Thank you very much for your interest in our Company Day. Data protection is particularly important to us.
In principle, you can use the Company Day website without providing any personal information. However, it may become necessary to process personal data if a data subject wishes to make use of special Company Day services through our website. If personal data has to be processed and there is no legal basis for this processing, we usually obtain the data subject’s consent.
As the data controller responsible for processing the data, Hochschule Bonn-Rhein-Sieg has put numerous technical and organisational measures in place to ensure that there are as few security loopholes as possible when personal data is processed through this website. Nevertheless, web-based data transmission is by nature susceptible to security loopholes, which means that absolute protection cannot be guaranteed. For this reason, each data subject is free to send us their personal data using other channels, e.g. by telephone.
1. Name and address of data controller
The data controller, as defined by the General Data Protection Regulation, other data protection legislation in the European Union member states and other provisions serving the purpose of data protection, is:
Hochschule Bonn-Rhein-Sieg University of Applied Sciences
53757 Sankt Augustin
Tel.: +49 2241 865 0
2. Name and address of the data protection officer
The data controller’s data protection officer is:
H-BRS Data Protection Officer
53757 Sankt Augustin
Telephone number: +49 2241 865 102
The legal basis for processing personal data using technically necessary cookies is Art. 6(1) f) GDPR. The purposes specified above also constitute our legitimate interest in the processing of personal data within the meaning of Art. 6(1) f) GDPR. The legal basis for processing personal data using cookies for analytical purposes in cases where the user has given his/her consent is Art. 6(1) a) GDPR.
Users can prevent our website from installing cookies on their devices at any time by adjusting their browser settings accordingly; this will block the installation of cookies permanently. Moreover, cookies that have already been stored can be deleted at any time through the web browser or other software. This function is available in all standard web browsers. If the data subject deactivates the installation of cookies in the web browser he/she is using, it may no longer be possible to use all the functions on our website to their full extent.
4. Provision of website / collection of general data and information
The Hochschule Bonn-Rhein-Sieg website collects a range of general data and information whenever it is accessed by a user or automated system. This general data and information is stored in the server’s log files. Log files are files that record the processes that take place in computers and networks. The information collected encompasses (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the web page from which the accessing system came to our website (known as the ‘referrer’), (4) the sub-websites accessed by the accessing system on our website, (5) the date and time at which the website was accessed, (6) an internet protocol address (IP address), and (7) the accessing system’s internet service provider.
Hochschule Bonn-Rhein-Sieg does not draw any conclusions about the data subject when using this general data and information. The legal basis for the storage of personal data is Art. 6(1) f) GDPR. This information is required (1) to deliver the content of our website correctly, (2) to optimise the content of our website, (3) to ensure that our IT systems and the technology used by our website remain functional in the long term, and (4) to furnish the law enforcement bodies with essential information in the event of a cyberattack. Hochschule Bonn-Rhein-Sieg therefore evaluates this anonymously collected data and information statistically and with the goal of improving data protection and data security on the website in order to ensure that the personal data we process is optimally protected. The anonymous data in the server log files is stored separately from all personal data provided by the data subject. These purposes also constitute our legitimate interest in the processing of this data pursuant to Art. 6(1) f) GDPR.
The data is erased as soon as it is no longer required for the purpose for which it was collected. With regard to data collected in order to provide access to the website, this is the case when the respective session is ended.
The collection of data to provide access to the website and the storage of data in log files are essential to the operation of the website. The user is therefore unable to object to these activities.
5. Registration on our website
The data subject is given the option of registering on the data controller’s website by providing personal information. The personal data transmitted to the data controller in this situation is determined by the input mask used for registration purposes. The input mask furnishes the user with information on the use of his/her personal data; the user is required to actively consent to this before concluding the registration process.
The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller for Hochschule Bonn-Rhein-Sieg’s own purposes. The data is not transmitted to any third party.
Moreover, the IP address assigned to the data subject by his/her internet service provider (ISP) and the date and time of registration are also stored when the data subject registers on the website. This data is stored on the grounds that this is the only way in which abuse of our services can be prevented, as it can be used to investigate criminal activities if needed. The storage of this data is therefore necessary to protect the data controller. This data is not passed on to third parties unless there is a legal obligation to do so or this is required for purposes of criminal prosecution.
For the data controller, having the data subject voluntarily provide personal information while registering on the website makes it possible to provide content or services that due to their nature can only be offered to registered users.
The legal basis for the processing of personal data is Art. 6(1) a) GDPR.
Registered users are free to amend the personal data provided on registration or to have it completely removed from the data controller’s database at any time.
6. Making contact through the website
In compliance with statutory regulations, the Company Day website contains information that facilitates rapid electronic contact with our university and direct communication with us; this includes a general address for so-called electronic post (e-mail address). Should the user contact the university by -email, the personal data transmitted by the user will be stored automatically. Data of this kind transmitted by the user to the university on a voluntary basis is stored for processing purposes or in order to make contact with the user. This personal data is not forwarded to any third party.
The legal basis for the processing of data transmitted while sending an e-mail is Art. 6(1) f) GDPR. If contact has been made by e-mail for the purpose of concluding a contract, the legal basis for the processing of the data is also Art. 6(1) b) GDPR.
In the case of contact being made by e-mail, this also constitutes the required legitimate interest in the processing of the data pursuant to Art. 6(1) f) GDPR.
The data will be erased as soon as it is no longer required for the purpose for which it was collected. With regard to the personal data from the input mask in the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is understood to have ended when it can be inferred from the circumstances that the matter in question has been conclusively settled. The additional personal data collected during the transmission process will be erased within a period of no more than seven days.
The user may withdraw his/her consent to the processing and storage of his/her personal data at any time. Users who contact us by e-mail may withdraw their consent to the processing and storage of their personal data at any time. If the user exercises this right, it will be impossible to continue the conversation. In this case, all the personal data stored during the course of the correspondence will be erased.
7. Links to social media
Our website contains links to Facebook and other social media providers (social networks). These are identified accordingly on our website. If you follow these links, your browser will establish a direct link with the social network’s server.
We have no influence over the nature and scope of the data subsequently collected by the social networks. Please refer to the privacy policies of the social networks for information on the scope and purpose of their data collection activities, the way in which the data is processed and used, your rights, and the possibilities available to you for protecting your privacy. We do not furnish the social networks with personal information; neither do we receive any personal information from the social networks.
8. Routine erasure and blocking of personal data
The data controller only processes and stores the data subject’s personal data for as long as this is required in order to achieve the purpose for which it was stored or to comply with the legislation enforced by the European body responsible for issuing directives and regulations or by any other legislative body to which the data controller is subject.
If the purpose of the data storage ceases to apply, or if a storage deadline set by the European body responsible for issuing directives and regulations or by any other competent legislative body expires, the personal data will be routinely blocked or erased in compliance with the respective legislation.
9. Legal or contractual provisions on the provision of personal data; necessity with regard to the conclusion of a contract; data subject’s obligation to provide personal data; possible consequences of failure to provide personal data
Please note that the provision of personal data is in some cases prescribed by law (e.g. tax regulations) or may be required in order to comply with contractual provisions (e.g. information regarding the contractual partner). At times, the conclusion of a contract may depend on a data subject providing us with personal data that we subsequently have to process. The data subject is for example obliged to furnish us with personal data when the university concludes a contract with him/her. Failure to provide this personal data would make it impossible to conclude such a contract with the data subject. The data subject must contact our data protection officer before making his/her personal data available. Our data protection officer will explain to the data subject on a case-by-case basis whether the provision of the personal data is regulated by law or in the contract, whether it is required in order to conclude the contract, whether the data subject is obliged to provide the personal data, and which consequences would result from any failure to provide the personal data.
10. SSL encryption
In order to safeguard the security of your data during transmission, we use the latest encryption technology such as SSL and HTTPS.
11. Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and make it possible to analyse your website use. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will first shorten your IP address in a European Union member state or another state which is party to the agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to generate reports about website activities, and to render further services for the website operator relating to website and internet use.
(2) The IP address transmitted by your browser for the purposes of Google Analytics is not associated with any other Google data.
(3) You can prevent the cookies from being stored by changing your browser settings accordingly; however, please note that if you do so, you may not be able to use all the functions on this website to their full extent. Moreover, you can prevent the collection of the data generated by the cookie concerning your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the add-on “_anonymizeIp()”. This facilitates the processing of shortened IP addresses, as a result of which the risk of associating the IP address with any individual person can be eliminated. If the data collected from you has a personal connection, it is immediately blocked and the personal data deleted without undue delay.
(5) We use Google Analytics to analyse your use of our website and to make regular improvements. We can use the statistics thus obtained to improve our website and make it more interesting for you as the user. For the exceptional cases in which personal data is transmitted to the USA, Google has bound itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1) s. 1 f) GDPR.
(6) Information regarding the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of service:
(7) This website also uses Google Analytics for the cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your website use in your client account under “My data”, “Personal data”.
Additionally, or as an alternative to the browser add-on, you can prevent Google Analytics from tracking your activities on our website by clicking on this link. This will install an opt-out cookie on your device, which will prevent the tracking activities carried out by Google Analytics for this website and browser for as long as it is installed in your browser.
12. Google Webfonts – font libraries
We use the font libraries provided by Google Webfonts in order to present our website attractively (https://www.google.com/webfonts/). These web fonts are transmitted to your browser cache to prevent repeat loading. If the browser does not support Google Webfonts or prevents your device from accessing it, content will be shown in a standard font.
13. Social media plug-ins
14. Google Maps
(1) This website uses the services provided by Google Maps. This enables us to show interactive maps directly in the website, thus allowing you to make convenient use of the map function.
(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage on our website. The data collected during your visit to the website is also transmitted. This occurs regardless of whether you are logged in through a user account provided by Google or whether no user account exists. If you are logged in to your Google account, your data will be directly assigned to this account. If you do not wish this data to be assigned to your Google profile, you must log out before clicking on the button. Google stores your data as a use profile and uses it for purposes of advertising, market research and/or structuring its website in accordance with user requirements. In particular, this analysis is performed (even in the case of users who are not logged in) to provide needs-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles and are required to contact Google if you wish to exercise this right.
15. Contract processors
We make use of external service providers (contract processors), e.g. when sending goods or newsletters or handling payments. A separate contract data processing agreement has been concluded with the service provider in order to guarantee that your personal data is protected.
16. Existence of automated decision-making processes
We have dispensed with automated decision-making processes and profiling.
17. Rights of the data subject
If the user’s personal data is processed by H-BRS, the user is a data subject within the meaning of the GDPR and has the following rights:
a) Right to confirmation
The European body responsible for issuing directives and regulations has granted all data subjects the right to obtain confirmation from the controller as to whether their personal data is being processed. If a data subject wishes to exercise this right to confirmation, they can contact our data protection officer or any other employee responsible for data processing at any time.
b) Right of access
The European body responsible for issuing directives and regulations has granted all data subjects the right to obtain free information from the controller as to whether their personal data is being processed and the right to obtain a copy of this information. Moreover, the European body responsible for issuing directives and regulations has granted all data subjects a right of access to the following information:
the existence of automated decision-making processes, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such data processing for the data subject
if the personal data was not obtained directly from the data subject: all available information about the origin of the data
the existence of a right to lodge a complaint with a supervisory authority
the existence of a right to request the rectification or erasure of the personal data, to restrict the processing of the personal data, and to object to such processing
where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period
the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in non-EU countries or international organisations
the categories of personal data being processed
the purposes for which the personal data is being processed
Moreover, the data subject has the right to be informed as to whether personal data has been transmitted to a non-EU country or an international organisation. If this is the case, the data subject also has the right to be informed of the safeguards put in place relating to the transmission.
If a data subject wishes to exercise this right of access, they can contact our data protection officer or any other employee responsible for data processing at any time.
c) Right to rectification
The European body responsible for issuing directives and regulations has granted every data subject the right to request the rectification of incorrect personal data without undue delay. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, also by providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they can contact our data protection officer or any other employee responsible for data processing at any time.
d) Right to erasure (right to be forgotten)
The European body responsible for issuing directives and regulations has granted all data subjects the right to have the controller erase the personal data without undue delay where one of the following grounds applies and insofar as the personal data does not have to be processed:
The personal data was collected in connection with the offer of information society services pursuant to Art. 8(1) GDPR.
The personal data has to be erased in order to comply with a legal obligation set forth in the Union or member state law to which the controller is subject.
The personal data was processed unlawfully.
The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
The data subject withdraws the consent on which the processing is based pursuant to Art. 6(1) a) GDPR or Art. 9(2) a) GDPR, and there are no other legal grounds for the processing.
The personal data was collected or otherwise processed for a purpose for which it is no longer required.
If any of the above-mentioned grounds exist and a data subject would like to have personal data stored by Hochschule Bonn-Rhein-Sieg erased, they can contact our data protection officer or any other employee responsible for data processing at any time. The data protection officer at Hochschule Bonn-Rhein-Sieg or another staff member will ensure that the request for erasure is fulfilled without undue delay.
Where Hochschule Bonn-Rhein-Sieg has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase it, Hochschule Bonn-Rhein-Sieg – with due consideration of available technology and the cost of implementation – shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies/replication of, this personal data insofar as the processing thereof is not necessary. The data protection officer at Hochschule Bonn-Rhein-Sieg or another staff member will ensure that the necessary steps are taken in each individual case.
e) Right to restriction of processing
The European body responsible for issuing directives and regulations has granted all data subjects the right to have the controller restrict the processing of their personal data where one of the following applies:
The data subject has objected to the processing pursuant to Article 21(1) pending verification of whether the legitimate grounds of the controller override those of the data subject.
The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
If any of the above-mentioned conditions are met and a data subject would like to request a restriction on the processing of personal data stored by Hochschule Bonn-Rhein-Sieg, they can contact our data protection officer or any other employee responsible for data processing at any time. The data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg will then ensure that the processing of the data subject’s personal data is restricted.
f) Right to data portability
The European body responsible for issuing directives and regulations has granted all data subjects the right to receive the personal data they transmitted to the data controller in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another data controller without hindrance from the controller to whom the data was originally transmitted provided the processing of this data is based on consent pursuant to Art. 6(1) a) GDPR or Art. 9(2) a) GDPR or on a contract pursuant to Art. 6(1) b) GDPR and the processing is carried out by automated means. This right does not apply to data processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another insofar as this is technically feasible and the transmission does not affect the rights and freedoms of other persons.
The data subject can exercise his/her right to data portability at any time by contacting the data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg.
g) Right to object
The European body responsible for issuing directives and regulations has granted all data subjects the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data as specified in Art. 6(1) e) or f) GDPR. The same applies to profiling based on these provisions.
If an objection is lodged, Hochschule Bonn-Rhein-Sieg will cease processing the personal data unless it can demonstrate compelling legal grounds for the processing that override the interests, rights and freedoms of the data subject or unless the data has to be processed for the establishment, exercise or defence of legal claims.
If Hochschule Bonn-Rhein-Sieg processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of his/her personal data for such purposes. The same applies to profiling insofar as it is connected with such direct marketing. If the data subject objects to the processing of his/her personal data by Hochschule Bonn-Rhein-Sieg for advertising purposes, Hochschule Bonn-Rhein-Sieg will cease processing the personal data for these purposes.
Where personal data is processed by Hochschule Bonn-Rhein-Sieg for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject shall have the right, on grounds relating to his/her particular situation, to object to the processing of his/her personal data unless the processing is necessary for the performance of a task carried out in the public interest.
The data subject can exercise his/her right to object at any time by directly contacting the data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his/her right to object by any automated means subject to technical specifications.
h) Right to withdraw consent to data processing
The European body responsible for issuing directives and regulations has granted every data subject the right to withdraw his/her consent to the processing of his/her data at any time.
If a data subject wishes to exercise this right to withdraw their consent, they can contact our data protection officer or any other employee responsible for data processing at any time.
i) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint is lodged will inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.