Unsupported Screen Size: The viewport size is too small for the theme to render properly.

Data protection declaration

Introduction

With the following data protection declaration we would like to inform you which types of your personal data (hereinafter also referred to as “data”) we process, for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter also referred to collectively as “online offer”).

The terms used are not gender-specific.

State: 19. April 2020

Summary of contents

Responsible person

Student body
HTW Dresden
Friedrich-List-Platz 1
01069 Dresden

Authorised representatives: Student Council of the University of Applied Sciences Dresden

e-mail address: website@stura.htw-dresden.de

Imprint: https://stura.htw-dresden.de/impressum

Overview of the processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data (e.g. names, addresses).
  • Content data (e.g. text entries, photographs, videos).
  • Contact data (e.g. e-mail, telephone numbers).
  • Meta/Communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Contract data (e.g. subject matter of the contract, duration, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

Categories of affected persons

  • Business and contractual partners.
  • Interested parties.
  • Communication partners.
  • Vustomers.
  • Members.
  • Users (e.g. website visitors, users of online services).

Purposes of processing

  • Office and organisational procedures.
  • Direct marketing (e.g. by e-mail or post).
  • Feedback (e.g. collecting feedback via online form).
  • Contact requests and communication.
  • Profiling (creating user profiles).
  • Remarketing.
  • Range measurement (e.g. access statistics, recognition of returning visitors).
  • Tracking (e.g. interest/behaviour-related profiling, use of cookies).
  • Contractual performance and service.
  • Administration and answering of inquiries.

Determinant legal bases

In the following we inform you about the legal bases of the General Data Protection Regulation (GDPR/DSGVO), on the basis of which we process personal data. Please note that in addition to the regulations of the DSGVO, national data protection regulations may apply in your or our country of residence and domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 para. 1 sentence 1 letter a DPA) – The data subject has given his/her consent to the processing of personal data relating to him/her for one or more specific purposes.
  • Contractual performance and pre-contractual requests (Art. 6 para. 1 sentence 1 letter b. DPA) – Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Reasonable interests (Art. 6 para. 1 sentence 1 letter f. DSGVO) – The processing is necessary for the protection of the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted, and to respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, by designing technology and by using data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

.

Performance of tasks according to the statutes or rules of procedure

We process the data of our members, supporters, interested parties, business partners or other persons (collectively “data subjects”) if we have a membership or other business relationship with them and perform our tasks and are recipients of benefits and allowances. Otherwise, we process the data of Data Subjects on the basis of our legitimate interests, e.g. if it concerns administrative tasks or public relations work.

The data processed, the nature, scope and purpose of such processing and the necessity of its processing, are determined by the underlying membership or contractual relationship, from which the necessity of any data details is also apparent (in all other respects, we refer to required data).

We delete data which are no longer necessary for the provision of our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. We keep the data for as long as they may be relevant to the business transaction as well as with regard to any warranty or liability obligations based on our legitimate interest in their regulation. The necessity of the storage of the data is regularly checked; otherwise, the legal storage obligations apply.

  • Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, duration, customer category).
  • Affected persons: users (e.g. website visitors, users of online services), members, business and contractual partners.
  • Purposes of processing: Contractual services and service, contact inquiries and communication, administration and answering of inquiries.
  • Legal bases: Fulfilment of contract and pre-contractual enquiries (Art. 6 Paragraph 1 sentence 1 letter b. DSGVO), legitimate interests (Art. 6 Paragraph 1 sentence 1 letter f. DSGVO).

Payment service providers

In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the persons concerned efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by the payment service providers include inventory data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient related data. These details are required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the General Terms and Conditions and the data protection information of the payment service providers.

For the payment transactions the terms and conditions and the data protection information of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, disclosure and other affected parties’ rights.

  • Processed data types: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. object of contract, term, customer category), usage data (e.g. e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: customers, interested parties.
  • Purposes of processing: Contractual services and service.
  • Legal basis: Fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 letter b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 letter f. DSGVO).

Services and service providers:

Polls and surveys

The surveys and inquiries (hereinafter “surveys”) we conduct are evaluated anonymously. Personal data will only be processed to the extent necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user’s browser or to enable a resumption of the survey by means of a temporary cookie (session cookie)) or if users have consented to this.

Notes on legal bases: If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants’ data is based on our legitimate interest in conducting an objective survey.

  • Processed data types: Contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. e.g. device information, IP addresses).
  • Affected persons: Communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication, direct marketing (e.g. (e.g. by e-mail or postal mail), tracking (e.g. interest/behavioural profiling, use of cookies), feedback (e.g. collecting feedback via online form), profiling (creating user profiles).
  • Legal basis: Consent Consent (Art. 6 para. 1 sentence 1 letter a. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 letter f. DSGVO).

Used services and service providers:

Video conferences, Online meetings, Webinars and screen sharing

We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

In this context, data of the communication participants are processed and stored on the servers of third party providers, as far as they are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions, as well as entries in chats and shared screen contents.

If users are referred to the third party providers or their software or platforms in the course of communication, business or other relationships with us, the third party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third party providers.

Notes on legal bases: If we ask users for their consent to the use of the third party providers or certain functions (e.g. consent to a recording of conversations), the legal basis of the processing is consent. Furthermore, their use can be a component of our (pre-)contractual services, provided that the use of the third party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would like to refer you additionally to the information on the use of cookies in this data protection declaration.

  • Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: Communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: Contractual services and service, contact enquiries and communication, office and organisational procedures, direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 para. 1 S. 1 letter a. DSGVO), fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 letter b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 letter f. DSGVO).

Services and service providers:

Presence in social networks

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

  • Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing:Contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal basis: Justified interests (Art. 6 para. 1 sentence 1 letter f. DSGVO).

Used services and service providers:

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply (e.g.., if the purpose of the processing of these data has ceased or if they are not necessary for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that are necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notes of this privacy policy.

Change and update of the data protection declaration

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to cooperate (e.g. to give your consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Rights of the persons concerned

As a data subject, you are entitled to various rights under the DSGVO, which are derived in particular from Art. 15 to 18 and 21 DPA:

  • Right to object: you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you that is carried out pursuant to Art. 6, paragraph 1, letters e or f DPA; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not data concerning you are being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with the law.
  • Right of rectification: You have the right to obtain the completion of data concerning you or the rectification of incorrect data concerning you in accordance with the law.
  • Right of deletion and limitation of processing: In accordance with the law, you have the right to ask for the immediate deletion of data concerning you or, alternatively, in accordance with the law, to ask for a limitation of processing of the data.
  • Right to transfer data: You have the right, in accordance with the law, to receive data relating to you that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another person responsible.
  • You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State in which you have your habitual residence, your place of work or the place where the infringement is alleged, if you consider that the processing of personal data relating to you is in breach of the DPA.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them.

  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a website address, a telephone number, a fax number, a fax number, a mobile phone number, an e-mail address, etc.). (e.g. cookie) or one or more special features which reveal the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiling: Profiling is any automated processing of personal data consisting of the use of personal data to analyse, evaluate or predict (e.g., information regarding age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) certain personal aspects relating to a natural person. e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
  • Range measurement: Range measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behaviour or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. In this way, they can better adapt the contents of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes in order to recognize returning visitors and thus to obtain more precise analyses of the use of an online offering.
  • Remarketing: One speaks of “remarketing” or “retargeting”, for example, when it is noted for advertising purposes in which products a user was interested on a website in order to remind the user on other websites of these products, e.g. in advertisements. Tracking:
  • Tracking: Tracking is used when the behaviour of users can be traced across several online offers. As a rule, behavioral and interest information regarding the online offers used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
  • Responsible person: “Responsible person” is defined as the natural or legal person, authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or set of operations, whether or not automated, which is performed upon personal data. The term is broad and covers virtually all handling of data, whether it be collection, analysis, storage, communication or deletion.

Created with free data protection generator.de by Dr. Thomas Schwenke

WordPress Appliance - Powered by TurnKey Linux