Privacy policy for Lafuga-ShareDeutsch
This privacy policy explains how personal data is processed by the Ludwig-Maximilians-Universität München (LMU) in connection with the Lafuga-Share exchange platform. Furthermore, visitors and users are informed about the rights to which they are entitled.

1. Designation of the responsible position

The responsible position for data processing is:

Ludwig-Maximilians-Universität München
Geschwister-Scholl-Platz 1
80539 München

For more contact information, please visit the Legal notice.

2. Details of the data protection officer at the LMU

The contact details of the LMU's data protection officer can be found on the internet on the LMU website at: https://www.lmu.de/datenschutz.

The data protection officer is available to answer questions about data protection at the LMU. For this purpose, please use the contact form on the website of the official data protection officer of the LMU at https://www.lmu.de/datenschutz. Questions in connection with Lafuga-Share should be addressed in the first instance to the institution concerned (see Legal notice).

3. Scope of the privacy policy

This privacy policy applies to the processing of personal data in connection with the Lafuga-Share exchange platform.
  • According to Art. 4 No. 1 DSGVO, "personal data" means any information relating to an identified or identifiable natural person; An identifiable natural person is one who can be identified, directly or indirectly, in particular by means of association with an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that are an expression of the physical, physiological, genetic, psychological or mental characteristics of the person, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • According to Art. 4 No. 2 GDPR, "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic or any set of operations which are performed upon personal data, such as collection, organization, filing, storage, adaptation or alteration, retrieval, processing, transmission, storage or retrieval of personal data, the collection, organization, classification, storage, adaptation or alteration, retrieval, consultation, use, processing or disclosure of personal data, consultation, use, disclosure by transmission, dissemination or otherwise making available, the matching or linking, the restriction, the deletion or the destruction.

4. Scope and purposes, type of data, legal basis and storage period for the processing of personal data

4.1 Registration on this website
Only employees of the Gene Center of LMU Munich can register to use the Lafuga-Share service. In doing so, we collect the following personal data:

  • Last name
  • First name
  • Workgroup
  • E-mail address
The transmitted data is used exclusively for the use of this service, in particular for the authentication to the service provided and for the notification of important changes. The requested mandatory data must be provided in full, otherwise we may reject the registration.

There is no data transfer to third parties.

In order to protect the security of your data adequately and comprehensively during processing and in particular during transmission, we use, as far as necessary and oriented to the current state of the art, appropriate encryption procedures (e.g. SSL/TLS) and secure technical systems.

The processing of the data entered during registration is based on your consent (Art. 6 Abs. 1 lit. a DSGVO).

We store the data collected during registration for the period you are registered to use Lafuga-Share. The initial registration period is 5 years. If you do not renew your registration, your data will be deleted immediately after the expiration of the registration period. Furthermore, your data will be deleted if you revoke your consent. Legal retention periods remain unaffected.
4.2 Logging and creation of log files
Due to security-relevant events, e.g. attempted hacking attacks, relevant access data is stored for each access to all centrally hosted websites. relevant access data is stored for each access to all centrally hosted websites. The temporary storage of the IP address is also necessary, to enable the delivery of the Lafuga-Share website to your computer. For this purpose, the IP address must also remain stored for the duration of the use of the session. A storage together with other personal data data does not take place. Depending on the used access protocol, the log record contains data with the following content:

  • IP address of the requesting computer
  • Date and time of the request
  • Access method/function requested by the requesting computer
  • Input values transmitted by the requesting computer (file name, etc.)
  • Access status of the web server (file transferred, file not found, command not executed, etc.)
  • Name of the requested file
  • URL from which the file was requested/the desired function was initiated
  • Browser type information
  • Operating system of the user
  • Internet pages from which the user's system accesses the LMU website
  • Internet pages that are accessed via the LMU Internet pages
This data is not merged with other data sources.

The legal basis for the logging and creation of log files results from from Art. 6 Abs. 1 lit. e, para. 3 DSGVO in conjunction with. Art. 4 Abs. 1 BayDSG and Art. 6 Abs. 1 BayDSG. Accordingly, we are permitted to process the data necessary for the performance of a task incumbent upon us including to check or maintain our web service and to ensure network and information security.

The logged data is stored for a maximum of seven days and then deleted. Longer storage may take place in individual cases if a security-relevant breach has been identified. Regardless of this, storage beyond this period is possible. In this case, your IP address will be deleted or alienated, so that an assignment of the calling client is no longer possible.
4.3 Use of cookies
Cookies are text files that are stored in the Internet browser to enable unique assignment in an interactive web application. This service uses cookies exclusively for this purpose of unique communication (session cookies: JESSIONID). The session cookies are automatically deleted at the end of your visit by closing your browser. No further processing or evaluation takes place. The storage of the cookie can be disabled at any time by making the appropriate setting in the Internet browser. If cookies are disabled for this service, it may no longer be possible to use all functions.

5. Your rights

5.1 Right to information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, origin of the data, their recipients and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the Legal notice.
5.2 Right to complain to the competent supervisory authority
As a data subject, you have the right to complain to the competent supervisory authority in the event of a data protection supervisory authority. The competent supervisory authority with regard to data protection issues is the Bavarian State Data Protection Commissioner for data protection: https://www.datenschutz-bayern.de.
5.3 Right of data portability
You have the right to have your data handed over to you or to third parties, which we process automatically on the basis of your consent or in fulfillment of a contract. The data will be provided in a machine-readable format. If you request the direct transfer of the data transfer to another responsible party, this will only be done if it is technically feasible.
5.4 Right of objection
You have the right, under the conditions of Art. 21 DSGVO, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you which is carried out on the basis of Art. 6 Abs. 1 lit. e or f DSGVO.
5.5 Right of withdrawal of consent
A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out on the basis of the consent until the revocation remains unaffected by the revocation.
CONTACT
Dr. Alexander Graf
Laboratory For Functional Genome Analysis (LAFUGA) | Dept. Genomics
Gene Center - Ludwig-Maximilians-University Munich
E-mail: