon University Personal Data Ordinance).

In detail, the TU Bergakademie Freiberg relies on the following legal bases in the implementation of its offers and activities:

• Insofar as the consent of the data subject is obtained for the processing of personal data, Art. 6 para. 1 letter a) GDPR serves as the legal basis.
• If the TU Bergakademie Freiberg processes personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 letter b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
• In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 letter d) GDPR serves as the legal basis.
• If tasks are performed that are in the public interest or in the exercise of official authority that has been transferred to TU Bergakademie Freiberg, Art. 6 para. 1 letter e) GDPR serves as the legal basis for the processing of personal data to the extent necessary for this purpose.
• If the processing is necessary to safeguard a legitimate interest of TU Bergakademie Freiberg or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 letter f) GDPR serves as the legal basis for the processing.

3. Cooperation with processors and third parties

If TU Bergakademie Freiberg discloses data to persons and companies (processors or third parties) as part of the data processing it carries out, transmits it to these processors or third parties or grants access to the data in any other way, this only takes place

• on the basis of a legal authorisation,
• if the data subject has consented,
• if a legal obligation provides for this or
• if the legitimate interests of TU Bergakademie Freiberg justify this.

If TU Bergakademie Freiberg commissions third parties with data processing, this is done on the basis of a corresponding order processing contract which fulfils the requirements of Art. 28 GDPR.

4. Transfer of personal data to a third country

If TU Bergakademie Freiberg processes data in a third country or if this is done in the context of using third-party services or disclosure or transfer of data to third parties, this is done on the basis of a corresponding order processing contract. transfer of data to third parties, this is only done if it is done to fulfil (pre)contractual obligations of TU Bergakademie Freiberg, on the basis of the consent of the data subject, on the basis of a legal obligation or on the basis of a legitimate interest of TU Bergakademie Freiberg. "Third country" is any country outside the European Union or the European Economic Area. Subject to legal or contractual authorisations, TU Bergakademie Freiberg processes or has the data processed in a third country only if the special requirements of Art. 44 et seq. Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which TU Bergakademie Freiberg is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

6. Rights of data subjects

If personal data is processed, each natural person concerned is entitled to the following rights vis-à-vis TU Bergakademie Freiberg in accordance with the GDPR. Whether the natural person concerned is actually entitled to the asserted right in the specific individual case is checked by the Data Protection Officer of TU Bergakademie Freiberg.

Right of access (Art. 15 GDPR)

The data subject has the right to request confirmation from the controller as to whether personal data concerning him or her is being processed. If this is the case, they have the right to information about this personal data and to the following information:

1. the purposes of the processing,
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
6. the existence of the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected from the data subject, any available information as to their source;
8. the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified. The right to receive a copy must not adversely affect the rights and freedoms of others.

Right to rectification (Art. 16 GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure - "right to be forgotten" (Art. 17 GDPR)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
3. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
4. The personal data have been unlawfully processed.
5. The erasure of the personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If the controller has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller shall have the obligation to erase the personal data. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure shall not apply to the extent that processing is necessary

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR in so far as the right referred to in Art. 17(1) GDPR is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or
4. the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification of the accuracy of the personal data. 21 (1) GDPR, as long as it has not yet been established whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted in accordance with the aforementioned categories of cases, such personal data may only be processed - apart from being stored - with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to the aforementioned categories of processing shall be informed by the controller before the restriction of processing is lifted.

Right to be informed (Art. 19 GDPR)

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject of these recipients if the data subject so requests.

Right to data portability (Art. 20 GDPR)

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

1. the processing is based on consent pursuant to Art. 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
2. the processing is carried out by automated means.

In exercising the aforementioned right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.

The exercise of the right to data portability is without prejudice to Art. 17 GDPR. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object (Art. 21 GDPR)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

The data subject must be expressly informed of the right to object at the latest at the time of the first communication with them; this information must be provided in a comprehensible form that is separate from other information.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

The data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right to withdraw consent under data protection law (Art. 7 (3) GDPR)

The data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated individual decision-making, including profiling (Art. 22 GDPR)

The data subject shall have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

This shall not apply if the decision

1. is necessary for entering into, or the performance of, a contract between the data subject and a data controller,
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
3. is based on the data subject's explicit consent.

The decisions must not, however, be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

The TU Bergakademie Freiberg has taken all necessary and appropriate technical and organisational measures to ensure compliance with data protection regulations within the TU Bergakademie. If the data subject nevertheless believes that the processing of personal data concerning him or her violates the GDPR, he or she has the right to lodge a complaint with the Data Protection Officer of TU Bergakademie Freiberg or the Saxon Data Protection Commissioner, without prejudice to any other administrative or judicial remedy.

Part 2: Information on data protection on the website

The use of this website is generally possible without providing personal data. Data is transmitted via a secure connection using SSL encryption. An encrypted connection can be recognised by the fact that the address line of the browser changes from "http" to "https" and by the lock symbol in the browser line.

If personal data is nevertheless processed within the TU Bergakademie Freiberg website, the person concerned will be informed accordingly.

With the exception of the services mentioned in this declaration, no services are offered or included that allow conclusions to be drawn about a natural person. If other such services are offered or included (in the future), the data subjects will be informed accordingly.

1. Provision of the website and creation of log files

Description and scope of data processing

Every time the TU Bergakademie Freiberg website is accessed, the system used by the TU Bergakademie Freiberg automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

1. Information about the browser type and version used
2. The operating system of the user
3. The internet service provider of the user
4. The IP address of the user
5. The date and time of access
6. Websites, from which the user's system accesses the TU Bergakademie Freiberg website
7. Websites that are accessed by the user's system via the TU Bergakademie Freiberg website.

During normal operation, the data is not stored in the log files of the TU Bergakademie Freiberg system. Only in the event of errors can the data collected be stored in the error log files for error tracking purposes. This does not affect the user's IP addresses or other data that enable the data to be assigned to a user, unless there is a suspicion of deliberate or negligent impairment of the infrastructure of TU Bergakademie Freiberg. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

In the event of an error, the data is stored in log files to ensure the functionality of the website. The data collected in this way is used to ensure the security of the information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute the legitimate interest of TU Bergakademie Freiberg in data processing in accordance with Article 6(1)(f) of the GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Option of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

2. Registration form, contact form and email contact

Description and scope of data processing

Online forms are available on the TU Bergakademie Freiberg website that can be used for electronic contact and registration. If a user makes use of this option, the data entered in the input mask will be transmitted to TU Bergakademie Freiberg and stored. The user's consent is obtained for the processing of the data as part of the sending process.

Alternatively, it is possible to contact or register via the email addresses provided. In this case, the personal data of the user transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation or registration.

Legal basis for data processing

The legal basis for processing the data is Art. 6(1)(a) of the GDPR if the user has given consent.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) of the GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) of the GDPR.

Purpose of data processing

The processing of personal data from the input mask serves TU Bergakademie Freiberg solely to process the contact or to organise the registration. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of the information technology systems of TU Bergakademie Freiberg.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data from the input screen of the contact form and data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Option to object and removal

The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts TU Bergakademie Freiberg by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of establishing contact will be deleted in this case.

3. Cookies

Cookies are used in several places on the TU Bergakademie Freiberg website to make the TU Bergakademie Freiberg website more user-friendly. Cookies are small text files that are automatically stored on the visitor's browser when they visit a website.

The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.

Cookies are stored on the user's computer and transmitted by it to the TU Bergakademie Freiberg website. The user therefore has full control over the use of cookies. By changing the settings in the Internet browser, the user can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the TU Bergakademie Freiberg website, it may no longer be possible to use all functions of the website to their full extent.

The cookies used by the TU Bergakademie Freiberg are so-called "session cookies" and are automatically deleted after the end of the page visit.

4. Web analysis by Matomo

The TU Bergakademie Freiberg uses the open source programme for web analytics Matomo to record page visits. IP addresses are not stored for this purpose.

All data collected is stored exclusively on a server in the university computer centre. The data is collected exclusively to improve the services of TU Bergakademie Freiberg. It is not possible to trace the data back to specific persons. TU Bergakademie Freiberg will also not pass on this collected data to third parties at any time.

JavaScript must be enabled to record the data with Matomo. In this case, the following data is collected:

• Time of access
• Duration of visit
• Pages visited
• Origin (referrer)
• Operating system
• Browser
• Screen resolution

If JavaScript is not activated, this data is not stored.

5. YouTube

The TU Bergakademie Freiberg website uses plugins from YouTube to integrate and display video content. The provider of the video portal is Google Inc - YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When a page with an integrated YouTube plugin is accessed, a connection to the YouTube servers is established. This tells YouTube which pages of TU Bergakademie Freiberg have been accessed by the user. YouTube can assign the user's surfing behaviour directly to the user's personal YouTube profile if the user is logged into their YouTube account. The user has the option of preventing this by logging out beforehand.

The use of YouTube is in the interest of an appealing presentation of the online offers of TU Bergakademie Freiberg. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR. Details on the handling of user data can be found in the YouTube privacy policy.

6. Facebook

Freiberg University of Mining and Technology uses the technical platform and services of Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA for the information service it offers. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter both referred to as "Meta").

The TU Bergakademie Freiberg would like to point out that the Facebook page of the TU Bergakademie Freiberg and its functions are the sole responsibility of the users (data subjects). This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The TU Bergakademie Freiberg also points out that the use of Facebook is not necessary in order to contact the TU Bergakademie Freiberg.

The use of Facebook is in the interest of comprehensive communication with interested parties and users of the offers of the TU Bergakademie Freiberg as well as the promotion of the tasks to be carried out and activities offered by the TU Bergakademie Freiberg. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR.

Data processed by Meta

When visiting the TU Bergakademie Freiberg Facebook page, Meta collects, among other things, the IP address and other information of the user, which is available in the form of cookies on the user's computer. This information is used to provide TU Bergakademie Freiberg, as the operator of the Facebook page, with statistical information about the use of the Facebook page. Further information on this can be found at this link.

The data collected about users in this context is processed by Meta Platforms Ltd. and may be transferred to countries outside the European Union. What information Meta receives and how this information is used is described by Meta in general terms in its data usage guidelines. The policy also contains options for contacting Facebook and the settings options for adverts. The data usage guidelines can be viewed at this link.

In addition, Meta's complete data guidelines are available for download at this link.

Meta Platforms, Inc. has committed to the principles of the EU-US Privacy Shield. Further details can be found at this link.

The extent to which Meta uses the data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Meta stores this data and whether data from visits to the Facebook page is passed on to third parties is not conclusively and clearly stated by Meta and is not known to TU Bergakademie Freiberg.

When a Facebook page is accessed, the IP address assigned to the user's device is transmitted to Meta. Meta also stores information about the end devices of its users; Meta may thus be able to assign IP addresses to individual users.

If Facebook users are currently logged in to Meta, a cookie with the user's Facebook ID is stored on the end device used. This enables Meta to track that the user has visited the TU Bergakademie Freiberg Facebook page. The specific use of the page is also tracked. This also applies to all other Facebook pages. Facebook buttons integrated into websites enable Meta to record users' visits to these websites and assign them to the user's Facebook profile. This data can be used to offer content or advertising (tailored to the specific user). If the user wishes to avoid this, they should log out of Meta or deactivate the "stay logged in" function, delete the cookies on their device and close and restart the browser. In this way, Facebook information that can be used to directly identify the user is deleted. This allows the user to use the TU Bergakademie Freiberg Facebook page without revealing their Facebook ID. If the user accesses interactive functions on the page (like, comment, share, message, etc.), a Facebook login screen appears. After logging in, the user is once again recognisable to Meta as a specific user.

Information on how the user can manage or delete their existing information can be found on the Facebook support pages.

Data processed by TU Bergakademie Freiberg

As the provider of the information service, TU Bergakademie Freiberg also uses its Facebook page to run competitions and, if necessary, to use Personal Messenger. For this purpose, TU Bergakademie Freiberg processes the data voluntarily entered by the user on Facebook in connection with the competition or the use of Personal Messenger.

Data processing by TU Bergakademie Freiberg also takes place when TU Bergakademie Freiberg shares content from Facebook users. However, the data entered by the user on Facebook as part of the "Share" function is only processed with the express consent of the respective author of the original post.

7. Instagram

The TU Bergakademie Freiberg uses the "Instagram" service, which is a service provided by Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The use of Instagram is in the interest of comprehensive communication with interested parties and users of the offers of TU Bergakademie Freiberg as well as the promotion of the tasks to be carried out and activities offered by TU Bergakademie Freiberg. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR.

Data processed by Instagram

The following terms of use apply to the use of Instagram.

Furthermore, reference is made to the statements made under point VI.

Further information can also be found in Instagram's privacy policy.

Data processed by the TU Bergakademie Freiberg

The TU Bergakademie Freiberg uses the Instagram service, among other things, to organise competitions and, if necessary, to use direct messaging. For this purpose, TU Bergakademie Freiberg processes the data voluntarily entered by the user on Instagram in connection with the competition or the use of direct messaging.

Data processing by TU Bergakademie Freiberg also takes place when TU Bergakademie Freiberg posts content from Instagram users. However, the data entered by the user on Instagram as part of the "repost" function is only processed with the express consent of the respective author of the original post.

8. Twitter

Freiberg University of Mining and Technology uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA for the short message service it offers. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.

The TU Bergakademie would like to point out that the Twitter short messaging service offered by the TU Bergakademie Freiberg and its functions are the sole responsibility of the users (data subjects). This applies in particular to the use of the interactive functions (e.g. sharing, rating). The TU Bergakademie Freiberg also points out that the use of Twitter is not necessary in order to contact the TU Bergakademie Freiberg.

The use of Twitter is in the interest of comprehensive communication with interested parties and users of the offers of the TU Bergakademie Freiberg as well as the promotion of the tasks to be carried out and activities offered by the TU Bergakademie Freiberg. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR.

Data processed by Twitter

Information about which personal data is processed by Twitter and for what purposes is contained in Twitter's privacy policy.

Twitter Inc. has committed to the principles of the EU-US Privacy Shield. Further details can be found at this link.

The TU Bergakademie Freiberg has no influence on the type and scope of personal data processed by Twitter, the type of processing and use or the transfer of this data to third parties. TU Bergakademie Freiberg also has no effective control options in this respect.

With the use of Twitter, personal data of users (data subjects) is collected, transferred, stored, disclosed and used by Twitter Inc. and, regardless of the user's place of residence, transferred to the United States, Ireland and any other country in which Twitter Inc.

Twitter processes the data voluntarily entered by the user (such as name, user name, email address, telephone number or contacts in the user's address book if the user uploads or synchronises this). On the other hand, Twitter also analyses the content shared by the user to determine which topics the user is interested in, stores and processes confidential messages that the user sends directly to other users and can determine the user's location using GPS data, information on wireless networks or the user's IP address in order to send the user advertising or other content.
Twitter Inc. may use analysis tools such as Twitter or Google Analytics for evaluation purposes. TU Bergakademie Freiberg has no influence whatsoever on the use of such tools by Twitter Inc. and has not been informed of such potential use.

If tools of this kind are used by Twitter Inc. for the TU Bergakademie Freiberg account, TU Bergakademie Freiberg has neither commissioned nor authorised this nor supported it in any other way. TU Bergakademie Freiberg is also not provided with the data obtained during the analysis. Only certain non-personal information about tweet activity, such as the number of profile or link clicks through a particular tweet, can be viewed by TU Bergakademie Freiberg via its account. Furthermore, TU Bergakademie Freiberg has no way of preventing or switching off the use of such tools on its Twitter account.

Finally, Twitter also receives information when the user views content, for example, even if the user has not created a Twitter account. This so-called "log data" may include the IP address, the browser type, the operating system, information about the previously accessed website and the pages accessed by the user, their location, their mobile phone provider, the end device used by them (including device ID and application ID), the search terms used by them and cookie information.

Through Twitter buttons or widgets integrated into websites and the use of cookies, Twitter is able to record the user's visits to these websites and assign them to the user's Twitter profile. This data can be used to offer content or advertising tailored to the respective user.
The fact that Twitter Inc. is a non-European provider with a European branch only in Ireland means that it is not bound by German data protection regulations according to its own interpretation. This applies, for example, to the rights of data subjects to information, blocking or deletion of data or the option to object to the use of usage data for advertising purposes.

The user has the option of restricting the processing of personal data through the general settings of their Twitter account and under "Data protection and security". In addition, the user can restrict Twitter's access to contact and calendar data, photos, location data, etc. in the settings options for mobile devices. However, this depends on the operating system used.

Further information can be found on the following Twitter support pages:

• How to protect your personal data
• Information about the conclusions Twitter draws about users
• Information on viewing your own data on Twitter
• Existing personalisation and data protection setting options
• Twitter privacy form
• Twitter archive requirements

Data processed by the TU Bergakademie Freiberg

The TU Bergakademie Freiberg also processes user data. It does not collect any data itself via its Twitter account, and the IP addresses of site visitors are not transmitted to Twitter Inc. via the integration of TU Bergakademie Freiberg tweets on its homepage. However, the data entered by the user on Twitter, in particular the user name and the content published under the user's account, may be processed by TU Bergakademie Freiberg to the extent that it may retweet or reply to tweets from users via the TU Bergakademie Freiberg Twitter account or write its own tweets that refer to the specific user account. The data freely published and disseminated by the user on Twitter is thus included by TU Bergakademie Freiberg in its offer and made accessible to its followers.

In addition, TU Bergakademie Freiberg uses Twitter to organise competitions and, if necessary, to use direct messages. For this purpose, TU Bergakademie Freiberg processes the data voluntarily entered by the user on Twitter in connection with the competition or the use of direct messages.

9. Xing

TU Bergakademie Freiberg operates an entrepreneur profile on the XING platform. The platform operator is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. By using the XING platform, XING SE processes users' personal data. TU Bergakademie Freiberg has no influence on data processing by XING. No data processing takes place by TU Bergakademie Freiberg itself.

• Details on data processing by XING SE

10. Google Maps

The "Google Maps" service of Google LLC,
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is integrated on the TU Bergakademie Freiberg website. By using Google Maps, Google processes data about the use of the Maps function by users of the TU Bergakademie Freiberg website.

The TU Bergakademie Freiberg has no influence on this data transmission.

• Details on the handling of user data in Google's privacy policy

The use of Google Maps is in the interest of an appealing presentation of the online offers of the TU Bergakademie Freiberg and a better orientation regarding the places indicated on the website of the TU Bergakademie Freiberg. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR.

11. OpenStreetMap

The "OpenStreetMap" service is integrated on the TU Bergakademie Freiberg website. The service is provided by the Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. By integrating the service on the TU Bergakademie Freiberg website, information about the use of this website (e.g. IP addresses of users) is transmitted to a server of the Openstreetmap Foundation in the UK and stored there.

• Data protection declaration of the Openstreetmap Foundation

The TU Bergakademie Freiberg has no influence on this data transmission.

If users of the TU Bergakademie Freiberg website wish to deactivate the use of OpenStreetMap and prevent data transfer to the Openstreetmap Foundation, they can do so by deactivating JavaScript in their browser.

The use of OpenStreetMap is in the interest of an appealing presentation of the online offers of the TU Bergakademie Freiberg and better orientation with regard to the places indicated on the TU Bergakademie Freiberg website. This is in the public interest within the meaning of Article 6(1)(e) of the GDPR. Details on OpenStreetMap and information on the handling of user data can be found under the following links (with further references):

• Copyright and licence
• Legal FAQ

12. External links or hyperlinks to websites of other providers

The TU Bergakademie Freiberg website contains external links or hyperlinks to websites of other providers. These links or hyperlinks are to be distinguished and separated from TU Bergakademie Freiberg's own content. These external contents of other providers do not originate from TU Bergakademie Freiberg. TU Bergakademie Freiberg also has no influence on the content of third-party websites.

When such external links or hyperlinks are selected, users of the TU Bergakademie Freiberg website are redirected to the website of the other provider. TU Bergakademie Freiberg cannot guarantee that the external provider will handle the user's personal data confidentially and comply with data protection regulations and provisions. Responsibility in this regard lies solely with the specific provider.

If TU Bergakademie Freiberg becomes aware that the external links or hyperlinks on its website contain illegal content, the links and hyperlinks concerned will be removed immediately by TU Bergakademie Freiberg.

Note: At present, data transmission via the Internet (especially by e-mail) is essentially unsecured. It cannot be ruled out that transmitted data may come to the attention of unauthorised persons.

Status: June 2023