Information on Data Protection

Department of Psychology

Data protection officer

The role of the Department of Psychology's data protection officer is to serve as a mediator and guide between users engaged in research and teaching within the department and the university's data protection officer.

This role includes the following responsibilities:

  • Providing support to the organizational unit/office within the Department of Psychology.
  • Coordinating the exercise of data subject rights.
  • Notifying relevant parties of any (possible) violations concerning the protection of personal data.
  • Assisting data protection officers, particularly in the flow of information.

Data Protection Officer
Dr. Nicole Heitzmann
Empirical Education and Educational Psychology

Contact:
datenschutz.psychologie@psy.lmu.de

Comprehensive Information from the Data Protection Officers

The data protection team has compiled a comprehensive collection of information in the service portal, which should address most initial inquiries.
Before reaching out to us personally, please check whether your questions can be answered here.

In principle, the following regulations apply:

  • Private devices are generally not permitted.
  • Please take precautions at home and especially when working remotely to prevent data loss or theft.
  • Use secure passwords and ensure that sensitive documents are not left unattended.
  • Lock your work computer when you step away from it.
  • Use the Outlook Web Client for communication.
  • Secure sensitive files and ensure that visitors cannot view any data on your desk.
  • Use your business email address solely for work-related purposes.
  • Lock your office when you leave.
  • Properly destroy documents after the retention period has expired. The time periods can be found in the service portal.

Additionally, we would like to highlight that the service portal (DE) now includes a comprehensive collection of practical tips for adhering to data protection regulations in our daily work. For instance, the data protection section covers key topics and subtopics relevant to administration, research, and teaching:

Practical Applications of Data Protection

  • Data secrecy and confidentiality in the handling of personnel data in administrative practice
  • Retention periods and data deletion and destruction
  • Information obligations during data collection
  • Consent to the processing of personal data
  • Processing personal data on behalf and transferring data to a third country
  • Use of video and photo cameras

Data Protection in Scientific Research Projects

  • Medical research
  • Online surveys
  • Research in schools

Data Protection in Teaching and Course Evaluations

  • Processing of student data
  • Use of attendance lists
  • Disclosure of grades
  • Use of plagiarism detection software
  • Proof of examination incapacity
  • Course evaluations
  • Academic presentations and teaching trials as part of appointment procedures

Furthermore, it is important to note that...

  • Processing directories until a technically simpler electronic directory is introduced can be submitted via email to the data protection officer, and we will then forward them to the official data protection officers. Please see below for more details.
  • Reporting a data protection incident (such as unauthorized third-party access to personal data) should initially be directed to the data protection officer using a notification form available on theservice portal (DE). If the incident is serious and needs to be reported to the Bavarian State Commissioner for Data Protection by the official data protection officers, this must occur within 72 hours.
    Prompt action is essential in these cases.

Contact options

  • If your question is not answered via the service portal,
  • If you discover a breach of personal data protection, for example, due to unauthorized individuals having (or potentially having) access to your personal data,
  • If you require a statement from the local data protection officer for your processing description (see below for further information),
  • If you have additional questions,

...you can reach the data protection officer by email at: datenschutz.psychologie@psy.lmu.de.Please note that during periods of increased teaching duties (exams, beginning of the semester), there may be delays in responding to your email.

Opinion from the Local Data Protection Officer on the Processing Description

For your description of a processing activity, you require a statement from the local data protection officer as indicated in point 11.
In short, this description should clarify which data you collect from which group of individuals and the reasonfor collection, who has access to the data, how you ensure data protection, and when the data will be deleted. In the future, this entire process will be completed online; until then, we will need to follow this procedure:

  1. Send the document, completed as fully as possible, as a .docx file to datenschutz.psychologie@psy.lmu.de.
  2. We will provide feedback and identify any missing or insufficient information, which you will be asked to complete.
  3. We will repeat steps 1 and 2 until no further issues are identified.
  4. We will forward the description to the data protection officers.
  5. The data protection officers will comment and highlight any deficiencies, returning the document to us, after which we will send it back to you for revision.
  6. We will repeat steps 1, 4, and 5 until the data protection officers have no further objections.

What are you looking for?

More information about Google data transfer in LMU's Privacy Policy.