Data Protection Policy
It is our pleasure to welcome you to our website! We would like to point out that when visiting our website, data are also processed, and personal references cannot be completely ruled out. Insofar as you log in as a registered user, the personal reference is also partially desired. In the scope of this Data Protection Policy, we would like to explain the reason why this is the case and to what extent we collect data from you on which legal basis and when we delete these data again.
The concept of data minimalization is important to us: for this reason, personal data are solely collected and processed to the extent technically necessary and in accordance with this Data Protection Policy. Your data are neither sold by us to third parties nor are they disclosed by us to third parties. Via our website, users can log in to various protected parts. Please take note of the Data Protection Policies specific for data processing in the respective protected parts as well as the information about the data processing conducted by us, which you received upon your registration.
A) Party responsible and Data Protection Officer
Responsible for the processing of personal data in the scope of using this website is:
Biberach University of Applied Sciences
Authorized to represent: Prof. Dr. André Bleicher, Rector
Telephone: +49 7351 582-0
Named as the Data Protection Officer is:
Prof. Dr.-Ing. Florian Schäfer
B) Provision of the website and creation of logfiles
When accessing a website, your browser routinely transmits data concerning the device you are accessing the website from such as the IP address to which the website is to be sent.
In detail, the following dataset is collected via each access and stored in the logfiles of our system:
- Name of the accessed file
- Date and time of the access
- Amount of data transmitted
- Report as to whether the access was successful
- URL of the linking page
- Browser type and version
- Operating system
The data are stored in logfiles to secure the functionality of the website. In addition, the data help us to optimize the website and ensure the safety of our information-related systems. The data are not analyzed for marketing purposes in this connection. The data are stored in the logfiles for the purpose of securing the functionality and for optimizing the website on the basis of the legal foundation of Section 6 Subsection 1 lit. E GDPR. The IP address is stored for the purpose of securing network and information integrity on the basis of the legal foundation of Section 6 Subsection 1 lit. F GDPR. Our legitimate interest in storing lies in being able to identify unauthorized attempts to access our website and to be able to follow up on them.
The data are deleted as soon as they are no longer necessary for the achievement of the purpose of collecting them. In the case of collecting the data for the provision of the website, this is the case when the respective session has been terminated.
In addition, the stored data are analyzed for statistical purposes. The protocol data are not disclosed to third parties. They are deleted after 1 year. This does not apply to data that are stored for evidential purposes. In this case, the data are not deleted until the respective case has been clarified in full.
C) Processing and using personal data in the scope of registration on our website
You must have a user account to be able to use the parts of the website that are not available to the general public. Please note the Data Protection Policies specific for data processing in the respective protected parts as well as the information about the data processing conducted by us, which you received upon your registration.
D) Forms and web-based services
Insofar as it is possible to enter personal data (such as e-mail addresses, names, addresses) within the website, the provision of these data by the user is on an expressly voluntary basis. You are permitted to use all services offered – to the extent technically possible and reasonable – even without stating such details or by stating anonymized details or a pseudonym. Information about which data in particular are collected and processed are provided in the corresponding forms or web services. The data are processed for the purpose stated in the form or web service. Data are only disclosed to third parties on the basis of statutory permission or if you have legitimized us to do so with a qualified permission.
Data are processed on the basis of the user’s permission in accordance with Section 6 Subsection 1 lit. a GDPR.
The data are deleted as soon as they are no longer required for the achievement of the purpose of their collection and also if there are no contradicting obligations to store them. This shall apply in particular in the event that you revoke your permission. We would like to point out to you at this point that you can revoke your permission at any time. The legality of the data processing conducted up to the time of the declaration of revocation shall not be affected by the revocation of permission.
E) E-mail contact
You are able to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored. The data shall not be disclosed to third parties in this connection. The data shall only be used for processing the conversation.
Section. 6 Subsection. 1 lit. a GDPR forms the legal basis for the processing of data upon existence of the user’s permission. Besides permission, the legal basis for the processing of data transmitted in the course of sending an e-mail is also Section 6 Subsection lit. f GDPR, insofar as the processing is necessary for the securing of network and information integrity. This is where the University’s legitimate interest in data processing lies.
The data are deleted as soon as they are no longer required for the achievement of the purpose of their collection. Personal data from the input mask of the contact form and data that was sent via e-mail are deleted when the respective conversation with the user has been terminated. The conversation is terminated when it can be understood from the circumstances that the matter at hand has been concluded.
F) Written information by mail/fax/e-mail/contact by telephone
The purpose of opening the communication channels stated above is to enable all interested parties to establish contact with us, be it, for example, for bringing forward factual inquiries, requesting information, submitting applications or lodging complaints. Furthermore, we also use these communication channels to send notification to employees, to address invitations to events or to facilitate press inquiries. In the course thereof, the data subject’s name, first name, address are routinely processed; the possibility to contact the LfDI BW anonymously remains without limitation. The legal foundation for the processing is Section 6 Subsection 1 lit. e GDPR in conjunction with Sections 2, 12 LHG (Federal Law on Universities and Colleges).
Routinely, the recipients of personal data are authorities, companies and private individuals to whom this information is transmitted in the scope of the tasks and permission of the University in accordance with Section 2 LHG in conjunction with Section 6 Subsection 1 Letter e DS-GVO.
The campus management software from HIS eG we use is hosted by Hochschulservicezentrum Baden-Württemberg.
The data are deleted as soon as they are no longer required for the achievement of the purpose of their collection and also if there are no contradicting obligations to store them or if the documentation is not taken over by the Federal Archive. Inquiries are routinely deleted when the matter brought up by you is concluded.
When visiting our website, so-called cookies are automatically set. Cookies are text files that are stored in the Internet browser or by the Internet browser in the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a character string which enables the unique identification of the browser when re-accessing the website.
Cookies can be given an expiry date. We preferably use so-called session cookies. These are automatically deleted when you close your browser. You can block our ability to store cookies by blocking the setting of cookies by our website in your browser. In this case, however, the functions controlled by the cookies can no longer be used. You are also able to view the cookies stored in your browser and to delete specific individual cookies.
H) Data subject rights
You have a right to information (Section 15 GDPR) as well as a right to rectification (Section 16 GDPR) or deletion (Section 17 GDPR) or to a restriction in processing (Section 18 GDPR) or a right to object to the processing (Section 21 GDPR) as well as a right to data transferability (Section 20 GDPR).
You can find more information about the right to information as well as the right to deletion here:
You have the right to revoke your declaration of consent under data protection laws at any time. The legality of the data processing conducted up to the time of the declaration of revocation shall not be affected by the revocation of permission.
Furthermore, you have the right to lodge a complaint with the LfDi Baden-Württemberg data protection supervisory authority.
Do you have any questions regarding the collection, use or processing of your personal inquiries? Do you want to make use of your right to rectification, blocking or deletion of your data? Or do you want to object to the use of your data or revoke a previously granted permission?
If that is the case, please contact our Data Protection Officer Prof. Dr.-Ing. Florian Schäfer.
I) Statistical analyses with Matomo (formerly PIWIK)
On our website, we use the open source software tool Matomo (formerly PIWIK) to analyze our users’ surfing behavior. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness and to thus meet our obligations in accordance with Section 2 LHG in an even better way. The data is processed for this purpose on the legal foundation of Section 6 Subsection 1 lit. e GDPR.
To do this, the program uses so-called cookies. These are text files that are stored on your computer to analyze how you use our website. The information about your use of the website generated by the cookies is stored on the provider’s server in Germany. The IP address is anonymized immediately after processing and prior to storing.
The data are deleted as soon as they are no longer required for our documentation purposes.
If you do not agree with the storing and analysis of the data from your visit, you can object to the storage and use in the following by a click of your mouse at any time. In that case, a so-called optout cookie will be stored in your browser, the consequence of which being that Matomo collects no session data whatsoever. Please note: When you delete your cookies, the consequence thereof is that the optout cookie will also be deleted and will have to be reactivated by you again.
Please click here to make your choice.
J) Plugin YouTube and Vimeo
This website has incorporated a “YouTube plugin” into its range of information.
YouTube is operated by YouTube LLC with its head office in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. domiciled in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The embedded YouTube videos are used in the scope of the use permitted by YouTube, which all users have to accept. Should you notice any copyrights being breached, please report this directly to YouTube.
We use embedded YouTube videos in an extended data protection mode. This means that YouTube does not store any cookies for a user that shows a website with an embedded YouTube video player, but who does not click on the video to start it. If the YouTube video player is clicked on, YouTube can, under certain circumstances, store cookies on the user’s computer. However, no personal cookie information for playing embedded videos is stored (source: YouTube “Activate the extended data protection mode for embedded videos”). Please read the general data protection instructions of YouTube for more information. We do not collect any personal data in the scope of embedding YouTube videos.
You can find more information about data processing and information about data protection by YouTube (Google) at www.google.de/intl/de/policies/privacy/.
For the incorporation of videos, we also use the provider Vimeo.
Vimeo is operated by Vimeo, LLC with its headquarters in 555 West 18th Street, New York, New York 10011.
We use plugins by the provider Vimeo on some of our web pages. When you access the web pages of our website provided with such a plugin – our media center, for example, – a connection is set up to the Vimeo servers and the plugin appears. This transmits to the Vimeo servers which of our web pages you have visited. If you happen to be logged into the provider as a member, they will assign this information to your personal user account. When using the plugin by clicking the start button of a video, for example, this information is likewise assigned to your user account. You can prevent this assignment by logging out of your user account before visiting our website and by deleting the corresponding company cookies.
You can find further information about data processing and instructions on data protection by Vimeo at https://vimeo.com/privacy.
K) Data protection policy Deutsche Bibliotheksstatistik (German Library Statistics)
In the scope of their participation in German Library Statistics, Biberach University of Applied Sciences uses a process for counting visits to their website. When accessing the Home page and/or the Catalog page (“OPAC), an identifier of the library and the page concerned, the time of access and a signature of the accessing computer are stored. The signature is formed by way of a one-way function comprising IP address, browser identification and proxy information. This data are collected, stored and analyzed in a pseudonymized format, i.e. the signature can be allocated to certain persons. No storage, especially of the IP address, takes place. The pseudonymous individual data are added together and thus anonymized after 24 hours at the latest.
The stored data are analyzed statistically to tailor our website to suit market needs and further develop it. The data are only used for this purpose and are deleted after the analysis.
Hochschule der Medien Stuttgart is commissioned with the technical and organizational implementation of the process. They developed the process in line with the provisions of statutory regulations of data protection laws and of the Telemedia Act (TMA) and have pledged to observe these.
You can object to the collection, processing and use of the data of your visits mentioned above for the purpose stated.
Please click on this external link.
L) SSL encryption
For security reasons and to protect the transmission of confidential contents, such as of the inquiries that you send us as the site operator, this site uses SSL encryption. You can recognize an encrypted connection by the address line of the browser changing from “http://" to “https://” and by the lock symbol in your browser line.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties under normal circumstances.