Disclaimer/ Privacy

General remarks

This privacy policy covers the principles of data processing at the Hochschule Darmstadt as well as the data collection via its website.

The central website h-da.de presents the Hochschule Darmstadt to the outside world, disseminates information and provides support in the tasks of the Hochschule. The website has an independent, uniform design. The faculties have a certain freedom to design the website individually.

Responsibility and competences

No responsibility is taken for the operation as well as the correctness and topicality of the information.
The IT Services and Applications Department of the Hochschule Darmstadt is responsible for the operation of the server. The respective editors are responsible for the organization in the individual departments. The executive committee has the general responsibility for the content and decides in cases of doubt about the admissibility of the data.

The University Communication maintains the entry pages of the central website. In addition, the departments, faculties and institutions of the university are responsible for the content presented.

Data handling

The Hochschule Darmstadt takes the protection of personal data very seriously. We process personal data collected during visits to our web pages in accordance with the applicable data protection regulations. In particular, the EU Basic Data Protection Regulation (DS-GVO), the Hessian Data Protection and Freedom of Information Act (HDSIG) and the Telemedia Act (TMG) apply.

In the following we inform you about the type, scope and purpose of the collection and use of personal data.

Your data will neither be published by us nor passed on to third parties without authorization.

1. Data collection and processing for access from the Internet

When you visit our website, our web servers automatically save each access in a log file. This data is stored separately from other data that you enter when using our offer. It is not possible for us to assign this data to a specific person. This data is used exclusively to check and secure reliable technical operation of the web server. This data is deleted after a retention period of 7 days.

The following data is collected:

  • IP address (anonymized)
  • Date and time of access
  • Name and URL of the retrieved file
  • Transferred data volume
  • Access status of the web server (file transferred, file not found, command not executed, etc.)
  • The login when accessing protected areas is partly logged in order to be able to detect attempts of misuse and password attacks. No data is stored which is used to create personal profiles about user behavior.

The legal basis for processing is Art. 6 Para. 1 b) of the DS-GVO.

2. Data collection and processing when accessed from the Internet with the analysis tool MATOMO (formerly PIWIK)

When you visit our website, our web servers automatically save each access in a log file. The following data is recorded:

  • IP address (anonymized)
  • Date and time of access
  • Name and URL of the retrieved file
  • Transferred data volume
  • Access status of the web server (file transferred, file not found, command not executed, etc.)
  • This data is stored separately from other data that you enter when using our offer.

The complete data usage has a retention period of 90 days. Monthly logs (reduced data usage) have a retention time of one year. The deletion is automated on the web server.

Data protection regulations for the use and application of Matomo

The data controller has integrated the Matomo component into this website. Matomo is an open source software tool for web analysis. Web-Analysis is the collection, collection and evaluation of data about the behaviour of visitors of internet pages. Among other things, a web analysis tool collects data about which internet page a person concerned came to an internet page from (so-called referrer), which sub-pages of the internet page were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of internet advertising.

The software is operated on the server of the person responsible for processing, the log files which are sensitive to data protection laws are stored exclusively on this server.

The purpose of the Matomo component is the analysis of the visitor flows on our website. The person responsible for processing uses the data and information obtained, among other things, to evaluate the use of this website in order to compile online reports that show the activities on our website.

Matomo places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. By setting the cookie, we are able to analyze the use of our website. Every time one of the individual pages of this website is called up, the internet browser on the information technology system of the person concerned is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. In the course of this technical process we obtain knowledge of personal data, such as the IP address of the person concerned, which serves us, among other things, to trace the origin of visitors and clicks.

By means of the cookie, personal information such as the access time, the location from which an access originated and the frequency of visits to our website is stored. Whenever you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transferred to our server. This personal data is stored by us. We do not pass on this personal data to third parties.

The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the used internet browser would also prevent Matomo from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Matomo can be deleted at any time via an internet browser or other software programs.

Furthermore, the person concerned has the possibility to object to the collection of data generated by Matomo and related to the use of this website and to prevent such collection.

To do so, the person concerned must set "Do Not Track" in his browser or use the provided opt-out option in the privacy policy:

In this case a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.

 

About Matomo

Matomo is an open source project, which is developed by different developers and the company InnoCraft Ltd.

InnoCraft Ltd.
150 Willis St, 6011 Wellington, New Zealand
contact@innocraft.com

Further information and Matomo's current privacy policy can be found at  https://matomo.org/privacy/.

3. Use and transfer of personal data

In general, it is not necessary for you to provide personal data in order to use our website. However, in order for us to actually provide some of our services (e.g. registration for an event), we may need your personal data. Any use of your personal data will only be made for the above-mentioned purposes and to the extent necessary to achieve these purposes. None of this data will be passed on to third parties without the prior consent of the user.

The transmitted data will be stored in a database that is only accessible to administrators.

Transmission of personal data to state authorities will only take place within the framework of mandatory national legal regulations.

The legal basis for processing is Art. 6 Par. 1 b) (fulfilment of contract) and c) (legal requirements) of the DS-GVO.

Insofar as you have given us your consent to data processing (for example via a contact form or newsletter request), your data will only be processed for the purposes specified therein.

The legal basis for processing is Art. 6 Para. 1 a) of the DS-GVO (consent).

4. Cookies

Our internet pages use cookies in several places. They serve to make our offer more user-friendly and effective. Cookies are small text files that are stored by the browser on your computer. Most of the cookies we use are so-called session cookies, which are deleted when you end your browser session. Cookies do not damage your computer and do not contain viruses.

The following cookies are set:

  • Session Cookie (for session recognition, lifetime: one session)
  • TYPO3 Session Cookie (for session recognition, lifetime, one session)
  • The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers.

If the person concerned deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.

The legal basis for the processing is Art. 6 para. 1 b) DS-GVO.

5. Privacy policy on the use of YouTube

The data controller has integrated YouTube components into this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television broadcasts, but also music videos, trailers or videos created by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time the data subject accesses any of the individual pages of this website operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the data subject's information technology system is automatically prompted by the relevant YouTube component to download a representation of the relevant YouTube component from YouTube. Further information about YouTube can be found at www.youtube.com/yt/about/de/. In the course of this technical procedure, YouTube and Google are informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged on to YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.

YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged on to YouTube at the same time when he or she visits our website, regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not wish this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before visiting our website.

The privacy policy published by YouTube, which can be found at www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

In your browser settings you can determine whether cookies may be set or not.

The legal basis for processing is Art. 6 Para. 1 b) DS-GVO.

6. Privacy policy on the use of Facebook

The data controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at developers.facebook.com/docs/plugins/. As part of this technical process, Facebook is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged on to Facebook at the same time, Facebook recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the person concerned. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information via the Facebook component that the data subject has visited our website whenever the data subject is logged in to Facebook at the same time when he or she accesses our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the person concerned. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transfer to Facebook.

7. Security

Our technical and organizational security measures, with which we protect all data from unauthorized access, are always kept up to date. Personal information is always transmitted in encrypted form.

 

8. Links to websites of other providers

Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the websites of the central presence of the Hochschule Darmstadt. We have no influence on and do not check that other providers comply with the applicable data protection regulations.

 

9. Right to information, correction, blocking or deletion of data

As a person affected by the data processing, you are entitled to various rights:

  • Right of withdrawal in case of consent: You may revoke any consent you have given us at any time. The data processing based on the revoked consent may then no longer be continued for the future.
  • Right to information: You can request information about your personal data processed by us. This applies in particular to the purposes of the data processing, the categories of personal data, if applicable the categories of recipients, the storage period, if applicable the origin of your data as well as, if applicable, the existence of an automated decision making process including profiling and, if applicable, meaningful information about its details.
  • Right of rectification: You may request the correction of incorrect personal data or the completion of your personal data stored by us.
  • Right of deletion: You can demand the deletion of your personal data stored with us, as long as their processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Right to limit processing: You can demand that the processing of your personal data be limited if the accuracy of the data is disputed by you, if the processing is unlawful, but you refuse to have it deleted. You also have this right if we no longer need the data, but you need it to assert, exercise or defend legal claims. Furthermore, you have this right if you have objected to the processing of your personal data;
  • Right to data transferability: You may request that we transfer your personal data that you have provided to us in a structured, common and machine-readable format. Alternatively, you may request that the personal data you have provided us with be transferred directly to another responsible party, as far as this is possible.
  • Right of complaint: You can complain to the supervisory authority responsible for us, for example, if you believe that we are processing your personal data unlawfully.

The competent supervisory authority is:

The Hessian Data Protection Commissioner
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: 0611 1408-0
e-mail: poststelle@datenschutz-hessen.de
Internet: http://www.datenschutz.hessen.de

If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing. If you wish to exercise your right of objection, a notification in text form is sufficient. You are therefore welcome to write to us, send a fax or contact us by e-mail.

The data protection officer of the Hochschule Darmstadt can be reached at datenschutz@h-da.de.

10. Validity and topicality of the privacy policy

By using our website, you consent to the use of data as described above. This privacy policy is immediately valid and replaces all previous declarations.