Privacy policy

This privacy policy covers the principles of data processing at Darmstadt University of Applied Sciences and the collection of data via its website.

The central website h-da.de presents Hochschule Darmstadt to the outside world, disseminates information and supports the university in its tasks. The website has an independent, standardised design. The departments have a certain amount of freedom to customise the design.

No guarantee is given for the operation, accuracy and up-to-dateness of the information. The IT Services and Applications department of Darmstadt University of Applied Sciences is responsible for the operation of the server. The respective editors are responsible for the organisation in the individual departments. The Presidential Board has general responsibility for the content and decides on the admissibility of data in cases of doubt.

University Communications maintains the homepage of the central website. Otherwise, the departments, faculties and institutions of the university are responsible for the content presented.

Darmstadt University of Applied Sciences takes the protection of personal data very seriously. We process personal data that is collected when you visit our website in compliance with the applicable data protection regulations. In particular, the EU General Data Protection Regulation (GDPR), the Hessian Data Protection and Freedom of Information Act (HDSIG) and the Telemedia Act (TMG) apply.

In the following, we inform you about the type, scope and purpose of the collection and use of personal data.

Your data will neither be published by us nor passed on to third parties without authorisation.

When you visit our website, our web servers automatically save every access in a log file. This data is stored separately from other data that you enter when using our website. It is not possible for us to assign this data to a specific person. This data is used exclusively to check and ensure the reliable technical operation of the web server. This data is deleted after a retention period of 7 days.

The following data is recorded:

• IP address (anonymised)
• Date and time of access
• Name and URL of the retrieved file
• Amount of data transferred
• Access status of the web server (file transferred, file not found, command not executed, etc.)

The login when accessing protected areas is partially logged in order to be able to recognise attempts at misuse and password attacks. No data is stored that could be used to create personal profiles of user behaviour.

The legal basis for processing is Art. 6 Para. 1 b) of the GDPR.

When you visit our website, our web servers automatically save every access in a log file. The following data is recorded:

• IP address (anonymised)
• Date and time of access
• Name and URL of the retrieved file
• Amount of data transferred
• Access status of the web server (file transferred, file not found, command not executed, etc.)

This data is stored separately from other data that you enter when using our website.

The complete data utilisation has a retention period of 90 days. Monthly logs (reduced data usage) have a retention period of one year. Deletion is automated on the web server.

Data protection provisions about the application and use of Matomo

The data controller has integrated the Matomo component on this website. Matomo is an open source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis tool collects data on the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and for cost-benefit analysis of Internet advertising.

The software is operated on the server of the controller and the log files, which are sensitive under data protection law, are stored exclusively on this server.

The purpose of the Matomo component is to analyse the flow of visitors to our website. The controller uses the data and information obtained, among other things, to analyse the use of this website in order to compile online reports that show the activities on our website.

Matomo places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, we are able to analyse the use of our website. Each time one of the individual pages of this website is accessed, the Internet browser on the data subject's IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the person concerned, which serves us, among other things, to trace the origin of visitors and clicks.

Cookies are used to store personal information, such as the time of access, the location from which access originated and the frequency of visits to our website. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Matomo relating to the use of this website.

To do this, the data subject must set "Do Not Track" in their browser or use the opt-out option provided in the privacy policy:

In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and may have to be reactivated by you.

Matomo is an open source project developed by various developers and the company InnoCraft Ltd.

InnoCraft Ltd.
150 Willis St, 6011 Wellington, New Zealand
contact@innocraft.com

Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.

In general, it is not necessary for you to provide personal data in order to use our website. However, in order for us to actually provide some of our services (e.g. registration for an event), we may need your personal data. Any use of your personal data will only take place for the stated purposes and to the extent necessary to fulfil these purposes. None of this data will be passed on to third parties without the user's prior consent.

The transmitted data is stored in a database that is only accessible to administrators.

Personal data is only transferred to state authorities within the framework of mandatory national legislation.

The legal basis for processing is Art. 6 Para. 1 b) (fulfilment of contract) and c) (legal requirements) of the GDPR.

If you have given us your consent to data processing (e.g. via a contact form or a newsletter request), your data will only be processed for the purposes specified therein.

The legal basis for processing is Art. 6 para. 1 a) of the GDPR (consent).

Our Internet pages use cookies in several places. They serve to make our website more user-friendly and effective. Cookies are small text files that are stored on your computer by your browser. Most of the cookies we use are so-called session cookies, which are deleted when you end your browser session. Cookies do not damage your computer and do not contain viruses.

The following cookies are set:

• Session cookie (for session recognition, lifetime: one session)
• TYPO3 session cookie (for session recognition, lifetime, one session)

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers.

If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

The legal basis for the processing is Art. 6 para. 1 b) GDPR.

The data controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting when they access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/http

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Among other things, Facebook allows users of the social network to create private profiles, upload photos and network via friend requests.

The operating company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be accessed at developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Our technical and organisational security measures, which we use to protect all data from unauthorised access, are always kept up to date. Personal information is always transmitted in encrypted form.

Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the websites of the central presence of Darmstadt University of Applied Sciences. We have no influence on and do not check that other providers comply with the applicable data protection regulations.

As the person affected by the data processing, you have various rights:

• Right to withdraw consent: You can revoke any consent you have given us at any time. The data processing based on the revoked consent may then no longer be continued in the future.
  
  
• Right to information: You can request information about your personal data processed by us. This applies in particular to the purposes of the data processing, the categories of personal data, the categories of recipients, if applicable, the storage period, the origin of your data, if applicable, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details.
  
  
• Right to rectification: You can request the rectification of incorrect or the completion of your personal data stored by us.
  
  
• Right to erasure: You can request the erasure of your personal data stored by us, unless its processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  
  
• Right to restriction of processing: You may request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you oppose its erasure. You also have this right if we no longer need the data, but you need it for the establishment, exercise or defence of legal claims. You also have this right if you have objected to the processing of your personal data;
  
  
• Right to data portability: You can request that we send you the personal data you have provided to us in a structured, commonly used and machine-readable format. Alternatively, you can request the direct transfer of the personal data you have provided to us to another controller, insofar as this is possible.
  
  
• Right to lodge a complaint: You can lodge a complaint with the supervisory authority responsible for us, e.g. if you believe that we are processing your personal data unlawfully.

The competent supervisory authority is:

The Hessian Data Protection Officer
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Telephone: 0611 1408-0
E-mail: poststelle@datenschutz-hessen.de
Internet: http://www.datenschutz.hessen.de

If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing. If you wish to exercise your right to object, a notification in text form is sufficient. You can therefore write to us, send us a fax or contact us by e-mail.

The data protection officer at Darmstadt University of Applied Sciences can be contacted at datenschutz@h-da.de.

By using our website, you consent to the use of your data as described above. This data protection declaration is immediately valid and replaces all previous declarations.