Do you really want to log out?
Privacy policy
Thank you for visiting our website. Reutlingen University (hereinafter referred to as “we” or “us”) attaches great importance to the security of user data and compliance with data protection regulations.
We would like to inform you below about the processing of your personal data on our website
Contact details of the person responsible
Reutlingen University
Alteburgstraße 150
72762 Reutlingen
Deutschland
Prof. Dr. Hendrik Brumme, President
E-Mail: info@reutlingen-university.de
Tel.: +49 7121 271-0
Web: reutlingen-university.de
Contact details of the data protection officer
Maximilian Musch
German data protection law firm
Tel.: 07542 949 21 -02
E-Mail: maximilian.musch@reutlingen-university.de
Tel.: 07542 94921-02 Web: www.ddsk.de
Terms
The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.
Note: General Equal Treatment Act (AGG)
For reasons of easier readability, no gender-specific differentiation is made in our privacy policy. Corresponding terms apply to all genders in the interests of equal treatment.
Notes on data processing
Automated data processing (log files etc.)
Our website can be visited without the user actively providing any personal data. However, we automatically store access data (server log files) such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the terminal device used for a period of 7 days for security reasons, e.g. to detect attacks on our website. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the person of the user. This data is not merged with other data sources.
We process and use the data for the following purposes: provision of the website, improvement of our websites, prevention and detection of errors/malfunctions and misuse of the website.
Legal basis: Legitimate interest, pursuant to Art. 6 para. 1 lit. f) GDPR
Legitimate interests: Ensuring the functionality and error-free and secure operation of the website and adapting this website to the requirements of the users.
Use of cookies (general, how they work, opt-out links, etc.)
We use cookies on our website to make visiting our website attractive and to enable the use of certain functions. The use of cookies serves our legitimate interest in making visiting our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files that are stored on the end device. They enable us, among other things, to store user settings so that our website can be displayed in a format tailored to the user's device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's device and enable us or our partner companies to recognize the browser on the user's next visit (so-called permanent cookies).
The browser can be set so that the user is informed when cookies are set and can decide whether to accept them on a case-by-case basis or to accept cookies in certain cases or to exclude them in general. Furthermore, cookies can be deleted retrospectively to remove data that the website has stored on the user's computer. Disabling cookies (known as opt-out) may result in some restrictions to the functionality of our website.
Categories of data subjects: website visitors, users of online services
Opt-Out:
Internet Explorer:
https://support.microsoft.com/de-de/help/17442
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de
Safari
https://support.apple.com/de-de/HT201265
Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
The relevant legal basis is specifically named for each tool.
Legitimate interests: Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, maintaining user status across complete website, recognition for next website visits, user-friendly online offering, ensuring chat function
Consent management tool
We use a consent management process on our website to be able to store and manage the consent given by visitors to our website in a verifiable manner that meets the requirements of the GDPR. At the same time, visitors to our online offering can use the integrated service to manage the consent and preferences they have given or to revoke their consent. The consent status is stored on the server side and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of the declaration of consent is recorded.
Categories of data subjects: Website visitors who use the consent management tool
Categories Data: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)
Purposes of processing: Fulfillment of accountability obligations, consent management
Legal basis: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)
Wacon Cookie Management
Recipient: WACON Internet GmbH, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
Data protection: https://www.wacon.de/info/datenschutz.html
Social media presence
We maintain an online presence on social and professional networks in order to exchange information with registered users and to be able to contact them easily.
In some cases, user data is used on social networks for advertising purposes. User profiles can be created based on user behavior, such as interests, and used to tailor advertisements to the interests of target groups. To do this, cookies are regularly stored on users' end devices, sometimes regardless of whether they are registered users of the social network.
In connection with the use of social media, we also use the associated messengers to communicate with users.
Please note that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the service provider may be able to determine that and when users communicate with us and may collect location data.
Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in increased risks for users, for example because it makes it more difficult for them to enforce their rights.
Categories of data subjects: Registered and non-registered users of the social network
Categories Data: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text, images, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)
Purposes of processing: Expansion of reach, networking
Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR), consent (Art. 6 (1) (a) GDPR)
Legitimate interests: Interaction and communication on our social media sites, insights into target groups
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Privacy: https://www.facebook.com/privacy/explanation
and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-Out-Link:https://www.facebook.com/policies/cookies/
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Privacy:https://help.instagram.com/519522125107875
and https://www.facebook.com/about/privacy
Opt-Out-Link:https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy: https://www.linkedin.com/legal/privacy-policy
Opt-Out-Link:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Recipient: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2,
D02 AX07, Irland
Privacy: https://twitter.com/de/privacy
Opt-Out-Link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options
Plug-ins and embedded third-party content
We have integrated functions and content into our online offering, e.g. learning videos, which are obtained from third-party providers. For example, videos, illustrations, buttons or posts (hereinafter referred to as content) can be integrated.
In order to display content to visitors to our online offering, the respective third-party provider processes, among other things, the user's IP address so that the content can be transmitted to the browser and displayed. Without this processing, it is not possible to display third-party content.
In some cases, additional information is collected via so-called pixel tags or web beacons, which provide the third-party provider with information about the use of the content or visitor traffic on our online services, technical information about the user's browser or operating system, the length of the visit or referring websites. The data obtained in this way is stored in cookies on the user's device.
In order to protect the personal data of visitors to our online services, we have taken certain security precautions to prevent the automatic transmission of this data. This data is only transmitted when users use the buttons or click on the third-party content.
Categories of data subjects: Users of the plug-in or embedded third-party content
Data categories: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, phone number), master data (e.g. name, address)
Purposes of processing: Design of our online services, increasing the reach of advertisements in social media, sharing posts and content, interest-based and behavioral marketing, cross-device tracking
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
YouTube
Recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy: https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de
or https://myaccount.google.com/
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Place of processing: The primary data processing location is the United States of America (USA).
Panopto
Recipient: Panopto Inc., Panopto, 506 2nd Avenue Suite 1600 Seattle, WA 98104, USA
Privacy: https://www.panopto.com/de/privacy/
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Place of processing: European data centers are the primary data processing location.
Registration & Login
We offer you the option of setting up a user account on our website. As part of the registration process, we collect the necessary data from interested visitors, which we require to provide a user account and the associated function
If visitors to our website decide to register, they will receive an e-mail that must be confirmed. This serves to prevent the misuse of false e-mail addresses.
To protect the use of the internal area, we collect the IP addresses and the time of access to prevent misuse of a user account and unauthorized use. We do not pass this data on to third parties unless it is necessary to pursue our claims or we are legally obliged to do so.
To better protect user accounts from unauthorized access, the system automatically logs you out of your account after 4 hours of inactivity. You will then need to log in again.
Categories of data subjects: Registered users
Data categories: Master data (e.g. name, e-mail address, login data (user name and password), meta and communication data (e.g. device information, IP addresses), usage data (e.g. website content visited, access times)
Purposes of processing: Simplification of the website function
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Downloading learning content
We offer the option of downloading files (e.g. PowerPoint slides, PDFs, texts and graphics) from our website in order to provide our users with current information or information that is relevant to them. In some cases, downloads may be made without this being recorded by our system. In this respect, no tracking or statistical evaluation takes place.
Categories of data subjects: Interested parties who specifically download our information material
Data categories: IP address, form data (title, name, e-mail address, telephone number)
Purposes of processing: Processing of any inquiries
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Data transfer
We transfer the personal data of visitors to our online services for internal purposes (e.g. for internal administration or to comply with legal or contractual obligations). The internal transfer or disclosure of data is only carried out to the extent necessary and in compliance with the relevant data protection regulations.
It may be necessary for us to pass on personal data in order to execute contracts or to fulfill a legal obligation. If the necessary data is not provided to us, it may not be possible to conclude the contract with the data subject.
Your data may be processed when using or accessing certain services, such as Google services (e.g. YouTube), including outside the EU/EEA, in so-called third countries (e.g. USA). The European Commission has not issued an adequacy decision for the transfer of data to the United States, which is considered an unsafe third country. The adequacy decision refers to the level of data protection in this third country or the relevant international organization. There is a risk that data may be processed by US authorities for control and monitoring purposes, without the data subjects possibly having any legal recourse.
We conclude data protection agreements (Data Processing Agreements) with the providers, including standard contractual clauses in accordance with Art. 44 ff. DSGVO, and define additional measures to ensure the highest possible protection for the personal data of data subjects.
Guarantees provided for transfers to third countries (if available):
Standard contractual clauses in accordance with Article 46 (1), (2) (c) GDPR:
Google services:
https://privacy.google.com/businesses/processorterms/
https://privacy.google.com/businesses/processorterms/mccs/
Panopto:
We will be happy to provide proof of the existence of the standard contractual clauses as an appropriate safeguard on request (datenschutz@reutlingen-unversity.de).
Storage duration
We store the data of visitors to our online services for as long as is necessary to provide our services or as required by the European regulatory and legislative authorities or any other legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been served, with the exception of data that we are required to store in order to fulfill legal obligations (e.g. we are obliged by tax and commercial law to store documents such as contracts and invoices for a certain period of time).
Automated decision-making
We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.
Legal basis
The relevant legal bases arise primarily from the GDPR. These are supplemented by the national laws of the member states and, where applicable, are to be applied together with or in addition to the GDPR.
Consent: Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Fulfillment of contract: Article 6(1)(b) of the GDPR serves as the legal basis for processing operations that are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation: Article 6(1)(c) of the GDPR serves as the legal basis for processing that is necessary to fulfill a legal obligation.
Vital interests: Article 6(1)(d) of the GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or of another natural person.
Public interest: Article 6(1)(e) of the GDPR serves as the legal basis for processing operations that are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest: Article 6(1)(f) of the GDPR serves as the legal basis for processing that is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail, in particular where the data subject is a child.
Rights of the parties concerned
Right of access: Affected persons have the right, in accordance with Art. 15 GDPR, to request confirmation as to whether we are processing data concerning them. You can request information about this data, as well as the further information listed in Art. 15 para. 1 GDPR and a copy of your data.
Right of rectification: In accordance with Art. 16 of the GDPR, data subjects have the right to request the rectification or completion of their personal data processed by us.
Right to deletion: Affected persons have the right according to Art. 17 GDPR to request the immediate deletion of the data concerning them. Alternatively, they can demand that we restrict the processing of their data in accordance with Art. 18 GDPR.
Right to data portability: Affected persons have the right, in accordance with Art. 20 GDPR, to request the provision of the data they have provided to us and to request its transfer to another responsible party.
Right of appeal: Data subjects also have the right to complain to the supervisory authority responsible for them in accordance with Art. 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) sentence 1 point (f) GDPR, data subjects have the right to object to the processing of their personal data in accordance with Article 21 GDPR if there are reasons for doing so arising from their particular situation or if the objection is to direct advertising. In the latter case, data subjects have a general right of objection, which we will implement without the need to specify a particular situation.
Revocation
Some data processing operations are only possible with the express consent of the data subjects. You have the option to revoke consent that has already been given at any time without stating reasons. To do so, an informal message or e-mail to datenschutz@reutlingen-unversity.de is sufficient.
The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.
External links
Our website contains links to the online offers of other providers. We hereby expressly state that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Amendments
We reserve the right to amend this data protection notice at any time in line with changes to our online offering and in compliance with the applicable data protection regulations, so that it meets the legal requirements.
This privacy statement was created by the
German Data Protection Lawyers.
- Maximilian Musch -