Data Protection

General Data Protection Information

I. Name and Address of the Party Responsible

The person or organisation responsible within the meaning of the General Data Protection Regulations and other national data protection laws of the member states as well as other data protection regulations is…

University of Applied Sciences in Kiel
(Fachhochschule Kiel)
Presidium
Sokratesplatz 1
24149 Kiel, Germany
Tel.: +49 431 2410-0
E-Mail: info(at)fh-kiel.de

II. A Address of the Data Protection Officer

The contact details of the data protection officer are

Data Protection Officer
Fachhochschule Kiel
Sokratesplatz 1
24149 Kiel, Germany
Telefon: +49 431 210-1080
E-Mail: datenschutz(at)fh-kiel.de

III. General Provision on Data Processing

1. Scope of processing

In principle, we only process the personal data of our users as far as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

2. Lawfulness of processing,

Article 6 (1) a of the European Union General Data Protection Regulation (GDPR) serves as the legal basis insofar as we obtain the consent of the data subject for the processing of personal data.

Article 6 (1) b GDPR serves as the legal basis for the processing of personal data required to fulfil a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Article 6 (1) c GDPR serves as the legal basis insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) d in conjunction with (3) of the GDPR serves as the legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data.

Article 6 (1) e, f GDPR serves as the legal basis for the processing if the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority.

Article 6 (1) f GDPR serves as the legal basis for processing if processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest.

3. Data deletion and duration of storage

The personal data of the person concerned are deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data are also blocked or deleted if a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of Website and Creation of Log Files

1. Description and scope of data processing

Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

1. Information about the browser type and version used
2. The user's operating system
3. The IP address of the user
4. Date and time of access
5. Websites from which the user's system accesses our website
6. Websites accessed by the user's system through our website

The IP address as well as the date and time of access are stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data stored in the log files for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in data processing is in accordance with Article 6 (1) f of the GDPR.

4. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this time is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the accessing client.

5. Possibility of objection and deletion

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Use of Cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data are stored and transmitted in cookies:

(1) Log-in information
(2) Consent to the use of cookies

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) f of the GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We need cookies to log in to the internal websites.

The user data collected by technically necessary cookies are not used to create user profiles.

e) Duration of storage, objection and deletion

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

VI. a) Social Media

Components from various third-party providers are used on our website in order to provide additional content. This includes, for example, YouTube and Vimeo videos.

If we were to embed the social media elements provided by the third-party providers directly into the website, the URL of the website loaded, the IP address and possibly other information ( e.g. browser type) could be transmitted to the third-party provider and, if applicable, cookies set by the third-party provider. This would happen even if you were not registered with the third party or are a member of it.

If you were also logged in to the third-party provider when you called up the website, it could assign further information to your user account stored there (e.g. which video you call up, which comment you make, which information you share, etc.).

Therefore, the default for our websites is that social media elements from third-party providers are not directly embedded. Instead, solutions are used in which a connection to the server of the third-party provider is only established and the associated data processing is triggered after a conscious click on the social media element.

Please note that the data processing triggered by this is beyond the university's sphere of influence and that the data protection regulations of the third-party providers must be observed.

Here you can find some of the privacy policies:

http://www.google.com/intl/de/policies/privacy/

https://vimeo.com/privacy

https://www.facebook.com/policy.php

http://twitter.com/privacy

https://www.linkedin.com/legal/privacy-policy

If you do not agree to the data processing as described above and by the third party, do not click on the social media element.

VI. b) Facebook

The data protection declaration for our Facebook page can be found on a separate page.

VII. Registration

1. Description and scope of data processing

On our website we offer users the opportunity to register by providing personal data. The data are entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data are collected as part of the registration process:

  1. Name
  2. Address
  3. Faculty or Alumni

The following data are also stored at the time of registration:

  1. The IP address of the user
  2. Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for processing the data is Article 6(1) a  GDPR if the user has given their consent.

3. Purpose of data processing

User registration is required to send the campus magazine or information material.

4. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and deletion

As a user, you have the option to cancel registration at any time. You can have the data stored about you changed at any time. Please send an email to info(at)fh-kiel.de or use the subscription form.
 

VIII. Web Analysis by Matomo (formerly PIWIK)

1. Scope of processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (see Cookies above). If individual pages of our website are called up, the following data are stored:

  1. Two bytes of the IP address of the user's system
  2. The website accessed
  3. The website from which the user accessed the website (referrer)
  4. The sub-pages that are accessed from the website
  5. The time spent on the website
  6. The frequency of visits to the website

The software runs exclusively on the servers of our website. A storage of the personal data of the users only takes place there. The data is not passed on to third parties.

2. Legal basis for the processing of personal data of personal data

The legal basis for the processing of users' personal data is Article 6 (1) f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our legitimate interest in the processing of the data according to Art. 6 (1) f GDPR is also for these purposes. By making the IP address anonymous, the interest of the user in the protection of their personal data is sufficiently taken into account.

4. Possibility of objection and deletion

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

Changing cookie setting

IX. Rights of the Data Subject

You have the following rights according to Art. 15 - 21 GDPR. You have the right to…

  • Receive information about the data stored on you (Art. 15 GDPR),
  • Rectify inaccurate data (Art. 16 GDPR),
  • Erasure if the legal requirements are met (Art. 17 GDPR),
  • Restriction of processing if the legal requirements are met  (Art. 18 GDPR),
  • Data portability (Art. 20 GDPR),
  • Object against the processing of data (Art. 21 GDPR). The objection applies to the future
  • Complain to:
    Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD),
    Holstenstr. 98
    24103 Kiel
    Tel. 0431 988-1200 or online Beschwerdeformular,
  • Withdrawal of consent
    as long as the processing is based on the consent of the data subject (Art. 6 (1) a or Art. 9 (2) a GDPR) and
  • notice of the consequences of an objection.

Special Information from the Student Secretariat

I. Processing Purposes and Legal Basis

Your data is processed for the purpose of implementing the statutory tasks of Kiel University of Applied Sciences. Applying for a place at a university, admission, enrolment, study counselling and the implementation of the course and the examinations is only possible if we process your data.

Your data is processed on the basis of the following legal bases in the currently applicable version for the purposes stated therein:

  • Article 6 (1) e in conjunction with (3) GDPR [see also § 3 LDSG SH] in conjunction with § 45 of the Higher Education Act Schleswig-Holstein and the state ordinance on the collection and processing of personal data for purposes of the university and the Berufsakademie (StudDatenVO)
  • Article 6 (1) c and e in conjunction with (3) GDPR [see also § 3 LDSG SH] in conjunction with § 199 a of the fifth book of the German Social Code (SGB V)
  • Article 6 (1) c and e in conjunction with (3) GDPR [see also § 3 LDSG SH] in conjunction with the Higher Education Statistics Act

II. Recipients of Personal Data

Internal Recipient

Your data collected when applying for a place at university and when enrolling is forwarded within the university insofar as this is permissible and necessary according to § 45 HSG and the StudDatenVO for the fulfilment of legal tasks and for the proper implementation of the course. Internal recipients are in particular the responsible authorities…

  • in the faculties
  • in the central administration
  • at the International Office (for foreign exchange students and applicants)
  • at the General Students’ Union - AStA (for semester ticket matters)
  • at the central facilities such as the Centre for IT Services and the Central Library.
     

External Recipients

Kiel University of Applied Sciences transmits the data required by the Higher Education Statistics Act to the Statistical Office for Hamburg and Schleswig-Holstein solely for statistical purposes.

In accordance with § 199 a SGB V, the Kiel University of Applied Sciences transmits the information specified to the responsible health insurance company.

For courses that are within the dialogue-oriented service procedure (DOSV) of the Foundation for University Admission for the allocation of study places, Kiel University of Applied Sciences and the Foundation for University Admission transfer the necessary personal applicant data to each other as part of order data processing in accordance with Article 28 (3) GDPR.

To participate in an online course, the Kiel University of Applied Sciences also forwards selected data (surname, first name, address, date of birth, telephone number, student e-mail address, course of study, matriculation number) to Oncampus GmbH, Mönkhofer Weg 239, 23562 Lübeck, transmitted in order to enable the use of the portal and the "Moodle" learning platform. Otherwise, participation in an online course is not possible.

Under the conditions of § 5 LDSG Schl.-H., personal data can also be transmitted to other bodies at their request.

III. Duration of Storage

The duration of the processing of your personal data processed by the Kiel University of Applied Sciences is based on § 19 StudDatenVO:

§ 19 Deletion of data

(1) The university must delete the data processed for the admissions procedure in accordance with § 1 four years after the end of the respective semester, as long as this data is no longer required for enrolment.

(2) The university must delete the data processed for the purpose of the survey as part of quality management and for evaluations in accordance with Section 5 (1) & (2) HSG after the end of the survey, as long as this data does not have to be stored further in accordance with (3).

(3) The university and the Berufsakademie delete the data processed by the students and visiting students such as surnames, first names, date of birth, course of study, subject, the date of enrolment or admission to the university or vocational academy, the date of completion of the course and the filed examinations (type, subject, date and result) after 40 years. All other data relating to enrolment or admission to the university or vocational academy and the course is deleted four years after the end of the course.

(4) The university and the Berufsakademie deletes all personal data that have not led to admission or enrolment after the notification of admission has become final after two years at the latest. This also applies in cases in which no notification was issued; in this case, the period begins at the end of the semester for which the application was valid.

(5) Paragraphs 2 to 4 apply to doctoral candidates accordingly.

Data Protection Information for CTLD Teacher Surveys

I. Nature and purpose of the processed data

Address data

E-mail distribution lists are usually used for invitations in university-wide surveys.

Access data

During participation in an online survey by Kiel University of Applied Sciences via the website eval.fh-kiel.de/evasys/online.php, our web server temporarily stores central access data in a log file for the purpose of establishing a connection and system security and automatically deletes it after seven days (IP address of the requesting computer, date and time of access, retrieved data). This web server log data can only be viewed by the data processing centre (DVZ) and is only evaluated in the event of attacks on the network infrastructure of Kiel University of Applied Sciences. Personal user profiles are not created

Survey data

The information that is entered and transmitted while participating in a survey (e.g. assessments of the teaching and research conditions) is stored in encrypted form in a database together with the time of the survey. Only the Evasys administrators of the Centre for Learning and Teaching Development (CLTD) and the University Development Department can access this survey data. The data collected are only evaluated, presented and/or passed on in a way that ensures that survey participants cannot be identified and that anonymity is guaranteed.

II. Legal Basis

The legal basis for the processing of personal data for the invitation to a survey (see 1.1) is Art. 6 (1) e GDPR in connection with the Schleswig-Holstein Higher Education Act, §3 and §5 as well as the quality statutes of the Kiel University of Applied Sciences. The legal basis for the processing of personal access data for the purpose of the functionality and security of the system (see 1.2) is Art. 6 (1) f GDPR. We are also obliged according to Art. 32 EU-GDPR to implement necessary technical and organisational security measures. The legal basis for processing the personal survey data (see 1.3.) results GDPR Art. 6 (1) e.

III. Duration of Processing/Data Deletion

Web server data that is collected for technical reasons is automatically deleted after seven days. Anonymised survey data are not deleted.

IV. Validity of Data Protection Information

We reserve the right to change this privacy notice to reflect changes in relevant laws or regulations, or to better meet your needs. This data protection notice applies in the most recent version published by Kiel University of Applied Sciences.