Data Protection

The purpose of our data processing is to perform public services delegated to us by law.

The legal basis for processing your personal data, unless indicated otherwise, is Section 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorized to process data required for us to fulfill our responsibilities.

Where you have given consent for your data to be processed, processing is covered by Article 6 (1) point a) of the GDPR.

If your personal data are processed electronically, the data processing systems we use are operated by the Agency for Digitisation, High-Speed Internet and Surveying, specifically the IT Service Centre of the Free State of Bavaria (IT-DLZ):

Landesamt für Digitalisierung, Breitband und Vermessung
IT-Dienstleistungszentrum des Freistaats Bayern
St.-Martin-Straße 47
81541 München
E-mail: poststelle@ldbv.bayern.de

Where required, your personal data are transferred to the responsible supervisory and auditing authorities to enable them to exercise their respective supervisory rights.
To prevent risks to the security of information technology, log files may be forwarded to the Landesamt für Sicherheit in der Informationstechnik (Bavarian state office for security in information technology) on the basis of Section 12 of the Bayerisches E-Government-Gesetz (Bavarian act to promote electronic government – BayEGovG – for further details, see “Creation of Log Files”).

Your data are only stored for as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.

To the extent that we process your personal data, you have the following rights as a data subject:

• If your personal data are processed, you are entitled to receive information about which data concerning you have been stored (Article 15 of the GDPR).
• If incorrect personal data are processed, you are entitled to rectification (Article 16 of the GDPR).
• If the legal requirements are met, you can request that your data be erased, ask for processing to be restricted or file an objection to processing (Articles 17, 18 and 21 of the GDPR).
• The processing of personal data pursuant solely to Article 6 (1) points e) or f) of the GDPR is subject to objection. Article 21 (1) sentence 1 of the GDPR grants you the right to object at any time due to reasons based on personal circumstances.
• If you have consented to data processing or there is a contract concerning data processing and data are processed automatically, you may be entitled to data portability (Article 20 of the GDPR).
• If you have consented to the processing of your data and the processing of your data is based on this declaration of consent, you may revoke this consent at any time. The revocation is effective forthwith. Revoking consent shall not affect the legitimacy of the data processing conducted between the time consent is granted and the time consent is revoked.

You may request more information on your rights from our Governmental Data Protection Officer. 

Our web server is operated by the Agency for Digitisation, High-Speed Internet and Surveying – IT Service Centre of the Free State of Bavaria (IT-DLZ). Your personal data collected while you visit our website are processed on our behalf by the Agency for Digitisation, High-Speed Internet and Surveying – IT Service Centre of the Free State of Bavaria (IT-DLZ).

Landesamt für Digitalisierung, Breitband und Vermessung
IT-Dienstleistungszentrum des Freistaats Bayern
St.-Martin-Straße 47
81541 München
E-mail: poststelle@ldbv.bayern.de

By using this or other web pages, you transmit data to our web server through your internet browser. The following data are recorded during any open connection for communication between your internet browser and our web server:

• Date and time of the request
• Name of the file requested
• Page from which the file was requested
• Access status (file transmitted, file not found, etc.)
• Web browser and operating system used
• Complete IP address of the requesting computer
• Data volume transmitted

We store these data for reasons of technical security, in particular to prevent attempted hacking of our web server. After seven days at the latest, data are anonymized by shortening the IP address at domain level so that it is no longer possible to connect the data to individual users. These data are only processed for the purposes stated above and anonymously for statistical purposes; they are not compared to other data or disclosed to third parties, not even in part.

We use active components such as JavaScript, Java-Applets or Active-X-Controls. You can adjust your browser settings to disable this function.

When you access this website, cookies (small files) are saved to your hard drive which remain valid for a period of 2 years. We only use these cookies to identify you during your current and any future visits to our website. Most browsers are set to allow cookies, but you can adjust your browser settings to disable cookies, either for the current session or permanently.

The following services require the use of cookies:

Only anonymized data are processed by the programs we use to analyze user behavior. To this end, we first anonymize your IP address and only then do we analyze it or share it with third parties for analysis. You can adjust your browser settings to disable this function.

This website uses social plug-ins from the social media Facebook, Twitter and LinkedIn operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, respectively. 

Using the three buttons for sharing content on Facebook, Twitter and LinkedIn, you can conveniently recommend our website to friends on your preferred social media platform. The so-called Shariff solution has been implemented on our website. When you call up our website, data are not automatically sent to the relevant social media networks.

Only when you click on a social media button, your browser uses this social plug-in to set up a direct connection to the server of the relevant social network. We have no influence on the scope of the data which is collected by the social media operators in this way. The operators process the information that you have called up our website. If you are also logged into one of the social media platforms at that time, the operator can match up your account with the relevant social media site. If you then also interact with the social plug-in by clicking “Like” or “Share”, the relevant social media site will process that information. Even if you are not a member of one of these social media platforms, it is possible for them to find out your IP address through the social plug-in and then possibly store this information. Further information about the scope and purpose of data processing, collection and use by Facebook and Twitter, as well as your rights in this respect and the available settings, can be found in each company’s data protection policy:

• www.facebook.com/policy.php
• www.twitter.com/privacy
• www.linkedin.com/legal/privacy-policy

If you do not want social media to collect data via our website, make sure you do not click on the relevant buttons. In addition, you can block social plug-ins via add-ons in your browser.

We have embedded videos from the external video platforms YouTube and Vimeo on our website. By default, only an inactive picture of the corresponding YouTube or Vimeo channel is shown; viewing this picture does not automatically establish a connection with YouTube’s or Vimeo's servers. Thus, no data are shared with the operator if you only access this website and do not play the videos.

You can decide for yourself whether or not you would like to activate the videos. Only once you allow the videos to play by selecting “click to load external video” do you consent to the transmission of necessary personal data (such as the URL of the web page you are currently on and your IP address) to the operator.

If you access our website from a mobile device, programs will analyze user behavior only in anonymous form. For this purpose, your IP address is only analyzed once it has been anonymized.

If you enter personal data or data related to your occupation (email addresses, names, mailing addresses, etc.) on our website, these data will only be used to transmit the intended information. SSL software is used to encrypt your data for transmission and thus prevent third parties from accessing it. These data are not shared with third parties. Using services that require you to provide such data is voluntary.

Unencrypted information which you send to us via e-mail may be accessed by third parties during transmission. We are also usually unable to verify your identity and cannot tell who an e-mail address belongs to. Legally compliant communication is thus not guaranteed via unencrypted emails. We – like many email providers – use a SPAM filter against unsolicited advertising that in rare cases also automatically classifies regular emails as such unsolicited advertising and deletes them. Emails that contain malicious programs (“viruses”) are automatically deleted by us in any case.
If you wish to protect the information you are sending us, we recommend that you encrypt your e‑mail and attach a certificate in order to prevent unauthorized parties from accessing it or the information getting falsified during transmission, or send us a letter instead.

To send us an encrypted e-mail, follow these steps. Please use the following address to send us PGP-encrypted emails: poststelle@stmwk.bayern.de. The required PGP communication key (public key) is available from the central PGP key server of the network of Bavarian authorities at “pgp-keysever.bayern.de.” Information on the encryption software “Gpg4win”, which is available for free download and which was developed on behalf of the Federal Office for Information Security, is available at https://www.gpg4win.de/index.html. Installation of PGP for communication with the Bavarian administration authorities is described in more detail in a brochure (PDF) available for download on the website.

Please also let us know how and in which way we can send encrypted emails to you in answering your inquiry and whether we may respond to you via an unencrypted email if you are unable to receive encrypted emails. If you are not able to receive encrypted emails, please indicate your mailing address so we can answer your messages worthy of protection.

This data protection policy contains detailed information on how your personal data are processed when you visit the Facebook profile of the Research in Bavaria initiative which is run by the Bavarian State Ministry of Science and the Arts.

Facebook’s privacy policy is available here.

The joint responsibility for the processing of personal data lies with:

Bayerisches Staatsministerium für Wissenschaft und Kunst (Bavarian State Ministry of Science and the Arts)
Salvatorstraße 2
80333 München

Telephone: +49 (0) 89 21 86 - 0
E-mail: poststelle@stmwk.bayern.de

and

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
E-mail: impressum@support.facebook.com
Fax: +1 650 543 5340

These two organizations act as Controllers (as defined in the GDPR) for the processing of Facebook Insights data. Information about Page Insights on Facebook is available here.

Data Protection Officer

If you have any questions about data protection, please contact the

Governmental Data Protection Officer of the Bavarian State Ministry of Science and the Arts
Salvatorstraße 2
80327 München

Email: datenschutzbeauftragter@stmwk.bayern.de

or the Data Protection Officer of Facebook Ireland Ltd.

When you use Facebook services, Facebook Ireland Ltd. processes your personal data, even if you do not have an account with any Facebook services at the time. Facebook describes the specific data that are processed and the purposes and legal basis of this data processing in its privacy policy which has been linked above and applies to all Facebook services. This privacy policy also details on how to contact Facebook for further questions and on advertisement and cookie settings. Your personal data may also be transmitted to non-EU countries.

See the cookie policy for information on the cookies which Facebook uses if you have a Facebook account, use Facebook services (including the Facebook website and apps) or visit another website or app which uses Facebook services (such as the “Like” button or other Facebook technology. The cookie policy also includes information on how you can manage your data.

When you visit the Facebook profile of the Research in Bavaria initiative (of the Bavarian State Ministry of Science and the Arts), Facebook will collect your IP address amongst other things. Facebook shares information about the Facebook page of the Bavarian State Ministry of Science and the Arts with the Ministry as the operator of the Facebook page, including information collected via cookies and statistical information about how the page is used (so-called Page Insights). Page Insights constitute a summary of data which gives insight into how users interact with the page. This information may be based on personal data which Facebook collects when users visit or interact with the Research in Bavaria Facebook page. For more information on this, please refer to Facebook’s privacy policy.

The Bavarian State Ministry of Science and the Arts can use the information gained in this way to anonymously analyze the reach of posts, page views, the length of video views, actions taken on the page (“Likes”, comments, sharing), as well as to analyze it by age, gender and location (as specified on the respective users’ Facebook/Instagram profiles). In order to analyze the reach of posts, certain settings or filters can be used to single out a time period, specific post or demographic (e.g. women aged 20 to 30). These data are anonymized, aggregated and abstracted, so the Ministry is unable to draw conclusions about individual users. This analysis is conducted in order to optimize the content offered on the Research in Bavaria Facebook page for purposes of public relations.

If the use of Facebook services leads to your personal data being processed by the Bavarian State Ministry of Science and the Arts, your personal data are processed as part of our public duties, in particular that of public information (Section 4 (1) of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6 (1) points e) and f) in conjunction with Article 6 (3) sentence (1) of the General Data Protection Regulation – GDPR).

The Bavarian State Ministry of Science and the Arts would like to point out the following: It is possible for Facebook to process collected data in a location that is not covered by the GDPR. We expressly bring it to your attention that Facebook stores user data in the USA indefinitely and uses it for commercial purposes. We cannot monitor to what extent and for how long your personal data are stored, whether Facebook complies with the existing regulations governing the obligation to erase data, how your data are analyzed or linked to other data, and with whom your data are shared. We cannot influence the data collection and further processing by Facebook. We recommend that you read the Facebook policy on data processing (https://www.facebook.com/about/privacy) carefully and adjust the privacy settings of your account accordingly.