Data Protection/Privacy
Overview
Data controller and data protection officer
Lucy-Hillebrand-Str. 2
55218 Mainz praesidentin (at) hs-mainz.de Data protection officer Data protection officer of Mainz University of Applied Sciences
Lucy-Hillebrand-Str. 2
55218 Mainz datenschutz (at) hs-mainz.de
General information on the processing of data
1. Extent to which personal data is processed
We fundamentally process personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception applies in those cases in which prior consent cannot be obtained for genuine reasons and the processing of the data is permitted by legal regulations.2. Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing procedures that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh said interest, Art. 6 para. 1 letter f of the GDPR serves as the legal basis for processing.
3. Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. The data may also be stored if the European or national law-makers have provided for this in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.Provision of the website and creation of log files
1. Description and extent of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. These are temporarily stored in a something called a log file. This data is not stored together with other personal data of the user.The following data is collected:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the GDPR.3. Purpose of data processing
The data is stored in log files to ensure the functionality of the website. In addition, the data is used for the optimization of our website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.4. Storage period
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted, so that an identification of the requesting client is no longer possible.5. Possibility of objection and elimination
The collection of data in order to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.Usage of cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
- Language settings
- Items in a shopping cart (designinmainz online shop)
- Login information
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after changing pages. We need cookies for the following applications:
- Transferring language settings
- Remembering search terms
- Shopping cart (designinmainz online shop)
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f of the GDPR. e) Storage period, possibility of objection or elimination Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
Newsletter
1. Description and extent of data processing
Interested parties can subscribe to various free newsletters on our website. When registering for a newsletter, the data from the input form is transmitted to us. The following data is usually collected:- Name
- Email address
- First and last name
- Status (graduate/former employeer/former professor/former instructor/n.a.)
- Degree program, date of degree conferral, degree
- IP address of the accessing computer
- Date and time of registration
- User agent of the sender
2. Legal basis for data processing
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a of the GDPR.3. Purpose of data processing
The collection of the user's e-mail address is for the purpose of delivering the newsletter.The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
4. Storage period
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.5. Possibility of objection or elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.Registration
1. Description and extent of data processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input form and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process: Customer account for our designinmainz online shopFirst and last name
Email address
Street, house number, zip code and town or city
Phone number Registration for the HR Forum
First and last name
Email address
Street, house number, zip code and town or city Registration for TOEIC
First and last name
Gender, date of birth, nationality
Street, house number, zip code and town or city
Billing address (street, house number, zip code and town or city)
Email address
Bachelor's/Master's
Affiliation (student at Mainz University of Applied Sciences/student at a different University of Applied Sciences/applicant at Mainz University of Applied Sciences/employee of Mainz University of Applied Sciences/school student)
Express correction (yes/no) Registration for TOEFL/TOEIC
First and last name
Gender
Street, house number, zip code and town or city
Email address Registration for OOPT & OTE
First and last name
Gender
Street, house number, zip code and town or city
Email address
Number of semesters and attempts
Preferred date At the time of registration, the following data is also stored:
- IP address of the accessing computer
- Date and time of registration
- User agent of the sender
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a of the GDPR if the user has given his or her consent.If the registration serves the fulfillment of a contract to which the user is a party or the execution of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b of the GDPR.
3. Purpose of data processing
A registration of the user is necessary for the availability of certain contents and services on our website and/or to fulfill a contract with the user or to execute pre-contractual measures (registration for seminars of the HZW, the HR Forum, TOEIC and TOEFL tests, OOPT and registration for the online shop).4. Storage period
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.This is the case for the data during the registration process for the fulfillment of a contract or for the execution of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
5. Possibility of objection or elimination
As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.If the data is required to fulfill a contract or to execute pre-contractual measures, premature deletion of the data is only possible insofar as contractual or statutory obligations do not prevent its deletion.
Contact form and email contact
1. Description and extent of data processing
There is a contact form on our website which can be used for making contact electronically. If a user takes advantage of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:- Name
- Email address
- Message
- IP address of the accessing computer
- Date and time of registration
- User agent of the sender
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a of the GDPR if the user has given his or her consent.The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f of the GDPR. If the email contact is intended to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.
3. Purpose of data processing
The processing of the personal data from the input form is used solely for the purpose of establishing contact. In the event of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Storage period
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input form of the contact form and the data sent by email, this is the case when the conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection or elimination
The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.The user can send his or her objection by e-mail to kontakt@hs-mainz.de
All personal data stored in the course of contacting us will be deleted in this case.
Tools for analysis
1. Extent of processing personal data
On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing habits of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:- Two bytes of the IP address of the user's calling system
- The accessed website
- The website from which the user has accessed the accessed website (referrer)
- The subpages that are accessed from the accessed website
- The time spent on the website
- The frequency of visiting the website
The software is set so that the IP addresses are not completely stored, but 2 bytes of the IP address are concealed (for instance: 192.168.xxx.xxx). In this way it is no longer possible to match the abridged IP address to the calling computer..
2. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f of the GDPR.3. Purpose of data processing
The processing of users' personal data enables us to analyze the surfing habits of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f of the GDPR. By anonymizing the IP address, the users' interest in protecting their personal data is sufficiently taken into account.4. Storage period
The data will be deleted as soon as it is no longer required for our logging purposes. In our case, this will be the case after 180 days.5. Possibility of objection or elimination
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. We offer users on our website the possibility of an opt-out from the analysis process. To do this, you must follow the corresponding link. In this way, another cookie is placed on your system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from his own system in the meantime, he or she must set the opt-out cookie again.More information about the privacy settings of the Matomo software can be found under the following link: matomo.org/docs/privacyLinks to social media providers
Our websites contain links to the following external social networks:
- YouTube
The links are identified on our website by the respective logo of the social network. Social plugins are not used. When you visit our websites with a link to Facebook, no data is transmitted to third parties.
When you access the social media pages of Mainz University of Applied Sciences, your IP address and other information that is available on your PC in the form of cookies, among other things, is recorded. After registration or login with the social media service, your personal data will be transferred.
Important information
Social media services are often multi-level provider relationships in which the respective information or communication service is offered on a platform that is provided by third parties and in which user data is processed within the framework of the platform operators' own business purposes. This makes social media services difficult to understand from a user perspective and often problematic from a legal point of view, especially with regard to existing responsibilities.
Especially in the case of non-European platform operators/providers, social media services often do not comply with German data protection laws from a data protection perspective. In particular, the requirements of the GDPR are often not complied with. It stipulates an adequate level of information for users prior to the processing of personal data, restrictions on the processing of usage data and the creation of user profiles, as well as a corresponding opportunity to object.
In this regard, however, some fundamental legal issues have not been conclusively resolved. Further information can be found in the 24th Action Report of the State Commissioner for Data Protection, Chapter III.7.4.4 (http://www.datenschutz.rlp.de/downloads/tb/ds_tb24.pdf).
From the standpoint of the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, there is joint responsibility under data protection law for public bodies that use social media services within the scope of fulfilling their duties, as the corresponding usage data is only generated by their offers on social media platforms. In designing our social media offering, we have therefore taken care to ensure that alternative information and communication channels exist as well.
The terms of use of the social media platforms as well as references to existing possibilities to restrict the processing of your data by the respective platform operator can be found under the following internet addresses:
Facebook
de-de.facebook.com/about/privacy
de-de.facebook.com/full_data_use_policy
de-de.facebook.com/about/privacy
youngdata.de
Instagram
https://privacycenter.instagram.com/policy/
youngdata.de
Twitter
twitter.com/privacy
support.twitter.com/forms/privacy
support.twitter.com/search
support.twitter.com/articles/20172711
support.twitter.com/articles/20170320
support.twitter.com/articles/105576
support.twitter.com/articles/20171570
support.twitter.com/articles/20170520
youngdata.de
LinkedIn
https://www.linkedin.com/legal/privacy-policy
www.linkedin.com/legal/user-agreement
www.linkedin.com/psettings/privacy
www.linkedin.com/psettings/
youngdata.de
Xing
privacy.xing.com/de/datenschutzerklaerung
privacy.xing.com/de/ihre-sicherheit
privacy.xing.com/de/ihre-privatsphaere
Rights of the data subject
1. Right to access, rectification, erasure and objection
You have the right:- to request information about your personal data processed by us in accordance with Art. 15 of the GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- to request without undue delay the rectification of incorrect or completion of your personal data stored by us in accordance with Art. 16 of the GDPR;
- to request the erasure of your personal data stored by us in accordance with Art. 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request, pursuant to Art. 18 of the GDPR, the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse the erasure of the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection against the processing in accordance with Art. 21 of the GDPR;
- to receive your personal data that you have provided to us in a structured, common and machine-readable format in accordance with Art. 20 of the GDPR or to request its transfer to another controller.;
- in accordance with Art. 7 para. 3 of the GDPR, to revoke your consent to us at any time. As a consequence of this, we are no longer allowed to continue the processing of data based on this consent in the future and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR. You can usually contact the supervisory authority of your regular place of residence or university location.
2. Right to withdrawal of consent
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.3. Right to lodge a complaint with a supervisory authority
Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority of your workplace or the place of suspected infringement if you believe that the processing of personal data concerning you is in violation of the GDPR.The right to lodge a complaint pursuant to Article 13 of the GDPR shall be asserted before the supervisory authority responsible for Mainz University of Applied Sciences: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
LfDI
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate
Postfach 3040
55020 Mainz