Data Protection/Privacy

Responsible party and data protection officer

The controller under the General Data Protection Regulation and other national data protection laws of the member countries and other data protection regulations is the:

President of Mainz University of Applied Sciences
Lucy-Hillebrand-Str. 2
55218 Mainz
praesident (at) hs-mainz.de

Data protection officer
Data protection officer of Mainz University of Applied Sciences
Lucy-Hillebrand-Str. 2
55218 Mainz
datenschutz (at) hs-mainz.de

General information on the processing of data

 

1. Extent to which personal data is processed

We fundamentally process personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception applies in those cases in which prior consent cannot be obtained for genuine reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing procedures that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh said interest, Art. 6 para. 1 letter f of the GDPR serves as the legal basis for processing.

3. Data erasure and storage period

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. The data may also be stored if the European or national law-makers have provided for this in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Provision of the website and creation of log files

 

1. Description and extent of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. These are temporarily stored in a something called a log file. This data is not stored together with other personal data of the user.
The following data is collected:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • The browser used and, if applicable, the operating system of your computer as well as the name of your access provider

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the GDPR.

3. Purpose of data processing

The data is stored in log files to ensure the functionality of the website. In addition, the data is used for the optimization of our website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

4. Storage period

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted, so that an identification of the requesting client is no longer possible.

5. Possibility of objection and elimination

The collection of data in order to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Usage of cookies

a) Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

  • Language settings
  • Items in a shopping cart (designinmainz online shop)
  • Login information

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f of the GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after changing pages. We need cookies for the following applications:

  • Transferring language settings
  • Remembering search terms
  • Shopping cart (designinmainz online shop)

The user data collected by technically necessary cookies is not used to create user profiles.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f of the GDPR.

e) Storage period, possibility of objection or elimination

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Newsletter

 

1.  Description and extent of data processing

Interested parties can subscribe to various free newsletters on our website. When registering for a newsletter, the data from the input form is transmitted to us. The following data is usually collected:

  • Name
  • Email address

When registering for the Alumni Newsletter of the School of Business, the following data is collected:

  • First and last name
  • Status (graduate/former employeer/former professor/former instructor/n.a.)
  • Email
  • Degree program, date of degree conferral, degree

In addition, the following data is collected upon registration:

  • IP address of the accessing computer
  • Date and time of registration
  • User agent of the sender

In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. In connection with data processing for the sending of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a of the GDPR.

3. Purpose of data processing

The collection of the user's e-mail address is for the purpose of delivering the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.

5. Possibility of objection or elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

Registration

 

1. Description and extent of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input form and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

Customer account for our designinmainz online shop
First and last name
Email address
Street, house number, zip code and town or city
Phone number

Registration for seminars and events of the HZW University Center for Continuing Education HZW
Event/seminar
First and last name
Email address
Street, house number, zip code and town or city

Registration for the HR Forum
First and last name
Street, house number, zip code and town or city

Registration for TOEIC
First and last name
Gender, date of birth, nationality
Street, house number, zip code and town or city
Billing address (street, house number, zip code and town or city)
Email address
Bachelor's/Master's
Affiliation (student at Mainz University of Applied Sciences/student at a different University of Applied Sciences/applicant at Mainz University of Applied Sciences/employee of Mainz University of Applied Sciences/school student)
Express correction (yes/no)

Registration for TOEFL/TOEIC
First and last name
Gender
Street, house number, zip code and town or city
Email address

Registration for OOPT
First and last name
Gender
Street, house number, zip code and town or city
Email address
Number of semesters and attempts
Preferred date

At the time of registration, the following data is also stored:

  • IP address of the accessing computer
  • Date and time of registration
  • User agent of the sender

In the course of the registration process, the user's consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a of the GDPR if the user has given his or her consent.
If the registration serves the fulfillment of a contract to which the user is a party or the execution of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b of the GDPR.

3. Purpose of data processing

A registration of the user is necessary for the availability of certain contents and services on our website and/or to fulfill a contract with the user or to execute pre-contractual measures (registration for seminars of the HZW, the HR Forum, TOEIC and TOEFL tests, OOPT and registration for the online shop).

4. Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data during the registration process for the fulfillment of a contract or for the execution of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

5. Possibility of objection or elimination

As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.
If the data is required to fulfill a contract or to execute pre-contractual measures, premature deletion of the data is only possible insofar as contractual or statutory obligations do not prevent its deletion.

Contact form and email contact

 

1. Description and extent of data processing

There is a contact form on our website which can be used for making contact electronically. If a user takes advantage of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:

  • Name
  • Email address
  • Message

At the time the message is sent, the following data is also stored:

  • IP address of the accessing computer
  • Date and time of registration
  • User agent of the sender

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted by email will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a of the GDPR if the user has given his or her consent.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f of the GDPR. If the email contact is intended to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.

3. Purpose of data processing

The processing of the personal data from the input form is used solely for the purpose of establishing contact. In the event of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input form of the contact form and the data sent by email, this is the case when the conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection or elimination

The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
The user can send his or her objection by e-mail to kontakt@hs-mainz.de
All personal data stored in the course of contacting us will be deleted in this case.

Tools for analysis

 

1. Extent of processing personal data

On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing habits of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user's calling system
  • The accessed website
  • The website from which the user has accessed the accessed website (referrer)
  • The subpages that are accessed from the accessed website
  • The time spent on the website
  • The frequency of visiting the website

    The software runs exclusively on the servers of our university. The personal data of users is only stored there. The data is not passed on to third parties.

    The software is set so that the IP addresses are not completely stored, but 2 bytes of the IP address are concealed (for instance: 192.168.xxx.xxx). In this way it is no longer possible to match the abridged IP address to the calling computer..

    2. Legal basis for the processing of personal data

    The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f of the GDPR.

    3. Purpose of data processing

    The processing of users' personal data enables us to analyze the surfing habits of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f of the GDPR. By anonymizing the IP address, the users' interest in protecting their personal data is sufficiently taken into account.

    4. Storage period

    The data will be deleted as soon as it is no longer required for our logging purposes. In our case, this will be the case after 180 days.

    5. Possibility of objection or elimination

    Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

    We offer users on our website the possibility of an opt-out from the analysis process. To do this, you must follow the corresponding link. In this way, another cookie is placed on your system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from his own system in the meantime, he or she must set the opt-out cookie again.More information about the privacy settings of the Matomo software can be found under the following link: matomo.org/docs/privacy

    Switch Matomo on/off

    Links to social media providers

    Our websites contain links to the following external social networks:

    • Facebook
    • Instagram
    • Twitter
    • LinkedIn
    • YouTube
    • Xing

    The links are identified on our website by the respective logo of the social network. Social plugins are not used. When you visit our websites with a link to Facebook, no data is transmitted to third parties.

    When you access the social media pages of Mainz University of Applied Sciences, your IP address and other information that is available on your PC in the form of cookies, among other things, is recorded. After registration or login with the social media service, your personal data will be transferred.

    Important information

    Social media services are often multi-level provider relationships in which the respective information or communication service is offered on a platform that is provided by third parties and in which user data is processed within the framework of the platform operators' own business purposes. This makes social media services difficult to understand from a user perspective and often problematic from a legal point of view, especially with regard to existing responsibilities.

    Especially in the case of non-European platform operators/providers, social media services often do not comply with German data protection laws from a data protection perspective. In particular, the requirements of the GDPR are often not complied with. It stipulates an adequate level of information for users prior to the processing of personal data, restrictions on the processing of usage data and the creation of user profiles, as well as a corresponding opportunity to object.

    In this regard, however, some fundamental legal issues have not been conclusively resolved. Further information can be found in the 24th Action Report of the State Commissioner for Data Protection, Chapter III.7.4.4 (http://www.datenschutz.rlp.de/downloads/tb/ds_tb24.pdf).

    From the standpoint of the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, there is joint responsibility under data protection law for public bodies that use social media services within the scope of fulfilling their duties, as the corresponding usage data is only generated by their offers on social media platforms. In designing our social media offering, we have therefore taken care to ensure that alternative information and communication channels exist as well.

    The terms of use of the social media platforms as well as references to existing possibilities to restrict the processing of your data by the respective platform operator can be found under the following internet addresses:

    Facebook
    de-de.facebook.com/about/privacy
    de-de.facebook.com/full_data_use_policy
    de-de.facebook.com/about/privacy
    youngdata.de

    Instagram
    help.instagram.com/519522125107875
    youngdata.de

    Twitter
    twitter.com/privacy
    support.twitter.com/forms/privacy
    support.twitter.com/search
    support.twitter.com/articles/20172711
    support.twitter.com/articles/20170320
    support.twitter.com/articles/105576
    support.twitter.com/articles/20171570
    support.twitter.com/articles/20170520
    youngdata.de

    LinkedIn
    https://www.linkedin.com/legal/privacy-policy
    www.linkedin.com/legal/user-agreement
    www.linkedin.com/psettings/privacy
    www.linkedin.com/psettings/
    youngdata.de

    YouTube
    https://policies.google.com/privacy
    https://www.youtube.com/t/terms
    https://www.youtube.com/intl/de/yt/about/policies/#staying-safe
    youngdata.de

    Xing
    privacy.xing.com/de/datenschutzerklaerung
    privacy.xing.com/de/ihre-sicherheit
    privacy.xing.com/de/ihre-privatsphaere

    Rights of the data subject

     

    1. Right to access, rectification, erasure and objection

    You have the right:

    • to request information about your personal data processed by us in accordance with Art. 15 of the GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
    • to request without undue delay the rectification of incorrect or completion of your personal data stored by us in accordance with Art. 16 of the GDPR;
    • to request the erasure of your personal data stored by us in accordance with Art. 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
    • to request, pursuant to Art. 18 of the GDPR, the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse the erasure of the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection against the processing in accordance with Art. 21 of the GDPR;
    • to receive your personal data that you have provided to us in a structured, common and machine-readable format in accordance with Art. 20 of the GDPR or to request its transfer to another controller.;
    • in accordance with Art. 7 para. 3 of the GDPR, to revoke your consent to us at any time. As a consequence of this, we are no longer allowed to continue the processing of data based on this consent in the future and
    • to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR. You can usually contact the supervisory authority of your regular place of residence or university location.

    2. Right to withdrawal of consent

    You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.

    3. Right to lodge a complaint with a supervisory authority

    Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority of your workplace or the place of suspected infringement if you believe that the processing of personal data concerning you is in violation of the GDPR.

    The right to lodge a complaint pursuant to Article 13 of the GDPR shall be asserted before the supervisory authority responsible for Mainz University of Applied Sciences:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
    LfDI
    The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate
    Postfach 3040
    55020 Mainz