Privacy
General preliminary remarks
		
		
		
	
                
                
                
	This data protection policy lays forth the fundamental principles for data processing at the Darmstadt University of Applied Sciences and for data collection via its website.
The centralized website h-da.de represents the Darmstadt University of Applied Sciences to the outside world, providing information and support in performing the University’s tasks. The website has an independent and uniform design. The faculties and departments have a certain amount of freedom to design their pages individually.
Allocation of responsibility 
		
		
		
	
                
                
                
	No warranty is provided as to the operation, the accuracy, or the up-to-date status of the information in question. The IT Services and Applications Department of the Darmstadt University of Applied Sciences is responsible for operating the server. The individual faculties and departments appoint editors who are responsible for their separate pages. Board of Trustees has overall responsibility for the content and in cases of doubt takes decisions regarding the admissibility of data.
The University’s Public Relations Department maintains the entry pages of the centralized website. Apart from this, the University’s departments, faculties, and institutes are themselves responsible for the content they display.
Processing of data
The Darmstadt University of Applied Sciences takes the protection of personal data very seriously. Personal data collected during use of our websites are processed in accordance with the currently valid provisions of data protection law. The European Union’s General Data Protection Regulation (GDPR), the Data Protection and Freedom of Information Act of the State of Hesse (HDSIG), and the German Electronic Communications Act (TMG) apply in particular.
Below we will inform you of the type, scope, and purposes of our collection and use of personal data.
Your data will not be published by us, nor will they be disclosed to third parties without authorization.
1. Data collection and processing in cases of access from the Internet
When you visit our websites, our webservers automatically save each instance of access in a log file. These data are saved separately from other data entered by you during your use of our website. It is not possible for us to match these data to a particular person. These data serve solely to verify and ensure that the technical operation of the webserver is carried out reliably. These data are deleted after a retention period of seven days.
The following data are collected:
- IP address (anonymized)
- Date and time of access
- Name and URL of the file being opened
- Amount of data transmitted
- Webserver’s access status (transmit file, file not found, command not performed, etc.)
A login preceding access to protected areas is recorded partly to enable us to recognize attempts at misuse and password attacks. In this process, no data are saved which would enable us to create personal profiles by analyzing user behaviour.
Processing is carried out in accordance with Art. 6 Sect. 1 b) of the GDPR.
2. Data collection and processing in the case of access from the Internet using the analytic tool Matomo (formerly Piwik)
If you visit our websites, our webservers will automatically save each instance of access in a log file. The following data are collected:
- IP address (anonymized)
- Date and time of access
- Name and URL of the file being opened
- Amount of data transmitted
- Webserver’s access status (transmit file, file not found, command not performed, etc.)
These data are saved separately from other data entered by you during your use of our website.
Our entire data use procedure has a retention period of 90 days. Monthly log files (reduced data usage) have a retention period of one year. Deletion from the webserver takes place automatically.
Data protection provisions regarding the application and use of Matomo
The party responsible for the processing has integrated the tool Matomo into this website. Matomo is an open-source software tool for web analytics. Web analytics means the collection and assessment of data using the behaviour of visitors to websites. Among other types of data, a web analysis tool collects data about which website a user has visited before coming to another website (known as referrers), which subpages of the website were visited and how often, and the length of time a subpage was viewed. Web analytics are primarily applied to optimize a website and for the cost-benefit analysis of online advertising.
The software is operated on the server of the party responsible for the processing; the log files which fall under data protection law are saved on this server only.
The purpose of the Matomo tool is the analysis of visitor patterns to our website. The party responsible for the processing utilizes the data and information obtained to assess the use of our website and compile online reports which describe the activities undertaken on our websites, among other purposes.
Matomo places a cookie on the user’s computer system. Cookies have already been defined above. The placement of cookies enables us to analyze the use of our website. Each visit to one of the individual pages of this website causes the browser of the user’s computer system to automatically transmit data to our server via the Matomo tool for purposes of online analysis. As part of this technical procedure, we are notified of personal data such as the IP address of the user, which, among other purposes, enables us to identify the origin of visitors and clicks.
The cookie serves to save personal information, including the time of access, the place from which access occurred, and the frequency of visits to our website. Each visit to our websites causes these personal data, including the IP address of the Internet connection being utilized by the user, to be transmitted to our server. These personal data are saved by us. We do not disclose these personal data to third parties.
The user can prevent the placement of cookies by our website at any time by means of a corresponding setting of the Internet browser in use, thus permanently blocking the placement of cookies. A browser setting of this kind would also prevent Matomo from placing a cookie on the user’s computer system. In addition, a cookie already placed by Matomo can be deleted at any time using an Internet browser or another software program.
The user also has the option of blocking the collection of data produced by Matomo regarding the use of this website and preventing the abovementioned collection.
To do this, the user must activate the “do not track” setting in his/her browser or take advantage of the opt-out option made available in the data protection policy:
In this case, what is known as an opt-out cookie will be placed in your browser, with the result that Matomo will not collect any session data. Please note that the complete deletion of your cookies will also result in the deletion of the opt-out cookie and that you may need to re-activate it.
Information about Matomo
Matomo is an open-source project which has been developed by various software developers and the company InnoCraft Ltd.
InnoCraft Ltd.
 150 Willis St, 6011 Wellington, New Zealand
 contact@innocraft.com
For additional information and Matomo’s currently valid data protection provisions, please go to matomo.org/privacy/.
3. Use and disclosure of personal data
In general, it is not necessary for you to enter personal data to use our website. However, for us to provide some of our services (such as registration for a lecture or course), we may require your personal data. Your personal data will only be used for the purposes described and to the extent necessary to attain these aims. None of these data will be disclosed to third parties without the previous consent of the user.
The data transmitted are saved in a database which is only accessible to administrators.
The transmission of personal data to governmental authorities is done solely in accordance with mandatory national legal regulations.
Processing is carried out in accordance with Art. 6 Sect. 1 b) (fulfilment of contractual obligations) and c) (legal stipulations) of the GDPR.
If you have granted us consent to process your data (by completing a contact form or requesting a newsletter, for example), we will process your data only for the purposes defined therein.
Processing is carried out in accordance with Art. 6 Sect. 1 a) of the GDPR (consent).
4. Cookies
Our websites make use of cookies at several points. They serve to help us make our website more effective and user-friendly. Cookies are small text files which are saved on your computer by the browser. Most of the cookies we use are known as “session cookies”, which are deleted when you end your browser session. Cookies do not damage your computer and do not contain viruses.
The following cookies are placed:
- A session cookie (for session recognition, duration: one session)
- TYPO3 session cookie (for session recognition, duration: one session)
The user can prevent the placement of cookies by our website at any time by means of a corresponding setting of the Internet browser in use, thus permanently blocking the placement of cookies. In addition, cookies which have already been placed can be deleted at any time using an Internet browser or another software program. This is possible in all commonly used Internet browsers.
If the user deactivates the placement of cookies in the Internet browser in use, it is possible that not all of our website’s functions will be entirely utilizable.
Processing is carried out in accordance with Art. 6 Sect. 1 b) of the GDPR.
5. Data protection provisions governing the application and use of YouTube
The party responsible for processing has integrated elements of YouTube into this website. YouTube is an online video portal which enables the creators of videos to post video clips free of charge and allows other users to view, assess, and comment upon these videos, also free of charge. YouTube authorizes the publication of all types of videos, so that entire films and television programmes, music videos, trailers, and videos created by users themselves can be viewed via this portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each visit to one of the individual pages of this website, which is operated by the party responsible for processing and into which content from YouTube (a YouTube video) has been integrated, causes the browser of the user’s computer system, via the YouTube element in question, to automatically download a viewing of the YouTube content in question from YouTube. For additional information about YouTube, please go to www.youtube.com/yt/about/de/ . As part of this technical procedure, YouTube and Google are notified which specific subpage of our website has been visited by the user.
If the user is simultaneously logged on to YouTube, a visit to a subpage containing a YouTube video causes YouTube to recognize which specific subpage of our website has been visited by the user. This information is collected by YouTube and Google and is allocated to the user’s individual YouTube account.
Via the YouTube element in question, YouTube and Google will in each case receive notification that the user has visited our website if the user is simultaneously logged on to YouTube at the time of the visit to our website, regardless of whether the user clicks on a YouTube video or not. If the user does not wish for information of this type to be transmitted to YouTube and Google, the user can prevent the transmission by logging out of his/her YouTube account before visiting our website.
YouTube’s published data protection provisions, which can be viewed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.
You can agree to or prevent the placement of cookies via your browser settings.
Processing is carried out in accordance with Art. 6 Sect. 1 b) of the GDPR.
6. Data protection provisions governing the application and use of Facebook
The party responsible for the processing has integrated elements of the company Facebook into the website. Facebook is an online social network.
An online social network is a meeting place operated on the Internet, an online community which generally enables its users to communicate with one another and to interact virtually. An online social network can serve as a platform for the exchange of opinions and experiences and enables the online community to post personal or company-related information. Facebook enables the users of its social network to create personal profiles, upload photos, and to participate in a network of friendship requests, among other activities.
Facebook‘s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For users outside the United States and Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the processing of personal data.
Each visit to one of the individual pages of this website, which is operated by the party responsible for processing and into which an element of Facebook (a Facebook plug-in) has been integrated, causes the browser of the user’s computer system, via the Facebook element in question, to automatically download a viewing of the Facebook content in question from Facebook. For an overview of all Facebook plug-ins, please go to developers.facebook.com/docs/plugins/. As part of this technical procedure, Facebook is notified which specific subpage of our website has been visited by the user.
If the user is simultaneously logged on to Facebook, for each visit to our website by the user and throughout the entire duration of the visit to our website, Facebook recognizes which specific subpage of our website has been visited by the user. This information is collected by the Facebook element and allocated by Facebook to the user’s individual Facebook account. If the user clicks on one of the Facebook buttons integrated into our website, such as the “Like” button, or if the user submits a comment, Facebook allocates this information to the user’s personal Facebook user account and saves these personal data.
Via the Facebook element in question, Facebook will in each case receive notification that the user has visited our website if the user is simultaneously logged on to Facebook at the time of the visit to our website, regardless of whether the user clicks on the Facebook content or not. If the user does not wish for information of this type to be transmitted to Facebook, the user can prevent the transmission by logging out of his/her Facebook account before visiting our website.
Facebook’s published data policy, which can be viewed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. In addition, the policy explains which settings Facebook offers to protect the user’s privacy. Various applications are also available which make it possible to prevent the transmission of data to Facebook. Applications of this kind can be utilized by the user to prevent the transmission of data to Facebook.
7. Security
The technical and organizational security measures we use to protect all data from access by unauthorized parties are always kept in line with current technical standards. Personal information is always transmitted in encrypted form.
8. Links to third-party websites
Our websites may contain links to third-party websites. We would like to inform you that this data protection policy applies solely to the pages of the Darmstadt University of Applied Science’s centralized website. We have no influence over these third parties and do not monitor whether they comply with the valid data protection provisions.
9. Right to information, notification, blocking, and deletion of data
As the user being affected by the data processing, you have various rights:
- Right to revoke consent: if you have granted consent to us, you may revoke it at any time. In this case, the data processing based on the consent which has been revoked may no longer take place in future.
- Right to information: you may request information regarding the personal data processed by us. This particularly applies to the purposes of data processing, the categories of personal data, where applicable to the categories of recipients, the storage duration, where applicable to the origin of your data, and where applicable to the existence of automated decision-making including profiling and, where applicable, robust information about the details of the above.
 
- Right of correction: you may request correction of incorrect personal data and the completion of personal data belonging to you which we have saved.
- Right to deletion: you may request the deletion of personal data belonging to you which we have saved, as long as the processing of the above data is not necessary to the exercise of the right to free expression, or if the information is required to fulfil a legal obligation, for reasons of the public good, or for the enforcement, exercise, or defence of legal claims.
 
- Right to limiting of processing: you may request the limitation of the processing of your personal data, as long as you contest the correctness of your data or the processing is illegal, but you do not wish them to be deleted. In addition, you have this right when we no longer have need of the data, but you require them for the enforcement, exercise, or defence of legal claims. Additionally, you have this right if you have refused consent to the processing of your personal data by us.
 
- Right to transferability of data: you may request us to transmit to you the personal data which you have provided to us in a structured, accessible, and machine-readable format. Alternatively, you may request direct transmission of the personal data which you have provided to us to another responsible party, where possible.
 
- Right to lodge a complaint: you may lodge a complaint with the supervisory authority having jurisdiction over us, i.e. if you believe we have processed your personal data in an illegal manner.
The supervisory authority with jurisdiction is:
The Data Protection Officer of the State of Hesse
Gustav-Stresemann-Ring 1
 65189 Wiesbaden
 Tel: +49 (0)611 1408-0
 E-mail: poststelle@datenschutz-hessen.de
 Internet: http://www.datenschutz.hessen.de
As long as we are processing your personal data for reasons which are justified, you have the right to refuse consent to this processing. If you wish to exercise your right to refuse consent, a notification in a text format is sufficient, meaning you can write to us, send us a fax or an e-mail.
The Darmstadt University of Applied Science’s Data Protection Officer can be reached at datenschutz@h-da.de.
10. Applicability and up-to-date status of the Data Protection Policy
By using our website, you agree to the use of your data as described above. This Data Protection Policy goes into effect immediately and supersedes any earlier policies.