Prof. Dr. Kai-Christian Bruhn, University of Applied Sciences, Lucy-Hillebrand-Straße 2, 55128 Mainz, Germany
Contact data protection officer:
The state representative for data protection and freedom of information Rhineland-Palatinate (LfDI), PO box 3040, 55020 Mainz, Germany
Visitors and users of the online presence (subsequently data subjects are also referred to by 'user').
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
According to Art. 32 GDPR, we take suitable technical and organisational measures in consideration of the state of the art, implementation costs and the method, extent, circumstances and the purposes of processing as well as the different probabilities of occurrence and the severity of the risk for rights and liberties of natural persons in order to guarantee a level of protection that is appropriate for the risk.
Part of these measures are especially the protection of confidentiality, integrity and availability of data by controlling the physical access to data as well as the access concerning the data, input, transfer, protection of availability and separation of data. Furthermore, we established processes that guarantee a perception of the rights of individuals, the deletion of data and reaction to the exposure of data. Additionally, in the course of the development or choice of hardware, software as well as processes we already take the protection of personal data into account in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Provided that in the course of our processing we disclose data towards other persons or companies (processers or third parties), transmit or allow access to the data, this only takes place on the basis of a legal permission (e.g. when the transmission of data to third parties as payment service providers is necessary for the performance of a contract according to Art. 6 (1) lit. b GDPR), if you agreed to it, if a legal obligation provides this or on the basis of our legitimate interests (e.g. the employment of representatives, webhosts etc.).
Provided that we instruct third parties to process data on the basis of a so called ‘processor contract‘, this takes place on the basis of Art. 28 GDPR.
Provided that we process data in a third country (in other words, outside of the European Union (EU) or the European Economic Area (EEA)) or in the course of the utilisation of services by third parties or the disclosure or transmission of data to third parties, this only takes place if our pre(contractual) duties are carried out, on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we process data ourselves or they are processed in a third country only in the presence of the special prerequisites of Art. 44 ff. GDPR. In other words, processing takes place, for instance, on the basis of special guarantees as the official assessment of a data protection level that corresponds to the one of the EU (e.g. the ‘Privacy Shield‘ for the US) or the consideration of special contractual obligations that are officially recognised (so called ‘standard contractual clauses‘).
You have the right to obtain confirmation as to whether or not personal data are being processed and further information on these data according to Art. 15 GDPR.
According to Art. 16 GDPR you have the right to have incomplete personal data completed or to obtain from the controller without undue delay the rectification of inaccurate personal data.
According to Art. 17 GDPR you have the right to obtain from the controller the erasure of personal data and, alternatively, the restriction of processing of data according to Art. 18 GDPR.
You have the right to receive the personal data that you have provided to us according to Art. 20 GDPR and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Further, you have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.
You have the right to withdraw your consent according to Art. 7 (3) GDPR.
You have the right to object the future processing of your personal data according to Art. 21 GDPR. Objections can be especially made where personal data are processed for direct marketing purposes.
‘Cookies’ are small files that are saved on the computers of users. Within cookies different information can be saved. A cookie primarily serves to save information on a user (or the device on which the cookie is saved) during or after visiting online presences. Temporary cookies or ‘session cookies’ or ‘transient cookies’ are cookies that are deleted after a user has left an online presence and closed his browser. In such a cookie the content of a cart within an online shop or login data can be saved. ‘Permanent’ or ‘persistent’ cookies are saved even after the browser has been closed. That way, for instance login data can be saved when users find them after some days. In such a cookie interests of user can be saved as well that are used for range measurement or purposes of marketing. ‘Third-party cookies’ are cookies that are offered by a different provider than the controller of the online presence (otherwise, we speak of ‘first-party cookies’).
If users do not want their cookies to be saved on their computer, they are asked to deactivate the relevant option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online presence.
Hosting services that are made use of by us serve the provision of the following services: services of infrastructure and platform, computing capacity, storage space and services of database, security services as well as services of technical support that we employ in order to operate this online presence. Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online presence on the basis of our legitimate interests in an efficient and safe provision of this online presence according to Art. 6 (1) lit. f GDPR in connection with Art. 28 GDPR (processor contract).
We and our hosting provider collect data on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR via every access to our server, on which this service is located (so called server logfiles). Part of the access data are names of the accessed website, file, date and time of the access, transmitted data volume, notification on successful access, browser type together with version, operating system of the user, referrer URL (the website visited before), IP-address and the requesting provider.
Logfile information will be saved for a maximum period of 7 days for reasons of security (e.g. information on acts of misuse and fraud) and afterwards deleted. Data that collection is necessary for purposes of proof are excepted from deletion until the complete clarification of the particular incident.
If users want to contact us (e.g. via contact form, e-mail, telephone or social media), their data are processed in order to execute their contact request according to Art. 6 (1) lit. b GDPR. User information can be saved in a customer relationship management system (‘CRM System’) or in similar contact organisations.
We delete contact requests provided they are no longer required. Every other year, we check the requirement; furthermore, the legal archiving obligations apply.
In the following, we inform you about the contents of our newsletter and the application procedure, mailing procedure and the statistical evaluation procedure as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and procedure described here.
Content of the newsletter: We only send newsletter, e-mails and further electronic messages with advertising information (in the following: ‘newsletter’) with the consent of the recipient or a legal permission. Provided that in the course of the application to our newsletter its contents are specifically outlined, they are essential for the consent of the users. Moreover, our newsletters contain information on our services and ourselves.
Double-opt-in and logging: The application to our newsletter is part of a so-called double-opt-in procedure. In other words, you will receive an e-mail after your application, that requests the confirmation of your application. This confirmation is necessary to guarantee that nobody can apply with someone else’s e-mail address. The applications to our newsletter are logged in order to attest the application process according to the legal requirements. Part of this is the storage of the date and time of the application. Changes of your data that are stored with the shipping provider are also logged.
Application data: In order to apply to the newsletter, it is sufficient if you provide your e-mail address.
The mailing of the newsletter and its connected performance measurement take place on the basis of the consent of the recipients according to Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 7 (2) lit. 3 UWG (law against unfair competition) or on the basis of legal allowance according to § 7 (3) UWG.
The application procedure is logged on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR. Our interest focusses on the employment of a user-friendly and safe newsletter system that serves our commercial interests as well as matches the expectations of the user and further allows us to verify the consent.
Withdrawal: You can cancel the receipt of the newsletter anytime or in other words, withdraw your consent. You can find a link leading to the withdrawal of the newsletter at the bottom of every newsletter. We can save the e-mail addresses that were cancelled up to three years on the basis of our legitimate interests before we delete them in order to attest a former consent. The processing of these data will be restricted to the purpose of a possible resistance to claims. An individual request of deletion is possible anytime provided that a former consent is simultaneously confirmed.
We have online presences in social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When retrieving the networks and platforms, terms and conditions and guidelines of data processing of the respective providers apply.
Within our online presence we employ content and service offerings of third parties on the basis of our legitimate interests (in other words, interest in the analysis, optimisation and economic operation of our online presence according to Art. 6 (1) lit. f GDPR) in order to incorporate their contents and services like videos or fonts (in the following consistently referred to as ‘contents’).
This always implies that third-party suppliers of these contents perceive the IP address of the users because the cannot send the contents to their browsers without the IP address. Hence, the IP address is responsible for the display of these contents. We attempt to use only contents of those providers, who use the IP address merely to deliver contents. Third-party suppliers can also use so-called pixel tags (invisible graphics, also called ‘web beacons’) for statistical or marketing purposes. With ‘pixel tags’ information like the visitor traffic can on the pages of this website can be evaluated. Pseudonymous information can also be saved as cookies on the device of the user and contain among others technical information on the browser, operating system, referencing websites, visiting time as well as further information on the usage of our online presence and be connected with such information from other sources.