Privacy policy of the Tübingen AI Center

Controller

Tübingen AI Center / Eberhard Karls Universität Tübingen
AI Research Building (TTR2)
Maria-von-Linden Straße 6
72076 Tübingen
Germany
Email: info＠tuebingen․ai

Public relations department

Christfried Dornis
Wilhelmstr. 5
72074 Tübingen
Germany
Email: ord＠uni-tuebingen․de
Phone: +49 7071 29 77854

Data protection officer

Datenschutzbeauftragter
Geschwister-Scholl-Platz
72074 Tübingen
Germany
Email: datenschutz＠uni-tuebingen․de
Phone: +49 70 71 29 76480
Website of the data protection officer

The content and functions of the websites offered by the Tübingen AI Center are generally available to users without providing personal data. Personal data (e.g. name, email address, postal address) is only collected if visitors provide it voluntarily and with their consent for the purpose of data processing, e.g. via a contact form. Data transmission is encrypted in accordance with the technology currently available.

The following data is automatically collected and stored by the web server each time a page is accessed:

• The URL of the requested page
• Date and time of the request
• Amount of data sent in bytes
• HTTP status header of the server response
• Source/Reference from which the visitor requested the URL
• Information about browser type, version and operating system
• IP address

This data is not merged with other data. In addition to the IP address, other personal data is only processed if the visitor provides it to us voluntarily (e.g. to register a personal account). This personal data is only processed in connection with the purpose to be fulfilled. If the purpose no longer applies, the data will be blocked and deleted after expiry of the tax and commercial law regulations, unless the subject has expressly consented to further use of the data.

Personal data is collected and processed on the basis of the relevant data protection regulations, e.g. the State Data Protection Act Baden-Württemberg (LDSG BW), the Digital Services Act (DDG), the Telecommunications Digital Services Data Protection Act (TDDDG) and the General Data Protection Regulation (GDPR). All employees are bound to data secrecy and confidentiality.

Personal data will not be passed on to third parties unless the subject has consented to this or it is necessary. Data may need to be passed on to fulfill a contract, in the event of a court or official order, or to protect our legitimate interests. In individual cases, personal data may be passed on to service providers (e.g. IT service providers, lawyers) for processing on our behalf.

When using the website, cookies may be set at various points. Cookies are small data records that are stored on the end device used during the use of a website and are transmitted to the server when a URL is called up. Cookies are an established and essential technology for the provision of online services and are used, among other things, for individualization and to increase efficiency and security.

Visitors have the possibility to choose whether or not to use cookies that are not essential to the technical functions of the site. Mandatory cookies are essential to the core functionality of this website. Without these cookies, the site cannot function properly. They are enabled by default and cannot be disabled.

In addition to the necessary cookies, cookies are used for the provision of various functions, integration of social media as well as analysis and marketing purposes. These cookies make it possible to continuously improve the online service or to offer certain functions in the first place. They are not merged with other personal data. If non-essential cookies are used, the data subject can consent to and object to her or his use via the cookie management available on every page. The revocation of the consent has no influence on the permissibility of the data processing carried out up to the time of revocation.

The website may store data in the local memory and the session memory of the data subject's browser. These are small data records that the website stores in the respective memory area during the visit in order to read them out again later. This data is used for individualization and to increase efficiency and security.

Transient data relating to the current session is stored in the session memory. This data is generated during the visit to the website and is deleted as soon as the website is closed.

Persistent data is stored in the local storage, which the website can retrieve from recurring visitors.

If a contact form is available on the website visited, this can be used to contact us electronically. Alternatively, contact can be made via the email addresses and telephone numbers provided. When contacting the Tübingen AI Center via one of these channels, the personal data transmitted by the data subject is automatically stored. The data is stored solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f) GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by form or email, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

When registering on a Tübingen AI Center website and providing personal data, this data is transmitted to the controller in the respective input mask. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required for the purpose for which it was collected. During registration, the IP address of the data subject and the date and time of registration are stored. This serves to prevent misuse of the services. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The registration of data is necessary for the provision of content or services. Registered persons have the option of having the stored data deleted or amended at any time. Data subjects can obtain information about their stored personal data at any time.

The controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of the storage. Storage may also take place if this is provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

If personal data is processed, data subjects affected within the meaning of the GDPR are entitled to the following rights against the controller:

Right to information pursuant to Art. 15 GDPR

Data subjects may request confirmation from the controller as to whether their personal data is being processed by the controller. If such processing is taking place, the data subject can request the following information from the controller:

• The purposes for which the personal data is stored.
• The categories of the processed personal data.
• The recipients or categories of recipients to whom the personal data has been or will be disclosed.
• The planned duration of the storage of the personal data or, if specific information on this is not possible, criteria for determining the storage period.
• The existence of a right to rectification or erasure of the personal data, a right to restriction of processing by the controller or a right to object to such processing.
• The existence of a right to lodge a complaint with a supervisory authority.
• All available information on the origin of the data if the personal data are not collected from the data subject.
• The existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and para. 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

The data subject has the right to request information about whether their personal data has been transferred to a third country or to an international organization.

In this context, the data subject may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification pursuant to Art. 16 GDPR

The Data subject has the right to rectification and completion towards the controller if the processed personal data concerning the data subject is incorrect or incomplete. The controller must make the correction without delay.

Right to erasure pursuant to Art. 17 DSGVO

1. The data subject may request the controller to erase their personal data without delay, and the controller is obligated to erase this data without delay, provided that one of the following reasons applies:
   • The personal data concerning the data subject is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
   • The data subject withdraws the consent on which the processing was based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground for the processing.
   • The data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR.
   • The personal data concerning the data subject has been processed unlawfully.
   • The deletion of personal data concerning the data subject is necessary to fulfill a legal obligation under European Union law or the law of the Member States to which the controller is subject.
   • The personal data concerning the data subject was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
2. If the controller has made the data subject's personal data public and is obligated to erase it pursuant to Art. 17 para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. The right to erasure does not apply if the processing is necessary:
   • To exercise the right to freedom of expression and information.
   • For compliance with a legal obligation requiring processing under European Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
   • For reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR.
   • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing.
   • For the establishment, exercise, or defense of legal claims.

Right to restriction of processing pursuant to Art. 18 GDPR

The data subject has the right to request the restriction of the processing of their personal data under the following conditions:

• If the data subject contests the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
• If the data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh the data subject’s reasons.

If the processing of personal data has been restricted by the data subject, this data - apart from its storage - may only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, the data subject will be informed by the controller before the restriction is lifted.

Right to information pursuant to Art. 19 GDPR

If the data subject has asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to notify all recipients to whom the personal data concerning the data subject have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. The data subject has the right to be informed of these recipients by the controller.

Right to data portability pursuant to Art. 20 GDPR

The data subject has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used, and machine-readable format. Data subjects also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

• The processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR; and
• The processing is carried out by automated means. In exercising this right, the data subject also has the right to have their personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object pursuant to Art. 21 GDPR

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data carried out under Art. 6 para. 1 lit. e) or f). This also applies to profiling based on those provisions. The controller must no longer process the personal data of the data subject unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If personal data of the data subject is processed for the purpose of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, her or his personal data will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Right to withdraw the declaration of consent under data protection law pursuant to Art. 7 (3) GDPR

The data subject has the right to withdraw their data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of their personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged must inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 77 GDPR. The competent supervisory authority is the Baden-Württemberg Ministry of Science, Research and the Arts.

Address data

For the delivery of the newsletter offered on the website, an email address of the subscriber is required as well as information that allows the verification of the ownership of the specified email address and the existence of the consent to receive the newsletter. No further data is collected, or only on a voluntary basis. The service provider described below is used to process the newsletter.

CleverReach

The Tübingen AI Center uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service used to manage and analyze newsletter distribution. The data provided by the data subject (e.g. email address) for newsletter subscription is stored on CleverReach's servers in Germany or Ireland.

Newsletters sent with CleverReach allow the controller to analyze recipient behavior. This includes tracking how many recipients opened the newsletter and which links were clicked. For more information on data analysis through CleverReach newsletters: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/.

Data processing is based on the consent of the data subject in accordance with Art. 6 para. 1 lit. a) GDPR. The data subject can revoke their consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation. If the data subject does not consent to the analysis by CleverReach, they must unsubscribe from the newsletter. A corresponding link is provided in every newsletter for this purpose.

The data provided by the data subject to the controller for the purpose of subscribing to the newsletter will be stored by the controller until the end of the subscription and deleted from the recipient list at the end of the subscription. Data stored by the controller for other purposes remain unaffected by this.

After being removed from the recipient list, the data subject’s email address may be stored on a blacklist by the controller to prevent further mailing, if necessary. The blacklist data will be used solely for this purpose and will not be combined with other data. This serves both the interest of the data subject and the interest of the controller in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR). Storage in the blacklist is not limited in time. The data subject can object to the storage if their interests outweigh the legitimate interest of the controller.

Further information on the processing of personal data by CleverReach is available from the provider: https://www.cleverreach.com/en-de/privacy-policy/.

Transactional emails

If the data subject registers for one of our online services and enters her or his email address, this email address may subsequently be used by us to send transactional emails. Transactional emails are emails sent automatically and triggered by user actions that are essential for or support the completion of processes, such as the confirmation of a registration or reminders of upcoming events.

Transactional emails are an essential part of the service and cannot be objected to unless the data subject discontinues using the service. The legal basis for sending transactional emails is Art. 6 para. 1 lit. a) GDPR.

Description and purpose

Third-party content, such as videos, fonts or graphics from other websites, may be integrated into an online service. This requires that third-party providers know and process the data subject’s IP address, as it is necessary for delivering content to the browser. While the Tübingen AI Center strives to use content from providers who only use the IP address for content delivery, the Tübignen AI Center cannot control whether third-party providers store the IP address, e.g., for statistical purposes. If this is known, the data subject will be informed. The integration of third-party content aims to enhance the user experience of the online offering.

Legal basis

The legal basis for the integration of other third-party services and content is Art. 6 para. 1 lit. f) GDPR. The predominant legitimate interest of the Tübingen AI Center lies in the intention to present the online offer accordingly and to provide user-friendly and economically efficient services. Further information on the processing of personal data is available from the respective provider

Contractual or legal obligation to provide personal data

The provision of personal data is neither legally nor contractually required. The data subject is also not obligated to provide personal data. However, failure to do so may result in certain functions being unavailable or limited in their use.

The Tübingen AI Center uses the consent tool CCM19 to request consent for the processing of end device information and personal data using cookies or other tracking technologies on the website.

With the help of CCM19, the data subject has the option of consenting to or rejecting the processing of their end device information and personal data using cookies or other tracking technologies for the purposes listed in CCM19. Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations and individualized advertising. The data subject can use CCM19 to give or refuse consent for all processing purposes or to give or refuse consent for individual purposes or individual third-party providers. The settings made by the data subject can be changed by the data subject at any time. If the data subject withdraws consent, this does not affect the permissibility of the data processing carried out up to the time of withdrawal.

The purpose of integrating CCM19 is to allow users of the website to decide on the setting of cookies and similar functionalities and to offer the possibility of changing settings already made during further use of the website. In the course of using CCM19, personal data and information about the end devices used are processed by the controller.

Legal basis

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfill the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. The legitimate interest of the Tübingen AI Center in the processing lies in the storage of user settings and preferences with regard to the use of cookies and in the evaluation of consent rates.

Receiver

The receiver of the data subject’s data is Papoo Software & media GmbH, Auguststr. 4, 53229 Bonn, Germany. The information about the settings made by the data subject is also stored on their device.

Transfer to third countries

The transfer of data to third countries does not take place.

Duration of data storage

Twelve months after the user settings have been made, consent is requested again. The user settings made are then saved again for this period, unless the data subject deletes the information about their user settings in the terminal device capacities provided for this purpose beforehand.

Possibility of revocation

The data subject has the option of withdrawing their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy informationen

Further information on the processing of personal data by Papoo Software & media GmbH is available from the provider: https://www.ccm19.de/ccm19-alle-features.html.

The website uses Matomo, an open source software for the statistical analysis of visitor access. The provider of Matomo is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies that are stored on the data subject's computer and enable an anonymized analysis of their use of the website. It is generally not possible to draw conclusions about a specific person, as the IP address is anonymized immediately after processing and before storage. Matomo is used for the purpose of improving the quality of the website and its content. In this way, the provider learns how the website is used and can thus constantly optimize the offer. When individual pages of the website are accessed, the following data is stored

• Anonymized IP address
• The URL accessed
• The website from which the data subject came to the accessed page (referrer)
• The subpages that are accessed from the accessed page
• The time spent on the website
• The frequency with which the website is accessed

The software runs exclusively on a server of the controller. The personal data of the data subjects is only stored there. The data is not passed on to third parties.

Legal basis

The legal basis for the processing of the data subject’s personal data is Art. 6 para. 1 lit. a) GDPR.

Receiver

The receiver of the data subject’s data is Tübingen AI Center / Eberhard Karls Universität Tübingen, Maria-von-Linden-Straße 6, 72076 Tübingen.

Transfer to third countries

The transfer of data to third countries does not take place.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject asserts their right to deletion within the meaning of Art. 17 para. 1 GDPR.

Possibility of revocation

The data subject can object to the collection and storage of their visit data at any time:

In addition, the data subject has the right to withdraw their consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to withdrawal. Further information on this can be found above in our privacy policy in the section Rights of the data subject.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information on the processing of personal data by Matomo is available from the provider: https://matomo.org/privacy-policy/.

The website utilizes Google Maps API to visually display geographical information. Google Maps is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. When Google Maps is used, Google also collects, processes and uses data about the use of the Maps functions by the data subject.

The embedding of Google Maps is initially prevented by the Consent Manager. The data subject must actively consent to the use of Google Maps in order to be able to use the function. Without active consent, no data is transferred to Google.

Legal basis

The legal basis for processing the personal data of the data subject is Art. 6 para. 1 lit. a) GDPR. The legal basis for transferring personal data is consent pursuant to Art. 49 para. 2 lit. a) GDPR.

Receiver

The receiver is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Transfer to third countries

The personal data is transmitted on the basis of Art. 46 and Art. 49 para. 1 lit. a) GDPR.

Duration of data storage

The data sent to Google and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are stored for 26 months by default and then automatically deleted.

Possibility of revocation

The data subject may prevent the storage of cookies by selecting the appropriate settings on their browser. In this case, the data subject may not be able to use all functions of the website without restriction.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information on the processing of personal data by Google is available from the provider: https://policies.google.com/privacy.

The Tübingen AI Center utilizes the YouTube.com platform to post its own videos and make them publicly accessible. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Some of the websites of the Tübingen AI Center contain links or connections to the YouTube service. In general, the controller is not responsible for the content of linked websites. However, in the event that the data subject follows a link to YouTube, the controller points out that YouTube stores user data (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. The Tübingen AI Center also embeds videos stored on YouTube directly on some websites. In this embedding, the video and the software required to play it (“player”) are loaded directly from YouTube and displayed and can be used within the controller's website.

The embedding of YouTube is initially prevented by the Consent Manager. The data subject must actively consent to the use of YouTube in order to use the function. Without active consent, no data is transferred to Google.

Legal basis

The legal basis for processing the personal data of the data subject is Art. 6 para. 1 lit. a) GDPR. The legal basis for transferring personal data is consent pursuant to Art. 49 para. 2 lit. a) GDPR.

Receiver

The receiver is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Transfer to third countries

Data is transferred to servers located in the USA.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject withdraws their consent or requests the deletion of their personal data.

Possibility of revocation

The data subject has the option of revoking their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy informationen

Further information on the processing of personal data by Google is available from the provider: https://policies.google.com/privacy.

The Tübingen AI Center utilizes the vimeo.com platform to post its own videos and make them publicly accessible. Vimeo is a service provided by Vimeo.com, Inc. 330 West 34th Street, 10th Floor New York, New York 10001, USA. Some of the websites of the Tübingen AI Center contain links or connections to the Vimeo service. In general, the controller is not responsible for the content of linked websites. However, in the event that the data subject follows a link to Vimeo, the controller points out that Vimeo stores user data (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. The Tübingen AI Center also embeds videos stored on Vimeo directly on some websites. In this embedding, the video and the software required to play it (“player”) are loaded directly from Vimeo and displayed and can be used within the controller's website.

The embedding of Vimeo is initially prevented by the Consent Manager. The data subject must actively consent to the use of Vimeo in order to use the function. Without active consent, no data is transferred to Vimeo.

Legal basis

The legal basis for processing the personal data of the data subject is Art. 6 para. 1 lit. a) GDPR. The legal basis for transferring personal data is consent pursuant to Art. 49 para. 2 lit. a) GDPR.

Receiver

The receiver is Vimeo.com, Inc. 330 West 34th Street, 10th Floor New York, New York 10001, USA.

Transfer to third countries

Data is transferred to servers located in the USA.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject withdraws their consent or requests the deletion of their personal data.

Possibility of revocation

The data subject has the option of revoking their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy informationen

Further information on the processing of personal data by Vimeo is available from the provider: https://vimeo.com/privacy.

The Privacy Policy and the Additional Privacy Information do not require the consent of users. It is subject to constant review and will be adapted if necessary. Unless otherwise specified, changes to the Privacy Policy and the Additional Privacy Information will take effect immediately.

The Tübingen AI Center uses the information service offered on LinkedIn via the technical platform and services of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland is responsible for the data processing of persons living in the designated countries of the GDPR (European Union (EU), European Economic Area (EEA) and Switzerland): https://www.linkedin.com/legal/impressum.

The Tübingen AI Center would like to point out that the data subject uses the LinkedIn page offered here and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

The information and publications to be found on the LinkedIn page of the provider are a voluntary additional offer. Visiting this LinkedIn page is only possible for registered users of the LinkedIn platform. Alternatively, the data subject can also access all information offered via this page on the website of the Tübingen AI Center at https://tuebingen.ai.

Information on what data is processed by LinkedIn and for what purposes it is used can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

By using LinkedIn, personal data of the data subject is collected, transferred, stored, disclosed and used by the LinkedIn Corporation. LinkedIn transfers the data of the data subject from the countries designated in the GDPR to the United States of America (USA) and back. The LinkedIn data centers for storing member information are currently located in the USA and Singapore.

The Tübingen AI Center has no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transfer of this data to third parties. It also has no effective control options in this respect.

Likewise, the Tübingen AI Center has no knowledge of the content of the personal data of the data subject transmitted to LinkedIn and cannot provide any information about which personal data is stored through the use of the LinkedIn service.

In addition to voluntarily entered data such as profile, login, contact and calendar data, LinkedIn also collects and processes, for example, location and device information as well as Internet Protocol addresses (IP addresses). Using cookies or similar technologies, LinkedIn can also identify the data subject outside of its own services and across different devices.

LinkedIn collects and analyzes data from the content, news and messages published and uploaded by the data subject, as well as data from partners and affiliated companies, such as information provided by their workplace/educational institution, websites or third-party services.

Further information on the processing of personal data by LinkedIn is available from the provider: https://www.linkedin.com/legal/privacy-policy.

LinkedIn states that it uses the data subject's personal data to provide him or her with other services (including advertisements), including with the help of automated systems and its own conclusions, and to adapt them so that they are more relevant and useful to the data subject and others. To this end, LinkedIn may also combine data internally via various services covered by the privacy policy (details at: https://www.linkedin.com/legal/privacy-policy#use).

The way in which LinkedIn uses the data from visits to LinkedIn pages for its own purposes, the extent to which activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties is not conclusively and clearly stated by LinkedIn and is not known to the Tübingen AI Center.

LinkedIn also states that it may use the services of third parties (partner companies and external service providers) to assist it in providing its services (for example, maintenance, analysis, auditing, payment, fraud detection, marketing and development). These third parties have access to the data subject's personal data to the extent reasonably necessary to perform the relevant tasks for LinkedIn and are required not to disclose or use personal data for other purposes. More information on this can be found at: https://www.linkedin.com/legal/privacy-policy#share.

If third-party services are used by LinkedIn for the LinkedIn page of the Tübingen AI Center, the Tübingen AI Center has neither commissioned nor approved this nor supported it in any other way. Nor is the personal data obtained during the analysis made available to it. Only certain, non-personal, aggregated information about the activity, such as the number of profile or link clicks on a particular post or page, can be viewed by the Tübingen AI Center via its own account. Furthermore, the Tübingen AI Center has no way of preventing or disabling the use of such services on its LinkedIn page.

Finally, LinkedIn also receives information if the data subject views content without an account (e.g. via a public LinkedIn profile). This so-called “log data” may include the IP address, the browser type, the operating system, information about the previously accessed website and the pages accessed by the data subject, their location, their mobile phone provider, the end device they use (including device ID and application ID), the search terms they use and cookie information.

LinkedIn buttons or widgets integrated into websites and the use of cookies enable LinkedIn to record the data subject's visits to these websites and assign them to their LinkedIn profile. This data can be used to offer content or advertising tailored to the data subject. Accordingly, the Tübingen AI Center refrains from using such buttons and widgets on its own websites.

In view of data protection issues, the Tübingen AI Center refrains from placing advertisements on LinkedIn and thus from actively using the data collected by LinkedIn for the targeted control of its communication.

Even if the LinkedIn Corporation is a non-European provider, it is bound by the GDPR in the designated countries. This applies, for example, to the rights of the data subject to information, blocking or deletion of data.

Registered users have the option of restricting the processing and visibility of personal data in their account under “Settings and data protection” under the various menu items listed there.

It should be noted that all information provided by the data subject in their profile is publicly visible by default, i.e. members who log into the network and customers of LinkedIn services can view it. This also applies to activities within the service, such as comments on posts, “Like” marks or the “Follow” function. Group memberships are also publicly visible. If posts are shared, this is set to public by default. In the options, the visibility of these posts can be restricted to the contacts of the person concerned. In the account settings, you can also specify whether the person concerned wants to share their contact list with all their contacts. A so-called “public profile” means that the content can also be found outside LinkedIn and in search engines.

Further information on these points can be found on the following LinkedIn help pages: https://www.linkedin.com/help/linkedin.

You can view and download your own data from LinkedIn in your LinkedIn account under “Settings and data protection” in the “Data protection” tab under “How LinkedIn uses your data” or at https://www.linkedin.com/psettings/member-data.

LinkedIn provides information about the comprehensive data collection by LinkedIn and other data protection settings options at: https://www.linkedin.com/legal/privacy-policy.

It is possible to opt out of interest-based advertising (not advertising in general): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, the data subject has the option of contacting LinkedIn via the LinkedIn contact form or via the LinkedIn office in Ireland responsible for the designated countries if they have any questions about the privacy policy or user agreement:

Online contact form: https://www.linkedin.com/help/linkedin/ask/PPQ.

LinkedIn Ireland Unlimited Company
Attn: Legal Dept. (Privacy Policy and User Agreement)
Wilton Plaza
Wilton Place, Dublin 2
Ireland

The contact channels mentioned above allow the data subject to request the deletion of part of their personal data (for example, if the provision of services is no longer necessary).

However, there are also data uses that the data subject cannot influence via the settings. If they do not agree to such use, their only option is to close their account: https://www.linkedin.com/psettings/account-management/close-submit.

If the data subject is located in one of the designated countries of the GDPR, they also have the right to lodge a complaint with the Irish Data Protection Commissioner. https://www.dataprotection.ie/docs/Contact-us/b/11.html.

The Tübingen AI Center also processes data of the data subject. It does not itself collect any data via its own LinkedIn account. However, the data entered by the data subject on LinkedIn, in particular their user name and the content published under their account, is processed by the Tübingen AI Center to the extent that it may share or comment on the data subject's postings or write postings itself that refer to the data subject's account. The data freely published and disseminated by the data subject on LinkedIn is thus included by the Tübingen AI Center in its own offering and made accessible to subscribers.

In addition, the Tübingen AI Center, as the provider of its own LinkedIn page, does not collect and process any personal data from the use of the service. The page is used exclusively for information and communication.

If you have any questions about our information services, you can contact us at info＠tuebingen․ai. You can assert your rights to information, blocking or deletion of data with our data protection officer: datenschutz＠uni-tuebingen․de.

Interested parties can find the usage concept on which the offer is based on the LinkedIn notes page.

Further information on data protection on LinkedIn can also be found at https://www.datenschutz.org/linkedin/.

The application portal careers.tuebingen.ai is available for applications for open positions.

Personal data is processed as part of an application process in order to initiate and establish an employment relationship with the Tübingen AI Center at the Eberhard Karls University of Tübingen.

Your data will only be passed on to third parties in cases in which you expressly authorize us to do so in writing, stating the recipients, or in cases in which we are obligated to do so due to legal requirements (see Declaration on data privacy in appointment procedures below).

If special categories of personal data pursuant to Art. 9 para. 1 GDPR (e.g. data on health, religion or trade union membership) are processed, this is done on the basis of Art. 9 para. 2 lit. b) GDPR in conjunction with the relevant national regulation. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Art. 9 para. 2 lit. h) GDPR in conjunction with the relevant national regulation.

The platform uses two necessary cookies to strongly secure the connection between client and server as well as user sessions:

• auth_token
• csrf_token

auth_token contains a JSON Web Token (JWS) for authentication.
csrf_token contains a CSRF Token to prevent Cross Site Request Forgery.

All cookies set the HttpOnly, Secure and SameSite=stric flags.

The platform uses two entries in the session storage to orchestrate the frontend:

• svelte:scroll
• svelte:snapshot

Both entries are part of the technical foundation and do not contain personal data.

• Master data (z.B. name, date of birth, place of residence)
• Communication data (z.B. email address, phone number)
• Documents (z.B. certificates, curriculum vitae, educational qualifications)

This may also include special categories of personal data pursuant to Art. 9 para. 1 GDPR, such as information voluntarily provided by the applicant on health or religious affiliation.

When applying for a position as an employee, your personal data will only be disclosed within the Tübingen AI Center and the Eberhard Karls University of Tübingen and only the responsible persons and offices (e.g. supervisors and employees of the specialist department involved in the application process, specialist supervisors, HR department, employee representatives) will have access to your personal data for the above-mentioned purposes.

Legal requirements apply to appointment procedures (e.g. State Higher Education Act of Baden-Württemberg (LHG BW)), which makes it necessary to disclose applicant data to a larger group of people (e.g. appointment committee).

We generally store your personal data for as long as is necessary for the purposes for which it was collected or processed, or for as long as we have a legitimate interest in continuing to store it. Thereafter, we delete your personal data with the exception of data that we must continue to store in order to fulfill legal obligations. After the application process has ended (e.g. due to rejection on our part or withdrawal of the application by you), your personal data will be deleted after six months at the latest.

An application or expression of interest is voluntary. The provision of your personal data regarding your professional or educational background, your qualifications, your skills, information about yourself and your contact details is necessary in order to carry out the personnel selection for a vacant position. If you do not provide the required data, the application process cannot be carried out and you cannot be considered for the vacancy.

Automated decision-making, including profiling, does not take place.

Your personal data is collected as part of the application process through the documents you submit.

As part of the appointment process, the Tübingen AI Center and the Eberhard Karls University of Tübingen (represented, for example, by the Appointment Committee) collect a significant amount of personal data. This data is further processed and evaluated during the course of the appointment process. If applicants use the career portal, their data is stored on the secure infrastructure operated by the Tübingen AI Center.

Documents and records are treated with absolute confidentiality. This also applies to evaluative statements in the context of a comparative appointment report. Access to data and documents is only granted to persons involved in the processing, evaluation and decision. In principle, all information about applicants is only passed on to those persons who need it for their task within the scope of the appointment procedure. These are defined in Art. 48 LHG BW, among others.

Furthermore, the appointment guidelines of the Eberhard Karls University of Tübingen regulate the involvement of the Faculty Council, the Academic Senate and, if applicable, the involvement of the Senate.

In the case of appointments to the Tübingen AI Center, the tasks of the Faculty Council can be performed by the Center Council of the Tübingen AI Center. The Executive Board of the Tübingen AI Center makes a proposal for the appointment of the appointment committee in accordance with the provisions of the State Higher Education Act, in which the faculty of the university to which the person to be appointed is expected to be co-opted is given appropriate consideration. The appointment committee is chaired by a member of the Rectorate who is a member of the Tübingen AI Center's Executive Board. The appointment committee also includes professors from the Tübingen AI Center / the Eberhard Karls University of Tübingen, professors from another faculty or department, representatives of the Max Planck Institute for Intelligent Systems, external experts, student representatives and an equal opportunities officer. If other members of the Tübingen AI Center (employees of the Eberhard Karls University of Tübingen or the Max Planck Institute for Intelligent Systems) are involved in the procedure, they may be granted access to the application data as required.

Permitted use of data within the Eberhard Karls University of Tübingen

The members of the Appointments Committee and the other persons involved in addition to the Dean of Studies or the Head of Department (see also the Basic Regulations of the Eberhard Karls University Tübingen) require access to the application data in order to be able to properly exercise their right of participation. The forwarding of application documents to these committee members and involved parties who are also members or affiliates of the Eberhard Karls University Tübingen constitutes the use of personal data and is permitted under Section 15 (1) of the State Data Protection Act Baden-Württemberg (LDSG BW). The applicants' consent is not required.

Other statutory participants in the appointment procedure are also persons who are not members of the Eberhard Karls University within the meaning of Art. 9 LHG BW (e.g. external experts or the member of the hospital board who may be involved). The forwarding of application documents to these persons constitutes a transfer of personal data under data protection law. The legal basis for processing as part of the selection procedure to establish a civil servant/employee relationship is Art. 6 para. 1 lit. e in conjunction with para. 3 GDPR in conjunction with Art. 15 LDSG in conjunction with Arts. 83 to 85 LBG. The transfer takes place because it is necessary for the fulfillment of the Eberhard Karls University task - namely the proper course of the appointment procedure. Use of the data for the purposes for which it was collected is guaranteed. Therefore, as part of the appointment procedure, the forwarding of application documents to the persons involved in the selection decision in accordance with Art. 48 para. 3 LHG BW or the Eberhard Karls University basic regulations is permitted.Consent is not required.

Documents are stored at the Eberhard Karls University in accordance with data protection regulations. Application documents in paper form are protected from access by unauthorized persons. All paper documents are stored in a lockable cabinet. Access to the documents is only granted to the persons involved in the procedure.

The documents sent in paper form or printed out by the Eberhard Karls University will be disposed of in accordance with data protection regulations six months after the report has been prepared. If electronic documents are sent, they will be deleted six months after the end of the procedure.

Further data subject rights under the GDPR can be viewed at https://uni-tuebingen.de/meta/datenschutzerklaerung/.

* Source: Adapted from https://berufungen.uni-tuebingen.de/privacy for appointments at the Tübingen AI Center at the Eberhard Karls University of Tübingen.

The Tübingen Talks portal enables interested individuals and institutions to present talks from the Tübingen AI ecosystem. Available talks are presented in a list of upcoming events. On request, a summary of upcoming events can be sent by e-mail.

Controller

For information, objections and complaints regarding the processing of the data subject's personal data and for requests for deletion or correction, the responsible body is:

Prof. Dr. Philipp Hennig
Maria-von-Linden-Str. 6
72076 Tübingen
Email: mml-sekretariat＠inf.uni-tuebingen․de
Phone: +49 7071 29 70850

Data storage on the device

The following office is responsible for information, objections and complaints regarding the processing of the data subject's personal data and for requests for erasure or rectification.

If the data subject successfully logs in as a user, the platform creates the “JWebToken” entry in the local memory of the data subject's browser. The entry contains an anonymized hash value with which the local session of the browser is securely linked to the session on the web server. The entry is deleted after logging out of the website. It is not merged with other personal data.

Processing of personal data

The following set of personal data of the data subject is processed by the portal:

• Name
• Email address
• Account/Login data
• Organization and short introduction, if provided voluntarily

Personal account

Registration on https://talks.tuebingen.ai is personal and voluntary. By registering, the data subject can use the services offered by the platform.

If the data subject wishes to delete their account, please send an informal request to the contact details listed above. The account and the associated personal data will then be deleted by the controller.

Legal basis

The legal basis for processing the personal data of the data subject is Art. 6 para. 1 lit. a) GDPR.

Receiver

Tübingen AI Center / Eberhard Karls University Tübingen, Maria-von-Linden-Straße 6, 72076 Tübingen, Germany.

Transfer to third countries

The transfer of data to third countries does not take place.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject asserts their right to deletion within the meaning of Art. 17 para. 1 GDPR.

Possibility of revocation

The data subject has the option of withdrawing their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

The platform https://calendar.tuebingen.ai supports the scheduling of appointments with employees of the Tübingen AI Center and is based on a self-hosted cal.com instance. The arrangement of appointments via the platform by the data subject is voluntary. However, the retrieval, storage and processing of personal data is required to make an appointment. The data is stored solely for the purposes of processing or contacting the data subject. The Tübingen AI Center does not pass the personal data on to third parties. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR if the user has given consent.

Data storage on your device

The platform uses cookies and stores data in the local memory of the browser. The cookies “__clnds”, “__Secure-next-auth.callback-url”, “__Secure-next-auth.csrf-token”, “__Secure-next-auth.session_token” are used to secure the current session and enable returning users to be recognized if they have set up an optional account and were logged in to the platform with this account.

The platform stores the keys “nextauto-message”, “timeOption.is24hClock”, “toggledConnectedCalenders” and “user_geolocation” in the browser's local memory. Geolocation is deactivated. Therefore, the value of “user_geolocation” is always “Unknown”. The other keys contain data for individual display according to individual user settings.

The data stored on the device is anonymized. It is not merged with other personal data.

Processing of personal data

The following set of personal data of the data subject is processed by the portal:

• Name
• Email address
• Account/Login data
• Short introduction, if provided voluntarily

Personal accounts

Registration for https://calendar.tuebingen.ai is personal and voluntary. By registering, the data subject can use the services offered by the platform.

It is possible for interested parties to make an appointment without an account. It is only necessary to register an account if the data subject wishes to offer appointments via the platform.

The data subject can delete their account at any time via their own account management. The account and the associated personal data will then be deleted automatically.

Legal basis

The legal basis for processing the personal data of the data subject is Art. 6 para. 1 lit. a) GDPR.

Receiver

Tübingen AI Center / Eberhard Karls University Tübingen, Maria-von-Linden-Straße 6, 72076 Tübingen, Germany.

Transfer to third countries

The transfer of data to third countries does not take place.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject asserts their right to deletion within the meaning of Art. 17 para. 1 GDPR.

Possibility of revocation

The data subject has the option of withdrawing their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

The Tübingen AI Center utilizes the online survey platform LimeSurvey to conduct web-based surveys. This service is provided by LimeSurvey GmbH, Papenreye 63, 22453 Hamburg, Germany. When participants take part in a survey, LimeSurvey collects, processes, and uses data regarding their use of the service.

LimeSurvey is not embedded in the online services of the controller. Participants are invited to take part in a survey by email. Participation in the survey is voluntary. No data is transferred to LimeSurvey without actively calling up a survey.

Participation in surveys is generally possible without registration and is typically anonymous. If personal data is collected as part of a survey, participants are informed about the collection, storage, and processing of this data. When necessary, consent is obtained from the participants. The survey results are stored in a database and can be analyzed or exported by the controller using internal functions.

The survey results are stored in a database and can be analyzed or exported by the controller using internal functions.

Legal basis

The legal basis for the processing of personal data from publicly conducted surveys is the consent of the participants pursuant to Art. 6 para. 1 lit. a) GDPR. The legal basis for the processing of personal data from internal surveys is the legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

Receiver

The receiver is LimeSurvey GmbH, Papenreye 63, 22453 Hamburg, Germany. If personal data is collected in the course of a survey, the receiver is also the Tübingen AI Center / Eberhard Karls University Tübingen, Maria-von-Linden-Straße 6, 72076 Tübingen, Germany.

Transfer to third countries

The transfer of data to third countries does not take place.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if the data subject asserts their right to deletion within the meaning of Art. 17 para. 1 GDPR.

Possibility of revocation

The data subject has the option of withdrawing their consent to data processing at any time. In this case, the data subject may not be able to use all functions of the website without restriction. A revocation does not affect the effectiveness of data processing operations that took place in the past.

Contractual and legal obligations

There is no contractual or legal obligation to provide the data.

Additional privacy information

Further information on the processing of personal data by LimeSurvey is available from the provider: https://www.limesurvey.org/privacy-notice.