The data protection regulations of LMU Munich apply. In addition, the following provisions apply:
Information on data protection in accordance with Article 13 of the GDPR for using the ‘matorixmatch’ portal application on the LMU Munich Career Service webpageThe following data privacy information applies to all users who use the matorixmatch application (hereafter referred to as ‘portal application’) on the LMU Munich Career Service webpage. It is applicable for all registered users as well as all users who access the portal application as guests.The portal application collects and processes personal data. This data is connected to you personally. We are required by law to tell you what data we are collecting and processing, and what rights you have in connection with this data collection and processing.
1. Controller:
Ludwig Maximilians University, Munich
Geschwister-Scholl-Platz 1
80539 Munich
Processor:
LMU Career Service: Email
2. State-appointed data privacy officer
Data protection officer for LMU Munich
3. Purpose – What is ‘matorixmatch’, and what can it be used for?
Matorixmatch is an SaaS application that LMU Career Service uses to administer its events and services. LMU Career Service uses the portal application to connect users with mentors and companies in the Career Service’s career network. Data is shared exclusively with the companies the students select, and between mentors/mentees. For more information on the portal application, please see https://www.matorix.com (external link).
4. Categories of personal data we process
When you use the portal application, we process your personal data.The following lists details the different types of personal data we process:
4.1 Registration for the portal application
Uploaded photoTitleGenderFirst name(s)SurnamePhoneEmailPreferred language settingUploaded CVWhich events and advisory services you book and attendYour questions to the advisory serviceAttendance listsYou are personally responsible for uploading your data and are free to enter, process and delete it at any time. If you delete your data, we will only continue to store such data as is required for business purposes or if it is required for the management of events.
4.2 Cookies
We use consent-free cookies for the sole purpose of operating the platform. These do not require separate approval.
5. Legal basis
We collect and process your personal data on the basis of your consent, in accordance with Article 6, Paragraph 1(a) of the GDPR. Your data is processed in accordance with all relevant privacy requirements, in particular the GDPR and the Bavarian Data Privacy Act. Cookies are used in accordance with Article 25 of Germany’s Telecommunications and Telemedia Data Protection Act (TTDSG). Further, data is processed by the Controller to the extent required for ongoing improvements to the operation of the system, i.e. for quality assurance purposes (Article 6, Paragraph 1(e) of the GDPR.
6. Recipients
We have created a suitable IT security infrastructure to ensure data can only be accessed internally by persons who require the data in order to perform the relevant task. We handle personal data confidentially and do not share it publicly or with any unauthorised third party.
6.1 Internal recipients
The data we collect for the purposes stated in Clause 1 is processed by the respective LMU employee and the partner companies in the context of the events and services they offer. The respective data can only be accessed by staff in the LMU Career Service and by companies you select in connection with specific events and services.
6.2 External recipients
We share your personal data only with the companies, mentors and/or coaches that are connected with the events and services you select. We ensure these companies pledge to comply with legal data privacy requirements and observe the statutory periods for storing, processing and deleting data in recruiting. Companies that use student data from the portal are permitted to use the data and documents they receive from students and graduates solely for recruitment purposes, for the duration and organisation of the events the students book and use. They are legally required to delete said data and documents no later than four weeks after the event in question. After this deadline, they are only permitted to use and process the data – e.g. to continue the application or recruitment process within their company – if they first obtain consent from the student or graduate in question.
7. Deletion
Personal data is deleted from the system as soon as it is no longer required for its original purpose. Regular checks are conducted (at least once a year) to ensure data has been deleted successfully. We block access to participant data as soon as an event has taken place. If you ask us to delete data, we will pass on this request to any companies you have selected.[WM4] [WM5] You can update your data at any time.
8. a) Your rights
You have various rights in connection with your stored data that you can exercise towards the Controller. In this context, it is important to note that if master data was provided by an external institution (e.g. a DFN university or the vhb), it can only be disclosed to and corrected or deleted by the institution in question. You have the following rights:
Right of disclosure (Article 15 GDPR):
You have the right to know what personal data is being processed. Please note that you will also find this information in your user profile.
Right of correction (Article 16 GDPR):
If the personal data we have stored is incorrect, you can correct it yourself (by changing your profile data accordingly) or ask the Controller to correct it for you. Provided the requested correction is legitimate and admissible, the Controller will comply with your request.
Right of deletion (Article 17 GDPR):
You are entitled to demand that we delete your personal data if it is demonstrably false or if the Controller cannot prove they need to process it for a specific purpose. We are not obliged to delete personal data if we need to store it in connection with legal requirements or business obligations (proof of instruction, proof of quality assurance, copyrighted rights, right of inspection). The obligation to delete personal data remains in place once you finish your degree / complete your course / terminate your employment relationship / withdraw your consent. You are not entitled to demand that we delete information that you have provided in cases where it is linked inextricably to content from another user (e.g. posts in a forum). A request for deletion may be classed as a withdrawal of consent. In such cases, you may no longer be able to access the portal application or participate in a course. As a result, we may not be able to issue you with a performance report or certificate.
Right to restriction of processing (Article 18 GDPR):
In the event of a legitimate request to restrict processing, the Controller shall ensure that personal data can only be accessed by persons who have to process the data. They can make use of pseudonymisation or anonymisation methods. If you restrict processing, you may no longer be able to access the portal application or participate on a course. As a result, we may not be able to issue you with a performance report or certificate.Right to object (Article 21 GDPR): Subject to legal requirements, you can exercise your right to object to a continued use of your personal data. Such objection takes effect for future usage only. Exercising your right to object does not automatically obligate the Controller to delete your personal data. If the Controller is legally required to store data, such legal requirements shall override your objection. Exercising your right to object may result in you no longer being able to access the portal application or participate on a course. As a result, we may not be able to issue you with a performance report or certificate.
Right to data portability (Article 20 GDPR):
Subject to legal requirements, you are entitled to request that data you have entered is supplied back to you in a format you can use on other sites. This right is restricted to data that is not subject to intellectual property rights (trade secrets) that prevent it from being transmitted, and to data that does not violate the personal rights or copyrights of a third party.
Right to withdraw consent (Article 7, Paragraph 3 of the GDPR):
You retain the right to withdraw your consent for future processing of your personal data. Any processing prior to your withdrawal of consent remains hereby unaffected. Withdrawing your consent may result in you no longer being able to access the portal application or participate on a course. As a result, we may not be able to issue you with a performance report or certificate.In the event of a violation against legal requirements respecting the protection of your personal data, you are free to contact the relevant supervisory body. The relevant supervisory body for such cases is the Bavarian Data Privacy Office (to be found under Section 4. Please first contact the Controller or the state-appointed data privacy officer (see Section 4) so that your issue can be investigated and resolved as quickly as possible.
From the moment your data is deleted, or the moment you restrict or withdraw your consent for it to be processed, you may not be able to use the portal application, access learning content that you have saved there, participate in current activities or use existing features.
8. b) Photographs, reports and advertising:
Please note that photographs may be taken and/or videos recorded at events. This material may then be published on the internet or appear in an LMU Career Services publication. Your personal data will be processed in accordance with Article 6, Paragraph 1(f) of the GDPR. We hereby advise you that you are entitled, in accordance with Article 21, Paragraph 1 of the GDPR, to object to such processing on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if we need to do so in order to establish, exercise or defend a legal claim.
Please send your objection to:
careerservice@lmu.de
LMU Career Service
Ludwigstr. 27
80539 Munich.
Naturally, you can also voice your objection immediately on site. If you wish to do so, please talk directly to the photographer or videographer.Examples for publications by LMU or partner companies:
Reports on the internet/intranet about an event
Reports on social media about an event
Promotion of future events in flyers, on the internet or on social media
9. Newsletter and Reminder
By registering in the Career Community, in the portal matorixmatch you agree that we inform you regularly via e-mail about events. We will also send you reminders for the events you have booked.
10. Validity
The most recent version of the data privacy information shall apply. Where necessary, data privacy information shall be updated. For more data privacy information, please see www.lmu.de/datenschutzerklaerung.
11. Data privacy consent
I acknowledge receipt of the data privacy information. I understand that I will be required to enter personal data in order to use the portal application, and that my consent is voluntary. I understand that I cannot access the portal application if I do not consent or if I withdraw my consent. I hereby give my consent for the Controller to process the personal data I store in my ‘personal profile’ and data contained in any posts I publish in my name. I hereby give my consent for the Controller to process the data I enter in connection with a course or with my use of the platform. I can view and amend this consent at any time on the start page of the portal application.