Privacy Policy
The following Privacy Policy applies to the use of Hochschule Offenburg’s online services:
We place great importance on data protection. The collection and processing of your personal data are carried out in compliance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
1. Data Controller
The controller responsible for the collection, processing, and use of your personal data within the meaning of Article 4(7) of the GDPR is
Hochschule Offenburg
Badstraße 24
77652 Offenburg
Phone: (0781) 205-0
Fax: (0781) 205-333
Email: impressum@hs-offenburg.de
www.hs-offenburg.de
The Hochschule Offenburg University of Technology, Business and Media is a public-law corporation.
It is represented by the Rector, Professor Dr. rer. nat. Stephan Trahasch, who is in accordance with law the legal representative of the university.
Professor Dr. rer. nat. Stephan Trahasch
Rector
Badstraße 24
77652 Offenburg
If you wish to object to the collection, processing, or use of your data by us in accordance with this Privacy Policy—either in general or with regard to specific measures—you may direct your objection to the data controller.
You may save and print this Privacy Policy at any time.
2. General Purposes of Processing
We use personal data solely for the purpose of operating the University's websites.
3. What Data We Use and Why
3.1. Access Data
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interactions with us, and we record data about your computer or mobile device. We collect, store, and use data about every visit to our website (so-called server log files). The access data includes:
Name and URL of the file accessed
Date and time of the request
Amount of data transferred
Confirmation of successful retrieval (HTTP response code)
Browser type and browser version
Operating system
Referrer URL (i.e., the previously visited page)
Websites accessed by the user’s system via our website
User’s Internet service provider
IP address and the requesting provider
We use this log data—without linking it to your identity or creating any other profiles—for statistical analysis to ensure the operation, security, and optimization of our website, but also to anonymously track the number of visitors to our website (traffic), as well as the extent and nature of use of our website and services, and for billing purposes to measure the number of clicks received from partners. Based on this information, we can provide personalized and location-based content, analyze data traffic, identify and resolve errors, and improve our services.
This also constitutes our legitimate interest pursuant to Article 6(1)(f) of the GDPR.
We reserve the right to review the log data retrospectively if there are concrete indications giving rise to a legitimate suspicion of unlawful use. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g., when you use one of our offerings. After the order process is canceled or upon receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have concrete suspicion of a criminal offense in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (e.g., when you register, log in, click on links, etc.).
3.2 Cookies
We use what are known as session cookies to optimize our website. A session cookie is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. This file contains a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your browser to be recognized as you navigate from page to page. We also use a cookie that contains an authorization hash to allow access to videos on the University’s media server. All of these cookies are deleted at the end of the session (depending on your browser and browser settings, simply closing and reopening the browser may not be sufficient; it may be necessary to clear the cache or wait a certain amount of time). Cookies are used on our site for the following processes:
Login process
Cross-page functions (displaying data from databases, etc.)
Access to the YouTube video platform
Shopping cart functions
These are technically necessary cookies, and this fact constitutes a legitimate interest. The use of these cookies is therefore lawful under Article 6(1)(1) of the GDPR.
You can configure your browser to be notified in advance when cookies are set, allowing you to decide on a case-by-case basis whether to accept cookies for specific instances or generally, or to block cookies entirely. This may limit the functionality of the website.
3.3 Data Necessary to Fulfill Our Contractual Obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, billing, and payment information. The collection of this data is necessary for the potential conclusion of a contract.
The data is deleted after the expiration of warranty periods and statutory retention periods. Data linked to a user account (see below) is retained in any case for the duration of that account.
The legal basis for processing this data is Article 6(1)(b) of the GDPR, as this data is necessary for us to fulfill our contractual obligations to you.
3.4 User Account
If you create a user account on the University’s websites, we will need the personal data requested during the login process. When you log in later, only your email address or username and the password you selected will be required.
For new registrations, we collect master data (e.g., name, address), contact information (e.g., email address), payment information (bank account details), and login credentials (username and password).
To ensure your proper registration and prevent unauthorized access by third parties, you will receive an activation link via email after registration to activate your account. We will only permanently store the data you have provided in our system once registration is complete.
You may have us delete a user account you have created at any time without incurring any costs other than the transmission costs according to the standard rates. A written notice sent to the contact information listed in Section 1 (e.g., email, fax, letter) is sufficient for this purpose. We will then delete your stored personal data, unless we are required to retain it to process orders or due to laws requiring us to retain it for a certain period.
The legal basis for processing this data is your consent pursuant to Art. 6(1)(a) of the GDPR.
3.5 Newsletter
To subscribe to a newsletter as part of the services offered on the Hochschule Offenburg website, the information requested during the registration process is required. Your registration is logged. After registering, you will receive a message at the email address you provided asking you to confirm your registration (“double opt-in”). This is necessary to prevent third parties from registering using your email address.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from it.
We store the registration data for as long as it is needed to send the newsletter. We store the registration log and the mailing address for as long as there is a need to provide evidence of the consent originally given; this generally corresponds to the statute of limitations for civil claims, i.e., a maximum of three years.
The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) in conjunction with Art. 7 of the GDPR and § 7(2)(3) of the UWG. The legal basis for logging the subscription is our legitimate interest in proving that the newsletter was sent with your consent.
You may cancel your subscription at any time without incurring any costs other than the transmission costs according to the standard rates. A written notice sent to the contact information provided in Section 1 (e.g., email, fax, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in every newsletter.
3.6 Email Contact
When you contact us (e.g., via the contact form or email), we process your information to handle your inquiry and in case follow-up questions arise.
We process additional personal data only if you consent to it (Art. 6(1)(a) GDPR) or if we have a legitimate interest in processing your data (Art. 6(1)(f) GDPR). A legitimate interest includes, for example, responding to your email.
If the data processing is carried out to implement pre-contractual measures in response to your inquiry, or—if you are already our customer—to fulfill the contract, the legal basis for this data processing is Article 6(1)(b) of the GDPR.
3.7 Online Application
If you apply to Hochschule Offenburg and submit your application materials to us in electronic form, we will process and use the data you have voluntarily provided to us exclusively for the purpose of handling the application process and, if applicable, initiating an employment relationship at Hochschule Offenburg. Your data will only be disclosed to third parties if you expressly authorize us to do so in writing, specifying the recipients.
3.8 Hosting
The hosting services we use are intended to provide the following: infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services, which we utilize for the purpose of operating the website.
In doing so, we—or our hosting provider—process inventory data, contact data, content data, contract data, usage data, metadata, and communication data from university members, customers, applicants, prospective clients, and visitors to this website based on our legitimate interests in providing our website efficiently and securely, in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR.
3.9 Linked Websites
Our websites contain links to external websites. We have no control over the content of these websites and therefore assume no responsibility or liability for the legality, accuracy, presentation, or completeness of the content published, displayed, or accessible on those sites.
We hereby inform you that when you visit these external websites, your IP address may be logged by the respective website operator.
When you leave our websites, we recommend that you review the privacy policy of the external website operators before accessing their websites or using the features available there.
3.10 Social Media Services
This website uses various social media services. These are designed so that data is transmitted only after you give your consent or take active actions (such as sharing links).
If you activate the social media features, you must comply with their privacy policies.
3.11 Facebook
You can view Facebook's current privacy policy at the following link: https://www.facebook.com/policy.php
3.12 Learnwise Chatbot
The website chatbot processes the following data:
Technical data:
IP addresses
Browser information
Device details
Session data
Communication content:
Support requests and questions asked
Chat conversation content
Interaction metadata
These data types fall within the scope of Article 4(1) of the GDPR.
However, the core processing performed by the chatbot (reading and responding to what the user enters) is generally based on a legal basis that does not require consent under the GDPR (Art. 6(1)(b)—user request/performance of a contract or Art. 6(1)(f)—legitimate interest).
4. Retention Period
Unless otherwise specified, we store personal data only for as long as is necessary to fulfill the intended purposes.
In some cases, the law requires the retention of personal data, such as under tax or commercial law. In these cases, we will continue to store the data solely for these legal purposes, but will not process it for any other purpose, and will delete it once the statutory retention period has expired.
5. Your Rights as a Data Subject
Under applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or mail, clearly identifying yourself, to the address listed in Section 1.
Below is an overview of your rights.
5.1 Right to Confirmation and Access
You have the right to receive clear information about the processing of your personal data.
Specifically:
You have the right at any time to receive confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to request, free of charge, information from us regarding the personal data we have stored about you, along with a copy of that data. Furthermore, you have the right to the following information:
the purposes of processing;
the categories of personal data being processed;
the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration;
the existence of a right to have personal data concerning you rectified or erased, or to have processing restricted by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
if the personal data is not collected from you, all available information regarding the origin of the data;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and—at least in such cases—meaningful information regarding the logic involved, as well as the scope and intended effects of such processing on you.
If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
5.2 Right to Rectification
You have the right to request that we correct and, if necessary, supplement your personal data.
Specifically:
You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed—including by means of a supplementary statement.
5.3 Right to Erasure ("Right to Be Forgotten")
In a number of cases, we are required to delete personal data concerning you.
Specifically:
Pursuant to Article 17(1) of the GDPR, you have the right to request that we erase personal data concerning you without delay, and we are obligated to erase such personal data without delay if any of the following grounds apply:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
The personal data has been processed unlawfully.
The erasure of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject.
The personal data was collected in connection with information society services offered pursuant to Article 8(1) of the GDPR.
If we have made the personal data public and are obligated to erase it pursuant to Article 17(1) of the GDPR, we will take reasonable measures, including technical measures, taking into account available technology and the cost of implementation, to inform the controllers processing the personal data that you have requested them to delete all links to such personal data or copies or replicas of such personal data.
5.4 Right to Restriction of Processing
In a number of cases, you have the right to request that we restrict the processing of your personal data.
Specifically:
You have the right to request that we restrict the processing of your personal data if any of the following conditions apply:
You contest the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data;
the processing is unlawful, and you have objected to the erasure of the personal data and instead requested that its use be restricted;
we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise, or defend legal claims; or
you have objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether our company’s legitimate grounds override yours.
5.5 Right to Data Portability
You have the right to receive, transmit, or have us transmit personal data concerning you in a machine-readable format.
Specifically:
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that
the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
the processing is carried out by automated means.
When exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, to the extent that this is technically feasible.
5.6 Right to Object
You have the right to object to our lawful processing of your personal data if this is justified by your particular situation and our interests in the processing do not outweigh yours.
Specifically:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
5.7 Automated Decisions, Including Profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you.
No automated decision-making based on the personal data collected takes place.
5.8 Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw your consent to the processing of personal data at any time.
5.9 Right to File a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, where you work, or where the alleged infringement occurred, if you believe that the processing of your personal data is unlawful.
6. Data Security
We make every effort to ensure the security of your data to the fullest extent permitted by applicable data protection laws and technical capabilities.
Your personal data is transmitted to us in encrypted form. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system; however, please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
To safeguard your data, we maintain technical and organizational security measures in accordance with Article 32 of the GDPR, which we regularly update to reflect the latest technological standards.
Furthermore, we do not guarantee that our services will be available at specific times; disruptions, interruptions, or outages cannot be ruled out. The servers we use are regularly and carefully backed up.
7. Disclosure of Data to Third Parties; No Data Transfers to Non-EU Countries
As a general rule, we use your personal data only within our University.
If and to the extent that we engage third parties in connection with the fulfillment of contracts, these third parties receive personal data only to the extent necessary for the provision of the relevant service.
In the event that we outsource certain aspects of data processing (“processors”), we contractually oblige processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.
No data is transferred to entities or individuals outside the EU.
8. Data Protection Officer
If you have any questions or concerns regarding data protection, please contact our Data Protection Officer:
Data Protection Officer
Professor Dr. Steffen Schlager
Department of Business Administration and Wirtschaftsingenieurwesen
Brückenhäuserstr. 26
77723 Gengenbach
Phone: (07803) 9698-4491
Email: steffen.schlager@hs-offenburg.de