cc-backend/web/templates/privacy.tmpl

333 lines
17 KiB
Cheetah
Raw Normal View History

{{define "navigation"}}
2022-03-02 08:37:30 +01:00
<header>
<nav class="navbar navbar-expand-lg navbar-light fixed-top bg-light">
<div class="container-fluid">
<a class="navbar-brand" href="/">
{{block "brand" .}}
<img style="height: 30px;" alt="ClusterCockpit Logo" src="/img/logo.png" class="d-inline-block align-top">
{{end}}
</a>
</div>
</nav>
</header>
{{end}}
{{define "content"}}
<div class="container" style="margin-top:80px;margin-bottom:80px;">
<div class="row legal">
<div class="col-md">
<h1>Privacy</h1>
<p>
INSTITUION is
responsible for its websites within the meaning of the
General Data Protection Regulation (GDPR) and other
national data protection laws as well as other data
protection regulations. It is legally represented by
its XX. For contact details, please consult the
YYY.
</p>
<p>
The respective INSTITUION institutions are responsible for
any content they make available on the websites of
INSTITUION. For questions related to specific content,
please contact the person responsible as named
LINK of this web page.
</p>
<h2>Name and address of the Data Protection Officer</h2>
<address>
address
</address>
<ul>
<li>Telefon: </span> +49 </li>
<li>Fax:</span> +49 </li>
<li>E-Mail:</li>
</ul>
<h2>General information on data processing</h2>
<h3>Scope of processing of personal data</h3>
<p>
We only process our users personal data to the extent
necessary to provide services, content and a functional
website. As a rule, personal data are only processed after
the user gives their consent. An exception applies in those
cases where it is impractical to obtain the users
prior consent and the processing of such data is
permitted by law.
</p>
<h3>Legal basis for the processing of personal data</h3>
<p>
Art. 6 (1) (a) of the EU General Data Protection Regulation
(GDPR) forms the legal basis for us to obtain the
consent of a data subject for their personal data to be
processed.<br> When processing personal data required for
the performance of a contract in which the contractual
party is the data subject, Art. 6 (1) (b) GDPR forms the
legal basis. This also applies if data has to be processed
in order to carry out pre-contractual activities.<br> Art.
6 (1) (c) GDPR forms the legal basis if personal data has
to be processed in order to fulfil a legal obligation on
the part of our organisation.<br> Art. 6 (1) (d) GDPR forms
the legal basis in the case that vital interests of the
data subject or another natural person make the processing
of personal data necessary.<br> If data processing is
necessary in order to protect the legitimate interests of
our organisation or of a third party and if the interests,
basic rights and fundamental freedoms of the data subject
do not outweigh the interests mentioned above, Art. 6 (1)
(f) GDPR forms the legal basis for such data processing.
</p>
<h3>Deletion of data and storage period</h3>
<p>
The personal data of the data subject are deleted or
blocked as soon as the reason for storing them ceases
to exist. Storage beyond this time period may occur if
provided for by European or national legislators in
directives under Union legislation, laws or other
regulations to which the data controller is subject.
Such data are also blocked or deleted if a storage period
prescribed by one of the above-named rules expires,
unless further storage of the data is necessary for
entering into or performing a contract.
</p>
<h2>Provision of the website and generation of log files</h2>
<h3>Description and scope of data processing</h3>
<p>
Each time our website is accessed, our system
automatically collects data and information from
the users computer system.<br> In this context, the
following data are collected:
</p>
<ul>
<li>
Address (URL) of the website from which the file was requested
</li>
<li>
Name of the retrieved file
</li>
<li>
Date and time of the request
</li>
<li>
Data volume transmitted
</li>
<li>
Access status (file transferred, file not found, etc.)
</li>
<li>
Description of the type of web browser and/or operating system used
</li>
<li>
Anonymised IP address of the requesting computer
</li>
</ul>
<p>
The data stored are required exclusively for technical or
statistical purposes; no comparison with other data or
disclosure to third parties occurs, not even in part.
The data are stored in our systems log files. This is not
the case for the users IP addresses or other data
that make it possible to assign the data to a specific
user: before data are stored, each dataset is anonymised by
changing the IP address. These data are not stored
together with other personal data .
</p>
<h3>Legal basis for data processing</h3>
<p>
The legal basis for the temporary storage of data and
logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4
BayDSG following the tasks of Art. 11 BayEGovG and Art. 7
and 34 BayHO
</p>
<h3>Purpose of data processing</h3>
<p>
The temporary storage of the IP address by the system is
necessary in order to deliver the website to the
users computer. For this purpose, the users IP address
must remain stored for the duration of the session.<br> The
storage of such data in log files takes place in order to
ensure the websites functionality. These data also serve
to help us optimise the website and ensure that our IT
systems are secure. They are not evaluated for marketing
purposes in this respect.
</p>
<h3>Storage period</h3>
<p>
Data are deleted as soon as they are no longer necessary
for fulfilling the purpose for which they were
collected. If data have been collected for the purpose of
providing the website, they are deleted at the end of the
respective session.<br> If data are stored in log files,
they are deleted at the latest after seven days. A longer
storage period is possible. In this case, the users IP
addresses are deleted or masked so that they can no longer
be assigned to the client accessing the website.
</p>
<h3>Options for filing an objection or requesting removal</h3>
<p>
The collection of data for the purpose of providing the
website and the storage of such data in log files is
essential to the websites operation. As a consequence,
the user has no possibility to object.
</p>
<h2>Use of cookies</h2>
<h3>Description and scope of data processing</h3>
<p>
Our website uses cookies. Cookies are text files that are
saved in the users web browser or by the web browser
on the users computer system. When a user accesses a
website, a cookie can be stored in the users operating
system. This cookie contains a character string that allows
the unique identification of the browser when the
website is accessed again.
</p>
<p>
We use cookies to make our website more user-friendly. Some
parts of our website require that the requesting browser
can also be identified after changing pages.<br> During
this process, the following data are stored in the cookies
and transmitted:
</p>
<ul>
<li>
Log-in information (only in the case of protected information that is made available exclusively to FAU members)
</li>
</ul>
<p>
Technical measures are taken to pseudonymise user data
collected in this way. This means that the data can no
longer be assigned to the user. The data are not stored
together with other personal data of the user.<br> When
accessing our website, a banner informs users that cookies
are used for analysis purposes and makes reference to this
data protection policy. In connection with this, users are
also instructed how they can block the storage of cookies
in their browser settings.
</p>
<h3>Legal basis for data processing</h3>
<p>
The legal basis for the temporary storage of data and
logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4
BayDSG following the tasks of Art. 11 BayEGovG and
Art. 7 and 34 BayHO
</p>
<h3>Purpose of data processing</h3>
<p>
Analysis cookies are used for the purpose of improving the
quality of our website and its content. We learn
through the analysis cookies how the website is used and in
this way can continuously optimise our web presence.
</p>
<h3>Storage period, options for filing an objection or requesting removal</h3>
<p>
As cookies are stored on the users computer and are
transmitted from it to our website, users have full
control over the use of cookies. You can deactivate or
restrict the transmission of cookies by changing the
settings in your web browser. Cookies that are already
stored can be deleted at any time. This can also be done
automatically. If cookies are deactivated for our
website, it may be the case that not all of the websites
functions can be used in full.
</p>
<h2>SSL encryption</h2>
<p>
Our website uses SSL encryption for security reasons and to
protect the transmission of confidential information,
for example enquiries you send to us as operators of
the website. You can recognise an encrypted connection
when the browsers address line changes from
<code>http://</code> to <code>https://</code> and a padlock
appears in your web browser.
</p>
<p>
If SSL encryption is activated, the data you transmit to us
cannot be read by third parties.
</p>
<h2>Rights of the data subject</h2>
<p>
With regard to the processing of your personal
data, you as a data subject are entitled to the
following rights pursuant to Art. 15 et seq. GDPR:
</p>
<ul>
<li>
You can request information as to whether we process
your personal data. If this is the case, you have the
right to information about this personal data as well
as further information in connection with the
processing (Art. 15 GDPR). Please note that this
right of access may be restricted or excluded in
certain cases (cf. in particular Art. 10 BayDSG).
</li>
<li>
In the event that personal data about you is (no
longer) accurate or incomplete, you may request that
this data be corrected and, if necessary, completed
(Art. 16 GDPR).
</li>
<li>
If the legal requirements are met, you can demand that
your personal data be erased (Art. 17 GDPR) or that
the processing of this data be restricted (Art. 18
DSGVO). However, the right to erasure pursuant to
Art. 17 (1) and (2) GDPR does not apply, inter alia,
if the processing of personal data is necessary for the
performance of a task carried out in the public
interest or in the exercise of official authority
or in the exercise of official authority vested (Art.
17 para. 3 letter b GDPR).
</li>
<li>
If you have given your consent to the processing, you
have the right to withdrawal it at any time. The
withdrawal will only take effect in the future;
this means that the withdrawal does not affect the
lawfulness of the processing operations carried out
on the basis of the consent up to the withdrawal.
</li>
<li>
For reasons arising from your particular situation, you
may also object to the processing of your personal
data by us at any time (Art. 21 GDPR). If the legal
requirements are met, we will subsequently no longer
process your personal data.
</li>
<li>
Insofar as you have consented to the processing of your
personal data or have agreed to the performance of
the contract and the data processing is carried out
automated, you may be entitled to data portability
(Art. 20 GDPR).
</li>
<li>
You have the right to lodge a complaint to a
supervisory authority within the meaning of Art. 51
GDPR about the processing of your personal data. The
responsible supervisory authority for XXX
authorities is YYY.
</li>
</ul>
</div>
</div>
</div>
{{end}}