Skip to main content

Communications and Marketing

Data Privacy Statement

At Hochschule Bonn-Rhein-Sieg (H-BRS) we believe that it is very important that we protect your personal data when it is collected, processed and used in connection with your visit to our website.

Your data will be protected in accordance with privacy legislation. Under no circumstances will the data collected be sold or passed on to third parties for other reasons unless you expressly agree to their dissemination.

Content

I. Name and Address of the Data Controller

II. Name and Address of the Data Protection Commissioner

III. General Information on Data Processing

IV. Provision of the Website and Creation of Log Files

V. Use of Cookies

VI. Newsletter

VII. Contact Form and Email Contact

VIII. Advertising

IX. Social Media

X. Content from Third-Party Providers

XI. Web Analysis with Matomo

XII. Podcast Hosting and Integration of Podcasts on the Website

XIII. Rights of the Data Subject

 

I. Name and Address of the Data Controller

The Controller pursuant to the General Data Protection Regulation and other national data protection laws of the Member States, plus other legal data protection regulations is:

Hochschule Bonn-Rhein-Sieg
The President
Grantham-Allee 20
D-53575 Sankt Augustin
Germany
Tel.: +49 (0)2241 8650
email: praesident@h-brs.de
Website: https://www.h-brs.de/en/prof-dr-hartmut-ihne

 

II. Name and Address of the Data Protection Commissioner

The data protection commissioner is:
N. N.
Grantham-Allee 20
D-53575 Sankt Augustin
Germany
Email: datenschutzbeauftragte@h-brs.de

 

III. General Information on Data Processing

1. Extent of the Processing of Personal Data

In principle, we at Hochschule Bonn-Rhein-Sieg only process the personal data of our users to the extent necessary to deliver a functioning website, and provide our content and services. The personal data of our users is routinely only processed with the approval of the user. An exception applies in cases where it is not possible for practical reasons to obtain consent in advance and where the processing of data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for the processing of their personal data, Article 6(1) point (a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for this.

For the processing of personal data that is required for the performance of a contract to which the data subject is party, Article 6(1) point (b) of the GDPR forms the legal basis. This also applies to processing operations that are required prior to entering into a contract.

Insofar as it is necessary to process personal data in order to comply with a legal obligation to which our organisation is subject, Article 6(1) point (c) of the GDPR forms the legal basis.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1) point (d) of the GDPR forms the legal basis.

If the processing is required for the performance of a task carried out in the public interest or in the exercise of official authority that has been  vested in the university, then Article 6(1) point (3) of the GDPR forms the legal basis.

3. Data Erasure and Storage Period

The personal data of the data subject will be erased or made unavailable as soon as the reason for storage no longer applies. Over and above this they may be stored if such storage is provided for by the European or national legislator under the Union regulations, laws or other mechanisms to which the controller is subject. The data shall also be made unavailable or erased when a storage period prescribed by the standards mentioned elapses, unless there is a requirement to continue to store the data in order to enter into a contract, or for the performance of a contract.

 

IV. Provision of the Website and Creation of Log Files

1. Description and Extent of Data Processing

Each time our website is called up, our system automatically records data and information from the computer system of the accessing computer.

The following data are collected in the process:

  1. information on the browser type and the version being used
  2. the operating system of the user
  3. the Internet Service Provider of the user (not logged)
  4. the IP address of the user (“requirement-driven recording”)
  5. the date and time of access
  6. current navigation category (not explicitly itemized)
  7. current navigation item (not explicitly itemized)
  8. website requested (not explicitly itemized)
  9. referring website (not explicitly itemized)
  10. volume of data sent

This data is not stored with other personal data pertaining to the user.

2. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the computer of the user. To this end, the IP address of the user must be stored for the duration of the session.

It is stored in log files in order to ensure the proper functioning of the website. In addition, this data helps us to optimise the website and safeguard the security of our IT systems. The data are not evaluated for marketing purposes in this context.

3. Duration of Storage

The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. If the data were recorded to make the website available to the user, this is the case when the relevant session comes to an end. In the event that the data are stored in log files, they will be erased after a period of no longer than fourteen days.

4. Possibility of Objection and Elimination

Recording the data in order to provide the website and storing the data in log files is essential for the operation of the website. As a consequence, it is not possible for the user to object to this.

 

V. Use of Cookies

1. Description and Extent of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If a user calls up a website, then a cookie can be stored on the operating system of the user. This cookie contains a distinctive string of characters that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can still be identified after a page change.

In the process the following data is stored and transmitted in the cookies:

  1. language settings
  2. log-in information

Moreover, on our website we use cookies that enable us to analyse the surfing behaviour of the user (Matomo statistical software, see below).

2. Legal Basis for the Processing of Data

If the consent of the user has been obtained, the legal basis for the processing of personal data using cookies for analytical purposes is Article 6(1) point (a) of the GDPR.

3. Purpose of Data Processing

Some functions on our website cannot be provided without the use of cookies. These are functions where it is necessary for the browser to be recognised again even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.
 

4. Duration of Storage, Possibility of Objection and Elimination

Cookies are stored on the computer of the user and transmitted to our site by it. For this reason, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to use all of the functions of the website in full.

 

VI. Newsletters

1. Description and Extent of Data Processing

Our website offers the possibility of subscribing to free newsletters from the university on certain topics. The data from the input screen are transmitted to us when subscribing to the newsletter.

H-BRS newsletter and Alumni newsletter

To send our newsletters, we use the mailing programme "News&Mail-Service" from 4OfficeAutomation GmbH, which is linked to the CRM Cobra used by the University's Communication and Marketing Department. You can subscribe to the newsletter by entering your title, name and e-mail address via double opt-in. Your data will be transmitted to the News&Mail service and stored in our CRM. In doing so, 4OfficeAutomation GmbH and Cobra GmbH are prohibited from using your data for purposes other than sending the newsletter. A transfer or sale of your data is not permitted. Both service providers have been carefully selected in accordance with the requirements of the DSGVO. The data processed with CRM Cobra are exclusively located on servers of the university. The data processed by the News&Mail service is located on servers in Karlsruhe or Düsseldorf.

You can revoke your consent to the storage of data and its use for newsletter dispatch at any time via the unsubscribe link in the newsletter. Provider: News&Mail-Service/4OfficeAutomation GmbH, Schlägelweg 46a, 31275 Lehrte. Cobra Computers Brainware GmbH, Weberinnenstraße 7, 78467 Konstanz.

Form fields: Salutation, first name, last name, e-mail

In addition, the following data is collected during registration:

IP address of the calling computer
Date and time of registration

The privacy policy of the Alumni Network can be found via the following link: https://www.h-brs.de/de/datenspeicherung-und-nutzung-im-alumni-netzwerk-der-hochschule-bonn-rhein-sieg

2. Legal Basis for the Processing of Data

Your consent will be obtained for the processing of your data as part of the subscription process and reference will be made to this privacy policy. If the consent of the user has been obtained, the legal basis for the processing of data following subscription to a newsletter by the user is Article 6(1) point (a) of the GDPR.

3. Purpose of Data Processing

The email address of the user is only collected in order to deliver the newsletter. No data is passed on to third parties in connection with data processing for the sending of newsletters. The data are only used for the purposes of sending the newsletter.

4. Duration of Storage

The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. Accordingly, the email address of the user will only be stored for as long as the subscription to the newsletter is active.

5. Possibility of Objection and Elimination

A newsletter subscription can be terminated at any time by the data subject. There is a link in every newsletter for this purpose.

 

VII. Contact Form and Email Contact

1. Description and Extent of Data Processing

Our website contains contact forms that can be used to make contact electronically or to register for events or the alumni network. If a user utilises this possibility, then the data entered into the input screen are transmitted to us and stored. These data are as follows:

Data collected:

Title, first name, last name, email address
(some forms are more detailed, in some cases there may be more form fields)

In addition, at the time the message is sent, the following data will be stored:

IP address of the user
Date and time of registration

As part of the despatching process, consent will be obtained for the processing of data and reference will be made to this privacy policy.

Alternatively it is possible to get in touch with the specific contact person via their email address (on the personnel pages of the website www.h-brs.de). In this case, the personal user data transmitted with the email will be stored.

No data will be passed on to third parties in this connection. The data are only used for conducting the conversation.

2. Legal Basis for the Processing of Data

If the consent of the user has been obtained, the legal basis for the processing of data is Article 6(1) point (a) of the GDPR.

The legal basis for the processing of data that are transmitted as part of an email transmission is Article 6(1) point (f) of the GDPR. If the email contact is made with a view to entering into a contract, then a further legal basis for processing the data is Article 6(1) point (b) of the GDPR.

3. Purpose of Data Processing

We only process personal data from the input screen in order to make contact with you. In the event of contact being made by email, then there would also be a legitimate interest in processing the data.

The other personal data processed during the despatching process are used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of Storage

The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. For the personal data from the input screen in the contact form and those that are sent by email, this is the case when the respective conversation with the user comes to an end. The conversation is deemed to have come to an end when the circumstances would lead one to infer that the matter at hand has been fully dealt with.

The additional personal data collected during the despatching process will be erased at the latest after a period of seven days.

5. Possibility of Objection and Elimination

The user may revoke his or her consent to the processing of his or her personal data at any time. If the user makes contact with us by email, then he or she may object to the storage of his or her personal data at any time. In such cases, the conversation will not be continued.

Consent may be revoked and the storage of details objected to via the following email address: datenschutzbeauftragte@h-brs.de. All personal data stored in the course of the contact will be erased in this case.

 

VIII. Advertising

Currently, no external advertising banners are displayed on the H-BRS website.

 

IX. Social Media

Our offering contains links to social media (social networks). These can be recognised from their logos. If you follow these links, your browser will make a direct connection to the relevant social network servers.

We have no influence on the type and scope of data that will subsequently be collected about you by social media. The reason for and scope of the data acquisition and the further processing and use of the data by social media, as well as your rights in this respect and settings options for protecting your privacy can be found in the relevant privacy policies.

Hochschule Bonn-Rhein-Sieg advertises the university’s study programmes via social media channels, especially Facebook and Instagram. In so doing we do not make any personal information available to the networks (e.g. for creating so-called custom audiences or lookalike audiences). The data used for advertising is generated and processed solely by the advertising provider platforms. Further, for the evaluation of our advertising, we do not receive any personal information; there is no possibility of individuals being identified. We do not use Facebook Pixel.

Data content from social media is played out in the H-BRS newsroom via an interface. No cookies are set in the process.

 

X. Content from Third-Party Providers

YouTube
It is possible to open videos about Hochschule Bonn-Rhein-Sieg on our website; the video files are on YouTube. When you open videos, your browser will make a direct connection to YouTube. When you access a video, your browser establishes a direct connection with YouTube and reloads necessary and unavoidable scripts such as Google Fonts. The reason for and scope of the data acquisition and the further processing and use of data by YouTube, as well as your rights in this context and settings options for protecting your privacy can be found in YouTube's privacy policy. Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

 

XI. Web Analysis with Matomo

1. Extent of the Processing of Personal Data

On our website we use the open source software tool Matomo to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer. If individual pages on our website are accessed, then the following data are stored:

  1. two bytes of the IP address of the accessing system of the user
  2. the web page accessed
  3. the website from which the user reached the web page accessed (referrer)
  4. the subpages that were visited from the accessed web page
  5. the duration of stay on the web page
  6. the frequency with which the page is accessed

In the process, the software programme only runs on the servers for our website. The personal data of the users is only stored there. No data is passed on to third parties.

The software is set up in such a way that the IP addresses are not stored in full, instead 2 bytes of the IP address are masked. In this way, it is no longer possible to assign the shortened IP address to the accessing computer.

The legal basis for the processing of personal data belonging to the user is Article 6(1) point (f) of the GDPR.

2. Purpose of Data Processing

The processing of the personal data belonging to our users enables us to analyse their surfing behaviour. By evaluating the data acquired, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes represent our justified interest in the processing of the data in accordance with Article 6(1) point f of the GDPR. Anonymising the IP address enables us to make sufficient allowance for the interests of our users and the protection of their personal data.

3. Duration of Storage

The data are deleted as soon as they are no longer required for our record-keeping purposes.

4. Possibility of Objection and Elimination

When accessing the website www.h-brs.de, visitors can reject cookies or actively consent to their storage. After consent, cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to use all of the functions of the website in full.

More detailed information on the privacy settings of the Matomo software programme can be found by clicking the following link: https://matomo.org/docs/privacy/.

 

XII. Podcast Hosting and Integration of Podcasts on the Website

The university uses the podcast hosting service Podigee to manage podcasts and play them out on the own websites (such as here https://www.h-brs.de/podcasts). The use of Podigee is based on our legitimate interest in providing podcast data securely and efficiently in accordance with Art. 6 para. 1 lit. f. DSGVO.  

Podigee processes IP addresses and device information to enable podcast playbacks or downloads and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.

Further information and objection options can be found in Podigee's privacy policy.

Address
Podigee GmbH
Schlesische Straße 20
10997 Berlin
Email: hello@podigee.com
Website: https://podigee.com
Vertretungsberechtigte Personen: Mateusz Sojka
Email: hello@podigee.com

Contact Data privacy
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76
20146 Hamburg
Email: datenschutzbeauftragter@podigee.com
Website: https://www.datenschutzkanzlei.de

 

XIII. Rights of the Data Subject

As the data subject, you have the right to information in accordance with Article 15 of the GDPR, the right to correction in accordance with Article 16 of the GDPR, the right to deletion in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR. With respect to the right to information and the right to deletion, the restrictions arising from §§ 12, 13 and 14 of the Data Protection Act for North Rhine-Westphalia apply.