Privacy statement

References to legal regulations refer to the General Data Protection Regulation (hereinafter GDPR) and the Hessian Data Protection and Freedom of Information Act (hereinafter HDSIG) in the version applicable from 25.05.2018 and the Hessian Higher Education Act (hereinafter HessHG) in the version applicable from 28.12.2021.

This privacy policy applies to the website of Hochschule RheinMain at the following web address (URL):

• www.hs-rm.de

and to the personal data collected via this website. For websites of other providers to which reference is made, e.g. via links, the data protection notices and declarations there apply.

The controller within the meaning of the GDPR is

Hochschule RheinMain
Kurt-Schumacher-Ring 18
65197 Wiesbaden

Phone +49 611 94 95-01
www.hs-rm.de

In accordance with Section 1 (1) HessHG, Hochschule RheinMain is a public corporation and is legally represented by the President, Prof. Dr. Eva Waller, praesidiumssekretariat@hs-rm.de.

You can contact the Data Protection Officer of Hochschule RheinMain at the following e-mail address

email address: datenschutzbeauftragterspam prevention@hs-rm.de

The website is hosted on the IT systems of Hochschule RheinMain.

According to Art. 4 (1) GDPR, personal data means any information relating to an identified or identifiable natural person (data subject). A natural person is considered identifiable if they can be identified directly or indirectly (by means of assignment) by an identifier such as their name, an identification number, location data, an online identifier or one or more special features that express their physical, physiological, genetic, psychological, economic, cultural or social identity.

Hochschule RheinMain takes the protection of personal data very seriously. We would therefore like to inform you on the following pages about which of your personal data is processed when you visit our website and contact us, the legal basis for this and the rights to which you are entitled.

We only store your personal data for as long as is necessary to achieve the purposes in question or for the various storage periods stipulated by law. Once the respective purpose no longer applies or these deadlines have expired, the corresponding data is routinely blocked or deleted. In the case of file-relevant processes, we are guided by the retention periods specified in the file management decree of the state of Hesse. This deadline is generally five years.

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, Hochschule RheinMain collects the information transmitted to us by your browser each time you access a website.
This access data is recorded in a log file, the web server log file. The stored data record contains the following data

• the client IP
• the time
• the status
• the requested URL that your browser has sent to the server
• the amount of data transferred
• the website from which you came to the requested page (referrer)
• as well as the product and version information of the browser used (user agent)

To protect against attacks and to ensure the proper operation of the website, access to the website with the full IP address is temporarily stored on a security system (firewall) in an automated manner and analyzed for possible risks.
The evaluation of the log files allows us to detect possible errors such as broken links or program errors and thus ensure the further development and continuous optimization of the website. This data is stored for a maximum of seven days. It is then anonymized. Data on access that is required for the further tracking of attacks and malfunctions is stored for longer. This data is not stored together with other personal data. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e, para. 3 GDPR, § 3 para. 1 HDSIG in conjunction with § 14 para. 5 sentence 4 and para. 6 sentence 1 HessHG - (public relations of higher education institutions). Since the collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, there is no possibility of objection.

For the administration of your consent regarding the use of non-functional cookies, Hochschule RheinMain uses a locally integrated script to display a cookie banner. No external services are used and your information is not transferred to third parties.

Consent is given via a banner in accordance with Art. 7 para. 1 GDPR and is logged in anonymized and encrypted form on servers within the European Union.

Hochschule RheinMain uses cookies and similar technologies on the website to integrate external content and services, such as informational or educational videos. Data is only transferred to third parties (e.g. when displaying YouTube videos) if you have expressly consented to this.

This consent is voluntary, not required for the use of the website and can be changed or revoked at any time in accordance with Art. 7 para. 3 GDPR using the button below.

Your selection will be stored for a period of 12 months, after which the consent banner will be displayed again to update your consent.

To obtain detailed information on the cookies used, please open the cookie banner. By expanding the respective categories (accordions), you can view a complete overview of all cookies used - including information on the provider, name, purpose and storage period."

We use the analysis tool Matomo to evaluate user access and to optimize our website.
Matomo places a cookie on your device. Each time you access one of the individual pages of our website, the internet browser on your device is prompted by the Matomo component to transmit data to our server for the purpose of online analysis. This enables us to find out on which days and at which times the website's offers are visited particularly often, which search engine keywords are particularly efficient and how much data volume is generated.
The transmitted data includes

• Date and time of access
• The user agent (browser identifier)
• Operating system settings such as monitor resolution
• Entry and exit pages and the time spent on the web pages
• Files or documents accessed
• The IP address (reduced by two bytes)
• Size of the file or document
• HTTP status code (file transferred, file not found, etc.)

The software is set so that the IP addresses are not saved in full, but two bytes of the IP address are masked (e.g.: 130.75.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The information generated by Matomo is stored exclusively on the servers of Hochschule RheinMain and is not forwarded to external third parties.
You can prevent the analysis by Matomo by clicking on "reject statistical cookies" in the cookie banner on the website.

When you contact us (e.g. via contact form, email or phone), your master data (e.g. name, age) contact data (e.g. address, email, phone number), content data (e.g. communication content, photographs, videos) are processed insofar as this is necessary to answer your inquiry.
No prices or data are passed on to third parties in this context, unless this is explicitly stated when the data is entered, e.g. if we use an external service provider. The data is processed exclusively for the purpose of handling the request.
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The legal basis for the processing of the data is the consent of the user through the clearly confirming action in the context of establishing contact in accordance with Art. 6 para. 1 lit. a GDPR.
If the goal of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Some websites of Hochschule RheinMain offer the option of subscribing to a free newsletter using an online form. When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the IP address of the accessing computer as well as the date and time are collected and stored. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.
No data is passed on to third parties in connection with the data processing for sending newsletters, unless this is explicitly stated when the data is entered, e.g. if we use external service providers. The data is used exclusively for sending the newsletter.
The legal basis for the processing of the data after registration for the newsletter by the user is their consent in accordance with Art. 6 para. 1 lit. a GDPR.
The consent to the sending of the newsletter can be revoked by the user concerned at any time and the newsletter can be unsubscribed. For this purpose, there is a corresponding link in every newsletter.

We use the provider YouTube to embed videos. The videos are embedded in extended data protection mode. This means that when users click on an embedded video, they are not immediately redirected to the video, but first read a warning that their data will now be passed on to third-party providers and that the HSRM no longer has any influence over the further use of the data by the third-party provider. Like most websites, YouTube uses cookies to collect information about visitors to its website. YouTube uses these to collect video statistics, prevent fraud and improve user-friendliness, among other things. When you start the video, this may trigger further data processing operations. Among other things, personal data may be sent to the USA. In the USA, personal data does not enjoy the same protection as in the European Union. For example, there is no possibility of claiming the rights of data subjects under Chapter 3 of the GDPR (see below). It also cannot be ruled out that US security authorities may access and analyze the data. We have no influence over this. You can find more information about data protection at YouTube at: https: //www.google.de/intl/de/policies/privacy.

As the data processing procedures are very different for the respective platforms, reference is made below to further, more specific information:
a) Meta's privacy policy
b) Meta's terms of use

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have various rights, albeit some of them limited, vis-à-vis the controller:
a) The right of access (Art. 15 GDPR)
If there is no restriction on the right of access pursuant to Sections 24 (2), 25 (2), 26 (2) and 33 GDPR, you can use this right to request confirmation from the controller as to whether personal data concerning you is being processed and, if so, which data is being processed and for what purpose.
b) The right to rectification (Art. 16 GDPR)
Personal data often changes or is incomplete. It is irrelevant whether the incorrect data is important or unimportant. If the data is factual and there is no restriction on the right to rectification pursuant to Sections 24 (2) and 25 (3) HDSIG, you as the data subject have the right to request the rectification or completion of your data.
c) The right to erasure or to be forgotten (Art. 17 GDPR)
As the data subject, you have the right toerasure or to be forgotten under the conditions set out in Art. 17 GDPR and Section 34 HDSIG, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay.
d) Right to restriction of processing of personal data (Art. 18 GDPR)
As a data subject, you have the right to obtain from the controller restriction of processing of personal data concerning you under the requirements set out in Art. 18 GDPR and Sections 24 (2) and 25 (4) HDSIG. The goal of restricting processing is to admit processing only for certain purposes.
e) Notification obligation in connection with the rectification or erasure of personal data or the restriction of processing (Art. 19 GDPR)
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom personal data concerning you have been disclosed of this rectification, erasure or restriction of processing.
The controller must inform you of these recipients upon request.
f) The right to data portability (Art. 20 GDPR)
As a data subject, you have the right to data portability under the requirements set out in Art. 20 GDPR. This is intended to enable you to have personal data that you have provided to a controller (hereinafter: the first controller) made available to you in a format that allows it to be transferred to another controller (hereinafter: the second controller). Alternatively, this right also aims at the direct transfer of the data from the first to the second controller.
g) The right to appeal (Art. 21 GDPR)
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) lit. e GDPR (in the public interest or in the exercise of official authority) or f (legitimate interest).
h) The right to withdraw the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
If the data processing has taken place on the basis of consent under data protection law, you have the right to withdraw this declaration of consent at any time. Data processing cannot then be reversed for the past, but it can be prohibited for the future.
i) The right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Hessian Commissioner for Data Protection and Freedom of Information:
The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden

https://datenschutz.hessen.de