Thank you for your interest in the appliedAI Maturity Assessment Tool provided by the UnternehmerTUM GmbH.
In this data protection declaration, we use the following terms:
a) Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
e) Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
f) Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
g) Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
h) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
85748 Garching bei München
+49 89 18 94 69 0
3. Data Protection Officer
The Data Protection Officer of the controller is:
+49 89 210 25 120
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
4. Collection of personal data
We have designed the platform in a way that reduces collection of personal data to an absolute minimum. However, some data is required for the operation of the platform. With regards to personal data, the only data we collect is the e-mail address of the user provided with the registration.
When using the platform the following data maybe collected:
the browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrers),
the date and time of access to the Internet site,
(an Internet protocol address (IP address),
the Internet service provider of the accessing system, and
any other similar data and information that may be used in the event of attacks on our information technology systems.
5. Google Cloud Services
Website: https://cloud.google.com/ ;
Security information: https://cloud.google.com/security/privacy ;
Standard contractual clauses (guaranteeing the level of data protection for processing in third countries): https://cloud.google.com/terms/data-processing-terms ;
Additional information on data protection: https://cloud.google.com/terms/data-processing-terms .
When setting up an assessment you will receive an e-mail with a link. For this purpose we use "Mailgun", an email sending platform of the US provider Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105. There is a data processing agreement with Mailgun based on the EU standard contractual clauses. Detailed information on data processing by Mailgun can be found at https://www.mailgun.com/privacy-policy and https://www.mailgun.com/gdpr .
8. Legal Basis
(1) Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
(2) If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary to provide any service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
(3) Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
(4) Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
9. Rights of data subject
(1) Any person concerned shall have the right
for information pursuant to Article 15 GDPR
to rectification under Article 16 GDPR
to cancellation under Article 17 GDPR
to limit the processing pursuant to Article 18 GDPR
to appeal under Article 21 GDPR, and
to data transferability under Article 20 GDPR.
(2) The restrictions in §§ 34 and 35 BDSG apply to the right to information and the right to cancellation. In addition, there is a right of complaint of a competent data protection supervisory authority (Article 77 GDPR & 19 BDSG).
(3) You can revoke your consent to the processing of personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.