Datenschutzerklärung
Hier finden Sie die Datenschutzerklärungen der Akademie der Bildenden Künste München.
Here you can find the privacy policies of the Academy of Fine Arts Munich.
Data Protection Information for Video Conferencing
Data Protection Information for Personnel Selection Process
Data Protection Information for Application and Admission Procedure for Studies [To Come]
Data Protection Declaration for this Website
This data protection declaration covers the processing of personal data on this website, including the services offered there and to the extent that no special information is provided.
For more information on the processing of your data, please use the contact details given below.
A. General information
Contact details of the controller
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:
Akademie der Bildenden Künste München
Akademiestrasse 2-4
80799 München
Tel +49 / 89 / 3852 -0
Fax +49 / 89 / 3852 -252
The Akademie der Bildenden Künste München (AdBK) is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Karen Pontoppidan.
Contact details of the Data Protection Officer
Data Protection Officer of the Akademie der Bildenden Künste München
Akademiestrasse 2-4
80799 München
Tel +49 / 89 / 3852 -101
Purpose of and legal basis for the processing of personal data
The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.
The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.
Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.
Recipients of personal data
Technical operation of our data processing systems is conducted by
ALL-INKL.COM - Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68 | D-02742 Friedersdorf
Telefon: +49 35872 353-10
Telefax: +49 35872 353-30
E-Mail:
Storage period for personal data
Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.
B. Rights of the data subject
General regulations
Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:
- You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
- If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
- If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply, however, if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
- If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
- If there is an international transfer of personal data without the basis of an adequacy decision of the EU Commission, you have the right to obtain a copy of the contractual safeguards from us upon request.
- You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy.
Right of revocation
Insofar as processing is based on consent, you have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right to object
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.
C. Information about the website
Technical implementation
Our web server is operated by ALL-INKL.COM - Neue Medien Münnich. The personal data transmitted by you when you visit our website is therefore processed by
ALL-INKL.COM - Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68 | D-02742 Friedersdorf
Telefon: +49 35872 353-10
Telefax: +49 35872 353-30
E-Mail:
on our behalf.
Creation of log files
By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file and data volume transmitted
- Access status (file transmitted, not found etc.)
- Identifying data of browser and operating system used (if transmitted by the browser accessing the site)
- The website from which our website is accessed (if transmitted by the browser accessing the site)
The data in this log file is processed as follows:
- Log entries are continually and automatically analysed, with the purpose of recognising attacks on the server and being able to react accordingly.
- In some instances, for example if an error or security breach is reported, a manual analysis is performed.
- Log entries that are older than seven days are anonymised by shortening the IP address.
- The anonymised logs are used for creating statistics on site access. The software used for this is operated locally by the LRZ.
The IP addresses contained in the log files are not combined with other data, so that the LRZ cannot draw conclusions about individual users.
This data is deleted once the connection is ended.
SSL encryption
We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.
Active Components
We use active components such as JavaScript, Java-Applets or Active-X-Controls. You can adjust your browser settings to disable this function.
Cookies
When you access this website, we store cookies (small files) on your device that are valid for the duration of your visit to our website (session cookies). These are only used while you are accessing our website. Most web browsers are set up to allow the use of cookies. You can deactivate this function using your browser settings, either for the current session or permanently. Your browser will delete these cookies automatically when you leave the site.
D. Information on specific instances of data processing
Newsletters
You can subscribe to our newsletter. To subscribe it is generally sufficient to enter your email address. We may, however, ask you to give your name, so that we can address you personally in the newsletter, or to give other information that is necessary for the purposes of the newsletter. Your email address is stored for the purpose of sending the newsletter and processed only for the purpose of sending the newsletter. The newsletter is sent based on your consent.
The university uses the Acymailing newsletter component, which is integrated into the Joomla content management system. No external data transfer takes place.
Double-opt-in procedure: Subscription to our newsletter always uses a so-called double-opt-in procedure: This means that you receive an email upon registration; this message asks you to confirm your registration. This confirmation is necessary to prevent people from registering with other people's email addresses. Registrations for the newsletter are logged so that the registration process can be documented in accordance with legal requirements. This includes storing the time of registration and time of confirmation as well as the IP address. Changes to the data stored with the distributor are also logged.
Possibility to object (opt out): You may cancel your subscription to our newsletter, i.e. revoke your consent or object to further receipt, at any time. A link for cancelling the subscription is provided at the end of each newsletter, or you can use any of the above-mentioned ways to contact us, preferably email.
Events
For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.
E. Amendments to our data protection declaration
We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.
This privacy information refers to the processing of personal data in the context of the provision of data protection breach notifications at the university.
1. Contact details of the controller
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:
Academy of Fine Arts Munich
Akademiestrasse 2-4, 80799 München
Telephone: +49 89 3852 -0
Fax: +49 89 3852 - 252
E-mail:
The Academy of Fine Arts Munich is an organisation under public law and a state institution. It is legally represented by its President, Professor Karen Pontoppidan.
2. Contact details of the Data Protection Officer
You can contact our official Data Protection Officer at:
Data Protection Officer of the Academy of Fine Arts Munich
Akademiestrasse 2-4
80799 München
E-Mail:
3. Purpose of and legal basis for the processing of personal data
When reporting data protection violations, personal data will be collected and processed for the following purposes:
• For internal processing and documentation purposes, the personal data provided by the notifying person will be collected.
• If the personal data breach leads to a risk to the rights and freedom of natural persons, a notification is made to the Bavarian Data Protection Commissioner.
Legal basis:
The legal basis for data processing is and 6 (1) point c) articles 33, 34 of the GDPR in conjunction with article 4 (1) of the Bavarian Data Protection Act (Bayerisches Datenschutzgesetz - BayDSG).
4. Categories of personal data
For internal processing and documentation, personal data provided by the reporting person is collected. This includes:
• Information about the reporting person: surname, first name, contact details (e-mail address, telephone no., facility).
• Time and general description of the incident
• Information on measures taken
• Information on the categories of personal data and scope (number of persons involved and number of data sets affected).
5. Categories of data subjects
The personal data of the person reporting the incident and, if applicable, of the persons affected by the data protection incident are processed.
6. Recipients of personal data
Information on data breaches is sent by email to the email address
Pursuant to article 33 (1) of the GDPR, the university is legally obliged to transmit the data recorded in the notification of a data protection breach to the Bavarian State Commissioner for Data Protection.
In individual cases, data may also be transferred to third parties on the basis of legal permission, for example to law enforcement agencies for the purpose of investigating criminal offences within the framework of the provisions of the Code of Criminal Procedure (Strafprozessordnung - StPO).
If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with article 28 of the GDPR.
7. Transferring Personal Data to a non-EU Country
Not planned at present.
8. Storage period for personal data
The legal basis for the retention is article 33 (5) of the GDPR in conjunction with section 195 of the German Civil Code (Bürgerliches Gesetzbuch - BGB); the data is retained for 3 years.
9. Rights of the data subject
Pursuant to articles 15 et seq. of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:
• You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
• If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
• If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply in certain cases, however, such as if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
• You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy.
If you choose to exercise the rights stated above, the public office will check whether the legal requirements for doing so have been met.
10. Amendments to our data protection declaration
We reserve the right to change this data protection declaration to accommodate changes to legislation or changes in the services we provide (e.g., if we introduce new services).
If you have any further questions, please feel free to contact the Data Protection Officer.