Privacy statement

The internet sites of the Ostbayerische Technische Hochschule Regensburg can always be used without providing any personal data. The processing of personal data may be necessary however when a data subject wishes to access and use particular services of our business through our website. If personal data have to be processed and if there is no legal basis for such processing then we will generally obtain the consent of the data subject.

Personal data such as the name, postal address, email address or phone number of a data subject are always processed according to the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection requirements applicable to the Ostbayerische Technische Hochschule Regensburg. Our business uses this privacy statement to inform the public about the nature, extent and purpose of the personal data which we collect, use and process. This privacy statement also advises data subjects about the rights to which they are entitled.

As the party responsible for processing this data (‘the controller’) the Ostbayerische Technische Hochschule Regensburg has put in place numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed on this website. However internet-based data transmissions can have security vulnerabilities such that total protection cannot be guaranteed. Every data subject is therefore at liberty to transmit personal data to us by alternative means, e.g. by phone.

Definitions

‘Personal data’

This is all information relating to an identified or identifiable natural person (‘data subject’ hereafter); a natural person is considered to be identifiable when they can be identified directly or indirectly, in particular by being associated with an identifier such as a name, with an identification number, with location data, with an online identification or with one or more particular characteristics which are an expression of that natural person’s physical, physiological, genetic, psychic, economic, cultural or social identity;

‘Processing’

This involves any operation, executed with or without the aid of automated procedures, or any such series of operations in conjunction with personal data, such as collecting, recording, organising, ordering, storing, adapting or altering, reading out, retrieving, using, disclosure through transmission, distribution or other form of supply, matching or linking, restricting, deletion or destruction;

Other definitions will be found in GDPR Section 4.

The party responsible for data acquisition on this website is:

Ostbayerische Technische Hochschule Regensburg
Prüfeninger Str. 58
93049 Regensburg
Phone +49 (0) 941 943 02 
Email: präsident@oth-regensburg.de

The Ostbayerische Technische Hochschule Regensburg is a public law body under Article 11(1) sentence 1 of the Bavarian Higher Education Act.
The Ostbayerische Technische Hochschule Regensburg is legally represented by the Chair of the University Board, Prof. Dr. Wolfgang Baier, President.
You will find further details/supervisory authority in the Legal Notice

The data protection officer of the controller is:

Dipl.-Ing. Hans Buberger
Ostbayerische Technische Hochschule Regensburg
Prüfeningerstr. 58
93049 Regensburg
Phone 0941 / 943-1069
Email: datenschutz@oth-regensburg.de
Any data subject can contact our data protection officer directly at any time with any questions and suggestions for data protection.

When our website is visited the following information is stored in the server log files as standard:

  • the page from which the file was requested – referrer URL
  • the name of the file
  • the date and time of the query
  • a description of the type of web browser/browser version used
  • the installed operating system, its language and preset resolution
  • the host name of the accessing computer
  • the transmitted data volume
  • the access status/HTTP status code (i.e. whether the file was sent or possibly not found etc.)
  • the used IP address and its localisation.

The stored data are used solely for internal statistical purposes and do not allow for any conclusions by which you could be identified.

We process the said data for the following purposes:

  • to guarantee the proper and frictionless connection set-up to the website,
  • to guarantee the use of the website,
  • to evaluate system security and stability.

GDPR Article 6(1) point f constitutes the legal basis for data collection. The legitimate interest follows from the described purpose of the data collection. You can visit our website without giving any details about your person. Under no circumstances do we use the collected data to draw any conclusions by which you could be identified.

Cookies

The website of the Ostbayerische Technische Hochschule Regensburg uses cookies.

Cookies are small text files which your browser automatically creates and stores on your terminal (laptop, tablet, smartphone etc.) when you visit our website.

Cookies do not cause any damage to your terminal, they contain no viruses, trojans or other malware. Cookies store information which arises in conjunction with the terminal that is specifically used, but this does not mean that we receive direct knowledge of your identity as a result. 

We use cookies to gather statistics about the use of our websites and to optimise our offer for you. Most browsers accept cookies automatically. You can configure your browser so that cookies are not stored on your computer or so that a message always appears before a new cookie is created. Completely blocking cookies can mean that you may not be able to use all the functions of our website.

GDPR Article 6(1) point f constitutes the legal basis for the use of cookies on our website.

Instructions (examples) for blocking cookies:

Contact form

When you send us enquiries using the contact form your details from the enquiry form, including contact data which you provide in it, are stored with us for processing the enquiry and for any follow-up questions. We will not disclose this data without your consent.

The data provided on the contact form is therefore processed solely on the basis of your consent (GDPR Article 6(1) point a). You can cancel your consent at any time simply by sending an informal message by email to datenschutz@oth-regensburg.de. The lawfulness of data processing operations carried out up until consent is cancelled remains unaffected by the cancellation.

The data you provide in the contact form stays with us until you ask us to delete it, cancel your consent to its storage or until the purpose of storing the data ceases to apply (e.g. when your enquiry has been dealt with). This shall not affect mandatory legal provisions – in particular retention periods.

Communication by email

We also communicate by email with the consent of the particular data subject (GDPR Article 6(1) point a).

Emails can be business letters, so we store these emails including the email address until the end of tax-law and/or commercial-law periods and/or retention periods according to other regulations.

After the expiry of the retention obligation and towards the end of the calendar year we review whether there is any continuing need for processing. If this is not the case then the data are deleted.

Data protection when sending application documents

If you send us application documents we will only use them to decide on your application, your data are not disclosed to third parties.

Since an application usually contains sensitive personal data, we must point out that you are yourself responsible for encrypting the data if necessary. If you encrypt your data then we would ask you to let us know the password by telephone.

Application data are stored and administered separately from other records and only used for the purpose of application selection. If an employment relationship comes into being then the necessary data are transferred from the application process to the personnel file.

If no employment relationship comes into being then the application documents are automatically deleted no later than six months from notification of the decision to reject and provided such a deletion is not opposed by other legitimate interests pursued by the controller or the applicant has expressly consented to a longer storage and retention period for their application (applicant pool).

The legal basis for data processing is GDPR Article 6(1) points a and b (consent and contract initiation). The retention period after rejection follows from GDPR Article 6(1) point f (statement of legally compliant action, e.g. under the General Equal Treatment Act - AGG).
 

Plugins and Tools

Matomo

We use the Matomo open source software to analyse and statistically evaluate the use of our website. Cookies are used for this purpose. Information which is generated by cookies about the use of our website is sent to our servers and summarised in pseudonymous usage profiles. This information is used to analyse the use of the website and to facilitate its needs-based design. The information is not disclosed to third parties. Under no circumstances is the IP address associated with other data relating to the user. The IP addresses are anonymised so that association is not possible (IP masking). In the sense of the General Data Protection Regulation the analysis of visitor behaviour represents a ‘legitimate interest’ pursuant to GDPR Article 6(1) point f to improve our website.
Your visit to this website is currently recorded by Matomo web analytics. Click so your visit is no longer logged.

Your visit to this website is logged by Matomo web analytics in the default setting. Disable (or enable) the following checkbox so your visit is no longer logged (is logged).
 

Embedding of YouTube videos

We use YouTube plugins to embed videos.

If you are logged in with YouTube as a member then YouTube will assign this information to your personal user account. Using the plugin, such as clicking the start button of a video for example, will also assign this information to your user account. You can stop this by logging out of your YouTube user account and other user accounts operated by YouTube LLC and Google Inc. before you use our website, and deleting the corresponding cookies of these companies. To find out more about data processing and to get hints on data protection by YouTube (Google) go here: https://policies.google.com/privacy?hl=en

GDPR Article 6(1) point f constitutes the legal basis. YouTube videos are embedded to make the pages more attractive. The underlying promotional purpose is deemed to be a legitimate interest in the sense of the GDPR

Links

Facebook, Instagram, Twitter, Xing are not embedded in our website and we do not collect data. Clicking on a link will take you to the respective website where the data protection regulations published on it will apply.

What do we use your data for?

We use your data to deliver our products and services (fulfilling the contract purpose), to evaluate site visitor numbers and access numbers and to optimise and protect our website. With your consent, we use data you have entered to respond to your contact enquiry/message.

Disclosure of data

Your personal will not be disclosed to third parties for any purposes other than those listed below.
We only pass on your personal data to third parties when:

  • You have expressly consented to this under GDPR Article 6(1) point a,
  • disclosure is necessary pursuant to GDPR Article 6(1) point b for the performance of a contract to which you are a party, or to carry out pre-contractual measures in response to your enquiry,
  • in the event that disclosure is required under GDPR Article 6(1) point c for compliance with a legal obligation or that processing is necessary for compliance with a legal obligation to which the controller is subject,
  • in the event that under GDPR Article 6(1) point d processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • in the event that under GDPR Article 6(1) point e processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • in the event that under GDPR Article 6(1) point f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Rights of the data subject

You have the right:

  • pursuant to GDPR Article 7(3) to withdraw at any time the consent you have given. As a result, we shall thenceforth no longer be able to continue the data processing that is based on this consent;
  • pursuant to GDPR Article 15 to obtain information about your personal data processed by us. In particular, you can demand information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to rectification, erasure, restriction or objection, the right to lodge a complaint, the source of your data if they were not collected by us, and about the existence of automated decision-making, including profiling, and, if necessary, meaningful information about the details thereof;
  • pursuant to GDPR Article 16 to obtain without delay the rectification of inaccurate personal data or the completion of incomplete personal data about you that are stored with us;
  • pursuant to GDPR Article 17 to obtain the erasure of your personal data stored with us unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • pursuant to GDPR Article 18 to obtain restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose their erasure and we no longer need the data but you still require them for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to GDPR Article 21;
  • pursuant to GDPR Article 20 to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format, or to obtain the transmission of those data to another controller;
  • pursuant to GDPR Article 77 to lodge a complaint with a supervisory authority. For this purpose you can usually contact the supervisory authority at your habitual place of residence or place of work or our domicile.

    Follow this link to see a list of German, European and international privacy officers. You will also find our supervisory authority in our Legal Notice

Right to object

If your personal data are processed on the basis of GDPR Article 6(1) point e or on the basis of legitimate interests pursuant to GDPR Article 6(1) point f, you have a right to object to the processing of your personal data pursuant to GDPR Article 21. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your data are processed for direct marketing purposes you have a general right to object which we will observe without the indication of a particular situation. (GDPR Article 21(2))
Your rights to withdraw consent or to object can be exercised without formalities. Just send us an email for example. (webinhalt@oth-regensburg.de)

Length of time for which personal data are stored

The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage and/or so far as this is necessary/mandatory under relevant legal requirements.

After the expiry of the retention obligation and towards the end of the calendar year we review whether there is any continuing need for processing. If this is not the case then the data are deleted.

Data security

We use the SSL (Secure Sockets Layer) protocol on our website. Whether an individual page of our website is transmitted encrypted can be seen from the closed key or lock icon. We also deploy suitable technical and organisational measures to protect your data from accidental or deliberate manipulation, partial or total loss or destruction or against unauthorised third party access. Our security measures are being constantly improved in line with technological developments.

Amendment of this Privacy Statement – as at 17.06.2019

The ongoing development of our website and offers about it, or changes in legal or official requirements may make it necessary to amend this Privacy Statement. You can view and print off the current Privacy Statement at any time on our website under privacy protection.