Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) is responsible its websites within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations. It is legally represented by its President. For contact details, please consult the legal notice on FAU’s central website.

The respective FAU institutions are responsible for any content they make available on the websites of Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). For questions related to specific content, please contact the person responsible as named in the legal notice of this web page.

Name and address of the Data Protection Officer

Norbert Gärtner, RD
Schloßplatz 4
91054 Erlangen

General information on data processing

Scope of processing of personal data

We only process our users’ personal data to the extent necessary to provide services, content and a functional website. As a rule, personal data are only processed after the user gives their consent. An exception applies in those cases where it is impractical to obtain the user’s prior consent and the processing of such data is permitted by law.

Legal basis for the processing of personal data

Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for us to obtain the consent of a data subject for their personal data to be processed.
When processing personal data required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1) (b) GDPR forms the legal basis. This also applies if data has to be processed in order to carry out pre-contractual activities.
Art. 6 (1) (c) GDPR forms the legal basis if personal data has to be processed in order to fulfil a legal obligation on the part of our organisation.
Art. 6 (1) (d) GDPR forms the legal basis in the case that vital interests of the data subject or another natural person make the processing of personal data necessary.
If data processing is necessary in order to protect the legitimate interests of our organisation or of a third party and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the interests mentioned above, Art. 6 (1) (f) GDPR forms the legal basis for such data processing.

Deletion of data and storage period

The personal data of the data subject are deleted or blocked as soon as the reason for storing them ceases to exist. Storage beyond this time period may occur if provided for by European or national legislators in directives under Union legislation, laws or other regulations to which the data controller is subject. Such data are also blocked or deleted if a storage period prescribed by one of the above-named rules expires, unless further storage of the data is necessary for entering into or performing a contract.

Provision of the website and generation of log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the user’s computer system.
In this context, the following data are collected:

  • Address (URL) of the website from which the file was requested
  • Name of the retrieved file
  • Date and time of the request
  • Data volume transmitted
  • Access status (file transferred, file not found, etc.)
  • Description of the type of web browser and/or operating system used
  • Anonymised IP address of the requesting computer

The data stored are required exclusively for technical or statistical purposes; no comparison with other data or disclosure to third parties occurs, not even in part. The data are stored in our system’s log files. This is not the case for the user’s IP addresses or other data that make it possible to assign the data to a specific user: before data are stored, each dataset is anonymised by changing the IP address. These data are not stored together with other personal data .

Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO

Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage of such data in log files takes place in order to ensure the website’s functionality. These data also serve to help us optimise the website and ensure that our IT systems are secure. They are not evaluated for marketing purposes in this respect.

Storage period

Data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. If data have been collected for the purpose of providing the website, they are deleted at the end of the respective session.
If data are stored in log files, they are deleted at the latest after seven days. A longer storage period is possible. In this case, the users’ IP addresses are deleted or masked so that they can no longer be assigned to the client accessing the website.

Options for filing an objection or requesting removal

The collection of data for the purpose of providing the website and the storage of such data in log files is essential to the website’s operation. As a consequence, the user has no possibility to object.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are saved in the user’s web browser or by the web browser on the user’s computer system. When a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a character string that allows the unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some parts of our website require that the requesting browser can also be identified after changing pages.
During this process, the following data are stored in the cookies and transmitted:

  • Log-in information (only in the case of protected information that is made available exclusively to FAU members)
  • Search preferences (from October 2018)

Technical measures are taken to pseudonymise user data collected in this way. This means that the data can no longer be assigned to the user. The data are not stored together with other personal data of the user.
When accessing our website, a banner informs users that cookies are used for analysis purposes and makes reference to this data protection policy. In connection with this, users are also instructed how they can block the storage of cookies in their browser settings.

Legal basis for data processing

he legal basis for the temporary storage of data and logfiles is §§ 14, 15 TMG, § 100 Abs. 1 TKG and Art. 4 BayDSG following the tasks of Art. 11 BayEGovG and Art. 7 and 34 BayHO

Purpose of data processing

Analysis cookies are used for the purpose of improving the quality of our website and its content. We learn through the analysis cookies how the website is used and in this way can continuously optimise our web presence.

Storage period, options for filing an objection or requesting removal

As cookies are stored on the user’s computer and are transmitted from it to our website, users have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that not all of the website’s functions can be used in full.

Information zur Datenverarbeitung zur Pandemie bedingten Kontaktverfolgung im Rahmen Veranstaltungen sowie der Nutzung von Einrichtungen an bayerischen staatlichen Hochschulen


Hinsichtlich der Verarbeitung Ihrer personenbezogenen Daten stehen Ihnen als einer betroffenen Person die nachfolgend genannten Rechte gemäß Art. 15 ff. DSGVO zu:

  • Sie können Auskunft darüber verlangen, ob wir personenbezogene Daten von Ihnen verarbeiten. Ist dies der Fall, so haben Sie ein Recht auf Auskunft über diese personenbezogenen Daten sowie auf weitere mit der Verarbeitung zusammenhängende Informationen (Art. 15 DSGVO). Bitte beachten Sie, dass dieses Auskunftsrecht in bestimmten Fällen eingeschränkt oder ausgeschlossen sein kann (vgl. insbesondere Art. 10 BayDSG).
  • Für den Fall, dass personenbezogene Daten über Sie nicht (mehr) zutreffend oder unvollständig sind, können Sie eine Berichtigung und gegebenenfalls Vervollständigung dieser Daten verlangen (Art. 16 DSGVO).
  • Bei Vorliegen der gesetzlichen Voraussetzungen können Sie die Löschung Ihrer personenbezogenen Daten (Art. 17 DSGVO) oder die Einschränkung der Verarbeitung dieser Daten (Art. 18 DSGVO) verlangen. Das Recht auf Löschung nach Art. 17 Abs. 1 und 2 DSGVO besteht jedoch unter anderem dann nicht, wenn die Verarbeitung personenbezogener Daten erforderlich ist zur Wahrnehmung einer Aufgabe. Die im öffentlichen Interesse liegt oder in Ausübung öffentlicher Gewalt erfolgt (Art. 17 Abs. 3 Buchst. b DSGVO).
  • Sie haben das Recht, sich bei einer Aufsichtsbehörde im Sinn des Art. 51 DSGVO über die Verarbeitung Ihrer personenbezogenen Daten zu beschweren. Zuständige Aufsichtsbehörde für bayerische öffentliche Stellen ist der Bayerische Landesbeauftragte für den Datenschutz, Wagmüllerstraße 18, 80538 München.

Pflicht zur Bereitstellung

Wenn Sie an unseren Veranstaltungen teilnehmen oder unsere Einrichtung betreten möchten, sind wir durch die Vorgaben der gesetzlichen Unfallversicherung und die aktuellen Rechtsvorschriften zur Bekämpfung der Corona-Pandemie verpflichtet, Ihre personenbezogenen Daten zu verarbeiten.

Wenn Sie die erforderlichen Daten nicht angeben, können wir Ihnen die Teilnahme an Veranstaltungen bzw. ein Betreten der Einrichtung leider nicht gestatten.

Zwecke und Rechtsgrundlagen der Verarbeitung


Infektionsschutz und Kontaktnachverfolgung bei Veranstaltungen oder Besuchen der Einrichtung Erfüllung behördlicher Auflagen zur Sicherheit der Veranstaltung.


Rechtsgrundlage für die vorübergehende Speicherung der Daten sind: Art. 6 Abs. 1 Buchstaben c bzw. d DSGVO und Art. 9 Abs. 2 Buchstabe i DSGVO i.V.m. Art. 4 Abs. 1; Art. 5 Abs. 1 S. 1 Nr. 1 BayDSG auf Grundlage von BayIfSMV, IfSG, § 21 SGB VII.

Kategorien der personenbezogenen Daten

NummerBezeichnung der Daten
1 Kontaktinformationen
2 Zeitpunkt und Dauer des Aufenthaltes
3 Informationen des Gesundheitsamtes

Kategorien der Empfänger

Nr. bei Kategorien Empfänger Anlass der Offenlegung Speicherort
1, 2 Zuständige Gesundheitsämter / Kreisverwaltungsbehörden §§ 16 Abs. 2 und § 25 Abs. 2 IfSG Deutschland

Vorgesehene Fristen für die Löschung der verschiedenen Datenkategorien

Nr. bei Kategorien Löschfrist
1, 2 Vier Wochen nach dem Besuch und Ende der Veranstaltung bzw. Einrichtung, sofern keine Offenlegung erfolgt.
3 Informationen des Gesundheitsamtes werden nicht dauerhaft gespeichert.

SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential information, for example enquiries you send to us as operators of the website. You can recognise an encrypted connection when the browser’s address line changes from http:// to https:// and a padlock appears in your web browser.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Rights of the data subject

With regard to the processing of your personal data, you as a data subject are entitled to the following rights pursuant to Art. 15 et seq. GDPR:

  • You can request information as to whether we process your personal data. If this is the case, you have the right to information about this personal data as well as further information in connection with the processing (Art. 15 GDPR). Please note that this right of access may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
  • In the event that personal data about you is (no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).
  • If the legal requirements are met, you can demand that your personal data be erased (Art. 17 GDPR) or that the processing of this data be restricted (Art. 18 DSGVO). However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply, inter alia, if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or in the exercise of official authority vested (Art. 17 para. 3 letter b GDPR).
  • If you have given your consent to the processing, you have the right to withdrawal it at any time. The withdrawal will only take effect in the future; this means that the withdrawal does not affect the lawfulness of the processing operations carried out on the basis of the consent up to the withdrawal.
  • For reasons arising from your particular situation, you may also object to the processing of your personal data by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
  • Insofar as you have consented to the processing of your personal data or have agreed to the performance of the contract and the data processing is carried out automated , you may be entitled to data portability (Art. 20 GDPR).
  • You have the right to lodge a complaint to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The responsible supervisory authority for Bavarian public authorities is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 Munich.