Data protection is important to us. We want you to know when we save which data and how they are put to use. Personal data is collected on our web server. The data processing is subject to the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR), the Bavarian Data Protection Act (BayDSG) and the Telemedia Act (TMG).
In the following, we will inform you about the type, scope and purpose of the collection and use of personal data. This information can be retrieved from our website at any time.

A. General Information

NAME AND CONTACT DETAILS OF THE RESPONSIBLE
IEAI – Institute for Ethics in Artificial Intelligence
represented by Prof. Dr. Christoph Lütge
Postal address: Arcisstr. 21, 80333 Munich
Phone: +4989289-01
E-Mail: ieai(at)sot.tum.de

CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The data protection officer of the Technical University of Munich
Postal address: Arcisstr. 21, 80333 München
Phone: +4989289-17052
E-Mail: beauftragter(at)datenschutz.tum.de

PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The purpose of processing is to adhere to law regulations, in particular to inform the public.
Unless otherwise stated in this data protection declaration, the legal basis for the processing of the data results from Article 4 Paragraph 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6 Paragraph 1 subparagraph 1 letter e) of the General Data Protection Regulation (GDPR). Accordingly, we are allowed to process this data, if we are required to fulfill a task incumbent on us.

RECIPIENTS OF PERSONAL DATA
When accessing our website, various data recipients are given access to personal data.
The IEAI server is hosted in the Mittwald data center:
https://www.mittwald.de/
Full address:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Phone: +49-5772-293-100
Fax: +49-5772-293-333
HRA: 6640, AG Bad Oeynhausen
Ust.IDNr: DE814773217
General partner: Robert Meyer Verwaltungs GmbH, AG Bad Oeynhausen HRB 13260 represented by the managing directors: Robert Meyer, Florian Jürgens
If necessary, your data will be transmitted to the responsible supervisory and auditing authorities in order to exercise the respective control rights.
In order to avert threats to security in information technology, data can be forwarded electronically to the State Office for Information Security and processed there on the basis of Art. 12 ff. Of the Bavarian E-Government Act.
Further data recipients can be found in section “B. Information on the Internet presence ”of this data protection declaration.

DURATION OF STORAGE OF PERSONAL DATA
Your data will only be stored for as long as is necessary for the fulfillment of tasks, taking into account the statutory retention periods.

YOUR RIGHTS
As far as we process your personal data, you as the data subject have the following rights:

• You have the right to information about the data stored about you (Art. 15 DSGVO).
• If incorrect personal data is processed, you have the right to have it corrected (Art. 16 DSGVO).
• If the legal requirements are met, you can request the deletion or restriction of processing (Art. 17 und 18 DSGVO).
• If you have consented to the processing or if there is a data processing contract and the data processing is carried out using automated procedures, you may have the right to data transfer (Art. 20 DSGVO).
• If you have consented to the processing and the processing is based on this consent, you can revoke your consent at any time. The legality of the data processing is carried out on the basis of this consent a recantation is possible at any given time. You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, as long as the processing takes place exclusively on the basis of Art. 6 Paragraph 1 Letter e) or f) DSGVO (Art. 21 Abs. 1 Satz 1 DSGVO).

RIGHT TO COMPLAIN WITH THE SUPERVISORY AUTHORITY
Furthermore, there is a right of appeal to a supervisory authority. The Bavarian State Commissioner for Data Protection is responsible for the Technical University of Munich. You can reach him under the following contact details:
Postal address : Postfach 22 12 19, 80502 München
Address: Wagmüllerstraße 18, 80538 München
Phone: 089 212672-0
Fax: 089 212672-50
E-Mail: poststelle(at)datenschutz-bayern.de
https://www.datenschutz-bayern.de/

ADDITIONAL INFORMATION
For more information on the processing of your data and your rights, you can contact us using the contact details given above (at the beginning of A.).

B. Information on the Website

I. LOG-FILES
When you call up this or other Internet pages, you are transmitting data to our web server via your Internet browser. The following data is temporarily recorded in a log file during an ongoing connection for communication between your internet browser and our web server:

• IP address of the requesting computer
• Date and time of access
• Name, URL and amount of data transferred for the file called up
• Access status (requested file transferred, not found etc.)
• Identification data of the browser and operating system used (if transmitted by the requesting web browser)

The data in this log file is processed as follows:

• The log entries are continuously and automatically evaluated in order to recognize attacks on the web server and to be able to react accordingly.
• In individual cases, i.e. when malfunctions, errors and security incidents are reported, a manual analysis is carried out.
• Log entries that are older than seven days are anonymized by shortening the IP address.
• The anonymized logs are used to generate access statistics. The software used for this is operated locally by the LRZ.

The IP addresses contained in the log entries are not merged with other databases by the LRZ, so that no conclusions can be drawn about individual persons for the LRZ.

II. COOKIES AND EXTERNAL SERVICES
1. Cookies and Similar Technologies
Cookies are small text files that are stored on your computer or mobile device when you visit our website. When cookies are set, we receive various information.
In addition to cookies, some services use so-called “local storage entries”. A local storage entry is comparable in function to cookies, the difference being that local storage information is stored in the cache of your browser. As far as services on our website use local storage, we expressly point this out in this data protection declaration.
In addition, some services also use so-called “tracking pixels”.

Essential Cookies
For the proper operation of our website and the proper display of the content, certain cookies are technically necessary in order to be able to display our website to you at all. These “essential cookies” cannot be deselected because our website cannot be offered without them.
Cookies and similar technologies are utilized for statistics and external content.
We use cookies for statistical recording of the use of our website. You do not have to choose these cookies.
Cookies and similar technologies from external services are used to expand and optimize the functionality of our website and to make it more convenient for you to use. You do not have to accept the cookies and similar technologies used for this purpose, however you will then not be able to use the extended functions. You can also adjust the cookie settings in your browser. However, this could limit the scope of our offer. The same applies to local storage entries that you can delete from your browser cache.

2. Revocation of Consent
If you have given your consent to cookies or local storage entries or tracking pixels, you can revoke this at any time in the cookie settings by unchecking the relevant box and clicking the “Save & Close” button.
Then edit the cookie settings

Edit Cookie Settings

3. Technically Required Cookies
a. WordPress
We use the “Wordpress” tool for the content management of our website. WordPress.org websites (collectively referred to as “WordPress.org” in this document) refer to websites hosted on WordPress.org, WordPress.net, WordCamp.org, BuddyPress.org, bbPress.org, and other related domains and subdomains become. This privacy policy describes how WordPress.org uses and protects all information received from you. The WordPress core team is committed to protecting your privacy. If you provide personal information via WordPress.org, you can be sure that it will only be used in accordance with this privacy policy.
For more information, see: https://de.wordpress.org/about/privacy/

b. Borlabs (Consent-Management)
Your selection, which you regularly choose in the cookie banner when you visit our website for the first time, is saved in the “Borlabs” tool from Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.
Those choices you represent the control data for the website, which is technically necessary for the operation of the website and the storage of the user selection. The tool is hosted locally on our web server. The legal basis for the use of cookies is Article 4 (1) BayDSG in conjunction with Article 6 (1) sub-paragraph 1 letter e) GDPR. Further information on the handling of data and the provider’s data protection declaration is available at https://borlabs.io/cookie-consent/.

4. Matomo (Webtracking)
On our website, with your consent, the data is collected and used by a web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand, (“Matomo”). Statistical analysis of user behavior are carried out and stored for optimization and marketing purposes in accordance with Art. 6 Para. 1 Letter a) GDPR. From this data, pseudonymised usage profiles can be created and evaluated for the same purpose. Cookies are used for this. Among other things, the cookies enable the Internet browser to be recognized. The data collected with Matomo technology (including your pseudonymised IP address) are processed locally on our web server.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.
You can revoke your consent at any time for the future by unchecking the “Statistics” box in our cookie banner and then clicking on “Save & Close”, as described above under II.2. described.

Signing Off Matomo

5. Google Maps
Some of the pages on our website use Google Maps API, a map service operated by Google LLC (“Google”). Google can be reached at Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). This enables us to show you interactive maps directly on the website and to offer you convenient use of the map function.
When you visit the respective page of our website on which the map services are offered, Google receives the information that you have accessed the corresponding subpage. In addition, the following data is transmitted to Google:

• your IP-Adresse;
• date and time of the request
• content of the request (specific page)
• information about your location
• Website from which the request came
• your browser type
• your operating system and its interface
• The language setting and version of the browser software

This happens regardless of whether Google provides a user account that you are logged into, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the tool. Google stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide need-based, customer-oriented advertising and to inform other users of the Google network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google directly to exercise this right.
In this processing, our cooperation with Google takes place on the basis of an agreement on joint responsibility in accordance with Art. 26 GDPR. You can find the agreement under the following link: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.

You have the option of simply deactivating the Google Maps service and thus preventing data transfer to Google: To do this, deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.
Google also processes your personal data in the USA and relies on the so-called standard contractual clauses of the European Commission, further information can be found at https://policies.google.com/privacy/frameworks?hl=de.

We use Google Maps API to be able to offer you a map function. A justification is given in accordance with Article 6, Paragraph 1, Letter a) GDPR, provided that your consent was received in advance. You can revoke this at any time with effect for the future. In this case, you can no longer use the Google Maps service.
Further information on the purpose and scope of data collection and its processing by Google can be found in Google’s data protection declaration. There, you will also find further information on your rights in this regard and setting options to protect your privacy:
https://policies.google.com/privacy?hl=de.

6. Integrated Video and Audio Services
a. Youtube-Plugins (Videos)
Our website has integrated plugins from www.youtube.com, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
We use embedded YouTube videos in the extended data protection mode. YouTube describes how it works as follows: “With the extended data protection mode, you can embed YouTube videos without cookies being set to analyze usage behavior. Therefore no data on user activities is collected in order to personalize the video playback. Instead, video recommendations are based on the current video. Videos that are played in the extended data protection mode do not affect which videos are recommended to a user on YouTube ”. Cookies are only set by YouTube if you actively activate the playback of an embedded video. Further information is available at https://support.google.com/youtube/answer/171780?hl=de.

If you call up pages on our website that have a YouTube plug-in, a connection to the YouTube servers is established and the plug-in is displayed on the website by a message to your browser. This will transmit to the YouTube server within our websites which you have previously visited. If you are logged in as a member of YouTube, YouTube will assign this information to your personal user accounts on these platforms. When using these plugins, such as clicking / start buttons on a video or sending a comment, this information is assigned to your e.g. YouTube user account, which you can only prevent by logging out before using the plugin.
Google also processes your personal data in the USA and relies on the so-called standard contractual clauses of the European Commission, further information can be found at https://policies.google.com/privacy/frameworks?hl=de.

The legal basis for data processing, is your consent, Art. 6 Para. 1 Letter a) GDPR. You can revoke your consent as described above at any time with effect for the future.
Further information on the collection and use of data by the platform or plugins can be found in the YouTube data protection information under the following link: https://policies.google.com/privacy?hl=de.

b. Vimeo
We use the provider Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011 (“vimeo”) to integrate videos into our website.
If you call up videos via vimeo on our website, a connection to the vimeo servers in the USA is established. As a result, certain information is transmitted to vimeo, regardless of whether you have a vimeo account or not. This can be:

• your IP address
• your browser information, e.g. B. language settings
• cookie information about vimeo cookies that have already been set
• information about the website from which you access vimeos

Vimeo stores cookies on your device. In particular, the Google Analytics tracker. This is vimeo’s own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent Google Analytics from collecting the data generated by Google Analytics, relating to their use of the website (including your IP address) and from processing this data by using the browser plug-in available under the following link download and install: https://tools.google.com/dlpage/gaoptout?hl=de.

Vimeo offers the use of certain other functions, such as rating or sharing videos, these functions are only offered by vimeo and the respective third-party providers. You should check their data protection regulations carefully before using the respective functions. We have no knowledge of the content of the data collected by vimeo or third-party providers and have no influence on their use. The data of pages of our websites you have visited, is then transmitted to the vimeo server. If you are logged in as a member of vimeo, vimeo will assign this information to your personal user account. When using the plugin e.g. if you click the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your vimeo user account before using our website and deleting the corresponding cookies from vimeo.

Vimeo processes personal data in the USA and relies on the so-called standard contractual clauses of the European Commission, further information can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights in section “14.2 GDPR (EEA Users)”.
Vimeo may pass your data on to third parties. For example these are affiliated companies, business partners and advertising partners, who in turn use tracking technologies on the vimeo website.
Further information on data processing and information on data protection by vimeo can be found at https://vimeo.com/privacy and the cookie policy at https://vimeo.com/cookie_policy.

We use vimeo to be able to show you corresponding videos directly on our website. A justification is given in accordance with Article 6, Paragraph 1, Letter a) GDPR, provided that you have given us your consent in advance. You can revoke this at any time with effect for the future. In this case, you can no longer use the vimeo offer.

C. Information on Individual Processing
I. Newsletter
If you register for one of our newsletters with your e-mail address, we will only use your e-mail address to send our newsletter. You can unsubscribe at any time using the link provided in the newsletter or by sending us a corresponding message. You can unsubscribe via a link, email or other any other means.
We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after one month. After your confirmation, we will save your email address and other information for the purpose of sending you the newsletter. The legal basis is Article 6, Paragraph 1, Letter a) GDPR. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is Article 6 Paragraph 1 Letter f) GDPR.
The e-mail addresses for sending are stored on the MailPoet newsletter server, a WordPress plug-in, and are not used for any purposes other than sending the newsletter. The newsletter subscribers can cancel their subscription themselves at any tim – the e-mail addresses are then automatically deleted.

2. Virtual and Physical Events
You can register for our events on the IEAI website with your last name, first name and email address. For this purpose, a list for the respective event is created in MailPoet. An email with the Zoom LogIn data and information about the venue will be sent to this list one day before the event and on the day of the event. After the event, this list and thus the data of the participants will be deleted again.
The events are recorded via zoom in order to publish them on our website. A corresponding note can be found on every event page. A declaration of consent will be sent to the speaker in advance, which he must sign and return to the institute. Speakers and the IEAI staff can be seen during the event and within the recording. Participants and names of the participants cannot be seen. After the lecture, the participants have the opportunity to ask their questions in the zoom chat and an IEAI employee will pass on the questions only to the relevant speaker. The names of the questioners are not mentioned here. The recordings are saved on our IEAI folder on the NAS drive. This service is provided by the LRZ (Leibnitz Rechenzentrum).
The e-mail addresses for sending the Zoom links are stored on the MailPoet server, a WordPress plug-in, and are not used for any purposes other than sending information about the event, the access links and a satisfaction query after the event. The newsletter subscribers can cancel their subscription at any time. The e-mail addresses are then automatically deleted. Furthermore, the data will be deleted by our institute no later than 4 weeks after the respective event.