Data protection notice of the RheinMain University of Applied Sciences – information about the processing of your data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR)

References to legislation are to the European General Data Protection Regulation (GDPR) and to the Hessian Data Protection and Freedom of Information Act (HDSIG) in the version in force from 25 May 2018.

Scope of application

This data protection notice applies to the website of the RheinMain University of Applied Sciences and to personal data collected via this website. For websites of other providers that are referred to via links, for example, the data protection notices and statements of these websites shall apply.

Responsibility

The person responsible for the processing of personal data on this website is:
Prof. Dr. Eva Waller | President of the RheinMain University of Applied Sciences
Kurt-Schumacher-Ring 18 | 65197 Wiesbaden (Germany)
Tel.: +49 611 9495-01 | E-mail: praesidiumssekretariat(at)hs-rm.de

Data Protection Officer

You can contact the Data Protection Officer of the RheinMain University of Applied Sciences at
Kurt-Schumacher-Ring 18 | 65197 Wiesbaden (Germany)
E-mail: datenschutzbeauftragter(at)hs-rm.de

Hosting

The website is stored on IT systems belonging to the RheinMain University of Applied Sciences.

Handling of your data

1. Personal data

Personal data, pursuant to Art. 4 GDPR, means all information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online login or to one or more factors that is/are personal to said natural person’s physical, physiological, genetic, mental, economic, cultural or social identity. We adhere to the principles of data avoidance and data minimization. We shall therefore store your personal data only for such time as it may be required for the purposes stated here or as stipulated by the various time limits for storage provided for by the legislator. After the respective purpose ceases to apply or after these time limits for storage expire, the corresponding data shall, as a matter of course and in accordance with the statutory provisions, be blocked or deleted. For records-related processes, we follow as a matter of principle the time limits for storage stipulated in the Records Management Decree of the State of Hesse (“Aktenführungserlass des Landes Hessen”) . This storage period is, as a general rule, five years.

2. Forms (including contact forms)

When you provide us with personal data when sending an inquiry, registering for an event etc. via one of our online forms, we shall use this data solely for the purpose for which you provide it to us in order to perform our tasks. The data will be stored on IT systems of the RheinMain University of Applied Sciences and used only for the processing of your request by technically competent persons.
Legal basis of the processing: Art. 6 (1)(e) and (3)(b) GDPR, Section 3(1) HDSIG, Section 3 ff. Hessian Higher Education Act (HHG)

3. Ordering a newsletter

When you order a newsletter, the data you provide, such as your e-mail address and the title of the newsletter, will be stored on the IT systems of the RheinMain University of Applied Sciences and used only for sending this newsletter. You may cancel your order at any time and thereby have your stored personal data deleted.
Legal basis of the processing: Art. 6(1)(a) GDPR

4. Transfer of data to a social network/external Internet services

Individual webpages may use external Internet services in order to display media content on our website. It cannot be ruled out that through this process your data, such as your IP address, is sent to the relevant service provider.

5. Provision of embedded videos

On some of our webpages, videos hosted on YouTube (data protection statement: https://policies.google.com/privacy?hl=en&gl=en) and Vimeo (data protection statement: https://vimeo.com/privacy) are embedded. No data is initially sent to the service provider when the page on which such a video is embedded is retrieved for the first time. Only after explicit activation by you can the video be played (“two-click solution”) and only then will your data be transmitted to the relevant provider, such as your IP address. Your approval will apply universally to all pages on this website and can be deactivated at any time, which will prevent the further transmission of data.
Legal basis of the processing: Art. 6(1)(a) GDPR

6. Usage data

Each time a page is retrieved, access data is recorded in a log file, the Apache log file. The data record that is saved in this process contains the following data: 

  • The client IP,
  • the time, 
  • the status, 
  • the queried URL that your browser sent to the server,
  • the amount of data transferred,
  • the website from which you came to the requested page (referrer),
  • and the product and version information of the browser used (user agent).

Legal basis of the processing:  Art. 6(1)(e) GDPR in conjunction with Section 3(1) and Section 80 ff. HDSIG; and Section 12(5-6) and Section 31(4) HHG; and Art 6(1)(f) GPDR

In this way, the RheinMain University of Applied Sciences can learn on which days and at what times the offerings on its website are particularly popular and what volume of data is generated. Furthermore, the RheinMain University of Applied Sciences can recognize potential errors through the log files, such as incorrect links or software errors, and can thus use the log files for the development and constant optimization of the website.

The RheinMain University of Applied Sciences uses the standardized “combined” log file format of the web server for log files. Subject to any statutory retention requirements, the log files are deleted after access has ended. The RheinMain University of Applied Sciences reserves the right to use non-personal data from log files if there are reasonable grounds for suspecting that users are using the website or services of the RheinMain University of Applied Sciences in a way that is unlawful or contrary to contract.

For data security reasons, i.e. in order to explain unauthorized access or to be able to prevent abuse of the website, the complete IP address of the requesting computer is recorded, stored and automatically deleted seven days after the access has ended. Our websites use so-called “cookies”. The use of this functionality can by deactivated by you in the settings of your browser software. Your data is not transferred to another country. Automated decision-making does not take place.

Matomo web analysis service:

The RheinMain University of Applied Sciences uses the “Matomo - Open Analytics Platform” open-source software to analyze access by users and to optimize the website. Each time a page or file on the website of the RheinMain University of Applied Sciences is accessed, the following data is collected, logged and analyzed by “Matomo” for statistical purposes.

  • Date and time of access
  • The user agent (browser identifier)
  • Operating system settings, such as monitor resolution
  • Entry and exit pages and the time spent on the website
  • Files or documents retrieved
  • The IP address (reduced by two bytes)
  • Size of the file or document
  • HTTP Status Code (file transferred, file not found etc...)

“Matomo” uses the “AnonymizeIP” plugin, which reduces your IP address by two bytes immediately after it is recorded, thereby anonymizing it. It is therefore not possible (or possible only with a disproportionate amount of effort) to match a natural person to the IP address. Furthermore, the inclusion of your computer’s IP address in our statistics - about the use of the website - is prevented.

“Matomo” stores a cookie (a text file that is saved on your computer and enables the analysis of website usage) on your computer, in order to log and analyze your user access - in anonymized form - to the website of the RheinMain University of Applied Sciences. The information generated using a cookie is stored solely on the servers of the RheinMain University of Applied Sciences and is not passed on to third parties under any circumstances.

You may decide whether a web analysis cookie may be set within your browser, in order to allow the RheinMain University of Applied Sciences to record, log and evaluate your user access. If you do not wish your user behavior to be recorded, logged and analyzed using the cookie described above, select the “Deny” button under “Change cookie settings”, in order to prevent your user access from being recorded (to enable this, a cookie will be set to stop your user access from being recorded).

Google Search Console:

The RheinMain University of Applied Sciences uses the “Google Search Console” service for analysis purposes, with the aim of optimizing the website to meet the needs of users and to improve the user experience on the website. No user or tracking data is sent by us to Google. We receive only anonymized and aggregated data from Google about our website.

Your rights

As a user of our website, you have various rights in accordance with the General Data Protection Regulation (GDPR) and the Hessian Data Protection and Freedom of Information Act (HDSIG), in particular under Articles 15-18 and 21 GDPR and Sections 33-35 HDSIG:

1. Right to information

In accordance with Art. 15 GDPR, you can request information about your personal data that is processed by us. In your request for information, you should specify your query precisely so as to make it easier for us to collate the required details. Please note that your right to information is restricted by the provisions of Section 24(2), Section 26(2) and Section 33 HDSIG. 

2. Right to correction 

If information relating to you is not accurate, or is no longer accurate, you may request a correction under Art. 16 GDPR. Should your data be incomplete, you may request its completion.

3. Right to deletion

Under the conditions of Art. 17 GDPR and Section 34 HDSIG, you may request your personal data to be deleted. Your right to deletion may depend on whether the details relating to you are still required to fulfill our lawful tasks.

4. Right to restrict processing

In accordance with the provisions of Art. 18 GDPR, you have the right to request the processing of data relating to you.

5. Withdrawal of consent

If you have provided us with your consent, you have the right to withdraw this consent at any time under Art. 13(3)(c) and Art. 7(3) GDPR. By withdrawing your consent, the legality of the processing based on the consent provided until the withdrawal is made shall not be affected.

6. Data portability

Furthermore, you have the rights listed in Art. 20 GDPR (Right to data portability). This right exists only if the processing is based on consent provided in accordance with Art. 6(1)(a) or Art. 9(2)(a) or on an agreement under Art. 6(1)(b) GDPR (Art. 20(1)(a) GDPR).

7. Right to lodge a complaint

If you consider that we have breached data protection regulations while processing your personal data, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or place of the alleged infringement.

General information about data protection can be found on the website of the Hessian Data Protection Officer: www.datenschutz.hessen.de.