Legal notes – Laboratory for mechatronic and renewable energy systems

Munich University of Applied Sciences takes the protection of your personal data seriously. We process personal data only to the extent necessary for the fulfillment of our statutory duties. This privacy policy explains which data we collect when you use this website, for what purpose we use it, and on which legal basis this is done. It also informs you about your rights under data protection law.

1 Name and Address of the Responsible Party

The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Munich University of Applied Sciences
Lothstr. 34
D-80335 Munich
Tel.: +49 89 12 65 – 0
Fax: +49 89 12 65 – 3000
E-Mail: kommunikation@hm.edu
Internet: www.hm.edu

Munich University of Applied Sciences is a public corporation. It is legally represented by its President Prof. Dr. Martin Leitner.

Contact Person:
Prof. Dr.-Ing. habil. Christoph M. Hackl
Head of the Laboratory for Mechatronic and Regenerative Energy Systems (LMRES)
Co-Head Scientific Director of the Institute for Sustainable Energy Systems (ISES)

Room R4.037
Tel.: +49 (0)89 1265 3417
E-Mail: christoph.hackl@hm.edu

2 Data Protection Officer

The Data Protection Officer of Munich University of Applied Sciences can be contacted by email at datenschutzbeauftragter@hm.edu and by telephone at +49 (0)9951 99990-500. Alternatively, you can contact the DPO by post at:
insidas GmbH & Co. KG
Weidenstraße 66
94405 Landau a. d. Isar

3 General Information

3.1 Purposes and Legal Bases for Processing Personal Data

The purpose of data processing is the fulfillment of public tasks assigned to us by law. Unless otherwise specified, the legal basis for processing your data arises from Article 4 (1) of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6 (1)(e) GDPR.

Accordingly, we are permitted to process the data necessary to perform a task carried out in the public interest.

Where you have given your consent to processing, the legal basis is Article 6 (1)(a) GDPR.

3.2 Recipients of Personal Data

Where necessary, your data may be transmitted to the relevant supervisory and auditing authorities to enable them to exercise their statutory oversight functions.
To safeguard IT security, log data may be forwarded to the Bavarian State Office for Information Technology Security on the basis of Article 44 BayDiG (see section “Logging” for details).

3.3 Duration of Storage of Personal Data

Your data will only be stored for as long as is necessary to fulfill our tasks, taking into account applicable statutory retention periods.

3.4 Your Rights

If we process personal data about you, you have the following rights under the GDPR:
Right of access (Art. 15 GDPR): You can request confirmation as to whether we process personal data concerning you. If so, you have the right to obtain information about this data and details of its processing. Please note that this right may be restricted or excluded in certain cases (see in particular Art. 10 BayDSG).
Right to rectification (Art. 16 GDPR): If incorrect personal data is processed, you have the right to have it corrected.
Right to erasure and restriction (Art. 17 and 18 GDPR): You can request deletion or restriction of processing if the legal requirements are met. However, the right to erasure does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 17 (3)(b) GDPR).
Right to withdraw consent (Art. 7 (3) GDPR): If you have consented to processing, you may withdraw this consent at any time with future effect. The lawfulness of processing carried out before the withdrawal remains unaffected.
Right to object (Art. 21 GDPR): You may object to the processing of your data at any time on grounds relating to your particular situation. If the legal requirements are met, we will no longer process your personal data.
Further restrictions, modifications, or exclusions of these rights may arise from the GDPR or national legislation. You can also obtain detailed information about these rights from our Data Protection Officer.

3.5 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority:

Bavarian State Commissioner for Data Protection (BayLfD)
Postal address: Postfach 22 12 19, 80502 Munich
Address: Wagmüllerstraße 18, 80538 Munich
Telephone: +49 89 212672-0
Fax: +49 89 212672-50
The online reporting form: www.datenschutz-bayern.de

4 Information About This Website

4.1 Logging

When you access this or other websites, data is transmitted to our web server by your internet browser. The following data is collected during an active connection for communication between your browser and our server:
Date and time of the request
Name of the requested file
Page from which the file was requested
Access status (file transferred, file not found, etc.)
Web browser and operating system used
Full IP address of the requesting computer
Amount of data transferred
For technical security reasons — in particular to defend against attempted attacks on our web server — this data is stored temporarily. After a maximum of seven days, the IP address is anonymized by truncation to the domain level, so that no reference to individual users is possible.
To ensure IT security, this data may be forwarded to the Bavarian State Office for Information Technology Security in accordance with Article 44 BayDiG.

4.2 Secure Data Transmission

When accessing this online service, a secure, encrypted connection (HTTPS with Perfect Forward Secrecy, using at least TLS 1.2) is offered, ensuring that your data cannot be accessed by third parties during transmission.
We recommend using the latest version of your web browser to ensure this function works properly.

5 Cookies

We use cookies for the correct technical and functional provision of this web site. Cookies are small text files that are stored on the device you use.

The legal basis for storing information and processing personal data using technically necessary cookies is § 25 (2) TDDDG as well as Art. 6 (1)(e) GDPR in conjunction with Art. 4 BayDSG.

Technically necessary cookies are only valid for the current session and are automatically deleted when you close your browser.

The use of functional cookies is voluntary. If these cookies are blocked, the provision of certain functions may not be possible in full.

The legal basis for the use of technically unnecessary cookies is the user’s consent in accordance with § 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR.
When accessing this website, we store following cookies on your device. These have a validity of:

Name:                           Storage duration:

• pll_language: 365 days
• wordpress_test_cookie: Session

6 Contact by Email

6.1 Description and Scope of Data Processing

You may contact us via the email address provided. In this case, the personal data transmitted with your message will be stored.
The data will not be passed on to third parties and is used solely to process your inquiry.

6.2 Legal Basis for Processing

The legal basis for processing personal data transmitted by email is Article 6 (1)(e) GDPR in conjunction with Article 4 BayDSG.
If the email contact is aimed at concluding a contract, the additional legal basis is Article 6 (1)(b) GDPR.

6.3 Purpose of Processing

Any additional personal data processed during transmission serves to prevent misuse of the contact form and to ensure the security of our IT systems.

6.4 Retention Period

Your personal data will be deleted once it is no longer required to achieve the purpose for which it was collected. For data transmitted by email, this is the case when the conversation with you has ended — that is, when the circumstances indicate that the matter has been fully resolved.
Additional personal data collected during transmission will be deleted after a maximum of seven days.

6.5 Right to Object and Erasure

You may object at any time to the processing of your personal data in connection with email communication for the future. In this case, the conversation cannot be continued, and all personal data stored in this context will be deleted.

7 Email Security Notice

Please note that unencrypted emails may be intercepted and read by third parties during transmission. In general, we cannot verify your identity solely based on a third-party email address. Legally secure communication via standard email cannot therefore be guaranteed.
Like many email providers, we use spam filters that may occasionally and incorrectly classify legitimate emails as spam. Emails containing harmful programs (“viruses”) are automatically deleted.
If you need to send personal or otherwise sensitive data, please agree on appropriate encryption with the recipient (our staff) beforehand, or use postal mail.

8 Active Content

This website uses active content such as JavaScript, Java applets, or ActiveX controls. You can disable these features in your browser settings if you wish.

9 Notice Regarding this Privacy Policy

Unless otherwise specified, the use of all information we hold about you is subject to this privacy policy.
The controller reserves the right to adapt this policy in line with technological developments and necessary security measures. Any updates will be published on this page.
Last updated: November 2025

10 Further Information

10.1 Technical and Organisational Measures

The controller has implemented technical and organisational measures to protect your data from loss, destruction, or unauthorised access. In addition, both employees of the controller and any service providers are obligated to maintain confidentiality and comply with data protection regulations.

10.2 SSL / TLS Encryption

For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This ensures that data transmitted via the site cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line in your browser and the lock symbol.