We are delighted about the visit of our website. The University of Applied Sciences Kehl (hereinafter ‘University Kehl’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform about how personal data is processed on our website.
Controller:
Hochschule für öffentliche Verwaltung Kehl (University of Applied Sciences Kehl), Kinzigallee 1, 77694 Kehl
Prof. Dr. Joachim Beck (Rector)Tel.: +49 7851 894-0
E-Mail: post@hs-kehl.de
Impressum: http://www.hs-kehl.de/impressum/
Internal data protection officer:
Prof. Dr. Ina Elisabeth Klingele
Tel.: +49-7851/894-186
Fax: +49-7851/8945-186
E-Mail: datenschutzbeauftragte@hs-kehl.de
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 14 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources. The legal basis for the processing of data is article 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and 3. to prevent and identify errors/malfunctions and the abuse of the website. The processing enables us to pursue legitimate interests in ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).
The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects: Website visitors, users of online services
Opt-out: Internet Explorer:
https://support.microsoft.com/de-de/help/17442
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de
Safari
https://support.apple.com/de-de/HT201265
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.
Legitimate interests: Storing of opt-in preferences, presentation of the website, assurance of the website’s functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
We use tools for web analysis and reach measurement so that we can evaluate user flows to our online offering. To do so, we collect information about the behaviour, interests or demographics of our users, such as their age, gender, and so on. This helps us to recognise the times at which our online offering, its functions, and content are frequented the most or accessed more than once. In addition, we can use the information that has been collected to determine whether our online offering requires optimisation or adjustment.
The information collected for this purpose is stored in cookies or deployed in similar procedures used for reach measurements and optimisation. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. In this case, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
Categories of data subjects: Website visitors, users of online services
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing: Website analyses, reach measurement, utilisation and assessment of website interaction, lead evaluation
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Optimisation and further development of the website, increase in profits, customer loyalty and acquisition
Intelliboard
Tool: IntelliBoard, Inc. PO Box 474 Monroe, CT 06468 USA
Privacy: https://www.intelliboard.net/privacy
Legal base: Consent (article 6 (1) (a) GDPR)
Matomo Analytics
Tool: Matomo Analytics Limited, 5 The Ave, Leeeds, West Yorkshire, LS8 1EH, United Kingdom
Privacy: https://matomo.org/privacy-policy/
Legal base: Consent (article 6 (1) (a) GDPR)
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated.
To enable visitors to our online offering to be shown content, the third-party provider in question processes the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user’s browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device. We have taken security precautions to prevent this data from being automatically transferred, with the aim of protecting the personal data of visitors to our online offering. This data is only transferred if we have received your consent, therefore.
Categories of data subjects: Users of plug-ins or third-party content
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses) contact data (e.g. email address, telephone number), Master data (e.g. name, address)
Purposes of processing: Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking
Legal bases: Consent (article 6 (1) (a) GDPR)
OpenStreetMap
Tool: Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom
Privacy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
Legal base: Consent (article 6 (1) (a) GDPR)
YouTube
Tool: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy: https://policies.google.com/privacy?hl=de&gl=de
Opt-out-link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base: Consent (article 6 (1) (a) GDPR)
Medial
Tool: Devonshire House, 107 Manor Way, Herts Borehamwood, WD6 1LT, United Kingdom
Privacy: https://www.medial.com/privacy-policy
Legal base: Consent (article 6 (1) (a) GDPR)
Modern Events Calendar
Tool: 2331 Bank St, T9C 1S1, 930 th Street, Vegreville, AB, Canada
Privacy: https://webnus.net/privacy-policy/
Legal base: Consent (article 6 (1) (a) GDPR)
Support Candy
Tool: 401, Nilkanth Heights, Sawata Road, Shrirampur, MH, INDIA – 413709
Privacy: https://supportcandy.net/privacy-policy/
Legal base: Consent (article 6 (1) (a) GDPR)
Weglot
Tool: Cite Paradis 75010, Paris, De France, France
Privacy: https://weglot.com/privacy/
Legal base: Consent (article 6 (1) (a) GDPR)
Wordfence
Tool: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA
Privacy: https://www.wordfence.com/privacy-policy/
Legal base: Task carried out in the public interest (art. 6 (1) (e) GDPR)
Zoom
Tool: Zoom Video Communications, Inc., 55 Almaden Blyd, Suite 600, San José, CA 95113, USA
Privacy: https://zoom.us/de-de/privacy.html#_Toc44414849
Opt-out-link: https://zoom.us/cookie-policy
Legal base: Consent (article 6 (1) (a) GDPR)
We make use of the opportunity to hold online conferences, meetings and webinars. To do so, we use offerings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
Categories of data subjects: Participants in the online offering in question (conference, meeting, webinar)
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), Content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing: Processing of enquiries, increase in efficiency, promotion of cross-company or cross-location collaboration
Legal bases: Consent (article 6 (1) (a) GDPR)
Zoom
Tool: Zoom Video Communications, Inc., 55 Almaden Blyd, Suite 600, San José, CA 95113, USA
Privacy: https://zoom.us/de-de/privacy.html#_Toc44414849
Opt-out-link: https://zoom.us/cookie-policy
Legal base: Consent (article 6 (1) (a) GDPR)
We have provided a blog or comparable opportunities for publication on our webpage. We want to give visitors to our online offering the option of contacting us or sharing their thoughts and suggestions with us in this manner. If our visitors want to stay up to date, they can subscribe to comments. We also provide additional features through the third-party providers listed below.
If users of our online offering publish comments and contributions on our website, we are obliged to prevent unlawful content, or the publication of the same, from appearing on our website. We collect the IP addresses of the users in question so that we can adhere to this obligation and protect our interests in being indemnified in the event that we are used for third-party content. This also helps us to identify spam.
Beyond this, users of the function provided are not obliged to make details available that could lead to conclusions being drawn about the identity of the user in question. A contribution can even be published under a pseudonym, meaning that the user can then decide themselves what data and content we process.
Categories of data subjects: Users of the function in question
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), contract data (e.g. subject of the contract, term, customer category), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing: Networking of users, creation of customer loyalty, services and feedback
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Indemnification in the event of liability, prevention, security of the webpage, duplication of communication channels with visitors to the online offering, optimisation and further development of online offering
To make our online offering even easier to use, we deploy a ‘single sign-on procedure’. This enables users to log on to our online offering with log-in details from a single sign-on provider, meaning that they do not need to have any additional log-in details as a result. The use of a single sign-on procedure requires users to already have an existing user account with a provider of the procedure in question, such as a social network. To log on with the single sign-on procedure, the user must provide their log-in details for the single sign-on procedure in the log-in window of our online offering, or if the user is already logged in on the provider’s website, confirm registration via single sign-on by clicking the appropriate button.
We use ‘user handles’ to carry out authentication. Inter alia, this includes a user ID plus information that the user has used the ID to log on with the procedure provider in question. We only receive this ID for the purposes of authentication, i.e. we are not permitted to process it for any purposes beyond authentication. Whether data beyond this is transferred to us, and if yes, what data, depends on the provider of the procedure in question, the user’s account settings with this provider and any data approvals selected within the framework of authentication. The data we receive from the provider of the procedure in question can vary. However, it usually encompasses an email address and a username. We cannot see the password entered, nor can we store it.
To change or delete connections between user accounts and the single sign-on procedure, the appropriate settings must be changed within the user account with the provider of the procedure in question.
Categories of data subjects: Users of the function in question
Data categories: User handles (e.g. username, authentication confirmation)
Purposes of processing: Authentication of users
Legal bases: Consent (article 6 (1) (a) GDPR)
Tool: Moodle Pty Ltd., Postfach 303, West Perth WA 6872, Australia
Privacy: https://moodle.com/de/datenschutzerklarung/
We carry out questionnaires and surveys (hereinafter ‘surveys’) on our online offering. This helps us to improve our offering and better meet our customers’ needs. To this end, it is not necessary to be able to trace whether we can associate feedback with a particular person. Before your survey is evaluated, the data we process to provide and execute our surveys on a technical level is anonymised. Participation in the survey is voluntary.
Categories of data subjects: Participants in the online surveys
Data categories: Metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times), master data (e.g. name, address), contact data (e.g. email address, telephone number)
Purposes of processing: Marketing, increase in customer loyalty and new customer acquisition, improvement/optimisation of the offering
Legal bases: Consent (article 6 (1) (a) GDPR)
WPForms
Tool: WPForms
Privacy policy: https://wpforms.com/privacy-policy/
On our online offering, users have the option of subscribing to our newsletter or to notifications on various channels (hereinafter referred to overall as ‘newsletters’). We only send newsletters to recipients who have agreed to receive the newsletter, and within the framework of statutory provisions.
An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as to include a personal greeting in our newsletter.
Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter.
In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription.
Categories of data subjects: Newsletter subscribers
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Marketing, increase in customer loyalty and new customer acquisition
Legal bases: Consent (article 6 (1) (a) GDPR); Performance of contract (article 6 (1) (b) GDPR)
On our online offering, we offer the option of contacting us directly or requesting information via various contact options.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
Categories of data subjects: Individuals submitting an enquiry
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Processing requests
Legal bases: Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
Moodle Chat
Tool: Moodle Pty Ltd., Postfach 303, West Perth WA 6872, Australia
Privacy: https://moodle.com/de/datenschutzerklarung/
We offer the option of setting up a user account on our online offering. As part of the registration process, we collect the necessary data from interested users that we need to provide a user account and the associated functions.
To prevent the internal area from being exploited, we collect IP addresses and the time of access to prevent misuse of a user account and unauthorised usage. We do not pass this data on to third parties unless it is necessary to pursue our claims or we are legally obliged to do so.
It is also possible to transfer user accounts from other systems, which are already used by interested users, to make this account available on our online offering. In this case, we only collect data that would have been collected during the independent registration process as well. This service will not be carried out by us without prior request.
Categories of data subjects: Registered users
Data categories: Master data (e.g. name, address, country of birth), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Simplification of the website function, performance of contract, increase in customer loyalty
Legal bases: Consent (article 6 (1) (a) GDPR)
We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
It may be necessary for us to disclose personal data for the performance of contracts or to comply with legal obligations. If the data necessary in this regard is not provided to us, it may be the case that the contract cannot be concluded with the data subject.
We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, this transfer takes place in compliance with the applicable data protection laws, and particularly in accordance with article 44 ff. GDPR, especially on the basis of adequacy decisions made by the European Commission or certain guarantees (e.g. standard protection clauses etc.).
We do not use automated decision-making or profiling in accordance to Article 22 GDPR.
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states of the European Union and can, if applicable, be applied alongside or in addition to the GDPR.
Consent: Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation: Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.
Right of access: Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to digiface[at]hs-kehl.de is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This Privacy Policy was drawn up by the HS KEHL