Privacy policy
In the course of using our website, your personal data (hereinafter only »data«) will be processed. The data may include, for example, your name, address, e‑mail address, and other personal information. In this context, processing is basically any way of handling this data.
In the following you will find information about the processing of your data by the
TUDAG TU Dresden Aktiengesellschaft
on the basis of the provisions of the General Data Protection Regulation (GDPR) and the applicable federal and state data protection laws.
- General information
- Information on data processing on this website
- Information on data processing during communication
- Information on data processing in connection with applications
A) General information
Responsible entity
Responsible for data processing in the sense of data protection law is:
TUDAG TU Dresden Aktiengesellschaft
Freiberger Str. 37
01067 Dresden | Germany
T +49 351 40470–170
F +49 351 40470–310
Data Protection Officer
If you have any questions regarding data protection, please also feel free to contact our data protection officer at:
DID DRESDNER INSTITUT FÜR DATENSCHUTZ
Stiftung bürgerlichen Rechts | Stiftungsregister LD Dresden
Represented by the the member of the board Prof. Dr. Ralph Wagner
Hospitalstraße 4 | 01097 Dresden | Germany
Phone: +49 351 – 655 772 – 0
Telefax: +49 351 – 655 772 – 22
E‑mail: datenschutz@tudag.de | Internet: www.dids.de
Your rights as a data subject
As a data subject, you have the following rights regarding your personal data.
You have:
- A right to information about, among other things, the categories of data processed, the processing purposes, the storage period and any recipients, in accordance with Art. 15 DSGVO and §34 BDSG.
- A right to correction or deletion of incorrect or incomplete data, in accordance with Art. 16 and 17 DSGVO and §35 BDSG.
- Under the conditions of Art. 18 DSGVO or §35 para. 1 p. 2 BDSG a right to restriction of processing.
- A right to object to processing pursuant to Art. 21 para. 1 DSGVO, insofar as the data processing was based on a legitimate interest.
- A right to revoke a given consent with effect for the future pursuant to Art. 7 para. 3 GDPR.
- A right to data portability in a common format in accordance with Art. 20 DSGVO.
- In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. This also includes profiling within the meaning of Art. 4 No. 4 DSGVO.
- You also have the right to lodge a complaint about the processing of your personal data by us with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, in accordance with Article 77 DSGVO.
Procedure for asserting data subject rights
If you wish to exercise your rights under the GDPR and the BDSG, the data you provide will be processed in order to fulfill your claim. Subsequently, the data transmitted by you and the data transmitted to you in return will be stored for the purpose of documentation until the expiry of the limitation period (3 years). The legal basis for the storage of the data is Art. 6 para. 1 p. 1 letter f) DSGVO (legitimate interest in data processing). The legitimate interest arises from our obligation to comply with your request and the need to be able to exonerate ourselves in possible fine proceedings by proving that we have properly complied with your request.
Data transfer to third countries outside the EU
All information we receive from you or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for or permitted by law and an appropriate level of data protection is ensured in the third country.
Disclosure of data, order processing
Your personal data will not be disclosed to third parties without authorization. Data may be disclosed if disclosure is necessary to fulfill legal obligations or if disclosure is required by law or by official or court orders. This may involve, in particular, the provision of information for law enforcement purposes, for the prevention of danger or for the enforcement of intellectual property rights.
Under certain circumstances, your data may also be transferred to external service providers who process data on our behalf and according to our instructions (processors) in order to simplify or relieve our own data processing. Each processor is bound by a contract in accordance with Article 28 of the GDPR. This means, in particular, that the processor must provide sufficient guarantees that appropriate technical and organizational measures are implemented by the processor in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of your rights as a data subject is ensured. Despite the commissioning of processors, we remain the responsible party for the processing of your personal data within the meaning of the data protection laws.
Information on the specific processors used can be found below under the relevant data processing.
B) Information on data processing on this website
E Mail contact
At various points on the website, it is possible to contact us via the e‑mail address provided. The personal data transmitted, in particular the e‑mail address itself, is stored. This data is not passed on to third parties. The data will be used exclusively for the processing of the request. The legal basis for the processing of the data is Art. 6 (1) sentence 1 f DSGVO. The legitimate interest in processing the data lies in the implementation of the contact. The data will be deleted after the purpose ceases to exist or the communication is terminated. If a contractual process takes place in the course of the communication, the processed data will be deleted after expiry of the retention periods provided for this purpose.
IT Security/Log Files
Every time this website is called up and every time data is retrieved from a server, general information is automatically transmitted to the server providing the data. This data transfer is automatic and is a fundamental part of communication between devices on the Internet.
The data transmitted by default includes the following information: Your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referer), date and time of the request (so-called timestamp). In addition, the http status and the amount of data transferred are recorded as part of this request.
This information is logged by the server, stored in a table and saved there for a short time (so-called server log files). By analyzing these log files, we can detect and subsequently eliminate website errors, determine the website’s load at certain times and make adjustments or improvements based on this, and ensure the server’s security by being able to track from which IP address attacks were carried out on our server.
Your IP address is only stored for the time of your use of the website and is then immediately deleted or made partially unrecognizable by shortening it. The remaining data is stored for a limited period of time (usually 7 days).
The legal basis for the use of server log files is Art. 6 para. 1 p. 1 letter f) DSGVO (legitimate interest in data processing). The legitimate interest arises from the need for the operation and maintenance of our website, as we have explained above.
Web fonts
Graphical symbols and icons on our website are provided by the FontAwesome web service (FontAwesome, Inc.; 307 S Main St, Bentonville, Arkansas 72712, US). The reason for this is our legitimate interest in the technically feasible, barrier-free and device-independent display of icons and symbols on this website. For this purpose, when you access this website, your IP address is transmitted to the web interface of the service for the purpose of delivering the graphical elements. You can find FontAwesome’s privacy information here. We are currently working on converting this functionality so that integration via FontAwesome’s web service is no longer necessary.
Processor
In order to run and develop our website we have contracted a hosting provider and a design company.
C) Information on data processing during communication
If you wish to communicate with us by e‑mail, we will process these e‑mails and any personal data contained therein on the server of our mail hosting provider.
Depending on the content of the communication, the purposes and legal bases of the data processing may be
- the initiation or fulfillment of a contract (Art. 6 para. 1 b) DSGVO)
- the fulfillment of legal storage obligations (Art. 6 para. 1 c) DSGVO)
- the protection of our legitimate interests (Art. 6 para. 1 f) DSGVO) or
- a consent (Art. 6 para. 1 a) DSGVO)
be
Processor
We have contracted a hosting provider to provide a receiving and sending server for e‑mails.
D) Information on data processing in connection with applications to TUDAG.
General information about applications
If you send us an application, by whatever means, we will process the personal data thus transmitted to us for the purpose of processing the application.
The legal basis for this is Art. 6 para. 1 b) GDPR.
We forward incoming applications for specific purposes and internally to the relevant persons for a decision on hiring.
If you are hired, we will place your application in your personnel file. In the course of the discontinuation, we will then inform you separately about all further data processing.
If you are not hired, your data will be automatically deleted no later than 6 months after receipt of your application. However, we would like to point out that in the case of applications sent by e‑mail to mailboxes that are not specifically intended for applications (e.g. info@tudag.de), we cannot rule out longer storage periods in order to comply with statutory retention periods.
Processor
Regardless of how you send us an application, we will enter all incoming applications into our applicant management system. This is operated by pludoni GmbH, Pillnitzer Landstraße 73b, 01326 Dresden. We have entered into an order processing agreement with the provider to legitimize the data processing operations. A data transfer to a third country does not take place.
Through the Empfehlungsbund job advertisement widget of pludoni GmbH (https://www.pludoni.de/impressum), which we use, a one-time secure connection is established via HTTPS to https://bms.empfehlungsbund.de.. This connection setup is necessary so that our job advertisements can be displayed. Log files are created that contain access data (name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider). Log files are processed for the purpose of troubleshooting and for security reasons (e.g. to clarify acts of abuse or fraud) and stored for a maximum period of 3 months, after which they are deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. For detailed information on the processing of your data in connection with the Empfehlungsbund job advertisement widget, please refer to the separate privacy policy (https://bms.empfehlungsbund.de/datenschutz#stellenanzeigen-widget) of pludoni GmbH.
E) Information on data processing in connection with applications to other companies from the TUDAG group of companies
Many companies in the TUDAG group of companies (shown as an overview at https://tudag.de/beteiligung/) have commissioned TUDAG TU Dresden AG to provide application management as a service.
In this respect, TUDAG acts as an order processor for applicant data of those companies for which the service is provided. TUDAG has concluded a corresponding order processing agreement with all companies.
How can you tell that TUDAG is processing your application on your behalf and who is the responsible party?
In principle, the company to which you wish to apply is always the entity responsible for data processing.
- Job advertisements on portals on the Internet
If you see a job advertisement on an online applicant portal (e.g. Indeed) that refers to this data protection information, then this is data processing on behalf of the company that is stated as the employer in the job advertisement. - Applications by e‑mail
If you apply directly to a company by e‑mail and the confirmation e‑mail of receipt of your application contains a reference to this data protection information, then this is data processing on behalf of the company which you have contacted for the purpose of the application. - Applications via the job portal on tudag.de/jobs
If you use the job portal on tudag.de, then this is data processing on behalf of the company that is specified as the employer in the job advertisement after clicking on the »Continue to application« link in the top left corner.
Processor
Regardless of how you send us an application, we will enter all incoming applications into our applicant management system. This is operated by pludoni GmbH, Pillnitzer Landstraße 73b, 01326 Dresden. We have entered into an order processing agreement with the provider to legitimize the data processing operations. A data transfer to a third country does not take place.
If you go directly to tudag.de/jobs via the job portal, we will also use the applicant management system of pludoni GmbH to collect the data. You will receive information on data processing directly on the page of the job advertisement.
Retention/Deletion
If you are hired, your application materials will be placed in your personnel file. In the course of the setting, you will then be informed separately about all further data processing. Irrespective of this, all data in the applicant management system will be automatically deleted no later than 6 months after receipt of the application, even in the event of a recruitment.
If you are not hired, your data will be automatically deleted no later than 6 months after receipt of your application. However, we would like to point out that in the case of applications sent by e‑mail to mailboxes that are not specifically intended for applications (e.g. info@tudag.de), we cannot rule out longer storage periods in order to comply with statutory retention periods.