Skip to main content

Data privacy

Making personal data safer

On this page, we inform you about which processing of personal data is connected with the visit of our internet pages and social media presences (summarized as "offers").

Please note: this website is a translation from our German data privacy statement. If any doubts arise, the German text is legally binding.

 

Name and contact details of the person responsible

Hof University of Applied Sciences (abbreviated to "Hof University")
Alfons-Goppel-Platz 1
95028 Hof
Fon: +49 (0) 9281 / 409 3000
Fax: +49 (0) 9281 / 409 4000
E-mail: mail[@]hof-university.de

Contact details of the data protection officer

Data Protection Officer of Hof University
Alfons-Goppel-Platz 1
95028 Hof
Fon: +49 (0) 9281 / 409 3105
Fax: +49 (0) 9281 / 409 55 3105
E-Mail: datenschutzbeauftragter[@]hof-university.de

Purpose of processing in general and legal basis for processing

Our offerings serve to provide information and communication for the fulfillment of public tasks assigned to us by the legislature in the Bavarian Higher Education Innovation Act (BayHIG) and the Bavarian Digital Act (BayDiG). Insofar as we process personal data for this purpose, this is fundamentally based on Article 6 (1) subparagraph 1 letter e of the General Data Protection Regulation (DS-GVO) in conjunction with Article 4 (1) of the Bavarian Data Protection Act (BayDSG). However, certain functions of our pages can only be used if the data subjects consent to certain processing operations. These then find their legal basis in Article 6 (1) subparagraph 1 letter a DS-GVO. If such consents relate to a transfer of data to countries outside the European Economic Area, the legal basis for this also arises from Article 49(1), first subparagraph, point (a) DS-GVO. Consents are granted and revoked via the Consent Management Tool integrated into our pages. 

Obligations and duties to provide data

Apart from the use of access-protected areas of our websites, which we operate for the digital processing of specific administrative procedures, users of our offerings are generally free to decide whether and to what extent they provide us with personal data. If this is not the case, we will inform you about this and the possible consequences of not providing the data separately when collecting the corresponding data.

Processing purposes in particular, categories of data processed and their origin

For the above purpose, we offer various websites. In addition, we are represented on Facebook, Instagram, YouTube, Xing, LinkedIn, Twitter and TikTok. For this purpose, we use the technical platforms and services of the companies by which these portals are operated ("portal providers").

Each time internet pages are accessed, the web browser used sends data of the following categories to the web server of the page provider:

  • IP address of the requesting computer,
  • Date and time of access to the respective page,
  • name, URL and transferred data volume of the retrieved file as well as
  • Access status (for example, "requested file transferred" or "requested file not found").

Depending on the configuration of the browser, additional data such as

  • identification data of the browser and operating system used and
  • the website from which the access was made,

may be collected. Both our own pages and the social media platforms we use use data records that are stored on the end device used by visitors, provided that the settings of the web browser used allow this. Such data records contain information about the use of websites.

process the data of the aforementioned categories in order to provide the internet pages operated by us in the form desired by the visitors, to make their use comfortable, to ensure the security and stability of our systems and to administer them.  If visitors give their consent, such data and other information are used to link our websites functionally with the above-mentioned social media, to analyze the use of the offers, to develop them according to requirements and to increase their reach. Our Consent Management Tool contains more details on this.

When using areas of our websites that are only accessible to registered users, we process the corresponding identifiers, passwords and authorizations in order to control access to these information and communication channels as intended.

For calling up our presences in social media, the above statements apply accordingly in the first instance. The portal providers process data of the aforementioned categories with regard to their websites used by us for the same reasons that cause us to do so when operating our own sites. Ultimately, however, they use such data and other information not only for the provision of our appearances on their portal, but for its operation as a whole and, in addition, in particular for market research and advertising. For details, please refer to the data protection information in the portals concerned.

We use contact data made available to us for contact purposes. Why we process communication content, if applicable, and what information this may include in detail, is regularly already clear from the context in which our offers open up the communication option in question. In addition, we present the personal data that may be collected as well as the more detailed processing purposes in the corresponding areas of our websites.

In the case of communication via social media, contact data and communication content are also processed by the portal providers for technical reasons. In addition, we refer to the data protection information in the portals.

Categories of recipients

Recipients of the personal data of visitors to our offers processed by us are employees of the Free State of Bavaria working at Hof University of Applied Sciences as well as IT service providers commissioned by us and their employees. Insofar as data is collected in specific administrative matters, it may be necessary under certain circumstances to transmit this data to additional recipients. Information about this is provided in the respective collection context. The same applies to data that we process on the basis of consent. We provide further information on this in our Consent Management Tool.

Access to data processed by the portal providers when you visit our social media sites is granted to the employees of the relevant companies, the IT service providers commissioned by them and their employees. In addition, the portal providers also pass on data processed by them to other companies. At the latest, this involves data transfers to countries outside the European Economic Area, if the portal providers or their IT service providers are not already located outside of it. In many of these countries, the legal system alone does not guarantee an adequate level of data protection. To compensate for such deficits, the providers of the portals on which we are represented have taken contractual and other measures. In this respect, we refer to the data protection information of the individual providers. Insofar as the respective medium and the configuration settings of the persons concerned provide for it, data may also be accessible to other registered users of the portal concerned and possibly even to all visitors to the corresponding websites.

Storage period

We store personal data processed by us until we no longer need it to fulfill our tasks. In the case of data that is generated by merely calling up our pages, this is usually the case after 30 days at the latest. Entries in our Consent Management Tool remain stored for one year. With regard to the storage period of data processed by the above-mentioned portal providers, we refer to their data protection information.

Data subject rights

According to the General Data Protection Regulation (DS-GVO), data subjects have the following rights:

If their personal data is processed, they have the right to obtain information about the data stored about them (Article 15 DS-GVO). If inaccurate personal data are processed, they have the right to rectification (Article 16 DS-GVO). If the legal requirements for this are met, they may request erasure or restriction of processing, as well as object to processing (Articles 17, 18 and 21 DS-GVO). Under certain circumstances, they also have the right to data portability (Article 20 DS-GVO).

Where data subjects have consented to the processing of their data, they may withdraw this consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal (Article 7(3) DS-GVO). In addition, data subjects have the right to lodge a complaint with a supervisory authority (Article 77 DS-GVO).