Privacy Policy

Thank you very much for your interest in our Company Day. Data protection is particularly important to us.
In principle, you can use the Company Day website without providing any personal information. However, it may become necessary to process personal data if a data subject wishes to make use of special Company Day services through our website. If personal data has to be processed and there is no legal basis for this processing, we usually obtain the data subject’s consent.
Personal data, for example the names, addresses, e-mail addresses and/or telephone numbers of data subjects, is invariably processed in compliance with the General Data Protection Act (GDPR) and the state data protection legislation to which Hochschule Bonn-Rhein-Sieg is bound. The university’s privacy policy aims to inform the public of the nature and scope of this data and the purposes for which it is collected, used and processed. The privacy policy also informs data subjects of their rights.
As the data controller responsible for processing the data, Hochschule Bonn-Rhein-Sieg has put numerous technical and organisational measures in place to ensure that there are as few security loopholes as possible when personal data is processed through this website. Nevertheless, web-based data transmission is by nature susceptible to security loopholes, which means that absolute protection cannot be guaranteed. For this reason, each data subject is free to send us their personal data using other channels, e.g. by telephone.

1. Name and address of data controller

The data controller, as defined by the General Data Protection Regulation, other data protection legislation in the European Union member states and other provisions serving the purpose of data protection, is:

Hochschule Bonn-Rhein-Sieg University of Applied Sciences
Grantham-Allee 20
53757 Sankt Augustin
Germany
Tel.: +49 2241 865 0
E-mail: info(at)unternehmenstag.de
Website: www.unternehmenstag.de

2. Name and address of the data protection officer

The data controller’s data protection officer is:

H-BRS Data Protection Officer
Grantham-Allee 20
53757 Sankt Augustin
Germany
Telephone number: +49 2241 865 102
E-mail: datenschutzbeauftragte(at)h-brs.de

3. Use of cookies

This website operated by Hochschule Bonn-Rhein-Sieg University of Applied Sciences uses cookies. Cookies are text files that are stored by a web browser on the user’s computer and transmit information to our system. When a user accesses a website, a cookie can be stored on his/her device’s operating system. This cookie contains a typical string of characters that enables the browser to be clearly identified and recognised when the user returns to the website. The purpose of this is to make it easier for users to use our website and to enable us to provide more user-friendly services (information and services) which could not be realised without the installation of cookies. On accessing the website, an info banner appears informing the user that cookies are being used and providing a link to the website’s privacy policy. By continuing to use the website, the user consents to the use of cookies.
The legal basis for processing personal data using technically necessary cookies is Art. 6(1) f) GDPR. The purposes specified above also constitute our legitimate interest in the processing of personal data within the meaning of Art. 6(1) f) GDPR. The legal basis for processing personal data using cookies for analytical purposes in cases where the user has given his/her consent is Art. 6(1) a) GDPR.
Users can prevent our website from installing cookies on their devices at any time by adjusting their browser settings accordingly; this will block the installation of cookies permanently. Moreover, cookies that have already been stored can be deleted at any time through the web browser or other software. This function is available in all standard web browsers. If the data subject deactivates the installation of cookies in the web browser he/she is using, it may no longer be possible to use all the functions on our website to their full extent.

4. Provision of website / collection of general data and information

The Hochschule Bonn-Rhein-Sieg website collects a range of general data and information whenever it is accessed by a user or automated system. This general data and information is stored in the server’s log files. Log files are files that record the processes that take place in computers and networks. The information collected encompasses (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the web page from which the accessing system came to our website (known as the ‘referrer’), (4) the sub-websites accessed by the accessing system on our website, (5) the date and time at which the website was accessed, (6) an internet protocol address (IP address), and (7) the accessing system’s internet service provider.
Hochschule Bonn-Rhein-Sieg does not draw any conclusions about the data subject when using this general data and information. The legal basis for the storage of personal data is Art. 6(1) f) GDPR. This information is required (1) to deliver the content of our website correctly, (2) to optimise the content of our website, (3) to ensure that our IT systems and the technology used by our website remain functional in the long term, and (4) to furnish the law enforcement bodies with essential information in the event of a cyberattack. Hochschule Bonn-Rhein-Sieg therefore evaluates this anonymously collected data and information statistically and with the goal of improving data protection and data security on the website in order to ensure that the personal data we process is optimally protected. The anonymous data in the server log files is stored separately from all personal data provided by the data subject. These purposes also constitute our legitimate interest in the processing of this data pursuant to Art. 6(1) f) GDPR.
The data is erased as soon as it is no longer required for the purpose for which it was collected. With regard to data collected in order to provide access to the website, this is the case when the respective session is ended.
The collection of data to provide access to the website and the storage of data in log files are essential to the operation of the website. The user is therefore unable to object to these activities.

5. Registration on our website

The data subject is given the option of registering on the data controller’s website by providing personal information. The personal data transmitted to the data controller in this situation is determined by the input mask used for registration purposes. The input mask furnishes the user with information on the use of his/her personal data; the user is required to actively consent to this before concluding the registration process.
The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller for Hochschule Bonn-Rhein-Sieg’s own purposes. The data is not transmitted to any third party.
Moreover, the IP address assigned to the data subject by his/her internet service provider (ISP) and the date and time of registration are also stored when the data subject registers on the website. This data is stored on the grounds that this is the only way in which abuse of our services can be prevented, as it can be used to investigate criminal activities if needed. The storage of this data is therefore necessary to protect the data controller. This data is not passed on to third parties unless there is a legal obligation to do so or this is required for purposes of criminal prosecution.
For the data controller, having the data subject voluntarily provide personal information while registering on the website makes it possible to provide content or services that due to their nature can only be offered to registered users.
The legal basis for the processing of personal data is Art. 6(1) a) GDPR.
Registered users are free to amend the personal data provided on registration or to have it completely removed from the data controller’s database at any time.

6. Making contact through the website

In compliance with statutory regulations, the Company Day website contains information that facilitates rapid electronic contact with our university and direct communication with us; this includes a general address for so-called electronic post (e-mail address). Should the user contact the university by -email, the personal data transmitted by the user will be stored automatically. Data of this kind transmitted by the user to the university on a voluntary basis is stored for processing purposes or in order to make contact with the user. This personal data is not forwarded to any third party.
The legal basis for the processing of data transmitted while sending an e-mail is Art. 6(1) f) GDPR. If contact has been made by e-mail for the purpose of concluding a contract, the legal basis for the processing of the data is also Art. 6(1) b) GDPR.
In the case of contact being made by e-mail, this also constitutes the required legitimate interest in the processing of the data pursuant to Art. 6(1) f) GDPR.
The data will be erased as soon as it is no longer required for the purpose for which it was collected. With regard to the personal data from the input mask in the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is understood to have ended when it can be inferred from the circumstances that the matter in question has been conclusively settled. The additional personal data collected during the transmission process will be erased within a period of no more than seven days.
The user may withdraw his/her consent to the processing and storage of his/her personal data at any time. Users who contact us by e-mail may withdraw their consent to the processing and storage of their personal data at any time. If the user exercises this right, it will be impossible to continue the conversation. In this case, all the personal data stored during the course of the correspondence will be erased.

7. Links to social media

Our website contains links to Facebook and other social media providers (social networks). These are identified accordingly on our website. If you follow these links, your browser will establish a direct link with the social network’s server.

We have no influence over the nature and scope of the data subsequently collected by the social networks. Please refer to the privacy policies of the social networks for information on the scope and purpose of their data collection activities, the way in which the data is processed and used, your rights, and the possibilities available to you for protecting your privacy. We do not furnish the social networks with personal information; neither do we receive any personal information from the social networks.

8. Routine erasure and blocking of personal data

The data controller only processes and stores the data subject’s personal data for as long as this is required in order to achieve the purpose for which it was stored or to comply with the legislation enforced by the European body responsible for issuing directives and regulations or by any other legislative body to which the data controller is subject.
If the purpose of the data storage ceases to apply, or if a storage deadline set by the European body responsible for issuing directives and regulations or by any other competent legislative body expires, the personal data will be routinely blocked or erased in compliance with the respective legislation.

9. Legal or contractual provisions on the provision of personal data; necessity with regard to the conclusion of a contract; data subject’s obligation to provide personal data; possible consequences of failure to provide personal data

Please note that the provision of personal data is in some cases prescribed by law (e.g. tax regulations) or may be required in order to comply with contractual provisions (e.g. information regarding the contractual partner). At times, the conclusion of a contract may depend on a data subject providing us with personal data that we subsequently have to process. The data subject is for example obliged to furnish us with personal data when the university concludes a contract with him/her. Failure to provide this personal data would make it impossible to conclude such a contract with the data subject. The data subject must contact our data protection officer before making his/her personal data available. Our data protection officer will explain to the data subject on a case-by-case basis whether the provision of the personal data is regulated by law or in the contract, whether it is required in order to conclude the contract, whether the data subject is obliged to provide the personal data, and which consequences would result from any failure to provide the personal data.

10. SSL encryption

In order to safeguard the security of your data during transmission, we use the latest encryption technology such as SSL and HTTPS. 

11. Matomo

Diese Webseite verwendet Matomo, eine Open Source, selbstgehostete Software um anonyme Nutzungsdaten für diese Webseite zu sammeln.

Die Daten zum Verhalten der Besucher werden gesammelt um eventuelle Probleme wie nicht gefundene Seiten, Suchmaschinenprobleme oder unbeliebte Seiten herauszufinden. Sobald die Daten (Anzahl der Besucher die Fehlerseiten oder nur eine Seite sehen, usw.) verarbeitet werden, erzeugt Matomo Berichte für die Webseitenbetreiber, damit diese darauf reagieren können. (Layoutveränderungen, neue Inhalte, usw.)

Matomo verarbeitet die folgenden Daten:

  • Cookies
  • Anonymisierte IP-Adressen indem die letzten 2 bytes entfernt werden (also 198.51.0.0 anstatt 198.51.100.54)
  • Pseudoanonymisierter Standort (basierend auf der anonymisierten IP-Adresse
  • Datum und Uhrzeit
  • Titel der aufgerufenen Seite
  • URL der aufgerufenen Seite
  • URL der vorhergehenden Seite (sofern diese das erlaubt)
  • Bildschirmauflösung
  • Lokale Zeit
  • Dateien die angeklickt und heruntergeladen wurden
  • Externe Links
  • Dauer des Seitenaufbaus
  • Land, Region, Stadt (mit niedriger Genauigkeit aufgrund von IP-Adresse)
  • Hauptsprache des Browsers
  • User Agent des Browsers
  • Interaktionen mit Formularen (aber nicht deren Inhalt)

Server Logs

Wenn Sie diese Webseite verwenden, wird der Aufruf vom Host der Webseite ([Webhost]) aufgezeichnet. Dieses Log enthält Ihre IP-Adresse, welche Sie indirekt über Ihren Internetanbieter identifiziert. Die Aufzeichnung dieser Daten ist gesetzlich verpflichtend und für die Sicherheit notwendig. Es gibt keine Möglichkeit zum Opt-Out, die Daten werden aber niemals für andere Zwecke verwendet.

Rechte der betroffenen Personen

Da Matomo Daten basierend auf legitimen Interesse sammelt, können Sie folgende Rechte ausüben:

  • Recht auf Auskunft und Datenübertragbarkeit: Sie können jederzeit alle Ihre Daten anfordern.
  • Recht auf Löschung und Berichtigung: Sie können jederzeit anfragen, dass wir alle Ihre Daten vollständig löschen.
  • Recht auf Widerspruch und Einschränkung der Verarbeitung: Sie können jederzeit der Datensammlung widersprechen, indem Sie in Ihrem BrowserDoNotTrack 12 oder diese Box abhaken:

12. Google Webfonts – font libraries

We use the font libraries provided by Google Webfonts in order to present our website attractively (https://www.google.com/webfonts/). These web fonts are transmitted to your browser cache to prevent repeat loading. If the browser does not support Google Webfonts or prevents your device from accessing it, content will be shown in a standard font.

Operator’s privacy policy: https://www.google.com/policies/privacy/

13. Social media plug-ins

We use an Instagram feed plug-in to display social media content on our website. Our website therefore sends queries to Instagram’s servers in order to display images and videos. These queries make your IP address visible to Instagram, which can then use it in accordance with its privacy policy: https://help.instagram.com/155833707900388

14. Google Maps

(1) This website uses the services provided by Google Maps. This enables us to show interactive maps directly in the website, thus allowing you to make convenient use of the map function.

(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage on our website. The data collected during your visit to the website is also transmitted. This occurs regardless of whether you are logged in through a user account provided by Google or whether no user account exists. If you are logged in to your Google account, your data will be directly assigned to this account. If you do not wish this data to be assigned to your Google profile, you must log out before clicking on the button. Google stores your data as a use profile and uses it for purposes of advertising, market research and/or structuring its website in accordance with user requirements. In particular, this analysis is performed (even in the case of users who are not logged in) to provide needs-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles and are required to contact Google if you wish to exercise this right.

(3) You will find further information about the purpose and scope of the plug-in provider’s data collection and processing activities in the provider’s privacy policy. Here you will also find further information on your rights and the settings available to you for the purpose of protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has bound itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

15. Contract processors

We make use of external service providers (contract processors), e.g. when sending goods or newsletters or handling payments. A separate contract data processing agreement has been concluded with the service provider in order to guarantee that your personal data is protected.

16. Existence of automated decision-making processes

We have dispensed with automated decision-making processes and profiling.

17. Rights of the data subject

If the user’s personal data is processed by H-BRS, the user is a data subject within the meaning of the GDPR and has the following rights:

a) Right to confirmation

The European body responsible for issuing directives and regulations has granted all data subjects the right to obtain confirmation from the controller as to whether their personal data is being processed. If a data subject wishes to exercise this right to confirmation, they can contact our data protection officer or any other employee responsible for data processing at any time.

b) Right of access

The European body responsible for issuing directives and regulations has granted all data subjects the right to obtain free information from the controller as to whether their personal data is being processed and the right to obtain a copy of this information. Moreover, the European body responsible for issuing directives and regulations has granted all data subjects a right of access to the following information:

the existence of automated decision-making processes, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such data processing for the data subject

if the personal data was not obtained directly from the data subject: all available information about the origin of the data

the existence of a right to lodge a complaint with a supervisory authority

the existence of a right to request the rectification or erasure of the personal data, to restrict the processing of the personal data, and to object to such processing

where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period

the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in non-EU countries or international organisations

the categories of personal data being processed

the purposes for which the personal data is being processed

Moreover, the data subject has the right to be informed as to whether personal data has been transmitted to a non-EU country or an international organisation. If this is the case, the data subject also has the right to be informed of the safeguards put in place relating to the transmission.
If a data subject wishes to exercise this right of access, they can contact our data protection officer or any other employee responsible for data processing at any time.

c) Right to rectification

The European body responsible for issuing directives and regulations has granted every data subject the right to request the rectification of incorrect personal data without undue delay. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, also by providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they can contact our data protection officer or any other employee responsible for data processing at any time.

d) Right to erasure (right to be forgotten)

The European body responsible for issuing directives and regulations has granted all data subjects the right to have the controller erase the personal data without undue delay where one of the following grounds applies and insofar as the personal data does not have to be processed:

The personal data was collected in connection with the offer of information society services pursuant to Art. 8(1) GDPR.

The personal data has to be erased in order to comply with a legal obligation set forth in the Union or member state law to which the controller is subject.

The personal data was processed unlawfully.

The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.

The data subject withdraws the consent on which the processing is based pursuant to Art. 6(1) a) GDPR or Art. 9(2) a) GDPR, and there are no other legal grounds for the processing.

The personal data was collected or otherwise processed for a purpose for which it is no longer required.

If any of the above-mentioned grounds exist and a data subject would like to have personal data stored by Hochschule Bonn-Rhein-Sieg erased, they can contact our data protection officer or any other employee responsible for data processing at any time. The data protection officer at Hochschule Bonn-Rhein-Sieg or another staff member will ensure that the request for erasure is fulfilled without undue delay.
Where Hochschule Bonn-Rhein-Sieg has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase it, Hochschule Bonn-Rhein-Sieg – with due consideration of available technology and the cost of implementation – shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies/replication of, this personal data insofar as the processing thereof is not necessary. The data protection officer at Hochschule Bonn-Rhein-Sieg or another staff member will ensure that the necessary steps are taken in each individual case.

e) Right to restriction of processing

The European body responsible for issuing directives and regulations has granted all data subjects the right to have the controller restrict the processing of their personal data where one of the following applies:

The data subject has objected to the processing pursuant to Article 21(1) pending verification of whether the legitimate grounds of the controller override those of the data subject.

The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.

The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.

The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.

If any of the above-mentioned conditions are met and a data subject would like to request a restriction on the processing of personal data stored by Hochschule Bonn-Rhein-Sieg, they can contact our data protection officer or any other employee responsible for data processing at any time. The data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg will then ensure that the processing of the data subject’s personal data is restricted.

f) Right to data portability

The European body responsible for issuing directives and regulations has granted all data subjects the right to receive the personal data they transmitted to the data controller in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another data controller without hindrance from the controller to whom the data was originally transmitted provided the processing of this data is based on consent pursuant to Art. 6(1) a) GDPR or Art. 9(2) a) GDPR or on a contract pursuant to Art. 6(1) b) GDPR and the processing is carried out by automated means. This right does not apply to data processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another insofar as this is technically feasible and the transmission does not affect the rights and freedoms of other persons.
The data subject can exercise his/her right to data portability at any time by contacting the data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg.

g) Right to object

The European body responsible for issuing directives and regulations has granted all data subjects the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data as specified in Art. 6(1) e) or f) GDPR. The same applies to profiling based on these provisions.
If an objection is lodged, Hochschule Bonn-Rhein-Sieg will cease processing the personal data unless it can demonstrate compelling legal grounds for the processing that override the interests, rights and freedoms of the data subject or unless the data has to be processed for the establishment, exercise or defence of legal claims.
If Hochschule Bonn-Rhein-Sieg processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of his/her personal data for such purposes. The same applies to profiling insofar as it is connected with such direct marketing. If the data subject objects to the processing of his/her personal data by Hochschule Bonn-Rhein-Sieg for advertising purposes, Hochschule Bonn-Rhein-Sieg will cease processing the personal data for these purposes.
Where personal data is processed by Hochschule Bonn-Rhein-Sieg for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject shall have the right, on grounds relating to his/her particular situation, to object to the processing of his/her personal data unless the processing is necessary for the performance of a task carried out in the public interest.
The data subject can exercise his/her right to object at any time by directly contacting the data protection officer or another staff member at Hochschule Bonn-Rhein-Sieg. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his/her right to object by any automated means subject to technical specifications.

h) Right to withdraw consent to data processing

The European body responsible for issuing directives and regulations has granted every data subject the right to withdraw his/her consent to the processing of his/her data at any time.
If a data subject wishes to exercise this right to withdraw their consent, they can contact our data protection officer or any other employee responsible for data processing at any time.

i) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint is lodged will inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
 

This privacy policy is based on models provided by DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as a data protection officer, in cooperation with the data protection solicitors at the law form WILDE BEUGER SOLMECKE | Rechtsanwälte.