Privacy Policy

Responsible person and scope

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Technical University of Applied Sciences Augsburg
Sciences, a public corporation pursuant to Article 11, Paragraph 1, Sentence 1 of the BayHSchG,
represented by its President Prof. Dr. Gordon T. Rohrmair

An der Hochschule 1
86161 Augsburg

Telephone: +49 (0)821-5586-0
Fax: +49 (0)821-5586-3222

[Bitte aktivieren Sie Javascript]

This privacy policy applies to the websites:

https://www.tha.de

And as a supplement, to the extent that we process personal data on our own responsibility for:

Name and Address of the data protection officer

Internal contact person for data protection: Nataly Rohr (Legal Department)

External Data Protection Officer of the Technical University of Applied Sciences Augsburg

Attorney Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne

Tel.: +49 221 222183-0

E-Mail:[Bitte aktivieren Sie Javascript]
Website:www.kinast.eu

Handling of personal data

This privacy policy informs users about the type, scope, and purpose of the processing of personal data by the Technical University of Applied Sciences Augsburg. The legal basis for data protection can be found in the GDPR.

Since changes in the law or changes to our internal university processes may make it necessary to adapt this privacy statement, we ask you to read this statement regularly.

Personal data according to Art. 4 GDPR is all information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier or to one or more special characteristics. Personal data therefore includes, for example, the name, email address, telephone number or IP address.

Information that we cannot relate to you (or can only do so with disproportionate effort), e.g. by anonymizing the information, is not personal data. Processed personal data is deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention periods to be observed.

Personal data is only processed by the Technical University of Applied Sciences Augsburg if this is permitted by law or if the users consent to the data collection. If we process your personal data, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing, and the respective storage period.

Access Data/Server Log files

The Technical University of Applied Sciences Augsburg collects data about every access to the website (so-called server log files). The access data includes: the domain, IP address, name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and the requesting provider.

The Technical University of Applied Sciences Augsburg uses the log data only for statistical evaluations for the purpose of operating, securing, and optimizing the website. However, the Technical University of Applied Sciences Augsburg reserves the right to subsequently check the log data if there is reasonable suspicion of illegal use based on concrete evidence.

Art. 6 (1) (f) GDPR serves as the legal basis for the data processing mentioned. The processing of the data mentioned is necessary for the provision of a website and thus serves to safeguard the legitimate interest of our university.

The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. The user therefore has no option to object. Your personal data will be deleted as soon as it is no longer required for the above-mentioned purpose. If your personal data is stored in log files, it will be deleted after three days. Further storage may take place in individual cases if this is required by law.

Website in general: purposes and legal bases of processing

In accordance with Art. 6 Para. 1 lit. c GDPR in conjunction with Art. 2 Para. 6 BayHSchG, Art. 4 Para. 1 Sentence 1 and 2 BayEGovG, we offer our services and administrative services as well as information for the public about our activities on our websites. We use cookies, statistics, log files, Google Custom Search and the web analysis tool Matomo to create business statistics, conduct organizational surveys, test or maintain our web service and to ensure network and information security in accordance with Art. 6 Para. 1 lit c and e GDPR in conjunction with Art. 6 Para. 1 BayDSG, Section 13 Para. 7 TMG, Art. 11 Para. 1 BayEGovG, Section 100 Para. 100 TKG. We anonymize or pseudonymize personal data as long as the purpose of processing is not impaired.

Log files

When you visit the central websites of the Technical University of Applied Sciences Augsburg, you transmit data to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server and stored for a period of 3 days:

Name or IP address of the requesting computer
Name of your Internet access provider
Date and time of access
Name and URL of the retrieved file
Amount of data transferred
Message whether the retrieval was successful

Matomo-Webstatistics

This website uses the web analysis tool Matomo for needs-based design, analysis and planning of resource requirements in accordance with Section 15 Paragraph 3 TMG and Art. 6 Paragraph 1 e GDPR in conjunction with Art. 6 Paragraph 1 BayDSG and Art. 7 Paragraph 1 BayHO. The following usage information is collected and stored when you visit our website using so-called cookies (small text files):

Name of the retrieved file
Date and time of retrieval
Amount of data transferred
Message whether the retrieval was successful
Anonymized IP address
The website you visited immediately before
Browser recognition

Due to anonymization, you as a user remain anonymous to us and no personal usage profiles are created.

The regular deletion period for usage information collected via Matomo is 12 months.

Contact

When contacting Technical University of Applied Sciences Augsburg by email, the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise. The purpose of providing your email address is to assign your request and to be able to answer you. The legal basis for the processing of your personal data in this context is Art. 6 Para. 1 lit. f GDPR.

We delete the personal data collected in this context once storage is no longer required or restrict processing if statutory retention periods prevent deletion. You have the right to object to the processing of your personal data when contacting us by email at any time in the future.

The basis for communication and the choice of communication service provider is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR, for contract performance in accordance with Art. 6 Para. 1 lit. b GDPR, in the context of deliveries in accordance with Art. 6 Para. 1 lit. c GDPR in conjunction with the administrative delivery regulations. The basis for storage and response is Art. 6 Para. 1 lit. e GDPR in conjunction with the respective statutory task. Many of these tasks are listed in Art. 2 BayHSchG.

If you communicate a concern, request or opinion to us by email, post, telephone, fax, e-government portal solutions, in conversation or via social media, the information provided or our notes on conversations will be processed for the purpose of processing the concern and for possible follow-up questions and for exchanging opinions and, if necessary, forwarded to the relevant persons. When we respond to you, we will use the same communication channel where possible, unless you wish to change.

Post, emails and social media posts and messages that you have not sent to us publicly are usually checked every two years at the end of the year in which they were received to see whether the storage of your enquiries for follow-up questions is still necessary. If the storage of your data is no longer necessary, it will be restricted to processing and stored in accordance with statutory retention periods and in compliance with archiving law.

Mandatory Information

Obligation to Provide

If you do not provide us with the data required for the performance of the contract as part of the communication, we will not be able to process the contract.

Right of Withdrawal

If the processing of your data is based on consent, you can revoke your consent at any time by informing us without affecting the legality of the processing carried out on the basis of the consent until the revocation.

Right of Objection

You have the right to object at any time to the processing of personal data concerning you, which is carried out, inter alia, on the basis of Art. 6 (1) (e) GDPR, for reasons arising from your particular situation. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

Integration of third-party services and content

It may happen that third-party content, such as maps from Google Maps, Google Webfonts, RSS feeds or graphics from other websites, is integrated into this website. This always assumes that the providers of this content (hereinafter referred to as "third-party providers") perceive the IP address of the user. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers save the IP address, e.g. for statistical purposes. If we are aware of this, we will inform users about it.

Data processing by Google Maps

For more information about data processing by Google Maps, please see Google’s privacy policy: https://www.google.com/intl/de_de/help/terms_maps.html.

Further information about Google Web Fonts can be found at: https://developers.google.com/fonts/faqand in Google’s privacy policy: https://www.google.com/policies/privacy.

Services of the Library of the Technical University of Applied Sciences Augsburg

For the use of our library's services, we only collect the data required for this purpose in the registration forms found there (e.g. InfoGuide). The legal basis is Art. 6 Paragraph 1 Clause 1 Letter d of GDPR in conjunction with Section 3 ABOB, which permits the processing of personal data to fulfill the library's tasks.

Social Media

At our events, we create content as part of our public relations work and our freedom of research, teaching and art, and we see the contributions and interactions of the community on it. Our aim is to provide information tailored to the target group and to exchange ideas with you.

We disclose content and contributions, requests that violate the rights of third parties or that constitute a criminal offense or administrative offense, or that do not comply with legal or contractual obligations of conduct, by transmitting them to the responsible authority or the social media provider and block or delete them.

The legal basis for data processing on our social media offers and elements is your consent in accordance with Art. 6 Para. 1 lit. a GDPR, the contract with the respective provider in accordance with Art. 6 Para. 1 lit. b GDPR and in accordance with Art. 6 Para. 1 lit e DSGVI in conjunction with Art. 2 Para. 6 BayHSchG, Art. 3 BayHSchG, Art. 4 Para. 1 Sentence 1 and 2 BayEGovG, Section 5 Para. 1 No. 2 TMG.

Social media posts and messages that you have not sent to us publicly are reviewed every two years to determine whether the storage of your requests for follow-up questions is still necessary. If the storage is no longer required, your data will be restricted in processing and stored in accordance with statutory retention periods and in compliance with archiving law.

If you have communicated with us via social media with the knowledge of the public or parts of it, you can decide for yourself how long the data will be published or ask us to delete it. We delete this data in compliance with archive law within our area of responsibility. If we still have copies of the data after deletion, these will be restricted in processing and stored in accordance with the statutory retention periods and in consideration of archive law.

Mandatory Information

Obligation to Provide

If you do not provide the provider with the personal data required to fulfil the contract, the provider will not be able to process the contract.

Right of Withdrawal

If the processing of your data is based on consent, you can revoke your consent at any time without prior notice, without affecting the legality of the processing carried out on the basis of the consent until the revocation.

Right of Objection

Supplementary data protection provisions of the social media service providers or services

Social media providers often create comprehensive profiles of their members and those who come into contact with their Telemedia services (e.g. clicking a like button or visiting a website). These profiles are used, among other things, to market advertising. So if you use our services with the providers, they know that you have a relationship with us.

You can partially limit the scope of this data processing through general browser settings or browser extensions. Recommended information on this can be found at https://www.privacy-handbuch.de/handbuch_21.htm. The providers also offer individual settings to control advertisements and tracking, for example. This sometimes requires accounts with the respective providers. We have listed important information for you here.

Recipients or categories of recipients of the personal data

If you use our social media channels and pages, we expressly point out that their providers also process your personal data. The operators are based in the USA or Ireland.

The social media providers Facebook, Twitter and YouTube are certified under the EU-US Privacy Shield and are visible to everyone so that a legally adequate level of protection for personal data exists:

Facebook, Inc.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Twitter Inc.

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

YouTube (Youtube LLC) and Google+ under Google LLC

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

An exception is Instagram LLC, 1601 Willow Rd., Menlo Park, CA 94025 USA. This protection does not exist there. We would therefore like to point out that without the guarantees, personal data in the United States of America does not have the same level of protection as it does in the entire European Economic Area.

Our IT service providers may also be recipients of your personal data as part of the data processing contracts we have concluded. However, in order to ensure the security of our data processing systems, we do not disclose our service providers.

If our IT service providers, who are bound by our instructions, are based outside the European Economic Area, we ensure, in addition to our data processing contracts, that the EU Commission has determined an appropriate level of data protection for the providers through certification procedures or for the country in which the provider is based, or we use standard data protection clauses. Information about these guarantees is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

Duration of storage of personal data

Subject to appropriate retention periods, personal data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected or the legitimate basis for doing so no longer applies (e.g. due to the revocation of consent).

Widget – Startnext Crowdfunding

We use a so-called widget on our website from Startnext Crowdfunding GmbH, Grundstraße 1, 01326 Dresden (hereinafter referred to as "Startnext"). The widget functions like a link to the respective project-related page of Startnext. When you activate the hyperlink, you will be redirected from our website directly to the website of the other provider. You can recognize this by the change in the URL, among other things. We cannot accept any responsibility for the confidential handling of your data on third-party websites, as we have no influence on whether these companies adhere to data protection regulations. Please find out about how Startnext handles your personal data directly at https://www.startnext.com.

Widget – Virtual real estate tours with Matterport

Our website contains virtual tours of properties that are integrated via the portal my.matterport.com. The operator of this portal is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA.

When you visit one of our pages that contains such a virtual tour, a connection is established to the Matterport servers. The Matterport server is informed which of our pages you have visited. Matterport also obtains your IP address. This also applies if you are not logged in to Matterport or do not have a Matterport account. The information collected by Matterport is transmitted to the Matterport server in the USA.

If you have a Matterport account and are logged in, you allow Matterport to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Matterport account.

Matterport is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information about how Matterport implements the GDPR and handles user data, please visit https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and Matterport's privacy policy at https://matterport.com/legal/privacy-policy/.

Name	Matterport
Provider	Matterport Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA
Purpose	Our website uses services from Matterport Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA. When you access a Matterport 3D tour via our website, a connection is established to the Matterport servers. The IP address, browser version and displaying device, origin and destination URL and the ID of the 3D tour are transmitted to the Matterport servers in the USA. Matterport is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
privacy policy	https://matterport.com/legal/privacy-policy/
Host(s)	.matterport.com

Name	Custom
Provider	mpembed.com metroplex360
privacy policy	https://mpembed.com/terms/
Host(s)	mpembed.com
Cookie Name	mpembed

Chatbot

Purpose of Processing

The purpose of the processing is to operate a chatbot as a service on the Augsburg University website. The chatbot is intended to help interested parties find the information on the website about studying at the university more easily and quickly. If the chatbot recognizes the question text, the information available on the website is displayed. If the question cannot be answered, the chatbot reports the question text to an employee in the relevant department.

Of course, all information can also be found on the website without using the chatbot.

Please note: the chatbot only collects your IP address as personal data as part of its operation. It is generally not suitable for answering individual personal questions. For such questions, please use other communication channels such as email or telephone and contact the specialist department directly.

Legal basis

The legal basis for the processing of your personal data is your consent to the data protection declaration in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.

Recipient

The question text you type into the chatbot is stored anonymously by us to optimize the chatbot and our website. In addition, the relevant department receives the question text to answer as part of the chat history.

Third

IT service providers may be recipients of your personal data as part of the data processing contracts we have concluded. However, in order to ensure the security of our data processing systems, we do not disclose our service providers.

Deletion period

Subject to statutory deletion periods, personal data will be deleted when they are no longer required for the purpose for which they were collected.

Active components

Cookies are used for dynamic content on the website , but they do not store any personal data.

Javascript applications are used here only for extended navigation options. The use of this functionality can be deactivated by the respective user through browser settings.

Cookies

Cookies are small files that allow specific, device-related information to be stored on the user's access device (PC, smartphone, etc.). On the one hand, they make websites more user-friendly and therefore more user-friendly. Some functions of our website cannot be offered without the use of technically necessary cookies. On the other hand, they are used to collect statistical data on website usage and to analyze it in order to improve the website. Users can influence the use of cookies.

Here you will find more information about the use of cookies on our website and can make individual cookie settings.

Direct marketing by Mail

For marketing purposes, we process your personal data as part of direct marketing by post. For this purpose, we have a legitimate interest in data processing in accordance with Art. 6 Paragraph 1 Letter f of GDPR. This is also the legal basis for the processing of your personal data in this context. Your personal data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is particularly the case if you object to us processing your personal data. As a rule, we have collected the personal data from you ourselves. We also process data that we are permitted to obtain and process from publicly accessible sources.

Direct Marketing via Electronic Newsletter

If you subscribe to the HSA_akademie newsletter, we only collect the data necessary for sending it in the registration form. The legal basis is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke your consent at any time in the future by sending an email to [Bitte aktivieren Sie Javascript]. We delete your personal data when we stop sending the newsletter, you unsubscribe from the newsletter or revoke your consent.

Assertion, Exercise or Defense of Legal Claims

The processing of your personal data in the context of the assertion, exercise or defense of legal claims is carried out for the purpose of warding off unjustified claims and the legal enforcement of claims and rights. This is our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR. The legal basis for the processing of your personal data in the context of the assertion, exercise or defense of legal claims is Art. 6 Para. 1 lit. f GDPR. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Since the processing of your personal data in this context is absolutely necessary, you have no option to object.

Recipient Categories

Within the Technical University of Applied Sciences Augsburg, your personal data will be passed on to those departments that need it to fulfil the purposes mentioned above. We also use the services of various service providers (e.g. IT service providers) and transmit your personal data to these trustworthy recipients. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Application options for Job Offers

We process applicants' personal data to carry out the application process. You can also apply to us electronically. This is possible via our applicant portal

https://karriere.hs-augsburg.de

The data that you send us as part of the application process will be used exclusively to carry out the application process and will only be made available to those people who are directly involved in the process. The data will not be passed on to third parties. The legal basis for the processing is Art. 6 Paragraph 1 Letter b in conjunction with Art. 88 GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and stored; there are no statutory retention periods to the contrary, and it is not required in connection with the protection and defence of possible legal claims. Applicants have the option of withdrawing their application at any time. Your application documents will then no longer be considered in the application process and will be deleted unless there are statutory retention periods to the contrary.

Rights of those Affected

If we process your personal data, you are the data subject and have the following rights with regard to the personal data concerning you:

According to Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, about transmission to third countries or to international organizations and about the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.
According to Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
According to Art. 18 GDPR, you can request that the processing of your personal data be restricted if you contest the accuracy of the data, the processing is unlawful or we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, common and machine-readable format or you can request that it be transmitted to another responsible party.
According to Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer permitted to continue the data processing based on this consent in the future.
According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

The data protection supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision

Right of Objection

When processing your personal data on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which we will implement without specifying a particular situation. Technical University of Applied Sciences Augsburg will then no longer process this personal data unless Technical University of Applied Sciences Augsburg can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms concerned, or the processing serves to assert, exercise or defend legal claims.

Data Security and Security Measures

We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss or misuse of the data we store, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to technological advances. This includes, among other things, the use of recognized encryption methods (SSL or TLS). 

However, we would like to point out that due to the structure of the Internet, it is possible that the data protection rules and the security measures mentioned above are not observed by other persons or institutions outside our area of responsibility. In particular, data disclosed unencrypted - e.g. if this is done by email - can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data they provide against misuse by encrypting it or in some other way.

Links to Websites of Other Providers

Our websites contain cross-references to pages of other providers. We would like to point out that this data protection declaration applies exclusively to the central website of the Augsburg University of Applied Sciences. We have no influence on this and do not control whether other providers comply with the applicable data protection regulations.

Other Information about our Privacy Policy

We reserve the right to occasionally adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.