General information on the processing of your data

The processing of your data by the Darmstadt University of Applied Sciences (hereinafter: the University or the provider of this website) is done in accordance with the data protection regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, abbreviated to GDPR) and the Hessian Data Protection and Freedom of Information law (Datenschutz- und Informationsfreiheitsgesetz) of 3 May 2018, as amended (in short: HDSIG).

According to article 13 of the GDPR the University has an obligation to notify when collecting personal data.

The University takes the protection of your data seriously. We would like to notify you in a more precise, transparent, understandable, and easily accessible form, about which data we record when you access the website ‘http://www.darmstadt-mba.de’, when we do so, and how we use the data.

Changes in purpose of the processing and data usage

Due to the development of the website and the implementation of new technology, changes to the contents of this privacy policy may be necessary. We therefore request that you reread this privacy policy from time to time.

Personal data

According to Article 4 of the GDPR, "personal data means any information relating to an identified or identifiable natural person […]; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.“

Name and address of the Controller of the data processing

The responsible entity in accordance with the applicable data protection laws and other provisions of a data protection law nature is:

Hochschule Darmstadt
University of Applied Sciences
Schöfferstraße 3
64295 Darmstadt
Germany 

Telephone: +49.6151.533-68420
Email: mba@h-da.de
Website: https://www.h-da.de

Hosting

We are hosting the content of our website at the following provider:

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter referred to as: IONOS). Whenever you visit our website, IONOS records various logfiles along with your IP addresses. For details, please consult the data privacy policy of IONOS: https://www.ionos.de/terms-gtc/terms-privacy.

We use IONOS on the basis of Art. 6 (1)(f) GDPR. Our company has a legitimate interest in presenting a website that is as dependable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Collection and processing of personal data

Personal data is only collected within the scope of the use of the website. In doing so, the responsible entity shall comply with the provisions of Art. 5 and 6 of the EU GDPR.

The processing and use of your personal data is done in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).

Collection of data when using the website

The responsible entity collects the following personal data from the user when the website is used, also including the use of the Matomo add-ons:

  • Anonymised IP addresses
  • Page views
  • Link clicks
  • The name and email address, when using the contact form or in the event of telephone contact
  • Recording of conversations (e.g., sending of a form)

Data for the technical provision of the website

For technical reasons, the temporary processing of the complete IP address by the responsible entity is necessary for the functioning of the website on the user’s terminal devices or web browsers.

Place of processing and storage

The data processed on the website is processed and saved within the EU and not in countries outside of the area of application of the GDPR.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Usage and transmission of personal data

Personal data is only collected within the scope of the responsible entity’s website for the use of the website. Your data is not used in any other way.

Storage duration of data

The specific storage duration is limited to the duration of the use of the website, the IP address is discarded as soon as the session has ended.
The storage duration of data is three months, according to Matomo’s statistics.
Data from the request form is saved for as long as needed to send information material and, where applicable, for consultation in the event of questions about courses.

Cookies

Your data, which is processed by us when using the website, shall be deleted or blocked, as soon as the purpose of the storage no longer applies, as long as the deletion of data does not conflict with the legal storage obligations and subsequently no other statements have been made about individual processing methods.

Session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technology, which are deposited and saved on your terminal device by your internet browser. Due to these cookies, particular information about you, such as your IP address, are processed to a certain degree.

This processing makes our website more effective and secure, as the processing or reproduction of our website allows for different languages or the provision of a shopping basket function.

The legal foundation for this processing is Art. 6, (1) (b) GDPR, provided these cookies process data for the initiation or processing of contracts.

If the data is processed for a different reason to the initiation or processing of contracts, we have a justified interest in the improvement of the functioning of our website. The legal foundation is then Art. 6, (1) (f) GDPR.

Opt-out option

You can prevent or limit the installation of cookies via your internet browser settings. You can also delete cookies that have already been saved at any time. The required steps and measures for this depend, however, on the specific internet browser you use. If you have any questions, please use the help function or the documentation of your internet browser, or alternatively contact the manufacturer or support team. With so-called Flash cookies the processing cannot, however, be prevented by your browser settings. Instead you have to change the respective settings of your Flash player. Again, the steps and measures required depend on the specific Flash player you use. If you have any questions, please refer to the help function or the documentation of your Flash player or contact the manufacturer or user support.

If you prevent or limit the installation of cookies, this may however mean that not all the functions of our website can be used in full.

 

Consent with Cookiebot

Matomo

This website uses the open-source web analysis service Matomo.

Through Matomo, we are able to collect and analyse data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g., IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

IP anonymization

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.

Hosting

We use the Matomo Cloud service provided by the EU representative:

ePrivacy Holding GmbH
Große Bleichen 21
20354 Hamburg
Germany 

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

 

Matomo Analytics Opt-Out

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

YouTube

This website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit a page on this website into which a YouTube has been embedded, a connection with YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited.

Furthermore, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Zoom as online-based Audio and Video Conference system

Data processing

We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

The provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). The use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

Duration of storage

Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We employ the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/en-us/privacy.html.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

External links

The website may contain links to websites of other legal entities. The University has no influence on whether the responsible entities for these websites also comply with the legal data protection provisions. Consequently, please always check the privacy policies of external websites.

Recipients of your data in the event of a legal or judicial obligation

The data which is saved when you access the website is only transferred to third parties, if we are legally obliged to do so, or if we are obliged by a court judgement, or if it is necessary in the event of an attack on the website for legal proceedings or prosecution.

Your rights

As a user of the website you have various rights in accordance with Art. 15 to 18, 21 and 21 GDPR and the Hessian Data Protection and Freedom of Information Act (HDSIG): the right of information, the right to rectification, the right of deletion, the right to limit processing, the right to object, the right to data portability and the right of complaint.

Right of information

According to Article 15, GDPR, you can demand information about personal data of yours which we process. In your request for information you should specify what you want in order to make it easier to compile the necessary data. Please be aware that your right to information is restricted by the provisions of the HDSIG.

Right to rectification

According to Article 16 GDPR and Section 53 HDSIG, you have the right to demand immediate rectification by us of any applicable incorrect personal data. If the correctness or incorrectness of the data cannot be determined, a restriction on processing can come into effect according to Section 53 HDSIG instead of rectification. In this case we will inform you before we lift the restriction. In consideration of the purposes of processing, you have the right to demand the completion of incomplete personal data – even by a supplementary declaration.

Right of deletion

According to Article 17 GDPR and Section 34 HDSIG, you can demand the deletion of your personal data. Your request for deletion is dependent on several conditions, for example whether we still require your data to fulfil our legal responsibilities.

Right to limit processing

According to Article 18 GDPR, you have the right to demand the limitation of processing by us under certain circumstances, for example if the correctness of your personal data is contested by you, and for a duration which allows us to verify the correctness of the personal data. Further prerequisites are stated in Article 18 (1) GDPR. If the processing has been limited to this extent, this personal data – except for the saving thereof – is only allowed to be processed with your permission or for the purposes defined in Article 18 (2) GDPR. If you have initiated a limitation of the processing of your personal data, you will be notified by us before the limitation is lifted.

Right to data portability

According to Article 20, GDPR, you have the right to demand the handover of your personal data in a structured, accessible, and machine-legible format, and to have this data sent to another responsible entity without any obstruction by us.

Right to object

According to Article 21, GDPR, you have the right to object to the processing of data which concerns you, for reasons which arise from a particular situation of yours. We will not always be able to conform with your objection, for example if we are obliged to process the data due to a legal provision in accordance with Section 35, HDSIG. Please also be aware that we have to process the IP address of your client so that you can use the website.

Right of complaint

If you are of the opinion that the University has not observed data protection regulations when processing your data, you can send a complaint to the official Data Protection Officer (DPO) of the University, or to the supervisory authorities for the public data processing offices of the State of Hessen, in order to have this checked.

Contact options

If you contact us via the email address provided, the personal data you transfer will be automatically saved by us. This is done solely for purposes of processing or to contact the affected person. The data is not passed on to third parties.

Name and address of the Data Protection Officer

The contact data of the office Data Protection Officer (DPO) of the service requesting University can be found at: https://h-da.de/en/disclaimer.

Your rights to object

Case-by-case right to object

We have already notified you about the right to object as per Article 21, GDPR. In particular this means for you, that you have the right, at any time and for reasons which arise from your own situation, to object to the processing of your personal data. The prerequisite for this is that the data processing is done on the basis of a weighing of interests (Art. 6 (1) (f) GDPR).

If you submit an objection to the processing of your personal data, we will no longer process that data, unless we can prove there are clear reasons for processing which are worth protecting, and which outweigh your interests, rights and freedoms, or if the processing is needed to assert, exercise or defend against legal claims.

Who should the objection be addressed to?

The objection does not require a particular form and should, where possible, be addressed to:

Hochschule Darmstadt
University of Applied Sciences
Schöfferstraße 3
64295 Darmstadt
Germany

Telephone: +49.6151.533-68420
Email: mba@h-da.de
Website: https://www.h-da.de

Supervisory authorities

The contact data of the Hessian Officer for Data Protection and Freedom of Information can be found at https://www.datenschutz.hessen.de.

Validity

The privacy policy is valid currently and was last amended on 27.03.2023.