Data protection notice
We take data protection and confidentiality very seriously and comply with the provisions of the EU General Data Protection Regulation (GDPR) as well as applicable national data protection regulations. Please read the following Data protection notice carefully before submitting a report.
The reporting system of TU Dresden (Vispato) is designed to receive, process, and manage reports of significant violations of applicable legal and internal regulations of TU Dresden in a secure and confidential manner. The processing of personal data within the framework of the reporting system is based on TU Dresden’s legitimate interest in detecting and preventing misconduct and thereby averting harm to TU Dresden, its members, and associate members of TU Dresden.
The legal basis for this processing of personal data is Article 6 para. 1 subpara. (e), 1 lit. e, paragraphs 2 and 3 GDPR in conjunction with § 4 para. 1 no. 3 SächsDSDG and §§ 331 ff. German Criminal Code (StGB) or other criminal offenses (corruption and other crimes), 1 lit. c, paragraphs 2 and 3 GDPR in conjunction with §§ 12 para. 1, § 1, and § 13 para. 1 sentence 2 AGG (discrimination and harassment), 1 lit. e, paragraphs 2 and 3 GDPR in conjunction with § 4 para. 1 no. 3 SächsDSDG and criminal offenses (physical harassment, assaults, or insults), 1 lit. e, paragraphs 2 and 3 GDPR in conjunction with § 83 sentence 3 SächsHSG and §§ 16 ff. of the “Statutes for Ensuring Good Scientific Practice, Preventing Scientific Misconduct, and Handling Violations” (violations of good scientific practice), 1 lit. a GDPR (consent of the reporting person to disclose their identity or for consultations regarding the above-mentioned areas).
The reporting system is operated on behalf of TU Dresden by the specialized company Vispato GmbH, Hansaallee 299, 40549 Düsseldorf, Germany.
Personal data and information entered into the reporting system are stored in a database operated by Vispato GmbH in a high-security data center. Access to the data is restricted to authorized personnel at TU Dresden. Vispato GmbH and other third parties have no access to the data. This is ensured in the certified process through comprehensive technical and organizational measures.
For what purpose will personal data be processed?
For the purpose of accepting and processing specific reports of suspected rule violation in relation to TU Dresden, the personal data from the persons whom the report concerns will be processed in the following areas: Compliance in academia and research, compliance in administration, compliance in workplace relations, and other matters relevant to reporting, as well as consulting on the above-mentioned areas. Whistleblowers remain anonymous, unless they expressly choose to disclose their identity.
For the purpose of accepting and processing specific reports of suspected rule violation in relation to TU Dresden, the personal data from the persons whom the report concerns will be processed in the following areas: Compliance in academia and research, compliance in administration, compliance in workplace relations, and other matters relevant to reporting, as well as consulting on the above-mentioned areas. Whistleblowers remain anonymous, unless they expressly choose to disclose their identity.
Who is responsible for data processing and to whom can data subjects turn?
TUD Dresden University of Technology
Sigrid Flade, Office for Good Scientific Practice
Email: gute.wiss-praxis@tu-dresden.de
Frank Pawella, Anti-Corruption Officer
Email: antikorruptionsbeauftragter@tu-dresden.de
Anja Wiede, Complaints Office for Incidents of Harassment, Discrimination and Violence
Email: beschwerden-diskriminierung@tu-dresden.de
TUD Dresden University of Technology
Sigrid Flade, Office for Good Scientific Practice
Email: gute.wiss-praxis@tu-dresden.de
Frank Pawella, Anti-Corruption Officer
Email: antikorruptionsbeauftragter@tu-dresden.de
Anja Wiede, Complaints Office for Incidents of Harassment, Discrimination and Violence
Email: beschwerden-diskriminierung@tu-dresden.de
TUD Dresden University of Technology
Data Protection Officer
Jens Syckor
01062 Dresden, Germany
Email: informationssicherheit@tu-dresden.de
Data Protection Officer
Jens Syckor
01062 Dresden, Germany
Email: informationssicherheit@tu-dresden.de
What personal data will be processed?
Notification system is used on a voluntary basis. If you would like to submit a report via the notification system, we will collect the following personal data and information:
Notification system is used on a voluntary basis. If you would like to submit a report via the notification system, we will collect the following personal data and information:
- Your name, if you choose to reveal your identity,
- The names of persons and other personal data corresponding to individuals you mention in your report, if applicable.
For how long is personal data stored?
In general, personal data is erased within three years of the conclusion of the investigation. Storage beyond this point is only permissible for defining further legal steps such as disciplinary proceedings or the initiation of criminal proceedings. Personal data in conjunction with reports which are regarded as baseless by the person responsible for processing said report will be erased without delay. The question of whether the data is worthy of archiving remains unaffected by the issue of required deletion.
In general, personal data is erased within three years of the conclusion of the investigation. Storage beyond this point is only permissible for defining further legal steps such as disciplinary proceedings or the initiation of criminal proceedings. Personal data in conjunction with reports which are regarded as baseless by the person responsible for processing said report will be erased without delay. The question of whether the data is worthy of archiving remains unaffected by the issue of required deletion.
Will personal data be transferred to third parties?
In general, the transfer of personal data of the person concerned to third parties is impermissible. The right to access files in potential criminal proceedings remains unaffected. Personal data of the person concerned can only be transferred for the purpose of criminal prosecution.
In general, the transfer of personal data of the person concerned to third parties is impermissible. The right to access files in potential criminal proceedings remains unaffected. Personal data of the person concerned can only be transferred for the purpose of criminal prosecution.
What general rights do data subjects have?
TU Dresden is legally obliged to inform the person concerned that a report has been submitted about them once it is determined that this information will not endanger follow-up procedures. The identity of the person submitting the report will not be revealed, insofar as this is legally permissible. The persons concerned have the following rights:
TU Dresden is legally obliged to inform the person concerned that a report has been submitted about them once it is determined that this information will not endanger follow-up procedures. The identity of the person submitting the report will not be revealed, insofar as this is legally permissible. The persons concerned have the following rights:
1) Right to information (Art. 15 GDPR)
Data subjects have the right to obtain information on the data processed concerning them, as well as possible recipients of such data, at any time. They are entitled to a reply within one month after the responsible party receives the request for information.
Data subjects have the right to obtain information on the data processed concerning them, as well as possible recipients of such data, at any time. They are entitled to a reply within one month after the responsible party receives the request for information.
2) Right to rectification, erasure , restriction and right to object (Art. 16 - 18, 18 GDPR)
Data subjects may at any time request TU Dresden to rectify or delete their personal data or to restrict processing. Furthermore, the persons concerned have the right to object to processing.
Data subjects may at any time request TU Dresden to rectify or delete their personal data or to restrict processing. Furthermore, the persons concerned have the right to object to processing.
3) Right of appeal (Art. 77 GDPR)
Data subjects can at any time contact TU Dresden's Data Protection Officer and, in the case of a complaint pursuant to Art. 77 GDPR, the responsible supervisory authority for data protection. The responsible supervisory authority is:
Data subjects can at any time contact TU Dresden's Data Protection Officer and, in the case of a complaint pursuant to Art. 77 GDPR, the responsible supervisory authority for data protection. The responsible supervisory authority is:
Saxon Data Protection and Transparency Officer
Dr. Juliane Hundert
Maternistraße 17
01067 Dresden, Germany
Tel.: +49 351 85471 101
Email: post@sdtb.sachsen.de
www.datenschutz.sachsen.de
Dr. Juliane Hundert
Maternistraße 17
01067 Dresden, Germany
Tel.: +49 351 85471 101
Email: post@sdtb.sachsen.de
www.datenschutz.sachsen.de
To claim your rights, it is sufficient that you notify the responsible person in writing.
Using the reporting system
After submitting a report, you will receive a link and a randomly generated password, which you can save locally. By visiting this page and logging in, you can send additional information to the responsible staff member at TU Dresden, either using your name or anonymously. Within this system, data is stored exclusively in the reporting system itself and is therefore particularly well protected; this is explicitly not email communication.
After submitting a report, you will receive a link and a randomly generated password, which you can save locally. By visiting this page and logging in, you can send additional information to the responsible staff member at TU Dresden, either using your name or anonymously. Within this system, data is stored exclusively in the reporting system itself and is therefore particularly well protected; this is explicitly not email communication.
Notes on sending attachments
When submitting a report or sending an update, you have the option to send attachments to the responsible administrator at TU Dresden. If you wish to submit a report anonymously, please observe the following security notice: Files can contain hidden personal data that could compromise your anonymity. Clean your files of this (meta) data before submitting them. General guidance on removing hidden data from Microsoft Office or PDF documents can be found on the compliance website of TU Dresden. If you have difficulty removing this data or are unsure, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the legal notice for the respective responsible office.
When submitting a report or sending an update, you have the option to send attachments to the responsible administrator at TU Dresden. If you wish to submit a report anonymously, please observe the following security notice: Files can contain hidden personal data that could compromise your anonymity. Clean your files of this (meta) data before submitting them. General guidance on removing hidden data from Microsoft Office or PDF documents can be found on the compliance website of TU Dresden. If you have difficulty removing this data or are unsure, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the legal notice for the respective responsible office.