Privacy Policy According to Article 13 of the General Data Protection Regulation (GDPR)

The Privacy Policy is to provide information on the processing of your personal data in connection with this website and on your rights according to data protection legislation. According to Article 4, No. 1 of the EU General Data Protection Regulation (GDPR), personal data are all data that can be related to an identified or identifiable natural person.

Overview

  1. Controller and Data Protection Commissioner
  2. Accessing the Website and Server Log Files
  3. Cookies
  4. Contact (Email, Phone, Form)
  5. Newsletter
  6. Links to Other Websites
  7. Encrypted Transmission (TLS Encryption)
  8. Your Rights

Information

  1. Controller and Data Protection Commissioner

    According to the GDPR (Art. 4, No. 7) and other data protection regulations, the controller is:

    Karlsruhe Institute of Technology (KIT)

    Kaiserstraße 12
    76131 Karlsruhe
    Germany
    Phone: +49 721 608-0
    Fax: +49 721 608-44290
    Email: info@kit.edu

    Karlsruhe Institute of Technology is a corporation governed by public law. It is represented by its President.

    Our Data Protection Commissioner may be contacted at datenschutzbeauftragte@kit.edu or by ordinary mail with “Die Datenschutzbeauftragte“ (the Data Protection Commissioner) being indicated on the envelope.

  2. Accessing the Website and Server Log Files

    Scope and purpose: When using the website for information only, i.e. when you neither register nor transmit information to us in any other way, we will only collect your personal data that are transmitted by your browser to our server after the settings you have made. These are:

    • The IP address of the user
    • Date and time of access
    • Accessed website or URL
    • Access data / HTTP status code
    • Data volume transmitted
    • Websites from which the user’s system accesses our Internet site, if the user’s browser transmits these data actively
    • Information on the browser type and the version used
    • Operation system of the user
    • Information on the encryption protocol and the used encryption algorithm

    These data serve to technically optimize the website and to ensure security of our IT systems. The IP address is required for the operation and delivery of the website, it is written into the log files in abbreviated form, and is no longer available in its entirety after the request. From these data, we cannot draw any direct conclusions with respect to individual persons. In anonymized form, the data are processed for statistical purposes. The data are not compared with other data sets.

    If we have concrete evidence of illegal use, we reserve the right to collect and store full IP addresses.

    Recipients: Data will not be forwarded to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3 lit. b GDPR in conjunction with Article 4 LDSG (State Data Protection Act) and Article 20, par. 1 KITG (Act on KIT) in conjunction with Article 12, par. 1 LHG (Act of Baden-Württemberg on Universities and Colleges).

    Storage period: The personal data are stored as long as they are needed for reaching the purpose of their collection. After seven days at the latest will the data be deleted.

  3. Cookies

    Scope and purpose: In addition to the data listed above, cookies are stored on your computer when using our website. Cookies are small text files stored by your browser on your PC, via which certain information is transmitted to us (the server of our website). We use so-called session cookies (transient cookies) that are technically required to make the website functional. In the cookies used by us, the following data are stored and transmitted.

    • Session-ID („PHPSESSID“)

    Recipient: The data are not transmitted to third parties.

    Legal basis: The legal basis for processing personal data using technically required cookies in the sense of Art. 25, par. 2 TDDDG (Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services) is Art. 6, par. 1, lit. e and par. 3, lit. b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG.

    Storage period: The session cookies will be deleted at the latest when you close your browser.

    Tip: You can set your browser such that you are informed about the setting of cookies and you can allow cookies in the individual case only, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when closing your browser. If you deactivate cookies, functionality of this website may be limited.

  4. Contact (Email, Phone, Form)

    Scope and purpose: When contacting us by email, phone, or by sending a form, your contact data transmitted to us, such as email address, phone number, and name, are stored for the purpose of processing and answering your inquiry.

    Please note that data transmission (e.g. when communicating by email) may be subject to security deficiencies. It is not possible to completely protect the data from access by third parties.

    Recipient: If needed for responding to your inquiry, personal data may be forwarded to competent offices of KIT. The responsible KIT employees will use your personal data for processing your inquiry exclusively. The data will not be transmitted to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. e and par. 3, lit b GDPR in conjunction with Art. 4 LDSG and Art. 20, par. 1 KITG in conjunction with Art. 12, par. 1 LHG as well as other pertinent legal provisions.

    Storage period: The personal data will be stored as long as they are needed for fulfilling the above purpose. This means that the data will be deleted when it must be assumed that an exchange is no longer desired.

  5. Newsletter

    Scope and purpose: We process your personal data from the corresponding form / registration mask for the purpose of sending you the newsletter and the associated administration work. For registration, we use the double opt-in procedure, i.e., your registration will only be completed after you have confirmed your registration by clicking the link contained in a confirmation email sent to you for this purpose. If you do not confirm within 48 hours, your registration will be deleted automatically from our database.

    Recipient: The data will not be transmitted to third parties.

    Legal basis: The legal basis for processing these data is Art. 6, par. 1, lit. a GDPR (consent).

    Consent is given voluntarily. Consent may be revoked anytime with effect for the future. Effect for the future means that revocation of your consent will not affect the lawfulness of processing that was based on the consent until revocation. Your refusal or revocation of the consent will not result in any disadvantages. However, without your giving your personal data, it will no longer be possible to send the newsletter to you.

    Storage period: The personal data will be stored as long as they are needed for the above purposes. This means that we will store the data as long as you have given your consent.

  6. Links to Other Websites

    When we link to websites outside of KIT, the privacy policies and information provided there apply.

  7. Encrypted Transmission (TLS Encryption)

    This site uses TLS encryption to protect the transmission of all contents as well as of the inquiries you sent to us as the site operator.

    With TLS encryption, the data you transmit to us cannot be read by third parties as a rule. Please note, however, that when transmitting data via the Internet, complete protection against access by third parties can never by guaranteed.

  8. Your Rights

    As regards your personal data, you have the following rights:

    • Right to withdrawal of your consent with effect for the future, if processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a GDPR (Art. 7, par. 3 GDPR),
    • right to confirmation as to whether data about you are processed and right to information about the data processed and to further information about data processing as well as right to obtain copies of the data (Art. 15 GDPR),
    • right to rectification or completion of incorrect or incomplete data (Art. 16 GDPR),
    • right to immediate erasure of your personal data (Art. 17 GDPR),
    • right to restriction of processing (Art. 18 GDPR),
    • right to portability of the data in a structured, common, and machine-readable format, provided that processing is based on a consent according to Art. 6, par. 1, sub-par. 1, lit. a or Art. 9, par. 2, lit. a GDPR or on an agreement according to Art. 6, par. 1, sub-par. 1, lit. b GDPR (Art. 20 GDPR),
    • right to object to the future processing of your personal data, if the data are processed according to Art. 6, par. 1, lit. e or f GDPR (Art. 21 GDPR).

    In addition, you have the right to complain about the processing of your personal data by KIT with its supervisory authority (Art. 77 GDPR). According to Art. 25, par. 1 LDSG, the supervisory authority of KIT according to Art. 51, par. 1 GDPR is:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (Baden-Württemberg State Commissioner for Data Protection and Freedom of Information) (https://www.baden-wuerttemberg.datenschutz.de/, in German).

Privacy Policy - University Sports Addendum

For reasons of better readability, the masculine spelling has generally been used for function designations such as "participant", "employee", etc.. We expressly point out at this point that both the male and female spelling is meant.

The protection of personal data is a central concern for the University Sports Department of the Karlsruhe Institute of Technology. With these data protection regulations, we provide information on how personal data is processed by us and to which persons it is made accessible.

These data protection provisions supplement the conditions of participation


1. basic principles for the processing of personal data

  • The processing of personal data is carried out within the framework of the State Data Protection Act of Baden-Württemberg.
  • University Sports uses personal data exclusively to enable participation in the sports program and to administer sports courses. Without providing the data explained below (see section 3), participation in university sports is not possible.
  • Stored data is only accessible to the staff of the Hochschulsport. Exercise instructors of the Hochschulsport have limited access to the stored data for course organization. Data concerning the payment of course fees by direct debit will be made available to the cash office of the Karlsruhe Institute of Technology for this purpose. Other persons or third parties cannot view any of the stored data.



2. terms of this privacy policy


2.1 Data

  • "Personal data" are, according to §3 para. 1 LDSG, all individual details about personal or factual circumstances of an identifiable person.
  • The personal data that must be entered when registering for the sports offers (mandatory fields) are referred to as "registration details" (see 3.2).
  • Some information provided during registration is optional. These are referred to as"Voluntary information" (see 3.3).
  • When registering for a fee-based sports course,"payment details" are recorded (see 3.4).

2.2 Persons and facilities

  • University Sports is an institution of the Karlsruhe Institute of Technology and is open to members and affiliates of the Karlsruhe Institute of Technology and its cooperating institutions; it is referred to as "University Sports" in its entirety.
  • The full-time and student employees of the Hochschulsport who are responsible for organizing the sports program are called "employees".
  • Leaders of the sports courses, who are responsible for the professional and athletic supervision, are called "Exercise Leaders"; they are named on the University Sports homepage or can be inquired at the University Sports Office.
  • Users who have registered for a sports course on the university sports homepage are called "participants".
  • Direct debit for payment of course fees is handled by the cash office of the Karlsruhe Institute of Technology; this will be referred to as the "cash office" in the following.

2.3 Other Terms

  • The website on which the Hochschulsport offers sports courses is called "Hochschulsport-Homepage" and can be accessed at https://www.ifss.kit.edu/hochschulsport/index.php.
  • In exceptional cases, registration for sports courses is possible in person at the Hochschulsport office. This is called the "Hochschulsport-Office".
  • The program offered by the University Sports Office is called "Sports Offer" in its entirety.
  • Individual services and performances of the sports program are called "sports course".



3. which data are processed?

3.1 Personal data

The personal data that is processed automatically within the scope of the organization of the sports offer consists in detail of the data explained under 3.2, 3.3 and 3.4.

Participants have the right to obtain information about the data stored about them by the Karlsruhe Institute of Technology and, if necessary, to have this data corrected. Upon request, data can only be viewed and processed in person at the University Sports Office.

All data collected will only be stored for a limited period of time. Data that can be associated with the registration for a sports course or the payment of a sports course will be anonymized at the latest one year after the end of the semester of the respective sports course in such a way that an assignment of the participant is no longer possible. If the participant does not register for another sports course within this period, all stored data of this participant will be deleted.

3.2 Registration data

When registering on the university sports homepage, registration details are recorded. These are:

  • Salutation (Mr./Mrs.) or gender
  • First name
  • Last name
  • Address
  • Postal code
  • Place of residence
  • Status (in the sense of: University affiliation status. Student, employee, guest)
  • Matriculation number (only for students)
  • Telephone number of place of work (only for staff members)

3.3 Voluntary information

When registering on the university sports homepage, the following information is voluntary:

  • Email address
  • Telephone number

3.4 Payment data

For fee-based sports courses, payment can only be made by direct debit when registering on the Hochschulsport-Homepage. If payment is made by direct debit, the participant is required to provide the following information:

  • Account number
  • Bank code
  • Account holder



4 Who can view the stored data?

4.1 Employees

Employees of the Hochschulsport can view all personal data made; they use these data exclusively for the purposes of the Hochschulsport.

4.2 Exercise instructor

In order to enable exercise instructors to contact participants directly, the exercise instructors are given access to previously collected personal data (if specified) of the registered participants. The exercise instructors can only view the following data until the end of the semester of the respective sports course:

  • Salutation
  • First name
  • Last name
  • Status
  • E-mail address
  • Phone number

4.3 Cash desk

Payment by direct debit is processed by the cash office. In order to carry out the payment by direct debit, the following previously collected data of the participants will be transmitted to the cash office:

  • Name
  • First name
  • Account number
  • Bank code
  • Registration date
  • Payment amount
  • booked service (sports course)

In the event of a return debit note for which the participant is responsible (i.e. the direct debit could not be processed due to obviously incorrect information provided by the participant, e.g. non-existent account number), the University Sports Office will contact the participant directly.




5. changes to the data protection regulations


University Sports reserves the right to amend these data protection provisions if changes become necessary due to technical innovations, subsequently identified regulatory gaps or with regard to new services provided by University Sports. University Sports will publish the current version of this Privacy Policy on the University Sports homepage.