Privacy policy

In the course of using our web­site, your per­so­nal data (her­ein­af­ter only »data«) will be pro­ces­sed. The data may include, for exam­ple, your name, address, e‑mail address, and other per­so­nal infor­ma­tion. In this con­text, pro­ces­sing is basi­cally any way of hand­ling this data.

In the fol­lo­wing you will find infor­ma­tion about the pro­ces­sing of your data by the 
TUDAG TU Dres­den Aktiengesellschaft
on the basis of the pro­vi­si­ons of the Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR) and the appli­ca­ble fede­ral and state data pro­tec­tion laws.

  1. Gene­ral information
  2. Infor­ma­tion on data pro­ces­sing on this website
  3. Infor­ma­tion on data pro­ces­sing during communication
  4. Infor­ma­tion on data pro­ces­sing in con­nec­tion with applications

A) General information

Responsible entity

Respon­si­ble for data pro­ces­sing in the sense of data pro­tec­tion law is:

TUDAG TU Dres­den Aktiengesellschaft
Frei­ber­ger Str. 37
01067 Dres­den | Germany

T +49 351 40470–170
F +49 351 40470–310

@ info@tudag.de

Data Protection Officer

If you have any ques­ti­ons regar­ding data pro­tec­tion, please also feel free to cont­act our data pro­tec­tion offi­cer at:

DID DRESDNER INSTITUT FÜR DATENSCHUTZ
Stif­tung bür­ger­li­chen Rechts | Stif­tungs­re­gis­ter LD Dresden
Repre­sen­ted by the the mem­ber of the board Prof. Dr. Ralph Wagner

Hos­pi­tal­straße 4 | 01097 Dres­den | Germany
Phone: +49 351 – 655 772 – 0
Tele­fax: +49 351 – 655 772 – 22
E‑mail: datenschutz@tudag.de | Inter­net: www.dids.de

Your rights as a data subject

As a data sub­ject, you have the fol­lo­wing rights regar­ding your per­so­nal data.
You have:

  • A right to infor­ma­tion about, among other things, the cate­go­ries of data pro­ces­sed, the pro­ces­sing pur­po­ses, the sto­rage period and any reci­pi­ents, in accordance with Art. 15 DSGVO and §34 BDSG.
  • A right to cor­rec­tion or dele­tion of incor­rect or incom­plete data, in accordance with Art. 16 and 17 DSGVO and §35 BDSG.
  • Under the con­di­ti­ons of Art. 18 DSGVO or §35 para. 1 p. 2 BDSG a right to rest­ric­tion of processing.
  • A right to object to pro­ces­sing pur­su­ant to Art. 21 para. 1 DSGVO, inso­far as the data pro­ces­sing was based on a legi­ti­mate interest.
  • A right to revoke a given con­sent with effect for the future pur­su­ant to Art. 7 para. 3 GDPR.
  • A right to data por­ta­bi­lity in a com­mon for­mat in accordance with Art. 20 DSGVO.
  • In accordance with Article 22 of the GDPR, you have the right not to be sub­ject to a decis­ion based solely on auto­ma­ted pro­ces­sing which pro­du­ces legal effects con­cer­ning you or simi­larly signi­fi­cantly affects you. This also includes pro­fil­ing within the mea­ning of Art. 4 No. 4 DSGVO.
  • You also have the right to lodge a com­plaint about the pro­ces­sing of your per­so­nal data by us with a data pro­tec­tion super­vi­sory aut­ho­rity, in par­ti­cu­lar in the Mem­ber State of your habi­tual resi­dence, your place of work or the place of the alle­ged inf­rin­ge­ment, in accordance with Article 77 DSGVO.

Procedure for asserting data subject rights

If you wish to exer­cise your rights under the GDPR and the BDSG, the data you pro­vide will be pro­ces­sed in order to ful­fill your claim. Sub­se­quently, the data trans­mit­ted by you and the data trans­mit­ted to you in return will be stored for the pur­pose of docu­men­ta­tion until the expiry of the limi­ta­tion period (3 years). The legal basis for the sto­rage of the data is Art. 6 para. 1 p. 1 let­ter f) DSGVO (legi­ti­mate inte­rest in data pro­ces­sing). The legi­ti­mate inte­rest ari­ses from our obli­ga­tion to com­ply with your request and the need to be able to exo­ne­rate our­sel­ves in pos­si­ble fine pro­cee­dings by pro­ving that we have pro­perly com­plied with your request.

Data transfer to third countries outside the EU

All infor­ma­tion we receive from you or about you is gene­rally pro­ces­sed on ser­vers within the Euro­pean Union. Your data will only be trans­fer­red to or pro­ces­sed in third count­ries wit­hout your express con­sent if this is pro­vi­ded for or per­mit­ted by law and an appro­priate level of data pro­tec­tion is ensu­red in the third country.

Disclosure of data, order processing

Your per­so­nal data will not be dis­c­lo­sed to third par­ties wit­hout aut­ho­riza­tion. Data may be dis­c­lo­sed if dis­clo­sure is neces­sary to ful­fill legal obli­ga­ti­ons or if dis­clo­sure is requi­red by law or by offi­cial or court orders. This may involve, in par­ti­cu­lar, the pro­vi­sion of infor­ma­tion for law enforce­ment pur­po­ses, for the pre­ven­tion of dan­ger or for the enforce­ment of intellec­tual pro­perty rights.

Under cer­tain cir­cum­s­tances, your data may also be trans­fer­red to exter­nal ser­vice pro­vi­ders who pro­cess data on our behalf and accor­ding to our ins­truc­tions (pro­ces­sors) in order to sim­plify or reli­eve our own data pro­ces­sing. Each pro­ces­sor is bound by a con­tract in accordance with Article 28 of the GDPR. This means, in par­ti­cu­lar, that the pro­ces­sor must pro­vide suf­fi­ci­ent gua­ran­tees that appro­priate tech­ni­cal and orga­niza­tio­nal mea­su­res are imple­men­ted by the pro­ces­sor in such a way that the pro­ces­sing is car­ried out in accordance with the requi­re­ments of the GDPR and the pro­tec­tion of your rights as a data sub­ject is ensu­red. Despite the com­mis­sio­ning of pro­ces­sors, we remain the respon­si­ble party for the pro­ces­sing of your per­so­nal data within the mea­ning of the data pro­tec­tion laws.

Infor­ma­tion on the spe­ci­fic pro­ces­sors used can be found below under the rele­vant data processing.

B) Information on data processing on this website

E Mail contact

At various points on the web­site, it is pos­si­ble to cont­act us via the e‑mail address pro­vi­ded. The per­so­nal data trans­mit­ted, in par­ti­cu­lar the e‑mail address its­elf, is stored. This data is not pas­sed on to third par­ties. The data will be used exclu­si­vely for the pro­ces­sing of the request. The legal basis for the pro­ces­sing of the data is Art. 6 (1) sen­tence 1 f DSGVO. The legi­ti­mate inte­rest in pro­ces­sing the data lies in the imple­men­ta­tion of the cont­act. The data will be dele­ted after the pur­pose cea­ses to exist or the com­mu­ni­ca­tion is ter­mi­na­ted. If a con­trac­tual pro­cess takes place in the course of the com­mu­ni­ca­tion, the pro­ces­sed data will be dele­ted after expiry of the reten­tion peri­ods pro­vi­ded for this purpose.

IT Security/​Log Files

Every time this web­site is cal­led up and every time data is retrie­ved from a ser­ver, gene­ral infor­ma­tion is auto­ma­ti­cally trans­mit­ted to the ser­ver pro­vi­ding the data. This data trans­fer is auto­ma­tic and is a fun­da­men­tal part of com­mu­ni­ca­tion bet­ween devices on the Internet.
The data trans­mit­ted by default includes the fol­lo­wing infor­ma­tion: Your IP address, pro­duct and ver­sion infor­ma­tion about the brow­ser and ope­ra­ting sys­tem used (so-cal­led user agent), the web­site from which your access took place (so-cal­led refe­rer), date and time of the request (so-cal­led timestamp). In addi­tion, the http sta­tus and the amount of data trans­fer­red are recor­ded as part of this request.

This infor­ma­tion is log­ged by the ser­ver, stored in a table and saved there for a short time (so-cal­led ser­ver log files). By ana­ly­zing these log files, we can detect and sub­se­quently eli­mi­nate web­site errors, deter­mine the web­site’s load at cer­tain times and make adjus­t­ments or impro­ve­ments based on this, and ensure the ser­ver’s secu­rity by being able to track from which IP address attacks were car­ried out on our server.

Your IP address is only stored for the time of your use of the web­site and is then imme­dia­tely dele­ted or made par­ti­ally unre­co­gnizable by shor­tening it. The remai­ning data is stored for a limi­ted period of time (usually 7 days).
The legal basis for the use of ser­ver log files is Art. 6 para. 1 p. 1 let­ter f) DSGVO (legi­ti­mate inte­rest in data pro­ces­sing). The legi­ti­mate inte­rest ari­ses from the need for the ope­ra­tion and main­ten­ance of our web­site, as we have explai­ned above.

Web fonts

Gra­phi­cal sym­bols and icons on our web­site are pro­vi­ded by the Fon­tA­we­some web ser­vice (Fon­tA­we­some, Inc.; 307 S Main St, Ben­ton­ville, Arkan­sas 72712, US). The reason for this is our legi­ti­mate inte­rest in the tech­ni­cally fea­si­ble, bar­rier-free and device-inde­pen­dent dis­play of icons and sym­bols on this web­site. For this pur­pose, when you access this web­site, your IP address is trans­mit­ted to the web inter­face of the ser­vice for the pur­pose of deli­ve­ring the gra­phi­cal ele­ments. You can find Fon­tA­we­so­me’s pri­vacy infor­ma­tion here. We are curr­ently working on con­ver­ting this func­tion­a­lity so that inte­gra­tion via Fon­tA­we­so­me’s web ser­vice is no lon­ger necessary.

Processor

In order to run and deve­lop our web­site we have con­trac­ted a hos­ting pro­vi­der and a design company.

C) Information on data processing during communication

If you wish to com­mu­ni­cate with us by e‑mail, we will pro­cess these e‑mails and any per­so­nal data con­tai­ned the­r­ein on the ser­ver of our mail hos­ting provider.

Depen­ding on the con­tent of the com­mu­ni­ca­tion, the pur­po­ses and legal bases of the data pro­ces­sing may be

  • the initia­tion or ful­fill­ment of a con­tract (Art. 6 para. 1 b) DSGVO)
  • the ful­fill­ment of legal sto­rage obli­ga­ti­ons (Art. 6 para. 1 c) DSGVO)
  • the pro­tec­tion of our legi­ti­mate inte­rests (Art. 6 para. 1 f) DSGVO) or
  • a con­sent (Art. 6 para. 1 a) DSGVO)

be

Processor

We have con­trac­ted a hos­ting pro­vi­der to pro­vide a recei­ving and sen­ding ser­ver for e‑mails.

D) Information on data processing in connection with applications to TUDAG.

General information about applications

If you send us an appli­ca­tion, by wha­te­ver means, we will pro­cess the per­so­nal data thus trans­mit­ted to us for the pur­pose of pro­ces­sing the application.

The legal basis for this is Art. 6 para. 1 b) GDPR.

We for­ward inco­ming appli­ca­ti­ons for spe­ci­fic pur­po­ses and intern­ally to the rele­vant per­sons for a decis­ion on hiring.
If you are hired, we will place your appli­ca­tion in your per­son­nel file. In the course of the dis­con­ti­nua­tion, we will then inform you sepa­ra­tely about all fur­ther data processing.

If you are not hired, your data will be auto­ma­ti­cally dele­ted no later than 6 months after receipt of your appli­ca­tion. Howe­ver, we would like to point out that in the case of appli­ca­ti­ons sent by e‑mail to mail­bo­xes that are not spe­ci­fi­cally inten­ded for appli­ca­ti­ons (e.g. info@tudag.de), we can­not rule out lon­ger sto­rage peri­ods in order to com­ply with sta­tu­tory reten­tion periods.

Processor

Regard­less of how you send us an appli­ca­tion, we will enter all inco­ming appli­ca­ti­ons into our appli­cant manage­ment sys­tem. This is ope­ra­ted by pludoni GmbH, Pill­nit­zer Land­straße 73b, 01326 Dres­den. We have ente­red into an order pro­ces­sing agree­ment with the pro­vi­der to legi­ti­mize the data pro­ces­sing ope­ra­ti­ons. A data trans­fer to a third coun­try does not take place.

Through the Emp­feh­lungs­bund job adver­ti­se­ment wid­get of pludoni GmbH (https://www.pludoni.de/impressum), which we use, a one-time secure con­nec­tion is estab­lished via HTTPS to https://bms.empfehlungsbund.de.. This con­nec­tion setup is neces­sary so that our job adver­ti­se­ments can be dis­played. Log files are crea­ted that con­tain access data (name of the web­site acces­sed, file, date and time of access, amount of data trans­fer­red, noti­fi­ca­tion of suc­cessful access, brow­ser type and ver­sion, the user’s ope­ra­ting sys­tem, refer­rer URL (the pre­viously visi­ted page), IP address and the reques­t­ing pro­vi­der). Log files are pro­ces­sed for the pur­pose of trou­ble­shoo­ting and for secu­rity reasons (e.g. to cla­rify acts of abuse or fraud) and stored for a maxi­mum period of 3 months, after which they are dele­ted. Data whose fur­ther sto­rage is requi­red for evi­den­tiary pur­po­ses is exempt from dele­tion until final cla­ri­fi­ca­tion of the respec­tive inci­dent. For detailed infor­ma­tion on the pro­ces­sing of your data in con­nec­tion with the Emp­feh­lungs­bund job adver­ti­se­ment wid­get, please refer to the sepa­rate pri­vacy policy (https://bms.empfehlungsbund.de/datenschutz#stellenanzeigen-widget) of pludoni GmbH.

E) Information on data processing in connection with applications to other companies from the TUDAG group of companies

Many com­pa­nies in the TUDAG group of com­pa­nies (shown as an over­view at https://tudag.de/beteiligung/) have com­mis­sio­ned TUDAG TU Dres­den AG to pro­vide appli­ca­tion manage­ment as a service.

In this respect, TUDAG acts as an order pro­ces­sor for appli­cant data of those com­pa­nies for which the ser­vice is pro­vi­ded. TUDAG has con­cluded a cor­re­spon­ding order pro­ces­sing agree­ment with all companies.

How can you tell that TUDAG is pro­ces­sing your appli­ca­tion on your behalf and who is the respon­si­ble party?
In prin­ci­ple, the com­pany to which you wish to apply is always the entity respon­si­ble for data processing.

  • Job adver­ti­se­ments on por­tals on the Internet
    If you see a job adver­ti­se­ment on an online appli­cant por­tal (e.g. Indeed) that refers to this data pro­tec­tion infor­ma­tion, then this is data pro­ces­sing on behalf of the com­pany that is sta­ted as the employer in the job advertisement.
  • Appli­ca­ti­ons by e‑mail
    If you apply directly to a com­pany by e‑mail and the con­fir­ma­tion e‑mail of receipt of your appli­ca­tion con­ta­ins a refe­rence to this data pro­tec­tion infor­ma­tion, then this is data pro­ces­sing on behalf of the com­pany which you have cont­ac­ted for the pur­pose of the application.
  • Appli­ca­ti­ons via the job por­tal on tudag.de/jobs
    If you use the job por­tal on tudag.de, then this is data pro­ces­sing on behalf of the com­pany that is spe­ci­fied as the employer in the job adver­ti­se­ment after cli­cking on the »Con­ti­nue to appli­ca­tion« link in the top left corner.

Processor

Regard­less of how you send us an appli­ca­tion, we will enter all inco­ming appli­ca­ti­ons into our appli­cant manage­ment sys­tem. This is ope­ra­ted by pludoni GmbH, Pill­nit­zer Land­straße 73b, 01326 Dres­den. We have ente­red into an order pro­ces­sing agree­ment with the pro­vi­der to legi­ti­mize the data pro­ces­sing ope­ra­ti­ons. A data trans­fer to a third coun­try does not take place.

If you go directly to tudag.de/jobs via the job por­tal, we will also use the appli­cant manage­ment sys­tem of pludoni GmbH to coll­ect the data. You will receive infor­ma­tion on data pro­ces­sing directly on the page of the job advertisement.

Retention/​Deletion

If you are hired, your appli­ca­tion mate­ri­als will be pla­ced in your per­son­nel file. In the course of the set­ting, you will then be infor­med sepa­ra­tely about all fur­ther data pro­ces­sing. Irre­spec­tive of this, all data in the appli­cant manage­ment sys­tem will be auto­ma­ti­cally dele­ted no later than 6 months after receipt of the appli­ca­tion, even in the event of a recruitment.

If you are not hired, your data will be auto­ma­ti­cally dele­ted no later than 6 months after receipt of your appli­ca­tion. Howe­ver, we would like to point out that in the case of appli­ca­ti­ons sent by e‑mail to mail­bo­xes that are not spe­ci­fi­cally inten­ded for appli­ca­ti­ons (e.g. info@tudag.de), we can­not rule out lon­ger sto­rage peri­ods in order to com­ply with sta­tu­tory reten­tion periods.