Privacy Policy

Privacy policy

Thank you very much for your interest in our University. Data privacy is of particularly high priority for all our employees and those responsible for the processing of personal data at Zittau/Görlitz University of Applied Sciences ('HSZG', 'the University'). The use of our websites is generally possible without the disclosure of any personal data. A processing of your personal data may, however, be necessary if you want to use particular services of our University through our website. We generally obtain the consent of the data subject where such processing is necessary without a legislative basis.

The processing of personal data such as names, addresses, email addresses or phone numbers is always in line with the General Data Protection Regulation ('GDPR') and all federal and Saxon data protection regulations that apply to us. This page explains what personal information we gather and to what extent and how that information is used and processed. It likewise informs you about your rights under data protection legislation.

As the controller, HSZG has implemented a number of technical and organizational measures to safeguard all personal data processed through its websites as completely as possible. Absolute protection, however, can not be guaranteed since all internet-based data transfer can reveal security holes. You are thus at all times at liberty to submit your personal data by alternative means, for example by telephone.

(1) Definitions

The privacy policy of HSZG is based on the terminology used in the General Data Protection Regulation (GDPR) adopted by the EU Parliament. Our privacy policy should be easy to read and understand by the general public, our visitors, students and partners. We would thus like to explain the terminology used herein beforehand.

Terms we use in this privacy statement:

a) 'Personal data'
(or 'personal information') means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) 'Data subject'
means any identified or identifiable natural person whose personal data is being processed by the controller.

c) 'Processing'
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) 'Restriction of processing'
means the marking of stored personal data with the aim of limiting their processing in the future.

e) 'Profiling'
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) 'Pseudonymization'
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) 'Controller'
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or EU member state law, the controller or the specific criteria for its nomination may be provided by for EU or EU member state law.

h) 'Processor'
means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) 'Recipient'
means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or EU member state law are not regarded as recipients.

j) 'Third party'
means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) 'Consent'
of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

(2) Name and address of the controller

Controller within the meaning of the GDPR, further privacy laws in place in the individual member states of the European Union and other provisions with regard to data protection:

Hochschule Zittau/Görlitz, University of Applied Sciences, Theodor-Körner-Allee 16, 02763 Zittau,
Germany

Tel.: +49 (0) 3583 6120
Email: info@hszg.de
Website: www.hszg.de

(3) Name and address of the controller's Data Protection Officer (DPO):

Prof. Dr. rer. pol. Uwe Wendt, Zittau/Görlitz University of Applied Sciences

Theodor-Körner-Allee 16, 02763 Zittau

Germany

Tel.: +49 (0) 3583 612-3360

Email: datenschutzbeauftragter(at)hszg.de

Every data subject can contact our DPO at any time with all questions or suggestions regarding privacy.

(4) Cookies

The University's websites uses cookies. Cookies are text files stored on a computer system by a internet browser.

Numerous websites and servers use cookies. Many cookies contain a unique cookie ID. The ID is a character string that enables websites and servers to recognize the data subject's internet browser which stores the cookie. The browser can then be identified again through its unique cookie ID.

The use of cookies enables us to provide the visitors of our website with more user-friendly services which would not be possible without cookies.

Cookies help us optimize the information and offers on our website for our visitors. They also enable us to recognize the visitors of our website. The purpose of this recognition is to make the use of our website easier. For example, as a user of a website that stores cookies you do not have to re-enter your login data, since the website can identify you through the cookie and use the information that you have previously entered. Another example is a shopping basket cookie set by an online shop. The shop uses the cookie to remember the items a customer has added to the basket.

Every data subject can permanently opt out from the setting of cookies by our website at any time by changing the respective settings in their internet browser. Cookies that have already been set can likewise be deleted at any time through the internet browser or other programs. All common internet browsers include an option to delete cookies. You may not be able to use all the functions of our website if you opt out from the setting of cookies.

(5) General data and information collected

Our website collects a number of general data and information during every visit of a data subject or an automated system. These general data and information are stored in our server's log files. Data and information that we may collect: (a) type and version of the browser you use, (b) the operating system on your device, (c) the website that referred you to our website, (d) the sub-sites which you access on our website, (e) date and time of your connection to our website, (f) your IP address, (g) your internet service provider, (h) other similar data and information used to protect the security of IT services infrastructure.

These general data and information are collected and used in a manner that does not allow us to personally identify you. We rather need that information to (a) make sure that all content on our website is shown correctly, (b) optimize the contents on our website and its propagation, (c) guarantee the permanent operability of our IT services and internet infrastructure, (d) provide law enforcement agencies with all necessary information in the event of a cyberattack. These anonymous collected data and information are thus analysed statistically and also for increasing the privacy and the integrity of data at our University to ultimately guarantee an optimal level of protection for the personal data we process. The anonymous data stored in our log files are always separated from any personal data provided by you.

(6) Registering on our website

You can optionally register on our website, the process of which includes the provision of personal information. The information you (the data subject) provide to us (the controller) are represented by the respective entry form. All data will be collected and stored for the controller's internal and own purposes only. The controller may arrange for the transfer of personal information to one or several processors (eg parcel services), who will then likewise use your personal information for the sole purpose of internal use on behalf of the controller.

During your registration process on our website we also store the IP address allocated to you by your internet service provider and the date and time of your registration. We need to do so to prevent the abuse of our services and to provide these data to law enforcement agencies if necessary. The storage of these data is therefore necessary to safeguard our own security. These data will not be disclosed to third parties unless this is required by law or for the purpose of criminal prosecution.

Your registration, which entails the provision of personal data by you, allows you to use certain contents and services that we can, due to their character, only offer to registered users. Registered users are at all times at liberty to request the rectification (change) or erasure of their personal information stored by us.

We will provide every data subject at any time on request with information about the categories of personal data we store about them. We will also rectify or erase these on your request or demand unless this is contradicted by legal hold.

The Data Protection Officer named above and all employees of the controller are available as contacts for data subjects in this context.

(7) Subscribing to our newsletter

Our website offers the opportunity to subscribe to our newsletter. The respective subscription form represents the information you (the data subject) provide to us (the controller).

The University uses a newsletter to inform its visitors, staff, students and partners on a regular basis about new services and current events. Our University newsletter can only be received if the data subject has (a) provided a valid email address and (b) subscribed to our newsletter. For legal reasons, we will send a confirmation email to the address you provide at the point of subscription which includes an activation link (closed-loop opt-in procedure). This will confirm that it was you, the owner of the email address, who authorized the subscription to our newsletter.

We also store the IP address allocated to the device the data subject used including the respective timestamp. This is necessary to trace a possible misuse of a data subject's email address at later point in time and serves the legal protection of the controller.

The personal information we collect during subscription will be used exclusively for the purpose of mailing our newsletter. If necessary, subscribers may also receive informational emails when changes to our newsletter service or its technical background occur. The personal data you provided during newsletter subscription will not be disclosed to third parties. You can unsubscribe from our newsletter at any time. You can withdraw your consent given to the storage of your personal data in our newsletter database at any time. Every newsletter includes a corresponding link that allows you to cancel your subscription and have your personal information deleted from our database. You can also directly unsubscribe on our website or otherwise inform us that you wish to unsubscribe from our newsletter.

(8) Newsletter tracking

Our newsletters contain web beacons. Web beacons are small tracking pixels or images embedded in HTML emails allowing us to create a log file and its subsequent analysis. This helps us to perform a statistical evaluation of our online marketing in terms of success or failure. The embedded beacon allows us to gather information about if and when a data subject has opened our newsletter and which links in the email they clicked on.

We store and analyse the personal data collected through those beacons in order to optimize our newsletters and tailor them in the future to the individual interests of each recipient. These personal data will not be disclosed to third parties. All data subjects are at any time entitled to withdraw their consent in this respect, which has been given separately through closed-loop opt-in email authentication. This will cause the erasure of your data from our newsletter database. Cancelling subscription to our newsletter will be automatically regarded as withdrawal of consent.

(9) Contacting us through our website

Our website contains a Legal Notice ('Impressum') for quick contact and direct communication with us, including a generic email address. Every personal information a data subject has voluntarily submitted to the controller by email or through a contact form will be stored automatically for the purpose of processing their request or contacting them in return. These personal data will not be disclosed to third parties.

(10) Subscribing to comments on our website's blog

Visitors can follow comments made on posts on the HSZG blog. In particular, comment posters can subscribe to comments made on a blog post after their own comment.

Users who choose to follow comments will automatically receive a confirmation email by the controller to verify the owner of the provided email address (closed-loop opt-in). The following of comments can be disabled at any time.

(11) Routine erasure and blocking of personal data

The controller processes and stores the personal data of the data subject only for the time necessary to fulfil the purpose they are collected for or when a provision has been made for the processing and storing of such data in European directives and regulations or other laws and regulations by legislative authorities that are applicable to the controller.

The corresponding personal data will be routinely blocked or erased pursuant to statutory provisions when the purpose for the storage is no longer applicable or when a storage period prescribed by European directives and regulations or other laws and regulations has expired.

(12) Rights of the data subject

a) Right of confirmation

Every data subject has the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning them are being processed. You may, at any time, contact our Data Protection Officer or any other employee if you want to avail yourself of this right of confirmation.

b) Right of access by the data subject
Every data subject has, at any time, the right granted by the European legislator to obtain from the controller free information about their personal data stored and a copy of this information. Furthermore, the European directives and regulations grant the data subject the following information:

  • the purpsoes of the processing;
  • the categories of personal data being processes;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine this period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject:
  • any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

You may, at any time, contact our Data Protection Officer or any other employee if you want to avail yourself of this right of confirmation.

c) Right to rectification
Every data subject has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You may, at any time, contact our Data Protection Officer or any other employee if you want to avail yourself of this right of confirmation.

d) Right to erasure (Right to be forgotten)
Every data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws their consent to which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing. The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.

The personal data have been unlawfully processed.
The personal data have to be erased for compliance with a legal obligation in EU or EU member state law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by us, you may, at any time, contact our Data Protection officer or any of our employees. Our Data Protection Officer or another employee will promptly ensure that the erasure request is complied with immediately.

Where we have made personal data public and are obliged pursuant to Article 17(1) GDPR to erase the personal data, we will, taking account of available technology and the cost of their implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by these controllers of any links to, or copy or replication of those personal data, as far as processing is no longer required. Our Data Protection Officer or another employee will in the individual case take the necessary steps.

e) Right of restriction of processing
Every data subject has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.

The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions applies, and you wish to request the restriction of processing of personal data stored by us, you may, at any time, contact our Data Protection officer or any of our employees. Our Data Protection Officer or another employee will promptly ensure that the restriction request is complied with immediately.

f) Right to data portability
Every data subject has the right granted by the European legislator to receive the personal data concerning them and which they provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, they have the right to transmit those data to another controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, you may at any time contact our Data Protection Officer or any of our employees.

g) Right to object
Every data subject has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them, which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
We will no longer process your personal data in the event of your objection, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal for such purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of your personal data where they are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to assert the right to object, you may at any time contact our Data Protection Officer or any of our employees. In addition, you are at liberty in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use your right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling
Every data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them, or similarly significantly affects them, as long as the decision (a) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (b) is not authorised by EU or EU member state law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (c) is not based on the data subject's explicit consent.
If the decision (a) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (b) it is based on the data subject's explicit consent, HSZG shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.
You may, at any time, contact our Data Protection Officer or any other employee if you wish to exercise your rights concerning automated individual decision-making.

i) Right to withdraw data processing consent
Every data subject has the right granted by the European legislator to withdraw their consent to processing of their personal data at any time.
If you wish to exercise your right to withdraw your consent, you may at any time contact our Data Protection Officer or any other employee.

(13) Data protection for applications and the application procedures

The controller collects and processes the personal data of applicants for the purpose of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by email or by means of a web form on the website to the controller. If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is eg a burden of proof in a procedure under the German General Equal Treatment Act (AGG).

(14) Data protection provisions and practices regarding the use of Facebook

The controller has integrated components of Facebook on this website. Facebook is a social networking service.

A social networking service is an internet-based social meeting place, an online community that usually enables its users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or company-related information. Among other things, Facebook enables its users to create private profiles, upload photos and network through friendship requests.

Facebook is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The controller responsible for the processing of personal data of data subjects living outside the USA or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time you access one of the individual pages of this website, on which a Facebook component ('Facebook plug-in') has been integrated, the internet browser on your device is automatically being prompted by the respective Facebook plug-in to download an image file of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at developers.facebook.com/docs/plugins As part of this technical process, Facebook is informed about which specific page of our website is visited by the data subject.

If the data subject is logged in on Facebook at the same time, Facebook recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Facebook connects the information collected by the Facebook plug-in with the data subject's Facebook user account. When the data subject clicks one of the Facebook buttons integrated on our website, eg the "Like" button, or the data subject makes a comment, Facebook attributes these transmitted data and information to the data subject's Facebook user account and stores them.

Facebook receives information through the Facebook plug-in that the data subject has visited our website whenever they are logged in on Facebook when accessing our website; this happens regardless of whether the data subject clicks on the Facebook plug-in or not. If you do not want this information to be transmitted to Facebook, you can prevent this by logging out of your Facebook account before you visit our website.

The data policy published by Facebook, which can be accessed at www.facebook.com/about/privacy/ provides information about the collection, processing, and use of personal data by Facebook. It likewise explains what options Facebook offers to protect the privacy of data subjects. Additionally, there are various applications that help suppress data transmission to Facebook, eg the 'Facebook blocker' by Webgraph, which is available at webgraph.com/resources/facebookblocker/. You can use such applications to suppress data transmission to Facebook.

(15) Data protection provisions and practices regarding the use of Google Analytics (with IP anonymization)

The controller has integrated Google Analytics (with IP anonymization) on this website. Google Analytics is a web analytics service. Web analytics is the collection, analysis and reporting of web data concerning the behaviour of website visitors. A web analytics service collects, among other things, data as to from which website a data subject has been referred to, which individual pages they access, or how often and for how long a page on the website has been viewed. Web analytics are chiefly used for optimizing web usage and to assess and improve the effectiveness of a website and its marketing.

Google Analytics and the Google Analytics Plugin is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller has implemented the extension '_gat._anonymizeIp' for his web analysis through Google Analytics. With this extension, Google Analytics shortens and anonymizes the data subject's IP address when our website is visited from an EU member state or a country which is a signatory to the Agreement on the European Economic Area.

We use Google Analytics to analyse the visitor flow on our website. Among other things, Google uses the collected data and information to compile activity reports for us and to provide us with other services regarding the use of our website.

Google places a cookie on the data subject's device. This cookie facilitates the analysis of how visitors use our website.

Each time you access one of the individual pages of this website, on which a Google Analytics component has been integrated, the internet browser on your device is automatically being prompted by the respective Google Analytics component to transmit data to Google for online analysis. During this procedure, Google obtains personal data such as your IP address, which enables Google to trace the origin of website visitors and their clicks for the subsequent settlement of commissions.

The cookie is used to store personal data such as time, location and frequency of visits to our website by the data subject. These personal data, including your IP address are being transferred to Google in the USA every time you visit our website. Google stores these data in the USA, and may possibly disclose them to third parties.

Every data subject can permanently opt out from the setting of cookies by our website at any time by changing the respective settings in their internet browser. This browser setting would likewise prevent Google from setting a cookie on your device. Cookies that have already been set by Google Analytics can otherwise be deleted at any time through the internet browser or other programs.

You can also object to and prevent the collection, processing and use of personal data generated by Google Analytics with regard to your use of our website. If you wish to do so, you can download and install a browser add-on from tools.google.com/dlpage/gaoptout. This add-on uses JavaScript to inform Google that no data and information regarding the use of websites may be transferred to Google Analytics. Google will consider the installed add-on as objection. However, if you at a later point reformat your hard drive, or delete or reinstall your operating system, you will need to renew your opt-out from Google Analytics by reinstalling the browser add-on. If you or someone else who as access to your device deactivates or uninstalls the add-on, you will likewise need to reactivate or reinstall it.

Further information and Google's current privacy policy can be found at policies.google.com/privacy and www.google.com/analytics/terms/. For detailed information about Google Analytics please visit marketingplatform.google.com/about/analytics

(16) Data protection provisions and practices regarding the use of Google+

The controller has implemented the Google +1 button on this website. Google+ is a social networking site. A social networking service is an internet-based social meeting place, an online community that usually enables its users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or company-related information. Among other things, Google+ enables its users to create private profiles, upload photos and network through friendship requests.

Google+ is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time you access one of the individual pages of this website, on which a +1 button has been integrated, the internet browser on your device is automatically being prompted by the respective +1 button to download an image file of the corresponding +1 button from Google. As part of this technical process, Google is being informed about which specific page of our website is visited by the data subject. Further information about Google+ can be obtained at https:// developers.google.com/+/.

If the data subject is logged in on Google+ at the same time, Google recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Google connects the information collected by the +1 button with the data subject's Google+ user account.

When the data subject clicks one of the +1 buttons integrated on our website and thus recommends content, Google attributes these transmitted data and information to the data subject's Google+ user account and stores them. Google stores this +1 recommendation made by the data subject and makes it publicly available according to the previously accepted Google+ terms of use. Subsequently, the +1 recommendation made on this website will be stored and processed in other Google services together with further personal data such as the data subject's Google+ account name and their Google+ profile picture, eg in their personal Google search results, their Gmail account or elsewhere, eg on websites or in connection with with ads. Furthermore, Google is able to connect the data subject's visit to this website to other personal data stored by Google. Google records this personal information for the purpose of improving or optimizing their various services.

Google receives information through the +1 button that the data subject has visited our website whenever they are logged in on Google+ when accessing our website; this happens regardless of whether the data subject clicks on the +1 button or not.

If you do not want your personal data to be transmitted to Google, you can prevent this by logging out of your Google+ account before you visit our website.

Further information and the current Google privacy policy can be found at policies.google.com/privacy. Further notes on the Google +1 button can be found at developers.google.com/+/web/buttons-policy.

(17) Data protection provisions and practices regarding the use of Instagram

The controller has integrated components of Instagram on this website. The Instagram service is an audiovisual platform allowing its users to share photographs and videos, including their further distribution on other social networking sites.

Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time you access one of the individual pages of this website, on which an Instagram component ('Instagram follow button') has been integrated, the internet browser on your device is automatically being prompted by the respective Instagram plug-in to download an image file of the corresponding component from Instagram. As part of this technical process, Instagram is being informed about which specific page of our website is visited by the data subject.

If the data subject is logged in on Instagram at the same time, Instagram recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Instagram connects the information collected by the Instagram follow button with the data subject's Instagram user account. When the data subject clicks one of the Instagram follow buttons integrated on our website, Instagram attributes these transmitted data and information to the data subject's Instagram user account and stores them.

Instagram receives information through the Instagram follow button that the data subject has visited our website whenever they are logged in on Instagram when accessing our website; this happens regardless of whether the data subject clicks on the Instagram follow button or not. If you do not want this information to be transmitted to Instagram, you can prevent this by logging out of your Instagram account before you visit our website.

Further information and Instagram's current privacy policy can be found at help.instagram.com/155833707900388 and help.instagram.com/196883487377501.

(18) Data protection provisions and practices regarding the use of Jetpack for WordPress

The controller has integrated Jetpack on this website. Jetpack is a plug-in for WordPress offering additional features for owners of websites that are based on WordPress, one of which providing the operator with an overview of the website's visitors. The number of visitors can be increased by showing related postings or sharing content on the website. Furthermore, Jetpack has integrated certain security features that increase the protection against brute-force attacks. Jetpack also optimizes and accelerates the loading of images on the website.

The Jetpack plug-in for WordPress is operated by Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The Jetpack operators use the tracking technology from Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack places a cookie on the data subject's device.

Each time you access one of the individual pages of this website, on which a Jetpack component has been integrated, the internet browser on your device is automatically being prompted by the respective Jetpack component to transmit data to Automattic for online analysis. During this technical process, Automattic obtains information about data which are subsequently used to create an overview of website visitors. These data are processed to create a website user behaviour analysis and evaluated for the purpose of website optimization. We do not use any data collected through the Jetpack plug-in to identify a data subject without their prior explicit consent. These data are also disclosed to Quantcast, Inc., who uses them for the same purposes as those of Automattic.

You can permanently opt out from the setting of cookies by our website at any time by changing the respective settings in your internet browser. This browser setting would likewise prevent Automattic/Quantcast to place a cookie on your device. Cookies that have already been set by Automattic can otherwise be deleted at any time through the internet browser or other programs.

You can also object to and prevent the collection, processing and use of personal data generated by the Jetpack cookie with regard to your use of our website. If you wish to do so, click the opt-out button at www.quantcast.com/opt- out/. This will set an opt-out cookie on your device. If you delete the cookies stored on your device at a later point, you will need to click the aforementioned link again to set a new opt-out cookie.

However, setting the opt-out cookie may result in our website no longer being fully available to you.

The current Automattic privacy policy can be found at automattic.com/privacy/. The current Quantcast privacy policy can be found at www.quantcast.com/privac

(19) Data protection provisions and practices regarding the use of LinkedIn

The controller has integrated components of LinkedIn Cooperation on this website. LinkedIn is a social networking site enabling its users to connect with existing and establish new business contacts. LinkedIn has 400 million users in more than 200 countries. It is currently the largest business network platform and one of the most frequently visited websites in the world.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. The controller responsible for the processing of personal data of data subjects living outside the USA is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time our website is accessed, on which a LinkedIn component ('LinkedIn plug-in') has been integrated, the internet browser used by the data subject is being prompted to download an image file of the corresponding component from LinkedIn. Further information on LinkedIn plug-ins can be obtained at developer.linkedin.com/plugins. As part of this technical process, LinkedIn is being informed about which specific page of our website is visited by the data subject.

If the data subject is logged in on LinkedIn at the same time, LinkedIn recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. LinkedIn connects the information collected by the LinkedIn component with the data subjec's LinkedIn user account. When the data subject clicks one of the LinkedIn buttons integrated on our website, LinkedIn attributes these transmitted data and information to the data subject's LinkedIn user account and stores them.

LinkedIn receives information through the LinkedIn component that the data subject has visited our website whenever they are logged in on LinkedIn when accessing our website; this happens regardless of whether the data subject clicks on the LinkedIn button button or not. If you do not want this information to be transmitted to LinkedIn, you can prevent this by logging out of your LinkedIn account before you visit our website.

You can opt out from receiving LinkedIn emails, texts and targeted ads or adjust ads settings at www.linkedin.com/psettings/guest-controls. LinkedIn also uses the services of various partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may be setting their own cookies. You can opt out from such cookies at www.linkedin.com/legal/cookie-policy. The current LinkedIn privacy policy can be found at www.linkedin.com/legal/privacy-policy. The current LinkedIn cookie policy can be found at www.linkedin.com/legal/cookie-policy.

(20) Data protection provisions and practices regarding the use of Pinterest

The controller has integrated components of Pinterest Inc. on this website. Pinterest is a social networking site. A social networking service is an internet-based social meeting place, an online community that usually enables its users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or company-related information. Among other things, Pinterest enables its users to publicly share collections of pictures or single images ('pins') in virtual collections known as 'pinboards', which can then be discovered, shared ('repinned') or commented by other users.

Pinterest is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

Each time you access one of the individual pages of this website, on which a Pinterest component ('Pinterest plug-in') has been integrated, the internet browser on your device is automatically being prompted by the respective Pinterest plug-in to download an image file of the corresponding Pinterest component from Pinterest. Further information about Pinterest can be obtained at pinterest.com. As part of this technical process, Pinterest is being informed about which specific page of our website is visited by the data subject.

If the data subject is logged in on Pinterest at the same time, Pinterest recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Pinterest connects the information collected by the Pinterest component with the data subject's Pinterest user account. When the data subject clicks one of the Pinterest buttons integrated on our website, Pinterest attributes these transmitted data and information to the data subject's Pinterest user account and stores them.

Pinterest receives information through the Pinterest plug-in that the data subject has visited our website whenever they are logged in on Pinterest when accessing our website; this happens regardless of whether the data subject clicks on the Pinterest button or not. If you do not want this information to be transmitted to Pinterest, you can prevent this by logging out of your Pinterest account before you visit our website.

The data policy published by Pinterest, which can be accessed at about.pinterest.com/privacy-policy provides information about the collection, processing, and use of personal data by Pinterest.

(21) Data protection provisions and practices regarding the use of Matomo (Piwik)

The controller has integrated Matomo on this website. Matomo, formerly Piwik, is an open-source web analytics application. Web analytics is the collection, analysis and reporting of web data concerning the behaviour of website visitors. A web analytics application collects, among other things, data as to from which website a data subject has been referred to, which individual pages they access, or how often and for how long a page on the website has been viewed. Web analytics are chiefly used for optimizing web usage and to assess and improve the effectiveness of a website and its marketing.

The application is being run on the controller's server. Any sensitive personal information are being stored exclusively on this server.

We use Matomo to analyse the visitor flow on our website. Among other things, we use the collected data and information to compile activity reports regarding the use of our website.

Matomo places a cookie on the data subject's device. This cookie facilitates the analysis of how visitors use our website.

Each time you access one of the individual pages of this website, the internet browser on your device is automatically being prompted by the Matomo component to transmit data to our server for online analysis. During this procedure, we obtain personal data such as your IP address, which enables us to trace the origin of our website visitors and their clicks.

The cookie is used to store personal data such as time, location and frequency of visits to our website by you. These personal data, including your IP address are being transferred to our server and subsequently stored by us. We do not disclose these data to third parties.

You can permanently opt out from the setting of cookies by our website at any time by changing the respective settings in yourinternet browser. This browser setting would likewise prevent Matomo from setting a cookie on your device. Cookies that have already been set by Matomo can otherwise be deleted at any time through the internet browser or other programs.

You can also object to and prevent the collection, processing and use of personal data generated by Matomo with regard to your use of our website. If you wish to do so, you can set an opt-out cookie at matomo.org/docs/privacy/. However, if you at later point reformat your hard drive, or delete or reinstall your operating system, you will need to renew your opt-out cookie at matomo.org/docs/privacy/.

Setting the opt-out cookie, however, may result in our website no longer being fully available to you.

Further information and Motomo's current privacy policy can be found at matomo.org/docs/privacy

(22) Data protection provisions and practices regarding the use of Shariff

The controller has integrated Shariff on this website. Shariff supports privacy-compliant social media buttons. It was developed for the German computer magazine c't and published on GitHub.

The developer of Shariff is GitHub, Inc., 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

Usually, buttons provided by social networking sites transfer personal data as soon as a user visits a website containing a social media button. When Shariff is implemented, however, these personal data will not be transferred to a social networking site unless the visitor actively clicks on the corresponding button. More information about Shariff can be obtained on the c't computer magazine's website at www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im- Einsatz-2470103.html. We use Shariff to protect the personal data of our visitors without foregoing the advantages of social network buttons on our website.

Further information and GitHub's current privacy policy can be found at help.github.com/articles/github-privacy-policy/.

(23) Data protection provisions and practices regarding the use of Twitter

The controller has integrated components from Twitter on this website. Twitter is a multilingual public microblogging service on which users post and interact with messages known as "tweets". Those tweets, which are restricted to 280 characters, can be read by unregistered users, and they are shared with a registered user's followers. Followers are other registered users who follow the tweets of others. Furthermore, Twitter facilitates the addressing of a broader audience with hashtags, links or retweets.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time you access one of the individual pages of this website, on which a Twitter component ('Tweet button') has been integrated, the internet browser on your device is automatically being prompted by the Twitter component to download an image file of the Tweet button from Twitter. More informtion on Tweet buttons can be found at about.twitter.com/de/resources/buttons. As part of this technical process, Twitter is informed about which specific page of our website is visited by the data subject. We use Tweet buttons to allow our users to share the contents of our website with the internet community and to increase the number of our visitors.

If the data subject is logged in on Twitter at the same time, Twitter recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Twitter connects the information collected by the Tweet button with the data subject's Twitter user account. When the data subject clicks one of the Tweet buttons integrated on our website, Twitter attributes these transmitted data and information to the data subject's Twitter user account and stores them.

Twitter receives information through the Tweet button that the data subject has visited our website whenever they are logged in on Twitter when accessing our website; this happens regardless of whether the data subject clicks on the Tweet button or not. If you do not want this information to be transmitted to Twitter, you can prevent this by logging out of your Twitter account before you visit our website.

The current Twitter privacy policy can be found twitter.com/privacy.

(24) Data protection provisions and practices regarding the use of Xing

The controller has integrated components from Xing on this website. Xing is a social networking site enabling its users to connect with existing and establish new business contacts. Registered users can create personal profiles. Companys can create company profiles or share job vacancies on Xing.

Xing is operated by XING AG, Dammtorstr. 30, 20354 Hamburg, Germany.

Each time you access one of the individual pages of this website, on which a Xing component ('Xing plug-in') has been integrated, the internet browser on your device is automatically being prompted by the Xing plug-in to download an image file of the corresponding Xing plug-in from Xing. Further information on Xing plug-ins can be obtained at dev.xing.com/plugins. As part of this technical process, Xing is being informed about which specific page of our website is visited by the data subject.

If the data subject is logged in on Xing at the same time, Xing recognizes with every visit which specific pages of our website the data subject visits for the entire duration of the respective stay on our website. Xing connects the information collected by the Xing plug-in with the data subject's Xing user account. When the data subject clicks one of the Xing buttons integrated on our website, eg the “share” button, Xing attributes these transmitted data and information to the data subject's Xing user account and stores them.

Xing receives information through the Xing plug-in that the data subject has visited our website whenever they are logged in on Xing when accessing our website; this happens regardless of whether the data subject clicks on the Xing button or not. If you do not want this information to be transmitted to Xing, you can prevent this by logging out of your Xing account before you visit our website.

The data policy published by Xing, which can be found at www.xing.com/privacy provides information about the collection, processing, and use of personal data by Xing. Furthermore, Xing has released a privacy statement for the Xing share button at www.xing.com/app/share.

(25) Data protection provisions and practices regarding the use of YouTube

The controller has integrated components from YouTube on this website. YouTube is a free video-sharing website allowing users to upload, view, rate, share, and comment on videos. YouTube allows the publishing of all kinds of videos, including complete movies or TV shows, music clips, movie trailers, or other content created by users.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time you access one of the individual pages of this website, on which a YouTube component ('YouTube video') has been embedded, the internet browser on your device is automatically being prompted by YouTube to download a graphical representation of the YouTube video from YouTube. For more information about YouTube see www.youtube.com/yt/about/. As part of this technical process, YouTube and Google are being informed about which specific page of our website you visit.

If you are logged in on YouTube when you visit a page on our website containing a YouTube video, YouTube recognizes which specific page you are visiting. This information is collected by YouTube and Google, which connect it to the data subject's YouTube user account.

YouTube and Google receive information through the YouTube video that the data subject has visited our website whenever they are logged in on YouTube when accessing our website; this happens regardless of whether the data subject watches the embedded video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent this by logging out of your YouTube account before you visit our website.

The data policy published at policies.google.com/privacy provides information about the collection, processing and use of personal data by YouTube and Google.

(26) Legal basis for the processing

Article 6(I)(c) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our University subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing is necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our University and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our University or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

(27) Legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and shareholders.

(28) Period for which personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

(29) Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide their personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (eg tax regulations) or can also result from contractual provisions (eg information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our University signs a contract with them. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

(30) Automated decision-making

As a responsible University we do not use automatic decision-making or profiling.

Letzte Änderung: 5. September 2018

Anmelden
Direktlinks & Suche