Privacy Policy

Rottenburg University of Applied Forestry and its departments take the protection of your personal data very seriously. We therefore process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below. Personal data within the meaning of this privacy policy refers to all information relating to you as an individual.

Below, we provide information on how the Rottenburg University of Applied Forestry processes your personal data.

Contact details of the data controller

Hochschule für Forstwirtschaft Rottenburg (HFR)
Schadenweilerhof 72108 Rottenburg a.N.
+49 7472/951-0
hfr@dont-want-spam.hs-rottenburg.de   

Contact details of the Data Protection Officer

If you have any questions or comments regarding data protection (for example, regarding access to and updating of your personal data), you can also contact our Data Protection Officer:

External Data Protection Officer

Maximilian Musch M.A. – Deutsche Datenschutzkanzlei
+49 7542/94921-02
datenschutz@hs-rottenburg.de   
Web: www.ddsk.de  

Definitions

The technical terms used in this privacy policy are to be understood as legally defined in Article 4 of the GDPR.

Recipients

Service providers used (recipients of data) are listed under the relevant category / heading. 

Note: General Equal Treatment Act (AGG)

For the sake of readability, our privacy policy does not make gender-specific distinctions. Relevant terms apply to all genders in the spirit of equal treatment.

Information on data processing

Automated data processing (log files, etc.)

Our website can be visited without users actively providing personal information. However, each time the website is accessed, we automatically store access data (server log files) such as the name of the internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit, or the name of the file requested from ; and, for security reasons, e.g. to detect attacks on our website, the IP address of the device used for a period of 7 days. This data is evaluated solely for the purpose of improving our service and does not allow any conclusions to be drawn about the identity of the user. This data is not combined with other data sources. 

The legal basis for the processing of the data is Article 6(1)(c) of the GDPR in conjunction with Article 32 of the GDPR and Article 24 of the GDPR.

We process and use the data for the following purposes:

  1. Provision of the website
  2. Improving our websites
  3. Prevention and detection of errors/malfunctions and misuse of the website.

Processing is necessary to ensure the functionality and error-free and secure operation of the website, as well as to adapt this website to users’ requirements.

Use of cookies (general information, how they work, opt-out links, etc.)

To make visiting our website an enjoyable experience and to enable the use of certain features, we use so-called cookies on our website. The use of cookies serves our interest in making your visit to our website as pleasant as possible. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files that are stored on the user’s device. They enable us, amongst other things, to save user settings so that our website can be displayed in a format tailored to the user’s device. Some of the cookies we use are deleted at the end of the browser session, i.e. when the browser is closed (so-called session cookies). Other cookies remain on the user’s device and enable us to recognise the browser on the next visit (so-called persistent cookies).
The browser can be configured so that the user is informed when cookies are set and can decide individually whether to accept them, or can exclude the acceptance of cookies in specific cases or generally. Furthermore, cookies can be deleted retrospectively to remove data that the website has stored on the user’s computer. Disabling cookies (so-called opt-out) may lead to some restrictions on the functionality of our website.

Categories of data subjects:

Students and, where applicable, other website visitors

Opt-out:

Internet Explorer:
https://support.microsoft.com/de-de/help/17442    

Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de  

Safari:
https://support.apple.com/de-de/HT201265  

Legal basis:

Consent (Art. 6(1)(a) GDPR); performance of a task carried out in the public interest pursuant to Art. 6(1)(e) GDPR. 

The relevant legal basis is specified for each tool. 

Objectives & Interests:

Storage of opt-in preferences, display of the website, ensuring the functionality of the website, maintaining user status across the entire website, recognition for subsequent website visits, user-friendly online offering, and, where applicable, ensuring the chat function

Consent Management Platform

We use a consent management system on our website to store and manage the consent given by visitors to our website in a verifiable manner, in accordance with the requirements of the GDPR. At the same time, visitors to our website can use the service we have integrated to manage the consents and preferences they have given, or to withdraw their consent. 
The consent status is stored on the server and/or in a cookie (known as an opt-in cookie) or similar technology to enable the consent to be linked to a user or their device. The time at which consent was given is also recorded.

Categories of data subjects:

Website visitors who use the consent management tool 

Categories of data:

User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), consent data (consent ID, consent number, time of consent, opt-in or opt-out, banner language, customer settings, template version)

Purposes of processing:

Fulfilment of accountability obligations, consent management

Legal basis:

Legal obligation (Art. 6(1)(c) GDPR in conjunction with Art. 7 GDPR)

Consentmanager AB

Recipient: consentmanager AB; Håltegelvägen 1b; 72348 Västerås        
Data protection: https://www.consentmanager.de/datenschutz/ 

Hosting (including Content Delivery Network)

Our website is hosted by an external service provider. Data relating to visitors to our website, in particular so-called log files, is stored on our service provider’s servers. By using a specialised service provider, we are able to efficiently provide our website . The hosting provider we use does not process the data for its own purposes. 

We also use a so-called Content Delivery Network (CDN) to enable us to deliver our website content more quickly. When files are retrieved, a connection is established to the servers of a CDN provider, during which personal data of visitors to our website is processed, such as the IP address and browser data. 

Data categories:    

User data (e.g. webpages visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:

Proper display and optimisation of the website; faster and location-independent accessibility of the website

Legal basis:

Consent (Art. 6(1)(a) GDPR); performance of a task carried out in the public interest pursuant to Art. 6(1)(e) GDPR 

Hosting

Recipients:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Privacy policy:

https://www.hetzner.com/legal/privacy-policy/ 

Legal basis:

Performance of a task carried out in the public interest pursuant to Article 6(1)(e) of the GDPR 

Content Delivery Network – Google Static

Recipient:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

https://policies.google.com/privacy?hl=de&gl=de

Legal basis:

Consent (Art. 6(1)(a) GDPR)

Social media presence

The University makes content (e.g. fan pages) available online on various social media platforms, which provide information about the University. 

Social media channels are used to increase visibility among potential students and to raise the university’s profile among the general public. Social networks have proven effective in increasing reach and actively promoting interaction and communication with students.

University communications, press and public relations fall within the core remit of the state’s universities. Activity and communication on social media play a key role in attracting new students. Relevant information about degree programmes can be shared via social media and the website, events can be publicised, and important last-minute announcements and job vacancies can be communicated.  

User profiles can be created based on the behaviour of social network users – such as the interests they specify – and used to tailor advertisements to the interests of target groups. To this end, cookies are regularly stored on users’ devices, in some cases regardless of whether they are registered users of the social network. 

In connection with the use of social media, we use the associated messaging services to get in touch with users easily. Communication via social media channels is an important and essential part of the university’s public relations work.

Please note that the security of individual services may depend on the user’s account settings. Even in the case of end-to-end encryption, the platform operator may be able to determine whether and when users are communicating with the university and, where applicable, collect location data.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may give rise to risks for users, as it may, for example, make it more difficult for them to enforce their rights. 

We inform users that the university has no further influence over the processing of personal data on these platforms. Only the respective platform operator has full knowledge of the content of the data transmitted and its use.

Categories of data subjects:

Registered and unregistered users of the social network

Categories of data:

User names (e.g. name, address), contact details (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage and interaction data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address and, where applicable, location data)

Purposes of processing:

Expanding our reach, networking with students, promoting interaction and communication, press and public relations

Legal basis:

The use of the platform and the associated processing of personal data on the platform is based on Article 6(1)(e) of the GDPR in conjunction with Article 6(3)(b) of the GDPR in conjunction with Section 4 of the LDSG and Section 2 of the LHG. Consent to data processing pursuant to Article 6(1)(a) of the GDPR may also serve as a legal basis if users have given such consent to the platform operator.

Objectives & Interests:

Ensuring the university’s visibility in society, improving and promoting its public image, interaction and communication on social media, insights into target groups, press and public relations

Instagram

Recipient: Meta Platforms, 4 Grand Canal Square, Dublin 2, Irland
Data protection: https://help.instagram.com/519522125107875  
and https://www.facebook.com/about/privacy 
Opt-out link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/ 

Facebook

Recipient: Meta Platforms, 4 Grand Canal Square, Dublin 2, Irland 
Privacy policy: https://www.facebook.com/privacy/explanation  
and https://www.facebook.com/legal/terms/page_controller_addendum 
Opt-out link: https://www.facebook.com/settings?tab=ads 

LinkedIn

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy 
Opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de  
Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de  
or https://myaccount.google.com/

Alternative information and communication channels:

As an alternative means of information and communication, please feel free to use our postal address above or our email address: hfr@dont-want-spam.hs-rottenburg.de

Web analytics and optimisation

Web analytics and audience measurement tools are used to analyse visitor traffic on our website. For this purpose, information regarding visitors’ behaviour, interests or demographic details, such as age, gender and similar, may be collected. This helps us identify at what times our online offering, its functions or content are most frequently accessed or encourage repeat visits. Furthermore, we can use the information collected to determine whether our website requires optimisation or adaptation. 

The information collected for this purpose is stored in cookies or similar technologies (e.g. pixels). As a rule, no personal data of users is processed. Website visitors may be assigned a specific ID when these methods are used, in order to recognise them on subsequent visits and to protect their identity. The IDs and associated information may be stored in user profiles.

Categories of data subjects:

Website visitors, users of online services

Data categories:

User data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, IP addresses), contact details (e.g. email address), content data (e.g. text entries)

Purposes of processing: 

Website analysis, audience measurement, traffic analysis and evaluation of website interaction

Legal basis:

Consent (Art. 6(1)(a) GDPR); performance of a task carried out in the public interest pursuant to Art. 6(1)(e) GDPR.

Objectives & interests:

Optimisation and further development of the website

Matomo

Recipient: InnoCraft Ltd, 150 Willis St., 6011 Wellington, Neuseeland 
Data protection: matomo.org/privacy-policy/
Legal basis: Consent (Art. 6(1)(a) GDPR) 

Plug-ins and embedded third-party content

We have integrated functions and content into our online offering that are sourced from third-party providers. For example, videos, images, buttons or posts (hereinafter referred to as ‘content’) may be integrated.

To enable visitors to our online offering to view this content, the relevant third-party provider processes, amongst other things, the user’s IP address so that the content can be transmitted to and displayed in the browser. Without this processing, the display of third-party content is not possible. 

In some cases, additional information is collected via so-called pixel tags or web beacons, through which the third-party provider receives information about the use of the content or visitor traffic on our online offering, technical information regarding the user’s browser or operating system, the time of the visit, or referring websites. The data obtained in this way is stored in cookies on the user’s device.

To protect the personal data of visitors to our online service, we have implemented certain security measures to prevent the automatic transmission of this data. This data is only transmitted when users click on the buttons or the third-party content.

Categories of data subjects:

Users of the plug-in or integrated third-party content

Categories of data:

Usage and interaction data (e.g. websites visited, interests, time of access), meta and communication data (e.g. device information, IP address), interaction data (content clicked on, visitor origin)

Purposes of processing:

Design of the online offering, increasing the reach of advertisements on social media, sharing posts and content, interest- and behaviour-based marketing, cross-device tracking

Legal basis:

Consent (Art. 6(1)(a) GDPR)

Google APIs

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Data protection: https://policies.google.com/privacy?hl=de&gl=de
Legal basis: Consent (Art. 6(1)(a) GDPR)

YouTube

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de 
Legal basis: Consent (Art. 6(1)(a) GDPR)

Google Fonts

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de 
Legal basis: Consent (Art. 6(1)(a) GDPR)

Google Maps

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de 
Legal basis: Consent (Art. 6(1)(a) GDPR)

Contact

Our website offers the option to contact us directly or to obtain information about various ways to get in touch. 
When you contact us, we process the data of the enquirer to the extent necessary to answer or process the enquiry. The data processed may vary depending on the method used to contact us.

Categories of data subjects:

Students and, where applicable, other users

Categories of data:

Master data (e.g. first name, surname, student number, address), contact details (e.g. email address, telephone number), content data (e.g. text entries), usage data (e.g. access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:

Processing enquiries

Legal basis:

Consent (Art. 6(1)(a) GDPR), performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR); Article 6(1)(e) of the GDPR (for the performance of a task carried out in the public interest), in conjunction with Article 6(3) of the GDPR and Section 4 of the LDSG, as well as on the basis of the LHG Baden-Württemberg.

Data transfer

We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department in order to comply with legal or contractual obligations). Internal data transfer or disclosure of data takes place only to the extent necessary, in compliance with the relevant data protection regulations.

In order to perform contracts or to fulfil a legal obligation, it may be necessary for us to disclose personal data. If the data required for this purpose is not made available to us, it may not be possible to conclude the contract with the data subject.

Safeguards applied to transfers to third countries:

Adequacy decision by the European Commission within the meaning of Article 45 of the GDPR for the services:

Matomo (New Zealand)
Google services (USA) in accordance with the EU-US Data Privacy Frameworks

Retention period

We generally store the data of visitors to our website for as long as is necessary to provide our services or as required by European directives and regulations or by other legislation to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we are required to retain in order to comply with legal obligations (e.g. we are obliged under tax and commercial law retention periods to retain documents such as contracts and invoices for a certain period of time).
 

Automated decision-making

We do not use automated decision-making or profiling in accordance with Article 22 of the GDPR.

Legal bases

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the Member States and may apply in conjunction with or in addition to the GDPR.

Consent:

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a contract:

Article 6(1)(b) of the GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request.

Legal obligation:

Article 6(1)(c) of the GDPR serves as the legal basis for processing operations necessary for compliance with a legal obligation.

Vital interests:

Article 6(1)(d) of the GDPR serves as the legal basis where processing is necessary to protect the vital interests of the data subject or of another natural person.

Public interest:

Article 6(1)(e) of the GDPR serves as the legal basis for processing operations necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:

Article 6(1)(f) of the GDPR serves as the legal basis for processing necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.

Rights of data subjects

Right of access:

Data subjects have the right, pursuant to Article 15 of the GDPR, to request confirmation as to whether we are processing data relating to them. They may request information about this data, as well as the further information listed in Article 15(1) of the GDPR, and a copy of their data.

Right to rectification:

Data subjects have the right, in accordance with Article 16 of the GDPR, to request the rectification or completion of data concerning them and processed by us.

Right to erasure:

Data subjects have the right, pursuant to Article 17 of the GDPR, to request the immediate erasure of data concerning them. Alternatively, they may request that we restrict the processing of their data pursuant to Article 18 of the GDPR. 

Right to data portability:

Data subjects have the right, in accordance with Article 20 of the GDPR, to request the provision of the data they have made available to us and to request its transfer to another controller.

Right to lodge a complaint:

Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Article 77 of the GDPR.

Right to object:

Where personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, data subjects have the right, pursuant to Article 21 of the GDPR, to object to the processing of their personal data, provided there are grounds arising from their particular situation or the objection relates to direct marketing. In the latter case, data subjects have a general right to object, which we will implement without requiring them to specify a particular situation.

Withdrawal

Some data processing operations are only possible with the explicit consent of the data subjects. You have the option to withdraw consent that has already been given at any time. To do so, simply send us an informal message or email to datenschutz@dont-want-spam.hs-rottenburg.de. The lawfulness of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

External links

Our website may contain links to the online offerings of other providers. We hereby point out that we have no influence over the content of the linked online offerings or the compliance of their providers with data protection regulations.

Changes

We reserve the right to amend this privacy policy at any time in the event of changes to our online services and in accordance with applicable data protection regulations, to ensure that it complies with legal requirements.

This privacy policy was drawn up by
Deutsche Datenschutzkanzlei – Maximilian Musch