Privacy Statement

General information

Data protection is important to us and it is our legal obligation. In order to protect the security of your data during transmission, we use appropriate encryption methods in line with the latest technology (e.g. SSL/TLS) and secure technical systems.

We use Javascript as the active component for the websites. If you have disabled this function in your browser, the website will not be displayed correctly.

Data controller

University of Passau

Public body pursuant to Art. 11 sec. 1 Bavarian Higher Education Act (BayHSchG)

The University of Passau is legally represented by its President, Professor Carola Jungwirth, Chairperson of the University Executive.

University of Passau
Innstr. 41
94032 Passau
Germany

Phone: +49 851 5090
Fax: +49 851 509 1005
President@uni-passau.de

Contact details of the appointed official Data Protection Officer

Data Protection Officer
Nikolastr. 12
94032 Passau

Phone: +49 851 509 1107
datenschutz@uni-passau.de

Purposes of and legal bases for processing

Pursuant to Art. 2 sec. 6 Bavarian Higher Education Act (BayHSchG) and Art. 4 sec. 1 items 1 and 2 of the Bavarian E-Government Act (BayEGovG), we offer our services and administrative services, as well as information for the general public about our activities, on our website.

Our use of social media is part of our PR work. We aim to provide information according to specific target groups and to discuss our activities with you, in accordance with Art. 2 sec. 6 Bavarian Higher Education Act (BayHSchG). We permit rapid electronic contact and direct communication using the media of your choice pursuant to § 5 sec. 1 no. 2 TMG (German Telemedia Act).

We shall transmit content, articles or requests that violate third-party rights or constitute a criminal offence or misdemeanour and that are in breach of statutory or contractual obligations to the competent authorities or the relevant social media service, and shall block or delete them.

We use cookies, log files and the web analysis tool Matomo to compile business statistics, to conduct organisational reviews, to test and maintain our web service and to safeguard network and information security pursuant to Art. 6 sec. 1 BayDSG (Bavarian Data Protection Act), § 13 sec. 7 TMG and Art. 11 sec. 1 BayEGovG. Where this does not adversely affect the purpose of processing, we anonymise or pseudonymise personal data.

Data categories

Administration and editing

For administration and editing purposes, function identifiers and personal identifiers with access protection mechanisms are generated and changes made with these identifiers are logged.

Log files

When you visit this website or other websites, your browser transmits data to our server. While a connection is established, the following data is recorded for communication between your browser and our server:

full IP address of the requesting computer
date and time of the request
address of the requested item
access status (e.g. file transmitted, file not found)
volume of data transmitted
address from which the item was requested
browser used

Cookies

Log-in cookie

We use cookies for log-ins. These cookies are only used during a browser session and are not stored for longer periods.

Communication

Where you communicate your request or opinion to us by e-mail, post, phone, fax or social media, the details provided will be processed for the purpose of handling your request, for any follow-up questions and for exchanging opinions. We always use the same communication channel, unless you request otherwise.

Recipients or categories of recipients of the personal data

Our IT service providers may also receive your personal data within the context of order processing contracts concluded by us. In order to guarantee the security of our data processing systems, we shall, however, not disclose our service providers.

Transfers of personal data to third countries or international organisations

Social Media

In accordance with CJEU ruling C210/16 we have a shared responsibility with the relevant social media service to ensure compliance with data protection laws with regard to our social media presence. In our view, this ruling also has an effect on the new General Data Protection Regulation.

The use of our social media profiles is also governed by the provisions of:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Facebook’s data use policy
Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany
Xing’s privacy policy
Linkedin, Unlimited Company Wilton Place, Dublin 2, Ireland
Linkedin’s privacy policy

In our social media profiles we create non-exclusive content and are able to view the posts and interactions of the community. Any content, posts and enquiries that infringe upon the rights of others, constitute a regulatory or criminal offence or are in breach of legal or contractual obligations will be reported to the competent authorities and/or the social media service concerned. In addition, they will be blocked or deleted.

Legal basis: Your consent, art. 6 (1) lit. a GDPR and art. 2 (6) BayHSchG, art. 4 (1) clauses 1 and 2 BayEGovG, § 5 sec. 1 clause 2 TMG.

Data recipients and international data transfers

Our social media services or their controlling owners are certified under the EU-US Privacy Shield programme and listed for viewing by all members of the general public, thus creating a legally appropriate level of protection for personal data:

Facebook, Inc. (including the services of Facebook, Instagram and Whatsapp)
Twitter Inc.
Youtube (Youtube LLC)

Data retention period

We will check in biennial intervals whether any social media posts and non-public messages you have sent to us still need to be retained to answer any follow-up questions. If it is found that there is no need for further retention, processing of your data will be restricted and your data will be preserved in accordance with the relevant archives acts and related federal and state laws.
If your communication via a social media service was public or open to segments of the general public, you have the option of deciding directly on the duration for which it is open to the public; alternatively, you may put a request for deletion of the relevant communication to us. We will delete the communication, in accordance with the provisions of the relevant archives acts and related federal and state laws, insofar as it falls within our area of responsibility. If, after deletion, we still have copies of your data, processing of these will be restricted and they will be preserved in accordance with the retention requirements under the relevant archives acts and related federal and state laws.

OpenStreetMap

The University of Passau website uses the OpenStreetMap plug-in to display street maps. When you activate an OpenStreetMap map by clicking on the ‘Show map’ button, information about your visit, including your IP address, is transmitted to and stored on an OpenStreetMap server. This data transfer is carried out in line with the privacy policy and conditions of use of OpenStreetMap, which are made available on the website of the OpenStreetMap Foundation. The University of Passau has no influence on how this information is used and processed.

Storage period of the personal data

Log files

Log files containing personal data are kept for seven days at the most and are then deleted.

Cookies

Log-in cookie

The log-in cookie is deleted once the session has ended.

Rights of the data subject

Pursuant to the General Data Protection Regulation (GDPR), you have the following rights:

Where your personal data is processed, you have the right of access to the data stored under your name (Art. 15 GDPR).

Where incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).

Where statutory requirements are met, you may obtain erasure or restriction of processing and object to the processing (Art. 17, Art. 18, Art. 21 GDPR).

If you have given your consent to data processing or a contract for data processing exists and the processing is carried out by automated means, you also have the right to withdraw your consent with effect for the future (Art. 7 sec. 3 GDPR) and the right to data portability (Art. 20 GDPR).

Should you choose to exercise any of the above rights, the public authority shall check if the statutory requirements for this have been met.

You also have the right to lodge a complaint with the Bavarian state official for data protection (Bayerischer Landesbeauftragter für den Datenschutz).

Post box address:
Postfach 22 12 19
80502 Munich
Germany

Street address:
Wagmüllerstraße 18
80538 Munich
Germany

Phone: +49 89 212 6720
Fax: +49 89 212 67250
poststelle@datenschutz-bayern.de

Technical option for objecting to Matomo web statistics

Our website uses Matomo (formerly PIWIK). The user information collected is transmitted to our Matomo installation and stored there. Your IP address is anonymised in this process. The stored data are not disclosed to third parties. If you do not wish your data to be stored and evaluated, you can prevent your data from being stored at any time with a click of the mouse. In that case, a so-called opt-out cookie is installed on your browser. No further information is then transmitted to our Matomo installation.

Please note: If you delete your cookies, the opt-out cookie is also deleted and you may have to re-enable it.

Other information about our Privacy Statement

We reserve the right to adapt this Privacy Statement occasionally so that it complies with the current legal requirements at all times or in order to implement changes to our services in the Privacy Policy, e.g. if new services are introduced. The amended Privacy Statement shall then apply upon your next visit to our website.