Privacy Policy - Come2Data – Kompetenzzentrum für interdisziplinäre Datenwissenschaften

Current as of January 2026

This privacy policy provides information about the processing of personal data when using the website come2data.de in accordance with the requirements of the General Data Protection Regulation (GDPR) and the German Telecommunication Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG).

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Dresden University of Technology (TU Dresden)
01062 Dresden, Germany
Represented by: the President Prof. Dr. Ursula M. Staudinger

For questions regarding the content and organization of the website, please contact:

Come2Data
Project Coordination
Center for Interdisciplinary Data Science (CIDS)
TU Dresden
01062 Dresden, Germany
E-Mail: info@come2data.de

The technical conception and implementation of the website is carried out by Dresden University of Technology, Center for Information Services and High Performance Computing (ZIH):

Dresden University of Technology
Department “Center for Information Services and High Performance Computing” (ZIH)
Prof. Dr. Wolfgang E. Nagel
01062 Dresden, Germany
Tel.: +49 351 463-35450
E-Mail: zih@tu-dresden.de

2. Data Protection Officer

The Data Protection Officer of Dresden University of Technology can be contacted at:

Dresden University of Technology
Data Protection Officer
01062 Dresden, Germany
Tel.: +49 (0) 351 463 32839
Fax: +49 (0) 351 463 39718
E-Mail: informationssicherheit@tu-dresden.de

Website: https://tu-dresden.de/informationssicherheit

3. Scope of Data Processing

3.1. Access to the Website

3.1.1. Log Files and Error Logs

No server access log files are created when accessing the website. At server level, only technical error messages (error logs) are processed, which do not contain IP addresses or other personal data. Processing is carried out solely for the purpose of ensuring technical operation and error analysis. Error logs are rotated daily and automatically deleted after 14 days.

3.1.2. Cookies and Comparable Technologies

Only technically necessary cookies are used when operating the website. These cookies are required for the operation and basic functionality of the website. Cookies are small text files that are stored on your device.

The following cookies are set without prior login:
– pll_language: Stores language preference (storage period: 1 year)
– wp-settings-[ID]: Functional cookie for customizing the user interface (storage period: 1 year)
– wp-settings-time-[ID]: Functional cookie for storing time information (storage period: 1 year)

These cookies serve to store your browser settings. The technical IDs are randomly generated and do not contain any personal reference.

After logging in (optionally via DFN-AAI), the following additional cookies are set:
– wordpress_logged_in_[ID]: User authentication (storage period: end of session; if “Stay logged in” is selected: 14 days)
– wordpress_sec_[ID]: Security functions to secure authentication (storage period: end of session; if “Stay logged in” is selected: 14 days)
– wordpress_test_cookie: Checks whether the browser allows the use of cookies (storage period: end of session)

These cookies contain your unique user ID and therefore constitute personal data.

Purpose of processing is the authentication of users.

Legal basis for the setting and reading of all cookies is § 25 (2) No. 2 TDDDG. These cookies are technically necessary; therefore, no consent (no cookie banner) is required. The legal basis for processing user IDs after login is Article 6 (1) (b) GDPR (performance of the login at your request) or Article 6 (1) (f) GDPR (legitimate interest in secure authentication).

3.2. Login to the Website via DFN-AAI

The website offers the option to log in for members of institutions participating in the DFN-AAI network (e.g. TU Dresden, TU Chemnitz, University of Leipzig, and others). Login is not required for general use of the website and is not publicly linked.

During login, the following personal data is processed:
– User identifier from the DFN-AAI network
– Technical session information (user ID in cookies; see section 3.1.2)

Purpose of processing is authentication and the provision of access-restricted functions (currently under development). Logged-in users receive the status “registered user”.

Legal basis for processing is consent pursuant to Article 6 (1) (a) GDPR. By voluntarily logging in, you consent to the processing of your personal data for authentication purposes. Consent is voluntary; however, without consent, login to the website is not possible. Consent may be withdrawn at any time by deleting the account or by sending an e-mail to info@come2data.de.

Personal data will be deleted as soon as the purpose of the login no longer applies or consent is withdrawn.

3.3. Contact and Help Desk

The Help Desk serves as the contact point for data-related enquiries at Saxon universities. It can be reached at any time via the specified e-mail address or the contact form.

Upon receipt of an enquiry (via contact form or e-mail), a ticket is created. In addition to the personal data provided, the ticket contains information regarding the issue to be resolved. Missing information will be requested and added to the ticket. Only information necessary to resolve the enquiry is requested. The required information varies depending on the type of enquiry and the IT services concerned.

If sufficient expertise is not available within Come2Data to process the enquiry, it may be forwarded to third parties who are contractually bound to Come2Data and are members of other research institutions. Forwarding only takes place if explicit consent is given when submitting the enquiry by actively selecting a corresponding consent option (opt-in).

Depending on the matter, the processing may include the following personal data:
– Name
– Contact details (depending on the communication channel and the nature of the enquiry, e.g. internal or external e-mail addresses, business telephone number, building/room)
– Content of the enquiry that may contain personal references (e.g. affected projects, organizational units, e-mail attachments)

Members and affiliates of research organizations should use exclusively the e-mail address provided by their respective research organization for communication.

Purpose of processing is to provide users with solutions to their specific issues. All personal data contained in an enquiry is processed exclusively for handling the enquiry and treated as strictly confidential.

Legal basis for processing is § 11 of the Saxon Data Protection Implementation Act (SächsDSDG) for employees of Dresden University of Technology, or consent pursuant to Article 6 (1) (a) GDPR for all others. Consent is voluntary; however, without consent the enquiry cannot be processed. Consent may be withdrawn at any time by sending an e-mail to info@come2data.de.

Help Desk enquiries are automatically deleted after withdrawal of consent or, otherwise, generally two years after completion of processing, unless legitimate interests within the meaning of Article 6 (1) (f) GDPR require longer storage.

4. Transfer to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below:
– If you have given your explicit consent (Article 6 (1) (a) GDPR)
– If the transfer is necessary for the performance of contractual obligations (Article 6 (1) (b) GDPR)
– If there is a legal obligation (Article 6 (1) (c) GDPR)

5. Rights of Data Subjects

5.1. Right to Voluntary Consent and Withdrawal (Article 7 (3) GDPR)

Where the use of services is based on consent, this consent may be withdrawn at any time pursuant to Article 7 (3) GDPR. The lawfulness of processing carried out prior to withdrawal remains unaffected.

5.2. Right of Access (Article 15 GDPR)

Data subjects have the right to obtain information about the personal data processed concerning them and the possible recipients of such data. A response will be provided within one month of receipt of the request.

5.3. Right to Rectification, Erasure and Restriction (Articles 16–18 GDPR)

Data subjects may request rectification or erasure of their personal data or restriction of processing at any time.

5.4. Right to Data Portability (Article 20 GDPR)

Data subjects may request that Dresden University of Technology provide their personal data in a machine-readable format or transmit it directly to another controller, where technically feasible.

5.5. Right to Object (Article 21 GDPR)

Data subjects may object at any time to the processing of personal data concerning them for reasons arising from their particular situation.

5.6. Right to Lodge a Complaint

Data subjects may contact the Data Protection Officer of Dresden University of Technology at any time.

Dresden University of Technology
Data Protection Officer
01062 Dresden, Germany
Tel.: +49 (0) 351 463 32839
Fax: +49 (0) 351 463 39718
E-Mail: informationssicherheit@tu-dresden.de
https://tu-dresden.de/informationssicherheit

In the event of a complaint pursuant to Article 77 GDPR, data subjects may contact a supervisory authority. The competent supervisory authority is:

Saxon Data Protection and Transparency Officer
Dr. Juliane Hundert
Maternistraße 5
01067 Dresden, Germany
E-Mail: post@sdtb.sachsen.de
Tel.: +49 (0) 351 85471 101
www.datenschutz.sachsen.de