Data Protection Declaration

Thank you for visiting our website. Reutlingen University and its institutions take the security of users' data and compliance with data protection regulations very seriously. We would like to inform you about the processing of your personal data on our website below.


Institute Responsible

Hochschule Reutlingen
Alteburgstraße 150
72762 Reutlingen
Deutschland

Authorized representative: Prof. Dr. Hendrik Brumme, President

Contact details:

Tel: +49 7121 271-0
E-Mail: info@reutlingen-university.de

Data Protection Officer

German Data Protection Office
External Data Protection Officer: Mr. Maximilian Musch M. A.
Richard-Wagner-Straße 2
88094 Oberteuringen
Deutschland

Contact details:

Tel.: 07542 949 21-02
E-Mail: maximilian.musch@reutlingen-university.de

Terminology

The technical terms used in this data protection declaration are those that are legally defined in Art. 4 of the GDPR (General Data Protection Regulation).
The terms "user" and "website visitor" are used interchangeably in our privacy policy.

Recipients

Recipients of data are named within our privacy policy under their respective categories / headings.

Note: General Equal Treatment Act (AGG)

In the interests of easier readability, we have refrained from making any gender-specific distinctions in our data protection statement. Corresponding gender-neutral terms apply to all genders in the interests of gender equality.

 

General information about data processing

Automated data processing (Log-Files etc.)

Our site can be visited without the user actively providing any personal information. However, we automatically store access data (server log files) each time the website is visited, such as the name of the Internet Service Provider, the operating system used, the website from which the user visited us, the date and duration of the visit or the name of the requested file, as well as the IP address of the end device used for a period of 7 days for security reasons, e.g., to detect attacks on our website.  This data is not merged with other data sources. We process and use the data for the following purposes: website provision, the prevention and detection of errors/malfunctions, and misuse of the website.

Legal basis: Performance of a task that is in the public interest in accordance with Article 6 para. 1 lit. e) GDPR
Legitimate interests: Fraud prevention to detect misuse of the website

 

Required cookies (functionality, opt-out links, etc.)

To enable the use of individual functions on our website, we use so-called cookies on our website. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text fragments that are stored as files on the user's terminal device. With classic cookie technology, the user's browser receives instructions to store a certain piece of information on the user's end device when a certain website is accessed.

Essential cookies are used to provide a tele-media service explicitly requested by the user, e.g.:

  • Cookies for error analysis and security purposes
  • Cookies for storing logins
  • Cookies for storing sessions
  • Cookies for storing (language) settings
  • Cookies for storing consent or revocation (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted again after the end of the browser session, i.e., after closing the browser.

Cookies can be deleted by users afterwards to remove data that the website has stored on the user's computer.

The data processing described may also refer to information that is not personal but constitutes information within the scope of the TDDDG (Telecommunications Digital Services Data Protection Act). In these cases, such information may also be required for the use of an expressly requested service and so it can be stored in accordance with Section 25 of the TDDDG.

Opt-Out:                                 
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge:
https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:
https://help.opera.com/en/latest/security-and-privacy/

Safari:
https://support.apple.com/de-de/HT201265

Legal basis: Performance of a task that is in the public interest according to Art. 6 para. 1 lit. e) GDPR, consent (Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG)

Legitimate interests: Storing opt-in preferences, ensuring website functionality, preserving user status across the entire website.

Storage and processing of unnecessary information and data

Beyond the mandatory framework, user data may be processed by means of cookies, similar technologies or application-related technologies, e.g., for the purpose of cross-website tracking or personalised advertising, etc. This may involve the transmission of data to third-party providers. In the process, data may be transmitted to third-party providers. The storage and further processing of user data then takes place on the basis of consent in the sense of Art. 6 Para. 1 lit. a) GDPR (if applicable in conjunction with § 25 Para.1 S. 2 TDDDG).

Consent Management Platforms (Consent Management)

We use a consent management process to store and manage the consent given by website visitors in a demonstrable and compliant manner in accordance with data protection requirements. The consent management platform we use helps us to recognise all cookies and tracking technologies and to control them based on the compliance status. At the same time, visitors to our online services can use the consent management function we have integrated to manage the consent and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the corresponding function key.

We use a consent management process to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements. The consent management platform we use helps us to identify and manage all cookies and tracking technologies based on the consent status. At the same time, visitors to our online services can use the consent management function we have integrated to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required), or revoke consent at any time by clicking on the respective checkbox.

The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.

 

Categories Data: Consent data (consent ID, consent number, time of submission of consent, opt-in or opt-out, banner language), meta and communication data (e.g., device information, anonymised IP addresses).

Processing purposes: fulfilment of accountability obligations, consent management

Legal basis: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 para. 1, Art. 5 para. 2 GDPR.

 

Cookiebot by Usercentrics

Recipient: Cybot, Havnegade 39, 1058 Copenhagen, Denmark
Data Protection: https://www.cybot.com/privacy-policy/     

This website uses cookies.

We use cookies to personalise content and ads, provide social media features and analyse traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the services.

Cookies are small text files used by websites to make the user experience more efficient.

By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies on our pages are placed by third parties.

You can change or withdraw your consent at any time by using the cookie declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our privacy policy.

Please specify your consent ID and the date when you contact us regarding your consent.

Your consent applies to the following domains: www.reutlingen-university.de, www.quest3c.de, www.hhz.de, www.esb-in-360.de, www.esb-in-360.com, vetc.esb-business-school.de, thatswhy.esb-business-school.de, tex.reutlingen-university.de, tec.reutlingen-university.de, ls.reutlingen-university.de, klimartlab.reutlingen-university.de, intranet.reutlingen-university.de, inf.reutlingen-university.de, esb-business-school.de, electronics-and-drives.de, dba.esb-business-school.de

Your current status: Allow all.

Your consent-:ID: HNXr5NM1yD+/TYSZWbqHyh5NDeZYuuPsyqNm8Os77DrPB3GkPk3OLQ== Date of consent: Friday, 17. March 2023 at 14:39:55 CET

Change consent   |  Revoke consent

The cookie statement was last updated by Cookiebot on 28/09/2023:

 

Hosting

The website is not hosted by any external service provider. Personal data of visitors, in particular so-called log files, are stored on our internal server. We have commissioned an agency to provide support and advice about hosting.

The university has made a so-called commissioned processing agreement with the service provider in accordance with the requirements and content of Art. 28 Para. 3 GDPR. The data processing by the service provider (processor) is carried out exclusively on the basis of documented instructions from the university and in accordance with Article 29 of the Data Protection Regulation, which is also part of the contract.

Data categories: User data (e.g., web pages visited, interest in content, access times), meta and communication data (e.g., device information, IP addresses).

Processing purposes: Regulatory compliance of our online services.

Legal basis: Performance of a task that is in the public interest pursuant to Art. 6 para. 1 lit. e) GDPR

Public interest: Correct and optimised presentation of the university website, faster accessibility to the website, avoidance of downtimes, high-level scalability.

711 Media Websolutions GmbH

Recipient: 711 Media Websolutions GmbH, Marienstraße 42, 70178 Stuttgart
Data protection: https://www.711media.de/impressum-und-datenschutz

 

Web analysis and optimisation 

We use technologies to analyse user behaviour, to gauge our reach and to see how many visitors use our website. This involves collecting information about visitors' behaviour, interests or demographic information in order to determine whether and where our website needs to be optimised or adapted (e.g., forms on the website, improved placement of buttons or call-to-action buttons etc.). improved placement of buttons or call-to-action buttons etc.).

In addition, we can measure the click and scroll behaviour of website visitors. Among other things, this helps us to identify the times when our website is frequented most, as well as the functions or content that are most popular.

The collection of this data is made possible by the use of certain technologies (e.g., cookies). These are stored on the end devices of the users when they visit our website.

We take precautions to protect the identity of our website visitors. For the purposes described above, we do not process any personal data of visitors to our website.

Website visitors are assigned an ID (identification code) when they visit the site in order to recognise them on repeat visits. The IDs and related information are stored in user profiles. In addition, the IP addresses of website visitors are anonymised and the storage time of cookies is reduced.

Categories data: Usage data (e.g., websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g., device information, anonymised IP addresses, location data).

Processing purposes: Checking the status of target achievement (success control) of all online activities: Analysis of user behaviour on the website (website interaction) for web optimisation and reach measurement, review of website utilisation, lead evaluation, sales increase, budget control.

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);
Goals & Interests:Optimisation and further development of the website.

 

Matomo (local integration)

Recipient: Server of Reutlingen University  

 

Online marketing

Search Engine Marketing

We use search engine marketing procedures. Search engine marketing includes all measures that are appropriate to improve our website in the organic or non-organic search results of search engines, to increase our market scope and thus to increase the traffic (visitor traffic) on our website. Moreover, we can generate new leads by using search engine marketing.

Search engine advertising can be done on various external platforms or websites. Advertising is displayed to users in the form of texts, displays or video clips.

Using our tracking tool, we start by creating a campaign for search engine advertising and store various dimensions there that are then recorded by the search engine provider we have selected, e.g., user location, device information and target groups (demographic characteristics). This enables us to gain further insights into the interests in our content/offers and, if necessary, to identify trends.

Key Word Advertising

In addition, our ad is linked to specific keywords (search words) that we have defined in advance and a link. The ad then also appears to users who make a search query for a specific keyword that we have defined in advance. These are related to our products or services.

The procedure is implemented by a cookie or similar technology. When a visitor visits our website or searches for a specific keyword within the search engine used (e.g., Google), a cookie or similar technology is set to the website visitor's terminal device. This data may be user locations and device information, for example, which is transmitted to the search engine provider's server. The search engine provider aggregates this data and provides it to us automatically in the form of a statistical analysis via a dashboard in our account with the search engine provider.

The statistics provide us with information about which of our advertisements were clicked on, how often and at what prices. Because every click on an advert incurs costs for us, these clicks on external platforms and websites are recorded via our tracking tool. This information is used for budget control purposes. We cannot identify individual users from this information.

Conversion measurement

We can determine the success of our advertisements on the basis of summarised data made available to us by the search engine provider (so-called conversion measurement). Within the scope of these conversion measurements, we can track whether a marketing measure has led to a so-called event (e.g., downloading a pdf or playing a video) or a conversion (e.g., registration on our website). The evaluation is provided to us in the form of statistics via our tracking tool and serves to analyse the success of our online activities (success control). It helps us to develop measures to improve the so-called customer journey.

Note:

Website visitor data (e.g., name and email address) can be directly assigned if they are logged into their search engine provider account. If an assignment via the profile is not desired, the website visitor must log out of the search engine provider before visiting our website.

Categories affected: Search engine provider log out. Website visitors, users of online services, interested parties, communication partners, business and contractual partners.
Categories data: User and interaction data (e.g., web pages visited, interest in content, access times), meta and communication data (e.g., device information, anonymised IP addresses), location data if applicable, contact data (e.g., email addresses).

Processing purposes: Increasing sales and market reach, conversion measurement, target group building, identifying trends to develop marketing strategies.
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR).

 

Google Ads & Conversion

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data Protection: https://policies.google.com/privacy?hl=en-US
Guarantee in case of transfer to an unsafe third country: Standard contractual clauses, Transfer Impact Assessment

Google Search Console

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data Protection: https://policies.google.com/privacy?hl=en-US
Guarantee in case of transfer to an unsafe third country: Standard contractual clauses, Transfer Impact Assessment

 

Social Media Presence

The university provides online offers (e.g., fan pages) on various social media platforms that contain a variety of information.

Social media channels are used to increase the university’s visibility among potential students and to raise its public profile. Social networks have proven to be effective in increasing the university's visibility and actively promoting interaction and communication with students.

University communication and press and public relations work is one of the primary responsibilities of the state's universities. Being active and communicating on social media is very important when it comes to attracting new students. Social media and the university website can be used to share relevant information about our degree courses, publicise events and to communicate important short-term news and job advertisements.

User profiles can be created via the usage behaviour of social network users, in terms of interests for example, as well as being used to tailor advertisements to the interests of target groups. For this purpose, cookies are regularly stored on the end devices of the users, in some cases irrespective of whether they are registered users of the social network or not.

The use of social media is combined with the use of messenger services to connect with users in an uncomplicated way.

Communication via social media channels is an important and indeed essential part of the university's public relations work. You can find the university's detailed social media utilisation concept here.

Users should be aware of the fact that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the platform operator can obtain information about when and how users communicate with the university and, if applicable, collect location data.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks for users because it makes it more difficult to assert their rights for example.

Users are informed that the university has no further influence on the processing of personal data on these platforms. Only the respective operator of the platform has full knowledge of the content of the transmitted data and its use.

Categories data: User names (e.g., name, address), contact data (e.g., email address, telephone number), content data (e.g., text details, posts, photos, videos), usage and interaction data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address and location data, if applicable).
Processing purposes: Expanding audience reach, networking with students, promoting interaction and communication, press and public relations work.

Legal basis: Task completion in accordance with Art. 6 Para. 1 lit. e) GDPR in conjunction with Art. 6 Para. 3 GDPR and § 4State Data Protection Act Baden-Würt­tem­berg (LDSG) in the version applicable as of 21.06.2018 and on the basis of Section 65 (2) and (3) of the State Higher Education Act Baden-Würt­tem­berg (LHG).

Consent to data processing in accordance with Art. 6 para. 1 lit. a) GDPR can also be a legal basis if users have given this via the platform operator.

Aims & Interests: Ensuring the university's social visibility, improving and promoting its external image, interaction and communication on social media platforms, insights into target groups as well as press and public relations work.

 

Alternative information and communication options:

As an alternative source of information and communication, please feel free to use our postal address above or our e-mail address: info@reutlingen-university.de

 

Facebook

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland     
Data Protection: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0Opt-
As well as: https://www.facebook.com/legal/EU_data_transfer_addendum/update
Opt-Out-Link: https://www.facebook.com/policies/cookies/

Instagram 

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland     
Data Protection: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect as well as https://www.facebook.com/legal/EU_data_transfer_addendum/update
Opt-Out-Link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

LinkedIn

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Data Protection: https://www.linkedin.com/legal/privacy-policy                  
Opt-Out-Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Mastodon

Recipient: Mastodon gGmbH, Mühlenstraße 8a, 14167 Berlin, Germany        
Data Protection: https://mastodon.social/terms     

TikTok

Recipient: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Data Protection: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE                    
Opt-Out-Link https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de-DE

Twitter (now called X)

Recipient: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland               
Data Protection: https://twitter.com/de/privacy                 
Opt-Out-Link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options

YouTube

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland                  
Data Protection: https://policies.google.com/privacy?hl=de&gl=de            
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de 

 

Social Media Marketing   

We use our social media channels to promote our university, individual degree courses or events, etc. Our goal is to address a broad community that we cannot reach through traditional advertising channels.

Targeting:

We use so-called targeting methods within the framework of our social media channels to track certain user activities (interactions) in order to ensure that our advertisements are delivered to specific target groups. In doing so, we use the procedures and technologies of various social media providers. One common technology is the so-called cookie or pixel.

We install this technology in our tracking tool (e.g., via our website or social media channel). Cookies or pixels are placed on the users' end device. It ensures that the navigation of users is recorded. When users interact with our website or our ads on social media, the technology records the people and actions they take (e.g., clicks on ads, bounces on websites) and stores whose pages and sub-pages have been accessed. This is used to display real-time and behaviour-based advertising to potential customers on various social media platforms.

Optional: Retargeting List Upload:

In order to target already known website visitors and/or customers again via specific advertisements, we create a list of these users, which are designed to meet the objectives of our advertising and marketing campaigns. To do this, we create lists of people from our system which we upload to our social media platform in encrypted form. It allows the social media provider to match the people on the platform and ensures that only those people receive our ads that they could potentially be interested in. The technology used serves as a reminder tool to bring customers back to our website and to get them to complete an action (so-called conversion), thus boosting both our sales and our brand awareness.

Categories data: Usage and interaction data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address, location data if applicable).

Processing Purposes: Expansion of reach, reach analysis and statistical evaluations.

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

 

Meta-Pixel (Facebook & Instagram)

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Data Protection: https://www.facebook.com/privacy/explanation
Opt-Out-Link: https://www.facebook.com/policies/cookies/
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

TikTok-Pixel (Tik Tok Ads Manager)

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data Protection: https://www.facebook.com/privacy/explanation
Opt-Out-Link: https://www.facebook.com/policies/cookies/
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Plug-ins and embedded third-party content

On our website, there are embedded functions and contents that are sourced from third-party providers. Examples of these are videos, representations, buttons, map services (maps) or contributions (hereinafter referred to as content).

If this third-party content is accessed by website visitors (e.g., click, play, etc.), information and data are collected and stored in the form of cookies or other technologies (e.g., pixels or web beacons) on the end device of the website visitor and user of the third-party content and transmitted to the third-party provider's server. The third-party provider thereby receives the website visitor's usage and interaction data and makes it available to us in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics and no clear user data. This third-party content cannot be loaded and displayed without this processing.

In order to protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

Categories data: Usage and interaction data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address, location data if applicable).
Processing Purposes: Designing our online services, increasing the reach of social media ads, sharing posts and content, interest and behaviour-based marketing, cross-device tracking

Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Twitter Plug-In

Recipient: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland               
Data Protection: https://twitter.com/de/privacy                 
Opt-Out-Link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options       
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Google Custom Search

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland                  
Data Protection: https://policies.google.com/privacy?hl=en-US                 
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de 
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Google Maps

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland                  
Data Protection: https://policies.google.com/privacy?hl=en-US                 
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de 
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Panopto

Recipient: Panopto, Inc., 506 2nd Avenue, Suite 1600, Seattle, WA 98104                 
Data Protection: https://www.panopto.com/de/privacy/                 
Opt-Out: https://support.panopto.com/s/article/How-to-Enable-Third-Party-Cookies-in-Supported-Browsers
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Vimeo Video Plug-In

Recipient: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA          
Data Protection: https://vimeo.com/privacy                      
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

YouTube Video Plug-In

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland                  
Data Protection: https://policies.google.com/privacy?hl=de&gl=de            
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de  
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Social wall as embedded third-party content

Functions and contents of a third-party provider are integrated on the website, the so-called social wall of the specified provider. With the help of the social wall, for example, videos, articles and posts from social media can be played directly on the website of the university.

The third-party content is a so-called plugin, which is only loaded and displayed on the website as soon as the website visitor confirms the playback or display of the content by clicking the button. The plugin does not use any tracking technologies such as cookies, pixel tags or web beacons.

With the consent of the website visitor, the third-party provider processes user device information and the user's IP address as the content is loaded from the third-party provider's server. In order to adequately protect the personal data of website visitors to the website, technical security measures are taken to prevent the automatic transfer of their data to the third-party provider. As the social wall is a third-party content and data of the website visitors is transferred to the third-party provider in order to enable the loading of the content on the website, this is made dependent on the consent of the user.

The responsible party has no influence on content posted on social media by social media users. If users decide to post certain content on social media, this is the responsibility of the individual. Posted content can be published or reproduced on the website of the institution responsible, provided that the university and its faculties are mentioned by name in posts and/or hashtags by users for the so-called repost.

Categories concerned: Website visitors and social media users who mention the university and its faculties in posts or hashtags.
Categories data:  Usage data (e.g., interests, access time), meta and communication data (e.g., device information, IP address), user name on the social media platform if applicable, content in posts which users post on social media.

Processing purposes: Design and representation of the website, increase in audience reach, press and public relations work, new student recruitment, increased visibility among prospective students.

Legal basis:The transfer of data to the provider is done via consent (Art. 6 para. 1 lit. a) GDPR).

 

In all other respects, data processing is carried out for the purpose of task fulfilment in accordance with Art. 6 Para. 1 lit. e) GDPR in conjunction with Art. 6 Para. 3 GDPR and § 4 State Data Protection Act Baden-Würt­tem­berg (LDSG) according to the version applicable as of 21.06.2018 and on the basis of section 65 (2), (3) of the State Higher Education Act, Baden-Würt­tem­berg (LHG).

   

Flockler (Social Wall)

Recipient: Flockler Oy, Business ID 2365844-6, Rautatienkatu 21 B, 33100 TAMPERE, Finland
Data Protection: https://policies.google.com/privacy?hl=en-US                 
Opt-Out-Link: https://flockler.com/de/cookie-einstellungen        
 

Surveys

We occasionally conduct surveys on our website via an external provider. The survey link is communicated to the participants, e.g. via online sessions, and in the best case they respond directly. It is not necessary for us to be able to assign the responses to a specific person. Before the survey is evaluated, the data that we process for the provision and technical implementation of our surveys is anonymized. Participation in the survey is voluntary.

Data categories: Feedback on the survey items (e.g. participation in an information event), meta and communication data (e.g. device information, IP address), usage data (e.g. access times)

Purposes of processing: Data processing is carried out for the purposes of the university's press and public relations work, e.g. to gain insights into target groups, evaluate communication channels, general university marketing, improve and optimize the range of courses on offer.

Legal basis: Consent within the meaning of Art. 6 para. 1 lit. a) GDPR. In addition, data processing may be necessary for the performance of a task carried out in the public interest pursuant to Art. 6 para. 1 lit. e) GDPR, para. 3 GDPR i.V.m. GDPR i.V.m. §§ Sections 2, 12 para. 1 sentence 1 LHG.  Further special legal regulations can be found in the individual examination regulations of the university.

Microsoft Teams

Recipient: Microsoft Corporation, One Microsoft Way, Redmon

Translated with www.DeepL.com/Translator (free version)

Digital services and making contact

General terms of contact

On the website, it is possible to contact the person responsible directly, or to obtain information via various contact options. In the event of contact being made, the data of the person making the enquiry will be processed as far as is necessary to answer or process the enquiry. The data processed may vary depending on the way in which contact is made.

Categories affected:  Enquiring persons
Categories data: Master data e.g., name, address), contact data (e.g., e-mail address, telephone number), content data (e.g., text entries), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP address).

Processing purposes: Processing of enquiries
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR), fulfilment of a task according to Art. 6 para. 1 lit. e) GDPR in conjunction with Art. 6 para. 3 GDPR and § 4 State Data Protection Act Baden-Würt­tem­berg (LDSG)

Chatbots

Site visitors and prospective students are offered the opportunity to contact the university via a chat function when visiting the website. So-called chatbots and live chat functions are used for this purpose, which provide partly automated AI-based answers that apply to standardised questions. Personal data is processed when the tool provided is actively used.  It should be noted that data provided by users of the chatbot will be processed. In general, it is not recommended to provide data with sensitive content with this tool. Data provided may vary.

Categories data: Master data (e.g., surname, first name), contact data (e.g., e-mail address), content data (e.g., text entries), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP addresses), location data, if applicable.

Processing purposes: Processing enquiries, increasing efficiency in responding to enquiries.
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Userlike

Recipient: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.
Data Protetction: https://usercentrics.com/de/datenschutzerklaerung/                    
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)

Watson Chatbot

Recipient: msg-Chatbot:msg systems ag, Robert-​Bürkle-Straße 1, 85737 Ismaning, Germany
Data Protection: https://www.msg.group/datenschutz                   
Legal: Consent (Art. 6 Abs. 1 lit. a) GDPR)       

Newsletter (with Tracking)

On the website, users have the option of subscribing to a newsletter or any notifications via various channels (hereinafter Newsletter). Newsletters are only sent to recipients who have consented to receive the newsletter within the framework of the legal provisions. A selected service provider (data recipient) is used to send the newsletter.

In order to subscribe to a newsletter, it is necessary to provide an e-mail address. If necessary, additional data, such as the surname and first name, will be collected in order to provide the newsletter with a personal address.

The newsletter is only sent after the so-called double opt-in procedure has been completed. If visitors decide to subscribe to a newsletter, they will receive a confirmation email which must be confirmed and which serves in particular to prevent the misuse of false email addresses and to exclude the possibility that a simple, possibly accidental click triggers the sending of the newsletter. The subscription to any newsletter can be terminated in the future at any time.

An opt-out-link is included at the end of each newsletter (revocation option).

In addition, according to Art. 7 (1) GDPR in conjunction with Art. 5 (2) GDPR, the responsible party (university) is obliged to provide proof that subscribers actually wanted to receive the newsletter and have given their consent for it. For this reason, the IP address and the time of subscription and unsubscription to a newsletter are collected and processed.

The general newsletters are designed in such a way that it is possible to gain insights into target groups or the reading behaviour of subscribers. This enables a so-called web beacon or a tracking pixel within the newsletter, that reacts to interactions with the newsletter, for example whether links in the newsletter were clicked on, whether the newsletter was opened at all or at what time the newsletter is most likely to be read. This information can be technically assigned to individual subscribers.

IMX application ticker

Furthermore, prospective students are offered the opportunity on the website to keep themselves up to date by using an application ticker via the e-mail newsletter and to automatically receive further information on the B.Sc. International Management Double Degree programme. No external service provider is used to send this newsletter. The newsletter is sent directly by the university.

Categories data: Master data (e.g., surname, first name), contact data (e.g., e-mail address), meta- and communication data (e.g., device information, IP address), usage and interaction data (e.g., interest in contents, opening and click rates).
Processing purposes: Press and public relations work, analysis and evaluation of the success of a campaign.

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR) for the subscription to the newsletter.

In all other respects, data processing is carried out for the purpose of task fulfilment in accordance with Art. 6 Para. 1 lit. e) GDPR in conjunction with Art. 6 Para. 3 GDPR and § 4 State Data Protection Act Baden-Würt­tem­berg (LDSG) according to the version applicable as of 21.06.2018 and on the basis of section 65 (2), (3) of the State Higher Education Act, Baden-Würt­tem­berg (LHG).

 

Cleverreach

Recipient: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany
Data Protection: https://www.cleverreach.com/de/datenschutz/

 

Application procedure for academic job advertisements

It is possible to apply for academic job advertisements at the university. In order to maintain an overview at all times, a selected provider (application management tool) is involved in the processing of corresponding applicant technologies. In the event of contact being made, the data of the person making the inquiry will be processed as is necessary to respond to or process the application.

The university has set up a so-called order processing contract with the provider in accordance with the specifications and content of Art.28 Para.3 GDPR. The data processed by the provider (processor) is carried out exclusively according to the documented instructions of the university within the terms of of Art. 29 GDPR, which is also part of the contract.

Categories data: Master data (e.g., name, address, application photo), contact data (e.g., address, e-mail address, telephone number), attachments provided (cover letter, CV, proof of completed training, references and other data provided by the applicant) meta and communication data (e.g., device information, IP address).

Processing purposes: Processing of documents for a teaching position.

Legal basis: The legal basis for the processing of personal data in the context of the selection procedure for the establishment of a teaching position as a public law employment relationship with the state of Baden Württemberg or a civil servant/employee/intern relationship, ist Art. 6. Para. 1 lit. b) GDPR in conjunction with § 4, 15 LDSG in conjunction with § 56 LHG. This allows for the processing of data that is required in connection with the decision to establish an employee relationship.  

As far as the university is concerned, the legal requirements for the selection process are based in particular on Article 33 (s) of the German Basic Law (GG), the General Equality Treatment Act (AGG) and the budgetary law.   

When special categories of personal data are processed in accordance with Art. 9 (1) GDPR, this is done in the context of the establishment of an employment relationship, the exercise of rights, or the fulfilment of legal obligations. This is done on the basis of Art. 9 (2) (b) GDPR. Moreover, the processing of health data may be necessary to assess fitness for work according to Art. 9. (2) Para. 2 lit. h) GDPR.

Should the data be required for legal prosecution after completion of the application process, data processing may take place under the requirements of Art. 6 GDPR and in particular to safeguard public interests according to Art. 6 (1) e) in conjunction with Art. 6 (3) GDPR.

BITE

Recipient: BITE GmbH, Filchnerstraße 16, 89231 Neu-Ulm, Germany
Data Protection: https://www.b-ite.de/legal-notice.html

 

Further mandatory information on data processing

Data Transmission

In order to implement contracts or to fulfil a legal obligation, it may be necessary for us to pass on personal data. If we are not provided with the necessary data to do this, it may not be possible to complete the contract with the applicant involved.

If your data is processed outside the EU/EEA, in so-called third countries (e.g., the USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. In doing so, we take additional measures to ensure the highest possible protection for the personal data of those affected. The respective guarantee applicable to third country transfer is named for the respective recipients. 

Application Processing

The recipients we use may act for us as so-called processors. We have established what we call “order processing agreements” with them in accordance with Art. 28 (3) GDPR. This means that the processors may only use your personal data in a way that we have explicitly instructed them to. Processors take technical and organisational measures to process your data securely and in accordance with our instructions. 

Duration of storage

The data of visitors to the website will generally be stored for as long as is necessary for the provision of the service, or in as far as is required by the European Directive and Regulatory Body in question, or indeed another legislator in laws or regulations which the responsible party is subject to. In all other cases, personal data will be deleted once the purpose has been completed, with the exception of data that must continue to be stored in order to fulfil legal obligations (e.g., obligation due to retention periods under tax and commercial and documents such as contracts and invoices).   

Automatic decision-making (including profiling)

Automated decision-making or profiling according to Art. 22 GDPR.  does not take place.

 

Legal basis

The relevant legal bases are primarily derived from the GDPR. These are supplemented by the national laws of member states and are applicable together with, or in addition to the GDPR where applicable.

Consent: Art. 6 para.1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Contract Fulfilment: Art. 6 (1) (b) GDPR serves as the legal basis for processing operations necessary for the fulfilment of a contract to which the person concerned is a contractual party or for the performance of pre-contractual measures carried out at the request of the person involved.
Legal obligation: Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing actions that are necessary for the fulfilment of a legal obligation.
Vital Interests: Article 6(1)(d) of the GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the person concerned or of another individual.
Public interest: Article 6(1)(e) of the GDPR serves as the legal basis for processing operations necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
Legitimate interest: Article 6(1)(f) of the GDPR serves as the legal basis for processing what is necessary to protect the legitimate interests of the data controller or a third party, unless such interests are outweighed by the interests or fundamental rights and freedoms of the individual concerned where the protection of personal data is required, in particular when the individual concerned is a child.

Rights of the persons concerned

Right to information: Pursuant to Art. 15 of the GDPR, the persons concerned have the right to request confirmation as to whether we are processing data relating to them. They can request information about this data as well as the further information listed in Art. 15 (1) GDPR and a copy of their data.
Right to rectification:Pursuant to Art. 16 GDPR, the persons concerned have the right to request the correction or completion of data concerning them and processed by us.
Right to cancellation: Right to cancellation: In accordance with Art. 17 of the GDPR, the persons concerned have the right to demand the immediate deletion of the data relating to them. Alternatively, they can demand that we restrict the processing of their data in accordance with Art. 18 GDPR.
Right to data portability: Right to data portability: Pursuant to Art. 20 GDPR, the persons concerned have the right to request that the data they have provided to us be made available to them and to request that it be transferred to another data controller.
Right of complaint:Furthermore, the persons concerned have the right to complain to the supervisory authority responsible for them in accordance with Art. 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) GDPR, the persons concerned have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from their particular situation or the objection is against direct marketing. In the latter case, the persons concerned have a general right to object, which is implemented by us without specifying a particular situation.

 

Revocation

Some data processing operations are only possible with the express consent of the persons affected by the data. You have the possibility to revoke consent already given at any time without giving any reasons. To do this, it is sufficient to send us an informal message or e-mail to info@reutlingen-university.de. The consent of data processing operations on our online services can be directly adjusted or revoked in our Consent Manager Cookiebot by Usercentrics.
Granting consent is voluntary.

The legality of the data processing carried out until the revocation remains unaffected by the revocation.

External Links

Our website contains links to the online services and offers of other providers. We hereby point out that we have no influence on the content of the linked online offers or services and the compliance with data protection regulations by their providers.

Changes

The responsible party reserves the right to adapt this data protection notice at any time in the event of changes to the website and its subpages and in compliance with the applicable data protection regulations so that it meets the legal requirements.

This privacy statement has been created by

Deutsche Datenschutzkanzlei - Maximilian Musch

Chat Icon Chat Icon