For reasons of better readability, the use of gender-specific forms of language has been dispensed with. All personal designations apply to all persons regardless of grammatical formulation and without regard to gender.

Please note that only the german version is legally binding.

Part 1: General information on data processing

1. contact person

Person responsible in the sense of the EU General Data Protection Regulation:

Technische Universität Bergakademie Freiberg
Akademiestraße 6
09599 Freiberg
Phone: 03731 39-0
Internet: https://tu-freiberg.de/

The responsible party is hereinafter referred to as "TU Bergakademie Freiberg". The organizational structure of the TU Bergakademie can be viewed here.

Data Protection Officer of the TU Bergakademie Freiberg:

Frau Ulrike Unger
Phone: 03731 39-3243
E-Mail: datenschutz [at] tubaf [dot] org

Competent supervisory authority for data protection:

Sächsische Datenschutz- und Transparenzbeauftragte (Saxon Data Protection and Transparency Commissioner)
Dr. Juliane Hundert
Devrientstr. 5
01067 Dresden
Phone: 0351 85471-101
Fax: 0351 85741-109
E-Mail: post [at] sdtb [dot] sachsen [dot] de
Internet: https://www.datenschutz.sachsen.de/

2 Purpose and legal basis for data processing

The TU Bergakademie Freiberg processes personal data only insofar as this is necessary for the provision of a functional website and the contents and services of the TU Bergakademie Freiberg. Personal data is regularly processed only with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations (such as the Saxon Higher Education Freedom Act and the Saxon Higher Education Personal Data Ordinance).

In detail, the TU Bergakademie Freiberg relies on the following legal bases in carrying out its offers and activities:

• Insofar as consent of the data subject is obtained for the processing operations of personal data, Art. 6 (1) (a) DSGVO serves as the legal basis.
• If the TU Bergakademie Freiberg processes personal data which are necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
• In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) DSGVO serves as the legal basis.
• If tasks are performed that are in the public interest or are carried out in the exercise of official authority vested in TU Bergakademie Freiberg, Article 6 (1) (e) DSGVO serves as the legal basis for processing personal data to the extent necessary for this purpose. 
• If processing is necessary to protect a legitimate interest of TU Bergakademie Freiberg or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) DSGVO serves as the legal basis for the processing.

3. cooperation with processors and third parties

Insofar as the TU Bergakademie Freiberg discloses data to persons and companies (processors or third parties) within the scope of data processing carried out by the TU Bergakademie Freiberg, transfers data to these processors or third parties, or grants access to the data in any other way, this shall only take place

• on the basis of a legal permission,
• if the data subject has consented,
• if a legal obligation provides for this or
• if the legitimate interests of the TU Bergakademie Freiberg justify it.

If the TU Bergakademie Freiberg commissions third parties with data processing, this is done on the basis of a corresponding order processing contract, which meets the requirements of Art. 28 DSGVO.

4. transfer of personal data to a third country

If TU Bergakademie Freiberg processes data in a third country or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done in order to fulfill (pre)contractual obligations of TU Bergakademie Freiberg, on the basis of the consent of the data subject, due to a legal obligation or on the basis of a legitimate interest of TU Bergakademie Freiberg. "Third country" means any country outside the European Union or the European Economic Area. Subject to legal or contractual permissions, the TU Bergakademie Freiberg processes or allows the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met.

5. data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the TU Bergakademie Freiberg is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

6. data subject rights

If personal data is processed, each of the natural persons affected is generally entitled to the following rights in accordance with the GDPR vis-à-vis the TU Bergakademie Freiberg. The data protection officer of TU Bergakademie Freiberg will check whether the natural person concerned is actually entitled to the asserted right in the specific individual case.

Right of access (Art. 15 GDPR)

The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If this is the case, he or she has the right to obtain access to this personal data and the following information:

1. the purposes of processing,
2. the categories of personal data processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; 
5. the existence of a right to rectification or erasure of the personal data concerning him or her, or to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. if the personal data are not collected from the data subject, any available information on the origin of the data;
8. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) DSGVO and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

The controller shall provide a copy of the personal data that are the subject of the processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. If the data subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified. The right to receive a copy shall not affect the rights and freedoms of other persons.

Right to rectification (Art. 16 DSGVO)

The data subject shall have the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

Right to erasure - "right to be forgotten" (Art. 17 GDPR)

The data subject shall have the right to obtain from the controller the erasure without delay of personal data concerning him or her, and the controller shall be obliged to erase personal data without delay where one of the following reasons applies:

1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. The data subject withdraws consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.
3. The data subject objects to the processing pursuant to Art. 21(1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects pursuant to Art. 21 (2) DSGVO to object to the processing.
4. The personal data have been processed unlawfully.
5. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data have been collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.

If the controller has made the personal data public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replicas of such personal data.

The right to erasure shall not apply to the extent that the processing is necessary

1. to exercise the right to freedom of expression and information;
2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, where the right referred to in Art. 17(1) of the GDPR is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
5. for the establishment, exercise or defense of legal claims.

Right to restriction of processing (Art. 18 DSGVO)

The data subject shall have the right to obtain from the controller the restriction of processing where one of the following conditions is met:

1. the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the purposes of asserting, exercising or defending claims, or
4. the data subject objects to the processing pursuant to Art. 21 (1) DSGVO as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted in accordance with the aforementioned categories of cases, such personal data may - apart from being stored - only be processed with the consent of the data subject or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

A data subject who has obtained a restriction of processing pursuant to the above categories of cases shall be informed by the controller before the restriction is lifted.

Right to information (Art. 19 GDPR)

The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Articles 16, 17(1) and 18 of the GDPR, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of these recipients if the data subject so requests.

Right to data portability (Art. 20 DSGVO)

The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

1. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) DSGVO or on a contract pursuant to Article 6(1)(b) DSGVO and
2. the processing is carried out with the aid of automated procedures.

When exercising the aforementioned right to data portability, the data subject has the right to obtain that the personal data be transferred directly from the controller to another controller, where technically feasible. In doing so, the rights and freedoms of other persons must not be impaired.

The exercise of the right to data portability is without prejudice to Art. 17 DSGVO. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection (Art. 21 DSGVO)

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this shall also apply to any profiling based on this provision. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

The data subject must be expressly informed of the right to object at the latest at the time of the first communication with him or her; this information must be provided in a comprehensible form that is separate from other information.

In the context of the use of information society services, notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.

The data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

Right to revoke the declaration of consent under data protection law (Art. 7 (3) DSGVO)

The data subject has the right to withdraw his or her consent at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision in individual cases including profiling (Art. 22 DSGVO)

The data subject shall have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between the data subject and the controller,
2. is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
3. is made with the data subject's explicit consent.

However, the decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and legitimate interests of the data subject.

For the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include, at least, the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and contest the decision.

Right to complain to a supervisory authority (Art. 77 GDPR)

On the part of TU Bergakademie Freiberg, all necessary and appropriate technical and organizational measures have been taken to ensure compliance with data protection regulations within TU Bergakademie. If the data subject nevertheless believes that the processing of personal data concerning him or her violates the GDPR, he or she has the right to lodge a complaint with the Data Protection Officer of TU Bergakademie Freiberg or the Saxon Data Protection Commissioner, without prejudice to any other administrative or judicial remedy.

Part 2: Notes on data protection on the Internet site

The use of this website is generally possible without providing personal data. Data is transferred via a secure connection using SSL encryption. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http" to "https" and by the lock symbol in the browser line.

If personal data is nevertheless processed within the TU Bergakademie Freiberg website, the data subject will be informed accordingly.

With the exception of the services mentioned in this declaration, no services are offered or included that allow conclusions to be drawn about a natural person. If further such services are offered or included (in the future), the data subjects will be informed accordingly.

1. provision of the website and creation of log files

Description and scope of data processing

Each time the TU Bergakademie Freiberg website is accessed, the system used by the TU Bergakademie Freiberg automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

1. Information about the browser type and the version used
2. The operating system of the user
3. The Internet service provider of the user
4. The IP address of the user
5. The date and time of access
6. Websites from which the system of the user accesses the website of the TU Bergakademie Freiberg
7. Websites that are accessed by the system of the user via the website of the TU Bergakademie Freiberg.

The data is not stored in the log files of the TU Bergakademie Freiberg system during normal operation. Only in case of occurring errors, the collected data can also be stored in the error log files for error tracking. Not affected by this are the IP addresses of the user or other data that allow the assignment of the data to a user, unless there is a suspicion of deliberate or negligent impairment of the infrastructure of the TU Bergakademie Freiberg. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) of the DSGVO.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files takes place in the event of an error in order to ensure the functionality of the website. The data collected in this way serves to ensure the security of the information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also the legitimate interest of the TU Bergakademie Freiberg in the data processing according to Art. 6 (1) (f) of the DSGVO.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

2. registration form, contact form and e-mail contact.

Description and scope of data processing

The website of the TU Bergakademie Freiberg contains online forms that can be used for electronic contact and registration. If a user takes advantage of this option, the data entered in the input mask is transmitted to the TU Bergakademie Freiberg and stored. The user's consent is obtained for the processing of the data during the submission process.

Alternatively, it is possible to contact or register via the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation or registration.

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 letter a) of the DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) of the DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) of the DSGVO.

Purpose of data processing

The processing of personal data from the input mask serves the TU Bergakademie Freiberg solely to process the contact or to organize the registration. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of the information technology systems of the TU Bergakademie Freiberg.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts the TU Bergakademie Freiberg by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting the user will be deleted in this case.

3. Cookies

In the internet offer of the TU Bergakademie Freiberg, cookies are used in several places to make the website of the TU Bergakademie Freiberg more user-friendly. Cookies are small text files that are automatically stored on the visitor's browser when visiting a website.

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) of the DSGVO.

Cookies are stored on the user's computer and transmitted by it to the TU Bergakademie Freiberg website. Therefore, the user also has full control over the use of cookies. By changing the settings in the Internet browser, the user can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the TU Bergakademie Freiberg website, it may no longer be possible to use all functions of the website to their full extent.

The cookies used by the TU Bergakademie Freiberg are so-called "session cookies" and are automatically deleted after the end of the page visit.

4. web analysis through Matomo

The TU Bergakademie Freiberg uses the open source program for web analytics Matomo to record page visits. IP addresses are not stored for this purpose.

All collected data ends up exclusively on a server in the university computer center. The data collection is exclusively used to improve the services of the TU Bergakademie Freiberg. It is not possible to trace the data back to specific persons. The TU Bergakademie Freiberg will also not pass on this collected data to third parties at any time.

For the recording of data with Matomo, JavaScript must be allowed. In this case, the following data is collected:

• Time of access
• Duration of visit
• Pages visited
• Origin (referrer)
• Operating system
• Browser
• Screen resolution.

If JavaScript is not enabled, this data is also not stored.

5. YouTube

The TU Bergakademie Freiberg website uses YouTube plugins for the integration and display of video content. The provider of the video portal is Google Inc. - YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When a page with an integrated YouTube plugin is called up, a connection to the YouTube servers is established. YouTube thereby learns which pages of the TU Bergakademie Freiberg were accessed by the user. YouTube can assign the user's surfing behavior directly to the user's personal YouTube profile if the user is logged into his or her YouTube account. By logging out beforehand, the user has the option to prevent this.

YouTube is used in the interest of an appealing presentation of the online offers of the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) (e) of the DSGVO. Details on the handling of user data can be found in YouTube's privacy policy.

6. Facebook

The TU Bergakademie Freiberg uses the technical platform and services of Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA for the information service it offers. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter both referred to as "Meta").

TU Bergakademie Freiberg points out that the Facebook page of TU Bergakademie Freiberg and its functions are the sole responsibility of the users (data subjects). This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). The TU Bergakademie Freiberg also points out that the use of Facebook is not necessary to contact the TU Bergakademie Freiberg.

Facebook is used in the interest of comprehensive communication with interested parties and users of the offers of the TU Bergakademie Freiberg as well as the promotion of the tasks to be performed and activities offered by the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) (e) of the DSGVO.

Data processed by Meta

When visiting the Facebook page of the TU Bergakademie Freiberg, Meta collects, among other things, the IP address as well as further information of the user, which is available in the form of cookies on the user's computer. This information is used to provide the TU Bergakademie Freiberg, as operator of the Facebook page, with statistical information about the use of the Facebook page. More detailed information on this can be found at https://de-de.facebook.com/help/pages/insights.

The data collected about users in this context is processed by Meta Platforms Ltd. and may be transferred to countries outside the European Union. Meta describes in general terms in its data usage guidelines what information Meta receives and how this information is used. There are also options for contacting Facebook as well as the settings options for advertisements. The data usage guidelines are available at https://de-de.facebook.com/about/privacy.

In addition, Meta's full data policies are available for download at: https://de-de.facebook.com/full_data_use_policy.
 

Meta Platforms, Inc. has committed to the principles of the EU-US Privacy Shield. More details can be found at: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

To what extent Meta uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Meta stores this data and whether data from visits to the Facebook page are passed on to third parties is not conclusively and clearly stated by Meta and is not known to TU Bergakademie Freiberg.

When a Facebook page is accessed, the IP address assigned to the user's device is transmitted to Meta. Meta also stores information about the end devices of its users; if necessary, Meta is thus able to assign IP addresses to individual users.

If Facebook users are currently logged in to Meta, a cookie with the user's Facebook ID is stored on the end device used. This enables Meta to track that the user has visited the Facebook page of TU Bergakademie Freiberg. The specific use of the page is also tracked. This also applies to all other Facebook pages. Via Facebook buttons embedded in web pages, it is possible for Meta to record users' visits to these web pages and assign them to the user's Facebook profile. Based on this data, content or advertising (tailored to the specific user) can be offered. If the user wishes to avoid this, he or she should log out of Meta or deactivate the "stay logged in" function, delete the cookies present on his or her device and exit and restart the browser. In this way, Facebook information by which the user can be directly identified will be deleted. This allows the user to use the Facebook page of TU Bergakademie Freiberg without revealing his Facebook identification. If the user accesses interactive functions of the page (like, comment, share, news, etc.), a Facebook login screen appears. After any login, the user is again recognizable to Meta as a specific user.

Information on how the user can manage or delete the information they have can be found on Facebook's support pages. https://de-de.facebook.com/about/privacy

Data processed by the TU Bergakademie Freiberg

The TU Bergakademie Freiberg as provider of the information service also uses its Facebook page to conduct competitions and, if applicable, to use the Personal Messenger. For this purpose, the TU Bergakademie Freiberg processes the data voluntarily entered by the user on Facebook in connection with the competition or the use of the Personal Messenger.

Data processing by TU Bergakademie Freiberg also takes place when TU Bergakademie Freiberg shares content from Facebook users. However, the processing of data entered by the user on Facebook as part of the "Share" function only takes place with the express consent of the respective author of the original post.

7. Instagram

TU Bergakademie Freiberg uses the service "Instagram", which is a service provided by Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram is used in the interest of comprehensive communication with interested parties and users of the offers of the TU Bergakademie Freiberg as well as the promotion of the tasks to be performed and activities offered by the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) (e) of the DSGVO.

Data processed by Instagram

The following terms of use apply to the use of Instagram.

In all other respects, reference is made to the remarks made under item VI accordingly.

Further information can also be found in Instagram's privacy policy.https://help.instagram.com/519522125107875

Data processed by the TU Bergakademie Freiberg

The TU Bergakademie Freiberg uses the Instagram service, among other things, for the implementation of competitions and, if applicable, the use of direct messaging. For this purpose, the TU Bergakademie Freiberg processes the data voluntarily entered by the user on Instagram in connection with the competition or the use of direct messaging.

Data processing by the TU Bergakademie Freiberg also takes place when the TU Bergakademie Freiberg posts content from Instagram users. However, the processing of data entered by the user on Instagram in the context of the "Repost" function only takes place with the express consent of the respective author of the original post.

8. Twitter

The TU Bergakademie Freiberg uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA for the short message service it offers. The responsible party for the data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

The TU Bergakademie points out that the Twitter short messaging service offered by the TU Bergakademie Freiberg and its functions are the responsibility of the users (data subjects). This applies in particular to the use of the interactive functions (e.g. sharing, rating). The TU Bergakademie Freiberg also points out that the use of Twitter is not necessary to contact the TU Bergakademie Freiberg.

Twitter is used in the interest of comprehensive communication with interested parties and users of the offers of the TU Bergakademie Freiberg as well as the promotion of the tasks to be performed and activities offered by the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) (e) of the DSGVO.

Data processed by Twitter

Information about which personal data is processed by Twitter and for what purposes is contained in Twitter's privacy policy.

Twitter Inc. has committed to the principles of the EU-US Privacy Shield. More details can be found at: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

On the one hand, Twitter processes the data voluntarily entered by the user (such as name, user name, e-mail address, telephone number or contacts of the user's address book if the user uploads or synchronizes this). On the other hand, Twitter also evaluates the content shared by the user to determine which topics the user is interested in, stores and processes confidential messages that the user sends directly to other users, and can determine the user's location based on GPS data, wireless network information or via the user's IP address in order to send the user advertising or other content.
For evaluation, Twitter Inc. may use analysis tools such as Twitter or Google Analytics. The TU Bergakademie Freiberg has no influence on the use of such tools by Twitter Inc. and has not been informed about such potential use.

If tools of this kind are used by Twitter Inc. for the TU Bergakademie Freiberg account, the TU Bergakademie Freiberg has neither commissioned this nor approved or otherwise supported it in any way. The TU Bergakademie Freiberg is also not provided with the data obtained during the analysis. Only certain non-personal information about the tweet activity, such as the number of profile or link clicks by a particular tweet, can be viewed by the TU Bergakademie Freiberg via its account. Moreover, the TU Bergakademie Freiberg has no possibility to prevent or turn off the use of such tools on its Twitter account.

Finally, Twitter also receives information when the user views content, for example, even if the user has not created a Twitter account. This so-called "log data" may be the IP address, browser type, operating system, information about the website previously accessed and the pages accessed by the user, his location, his mobile phone provider, the terminal device he uses (including device ID and application ID), the search terms he uses and cookie information.

Twitter buttons or widgets integrated into websites and the use of cookies enable Twitter to record users' visits to these websites and to assign them to the user's Twitter profile. Based on this data, content or advertising - tailored to the respective user - can be offered.
Since Twitter Inc. is a non-European provider with a European branch only in Ireland, it is not bound by German data protection regulations according to its own interpretation. This applies, for example, to the rights of data subjects to information, blocking or deletion of data or the possibility to object to the use of usage data for advertising purposes.

The user has options to restrict the processing of personal data through the general settings of his Twitter account and under the item "Privacy and security". In addition, the user can restrict Twitter's access to contact and calendar data, photos, location data, etc. on mobile devices in the settings options there. However, this depends on the operating system used.

Further information is available on the following Twitter support pages:

• How to protect your personal data https://help.twitter.com/de/safety-and-security/twitter-privacy-settings
• Information about the inferences drawn by Twitter about the users
• Information about viewing your own data on Twitter
• Existing personalization and privacy settings options
• Twitter Privacy Form
• Twitter Archive Requests 

Data processed by the TU Bergakademie Freiberg

The TU Bergakademie Freiberg also processes user data. Although the TU Bergakademie Freiberg itself does not collect any data via its Twitter account and also the IP addresses of the site visitors are not transmitted to Twitter Inc. via the integration of the tweets of the TU Bergakademie Freiberg on its homepage. However, the data entered by the user on Twitter, in particular the user name and the content published under the user's account, are processed by the TU Bergakademie Freiberg, if applicable, to the extent that it retweets tweets from users via the Twitter account of the TU Bergakademie Freiberg under certain circumstances or responds to them or also writes its own tweets that refer to the specific user account. The data freely published and disseminated by the user on Twitter is thus included by the TU Bergakademie Freiberg in its offer and made accessible to its followers.

In addition, the TU Bergakademie Freiberg uses Twitter for the implementation of competitions and, if applicable, the use of direct messages. For this purpose, the TU Bergakademie Freiberg processes the data voluntarily entered by the user on Twitter in connection with the sweepstakes or the use of direct messages.

9. Xing

TU Bergakademie Freiberg operates an entrepreneur profile on the XING platform. The platform operator is XING SE, Dammtorstraße 30, 20354 Hamburg. By using the XING platform, XING SE processes personal data of the users. The TU Bergakademie Freiberg has no influence on the data processing by XING. No data processing takes place by the TU Bergakademie Freiberg itself.

• Details on data processing by XING SE

10. Google Maps

On the website of the TU Bergakademie Freiberg, the service "Google Maps" of Google LLC,
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Maps, Google processes data on the use of the Maps function by users of the TU Bergakademie Freiberg website.

The TU Bergakademie Freiberg has no influence on this data transmission.

• Details on the handling of user data in the Google privacy policy 

Google Maps is used in the interest of an appealing presentation of the online offers of the TU Bergakademie Freiberg and a better orientation with regard to the places indicated on the website of the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) e) of the DSGVO.

11. OpenStreetMap

The "OpenStreetMap" service is integrated on the TU Bergakademie Freiberg website. The service is provided by the Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. By integrating the service on the TU Bergakademie Freiberg website, information about the use of this website (e.g. IP addresses of users) is transmitted to a server of the Openstreetmap Foundation in the United Kingdom and stored there.

• Privacy policy of the Openstreetmap Foundation

The TU Bergakademie Freiberg has no influence on this data transfer.

If the user of the TU Bergakademie Freiberg website would like to deactivate the use of OpenStreetMap and prevent the data transfer to the Openstreetmap Foundation, he can do this by deactivating JavaScript in his browser.

OpenStreetMap is used in the interest of an appealing presentation of the online offers of the TU Bergakademie Freiberg and a better orientation with regard to the places indicated on the website of the TU Bergakademie Freiberg. This is in the public interest within the meaning of Art. 6 (1) (e) of the DSGVO. Details on OpenStreetMap and information on the handling of user data can be found under the following links (with further references):

• Copyright and license 
• Legal FAQ

12. external links or hyperlinks to websites of other providers

The website of TU Bergakademie Freiberg contains external links or hyperlinks to websites of other providers. These links or hyperlinks are to be distinguished and separated from the TU Bergakademie Freiberg's own content. These external contents of other providers do not originate from the TU Bergakademie Freiberg. The TU Bergakademie Freiberg also has no influence on the contents of the websites of third parties.

When selecting such an external link or hyperlink, the users of the TU Bergakademie Freiberg website are redirected to the website of the other provider. The TU Bergakademie Freiberg cannot guarantee that the external provider handles the user's personal data confidentially and complies with data protection laws and regulations. Any responsibility in this regard lies solely with the specific provider.

Should the TU Bergakademie Freiberg become aware that the external links or hyperlinks on its website contain illegal content, the TU Bergakademie Freiberg will immediately remove the links and hyperlinks in question.

Note: Currently, data transmission via the Internet (especially by e-mail) is essentially unsecured. It cannot be ruled out that transmitted data may come to the knowledge of unauthorized persons.

Status: June 2023