CCTV policy

Data privacy information pursuant to Article 13(1) and (2) of the General Data Protection Regulation (GDPR) on the use of closed-circuit televion (video surveillance) at Zittau/Görlitz University of Applied Sciences

Controller responsible for data processing

Hochschule Zittau/Görlitz
University of Applied Sciences
Theodor-Körner-Allee 16
02763 Zittau, Germany

Email: DTG-Sekretariat(at)
Tel.: +49 3583 612-4475

The controller's data protection officer

The data protection officer is available under:

Hochschule Zittau/Görlitz
Theodor-Körner-Allee 16
02763 Zittau, Germany

Email: Datenschutzbeauftragter(at)
Tel.: +49 3583 612-3360

Purposes of the processing

We use CCTV equipment to observe and monitor our indoor and outdoor premises for the prevention, investigation and detection of crime and the establishment of legal claims.

Legal reference

The authority over the University premises and the provisions of Art. 6(1) lit. f GDPR and Section 13(1) and (2) of the Saxon Act to Implement Data Privacy (SächsDSDG) [de] constitute the University's legitimate interest in the maintenance of order and safety in and on its properties.

Recipients (categories)

On a case-by-case basis, the University will release CCTV data exclusively for the above-mentioned purposes and upon prior approval of the controller to the following recipients:

  • the University’s Staff Committee;
  • the Chancellor.

No personal data will be transferred to third countries or international organizations.

Retention period

Unless otherwise required, recorded material/data will be retained for 15 days from the date of recording, after which it will be erased by overwriting with new data. If the retention of individual CCTV data is necessary for the establishment, exercise or defence of legal claims, their erasure will be suspended for the relevant duration in accordance with Art. 17(3) lit. e GDPR.

Rights of the data subject

In the presence of the statutory prerequisites, you have the right to:

  • obtain confirmation as to whether personal data concerning you are being processed and, if this is the case, to obtain access to your personal data (Art. 15 GDPR);
  • obtain the rectification of inaccurate personal data (Art. 16 GDPR);
  • obtain the erasure of personal data concerning you (Art. 17 GDPR);
  • obtain restriction of processing of personal data concerning you (Art. 18 GDPR);
  • object to the processing of personal data concerning you (Art. 21 GDPR);
  • lodge a compaint with the Saxon Data-Protection Supervisor (see [de]).

Provision of personal data

The provision of personal data is not a statutory requirement (Art. 13(2) lit. 3 GDPR).

Decision-making and profiling

We do not use automated decision-making or profiling (Art. 22(1) and (4) GDPR).