Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Phone: +49 (531) 391-0
Email: praesidentin(at)tu-braunschweig.de
datenschutz(at)tu-braunschweig.de
Your personal data is processed for the purposes of car park management, billing, accounting and online booking for the performance of a contract (Article 6(1)(b) of the GDPR) and to comply with legal obligations (Article 6(1)(c) of the GDPR).
We process the following data as part of our car park management operations:
Ticket and transaction data (time, terminal ID) – for car park management; retained until the parking transaction is completed and paid for, for a maximum of 90 days.
Payment data (SEPA mandate reference, IBAN) – for billing and accounting; retained for 10 years in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO).
Your personal data is processed by data processors: a service provider operates the parking management system, records number plates, timestamps and payment/token data, does not store videos permanently, and deletes or anonymises the data after billing and in accordance with statutory retention periods; another service provider provides the necessary data centre infrastructure (computing/storage/network). Third parties only receive your data in the event of breaches of the rules: the relevant registration authority or the Federal Motor Transport Authority is contacted to verify the vehicle owner, and a law firm may be engaged to enforce contractual penalties.
The data subject has the right to request confirmation from the controller as to whether personal data concerning them is being processed; if this is the case, they have the right to access this personal data and to receive the information specified in detail in Article 15 of the GDPR.
The data subject has the right to request from the controller the rectification without delay of inaccurate personal data concerning them and, where applicable, the completion of incomplete personal data (Article 16 of the GDPR).
The data subject has the right to request from the controller the erasure of personal data concerning them without undue delay, provided that one of the grounds listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer necessary for the purposes for which it was collected (right to erasure).
The data subject has the right to request that the controller restrict processing if any of the conditions set out in Article 18 of the GDPR are met, for example if the data subject has objected to the processing, for the duration of the controller’s review.
The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them. The controller shall then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims (Article 21 of the GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right with a supervisory authority in the Member State of their habitual residence, place of work or the place where the alleged infringement occurred. In Lower Saxony, the competent supervisory authority is: The State Commissioner for Data Protection of Lower Saxony, Prinzenstr. 5, 30159 Hanover.