Data privacy statement

1. Data Privacy covers personal data. According to Art. 4 Par. 1 DSGVO personal data are data on personal or material circumstances about identified or identifiable individual. This applies for data such as name, address, phone number, e-mail address or photos but also usage data like online data (for example an IP address).
2. The Institute of Mathematics observes the legal requirements of data privacy laws (Berliner Datenschutzgesetz, Bundesdatenschutzgesetz (BDSG), europäische Datenschutz-Grundverordnung (DSGVO)), the Telemediengesetz (TMG) and other applicable regulations.
3. This data privacy statement applies to the field of activity of the IT-Group of the Institute of Mathematics at TU Berlin.

1. The IT-Group of Institute of Mathematics handles personal data as part of its work.
2. For user logins maintained by the IT-Group the following personal data are collected and handled: name, office address, e-mail address, office phone number, possibly student number. 
3. At that point a separate user login application form is necessary for the following service areas maintained by the IT-Group of the Institute of Mathematics:
   1. EDP Research Area (work groups, research areas and groups and its administration)
   2. Compute Server (Area of High Performance Computing)
   3. Area of IT for teaching  (Unix-Pool)

4. In the scope of it's service provision the IT-Group of Institute of Mathematics gathers and handles personal data for some IT services they support. 
   1. For the DHCP-Service following data are handled: name, e-mail-address, hardware-ethernetaddress of the device asking for a eine dynamic IP address.
   2. For the SVN- and Git-Service following data are collected and saved: name, e-mail-address.

5. The IT-Group of Institute of Mathematics maintains workstation and server systems that log the access to their systems and services. According to the respective task the systems log following data: access time, login name, remote IP address, URL (data path), Referrer (the website from which you were referred to the current website or file), sender e-mail-address, receiver e-mail-address, hardware-ethernetaddress of device accessing the service.

1. Personal data collected and saved by the IT-Group of the Institute of Mathematics are handled exclusively for the fulfilment of official business tasks like organization and maintenance of service operation.
2. Our access logging exclusively answer the purpose to reveal and analyse weak points of the systems and services together with it's elimination.
3. The employees of the IT-Group are bound to discretion and the compliance with data privacy laws.

1. The legislative basis for collecting und saving personal data follows from the request for a service of the IT-Group of the Institute of Mathematics, especially:
   1. the request for a user login described in chapter 2 section 3 or
   2. the request for access to a service described in chapter 2 section 4.

2. The legislative basis for collecting and saving personal data arises from Art. 6 Par. 1 lit. (b) DSGVO for the purpose of the fulfilment of a request and the reliable organization and maintenance of the IT services as a consequence thereof.
3. The legislative basis for logging access data of workstation and server systems arises from Art. 6 Par. 1 lit. (f) DSGVO for the purpose of a legitimate interest of the IT-Group of the Institute of Mathematics for a constant analysis of the systems and the detection of weak points as necessary for an appropriate implementation of services, especially IT security.

1. The personal data will not be given to third parties as long as it is not necessary for the supply of a service of the IT-Group of the Institute of Mathematics or within the scope of a legal obligation.
2. Forwarding of personal data to requesting governmental institutions and authorities is only conducted based on legal regulations respectively if we legally obligated by a judicial decision.
3. There will be no transmission of personal data to foreign countries, especially no transmission to countries beyond legislation of the DSGVO.

1. Personal data in the purpose of user login administration and DHCP-, SVN- and Git-Service will be handled for the duration of the valid presence of an user login established for a service mentioned above.
2. Access to personal data will be disabled after expiration of user login. Disabled personal data will be removed not later than a year unless legal standards set a longer period.
3. In default case the access logging of workstation and server systems takes place for two weeks. Some systems use a longer duration. Currently only the Mailservice (SMTP) is involved with a retention period of four weeks.

1. Without giving any reason and at no charge you can anytime obtain information about personal data stored at our systems. Please appeal to the contact person mentioned below.
2. You can add or correct missing or incorrect data at any time, especially in the scope of user login administration.
3. You can opt out from handling your personal data by the IT-Group of Institute of Mathematics unless there is a legitimate interest on legislative basis to handle personal data for the fulfilment of the service of the IT-Group.
4. You have the right to issue a complaint to regulatory authority at any time.
5. If you have any questions about our data privacy statement, do not hesitate to contact us.

In order to ensure that our data privacy statement corresponds to legal obligations we reserve to change this statement at any time, especially in case of new or revised services.