Data protection

The Munich School of Philosophy (HFPH), as the representative of the Center for Responsible AI Technologies, attaches great importance to the protection of privacy and observes the statutory data protection regulations. In the following we explain how we handle your personal data.

1. What is personal data?

Any information relating to an identified or identifiable person. A person is identifiable if they can be identified directly or indirectly. This can be done, for example, by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special features.

2. Basic Information

2.1. Who is responsible for processing my data?

University of Philosophy Munich  
Kaulbachstrasse 31a
D-80539 Munich
Telephone: +49-89-2386-2300
Info(at)hfph.de

2.2. How can I contact the operational data protection officer of the HFPH?

Winfried Rau, Winfried Rau Consulting
Hollergasse 10
67281 Bissersheim
Phone: +49-6359-872-7507
dsb(at)tintus-consulting.de

2.3 Data Protection Oversight

The supervisory authority responsible for the university is the joint order data protection officer of the German Order Conference South:

Mr Jupp Joachimski
Wittelsbach ring 9
53115 Bonn
joachimski(at)orden.de

3. Other important information

3.1. Why does the Center for Responsible AI Technologies process my data?

We offer our services and administrative services as well as information to the public about our activities on our website. Personal data is only processed on the HFPH website if this is necessary to provide a functioning website, to display the respective content or to provide certain services or offers. The processing of personal data takes place either on the basis of a legal basis or a user-related consent.

3.2. Why is the Center for Responsible AI Technologies allowed to process my data?

Paragraph 1 lit. b KDR-OG serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on § 6 paragraph 1 lit c KDR-OG. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our university is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Section 6 (1) (d) KDR-OG. In rare cases, the processing of personal data could become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 Paragraph 1 Letter e KDR-OG. Ultimately, processing operations could be based on Section 6 Paragraph 1 lit g KDR-OG.

3.3. What data is collected from me?

3.3.1. cookies

The Internet pages of the Center for Responsible AI Technologies use cookies. Cookies are text files that are filed and saved on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, the Center for Responsible AI Technologies can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized for the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is done by the website and the cookie stored on the user's computer system.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

3.3.2. Collection of general data and information

The website of the Center for Responsible AI Technologies collects a series of general data and information each time the website is accessed by an affected person or an automated system. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites, which are accessed via an accessing system on our website is controlled, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

When using these general data and information, the Center for Responsible AI Technologies does not draw any conclusions about the data subject. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by the HFPH statistically on the one hand and also with the aim of increasing data protection and data security in our facility in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

3.3.3. Contact option via the website

Due to legal regulations, the website of the Center for Responsible AI Technologies contains information that enables rapid electronic contact to the research center and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the Center for Responsible AI Technologies by email or via a contact form, the personal data transmitted by the data subject will be automatically saved. Such personal data transmitted on a voluntary basis by a data subject to the Center for Responsible AI Technologies are stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

3.4. How long will my data be stored?

The Center for Responsible AI Technologies processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is required by the European legislator for directives and regulations or another legislator in laws or regulations which are relevant for the processing Responsible is subject, has been provided.

If the purpose of storage no longer applies or if a storage period prescribed by the European directive and regulation authority or another responsible legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

3.5 Do I have to provide my data?

In order to achieve the reasons set out in point 3.1, it is necessary for you to provide us with your personal data for pleasure.

This is absolutely necessary and also required by law for the conclusion and execution of the contract with you. If it is not provided, we cannot conclude a contract with you. In the event of complaints, you can contact the data protection supervisory authority (responsible diocesan data protection officer) at any time.

You have the right to have this checked by a court, according to Section 49 Paragraph 1 KDR-OG, against a supervisory authority and, according to Section 49 Paragraph 2 KDR-OG, against us.

3.6 Automated Decision Making / Profiling

Automatic decision-making/profiling does not take place.

4. What rights do I have?

4.1. Notice of your rights 

As the data subject of data processing, you have the following rights under the KDR-OG (hereinafter also referred to as “rights of the data subject”):

4.2. Right to information according to § 17 KDR-OG

You have the right to request information as to whether we are processing personal data about you or not. When we process your personal data, you have the right to know

  • the processing purposes

  • the categories of personal data being processed

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations

  • if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria used to determine that duration

  • the existence of the right to notification or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing

  • the existence of a right of appeal to the data protection supervisory authority

  • if the personal data are not collected from the data subject, all available information about the origin of the data

  • the existence of automated decision-making including profiling in accordance with Section 24 Paragraphs 1 and 4 KDR-OG and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

  • that if data about you is transmitted to a country outside the European Union, you are entitled to information as to whether and, if so, on the basis of which guarantees, an appropriate level of protection is ensured at the data recipient

  • that you have the right to request a copy of their personal data. The first copy is free of charge, a reasonable fee may be charged for further copies. A copy can only be provided insofar as this does not affect the rights of other persons.

4.3. Right to correct the data according to § 18 KDR-OG

You have the right to ask us to correct your data if it is incorrect and/or incomplete. This right also includes the right to completion through supplementary declarations or notifications. A correction and/or addition must be made without culpable hesitation.

4.4. Right to deletion of personal data according to § 19 KDR-OG

You have the right to ask us to erase your personal data if

  • the personal data are no longer necessary for the purposes for which they were collected and processed

  • the data processing takes place on the basis of a consent you have given and you have revoked the consent; however, this does not apply if there is another legal permission for data processing

  • you have lodged an objection to data processing, the legal permission of which is in the so-called "legitimate interest"; however, deletion does not have to take place if there are overriding legitimate reasons for further processing

  • you have objected to data processing for direct marketing purposes;

  • your personal data has been unlawfully processed

There is no right to delete personal data if

  • the right to freedom of expression and information conflicts with the request for deletion

  • the processing of personal data

    • to fulfill a legal obligation (e.g. statutory retention requirements),

    • to perform public duties and interests under applicable law (this also includes “public health”) or

    • is required for archiving and/or research purposes

  • the personal data is required to assert, exercise or defend legal claims.

The deletion must take place immediately (without culpable hesitation). If personal data has been made public by us (e.g. on the Internet), we must ensure, as far as is technically possible and reasonable, that other data processors are also informed of the request for deletion, including the deletion of links, copies and/or replications .

4.5. Right to restriction of data processing according to § 20 KDR-OG

You have the right to have the processing of your personal data restricted in the following cases:

  • If you have disputed the correctness of your personal data, you can request that your data not be used for other purposes while the correctness is being checked and that its processing is thus restricted.

  • In the case of unlawful data processing, you can request the restriction of data use instead of data deletion;

  • If you need your personal data to assert, exercise or defend legal claims, but we no longer need your personal data, you can request us to restrict the processing to legal prosecution purposes;

  • If you have lodged an objection to data processing and it is not yet clear whether our interests in processing outweigh your interests, you can request that your data not be used for other purposes for the duration of the examination and that their processing be restricted.

Personal data whose processing has been restricted at your request may - subject to storage - only

  • with their consent,

  • to assert, exercise or defend legal claims,

  • to protect the rights of another natural or legal person, or

  • processed for reasons of important public interest.

If a processing restriction is lifted, you will be informed in advance.

4.6. Right to data transferability according to § 22 KDR-OG

You have the right to request the data that you have made available to us in a common electronic format (e.g. as a PDF or Excel document).

You can also ask us to transmit this data directly to another company (designated by you), if this is technically possible for us.

The prerequisite for you having this right is that the processing is carried out by us on the basis of consent or in order to implement a contract and is carried out using automated processes.

Exercising the right to data portability does not affect the rights and freedoms of others.

If you exercise the right to data portability, you still have the right to data erasure.

4.7. Right to object to certain data processing according to § 23 KDR-OG

If your data is processed to perform tasks in the public interest or to protect legitimate interests, you can object to this processing. You must explain to us the reasons for your objection that arise from your particular situation. This can e.g. B. special family circumstances or confidentiality interests worthy of protection.

In the event of an objection, we must refrain from any further processing of your data, unless

  • there are compelling, legitimate reasons for processing that outweigh your interests, rights and freedoms, or

  • the processing is necessary to assert, exercise or defend legal claims.

You can object to the use of your data for direct marketing purposes at any time; this also applies to profiling insofar as it is related to direct advertising. In the event of an objection, we may no longer use your data for direct advertising purposes.

Note: We never initiate or carry out direct advertising and/or profiling.

4.8. Prohibition of automated decisions/profiling according to § 24 KDR-OG 

Decisions made by us that have a legal effect on you or that significantly affect you must not be based solely on automated processing of personal data. This also includes profiling. This prohibition does not apply to the extent that the automated decision

  • is necessary for the conclusion or performance of a contract with you,

  • is permissible on the basis of legal regulations if these legal regulations contain appropriate measures to protect your rights and freedoms and your legitimate interests, or

  • with your express consent.

Decisions based exclusively on automated processing of special categories of personal data (= sensitive data) are only permissible if they are based on

  • with your express consent or

  • there is a significant public interest in the processing

and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.

4.9. Exercise of data subject rights

To exercise your rights, please contact us. Inquiries submitted electronically will usually be answered electronically. The information, notifications and measures to be made available according to the KDR-OG, including the exercise of the rights of those affected, are generally provided free of charge. For all further copies we can charge a fee based on the administration costs.

If there are justified doubts about your identity, we may request additional information from you for the purpose of identification.

Requests for disclosure and information are usually processed immediately, within one month of receipt of the request. The deadline can be extended by a further two months if this is necessary taking into account the complexity and/or the number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receipt of your request. If we do not act on a request, we will inform you of the reasons for this immediately within one month of receipt of the request and inform you of the possibility of lodging a complaint with a supervisory authority or seeking a judicial remedy.

This data protection declaration was partly created with the help of the data protection declaration generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH and adapted to the circumstances of the Center for Responsible AI Technologies.