Data protection
declaration

Status as of July 31, 2023

The following data protection declaration outlines the extent to which we process personal data, which personal data we process, the legal basis for this processing and when we delete your personal data.

Controller and data protection officer

The controller for the data processing outlined below is

Hochschule Esslingen
University of Applied Sciences
Kanalstraße 33
73728 Esslingen am Neckar
Phone: 0711 397-49
Fax: 0711 397-31 00
E-mail: info(at)hs-esslingen.de

Legal form: Body governed by public law
Represented by Prof. Christof Wolfmaier, President

Notice

You can contact the data protection officer of Esslingen University of Applied Sciences at the address specified above by adding “z.H. Datenschutzbeauftragter der Hochschule Esslingen” or via e-mail at datenschutz(at)hs-esslingen.de.

Data processing in connection with our website

When you access a website, your browser regularly transmits data of your device, such as the IP address to which the website is sent, to the web server.

Each time you access our website, the following data are collected and stored in the log files of our system:

  • IP address
  • name of the accessed URL
  • date and time of access
  • data volume transferred
  • information whether the access was successful
  • browser type and version
  • operating system

The legal basis for temporarily storing the data in order to provide the website is Art. 6 paragraph 1 (e) of the General Data Protection Regulation (GDPR) in conjunction with section 2 of the act on the higher education institutions in the Land of Baden-Württemberg (LHG). We provide the information on our website to inform the public about the processes at our institution as well as to advise and assist students and other interested persons regarding the contents, structure and requirements of our programmes of study. The legal basis for processing log files is Art. 6 paragraph 1 (f) GDPR. Processing log files is required to ensure the network security and information security of the website.

The data will be deleted once they are no longer necessary to achieve the purposes for which they were collected. For the data collected to provide the website, this is the case when the respective session has ended. Log files to ensure network security and information security will be deleted after 14 days.

Use of cookies

We use cookies on our website. Cookies are text files stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored in the user’s operating system. The cookie contains a characteristic string that enables a clear identification of the browser when the website is accessed again.

Cookies may have an expiration date. You can see the expiration date of the cookies used on our website in the data protection settings. You can prevent us from storing cookies by blocking the storing of cookies by our website in your browser. You can then, however, no longer use the features controlled by cookies. You can also check which cookies are stored in your browser and delete individual cookies.

We use cookies to improve your experience on our website. Some elements on our website require that the accessing browser can be identified after the user has switched to another website. Some features of our website cannot be offered without the use of cookies. The user data collected by cookies that are required for technical reasons are not used to generate user profiles. The legal basis for processing personal data by using cookies that are required for technical reasons is Art. 6 paragraph 1 (e) GDPR in conjunction with section 2 LHG.

The following data are stored and transmitted:

  • language settings
  • contrast setting
  • font size setting
  • keyboard shortcuts to use the website
  • settings regarding embedded third-party content
  • information about the settings chosen during your last visit so that these settings are stored

In addition, we use cookies on our website which enable us to analyze the online behavior of our users. For more details, please see the section on web analytics below. The use of analytical cookies serves the purpose of improving the quality of our website and its content. Analytical cookies allow us to find out how the website is used in order to continuously optimize our services.

Web analytics

On our website, we use the open source software tool Matomo (previously PIWIK) to statistically analyze website visits. By evaluating the data we obtain, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness and thus to fulfill our tasks according to section 2 LHG even better. The software tool uses cookies for this purpose. Cookies are text files stored on your computer to analyze how you use our website. If you consent, the information created by the cookies about how you use our website will be stored on our servers. The IP address will be anonymized directly after the information is processed and before it is stored. The statistical data are deleted as soon as they are no longer required for our recording purposes.

Analytics by Matomo are deactivated when you access our website. If you go to the data protection settings, you can agree to the analytics of anonymous user data. In order to store your settings, an identification cookie will be stored in your browser so that you are not asked for the settings each time you access the website. If you delete this cookie or use another device or browser, you need to revisit the data protection section and make the necessary adjustments.

The legal basis for web analytics is Art. 6 paragraph 1 (a) GDPR. You can revoke your consent at any time by making the necessary adjustments in the data protection section.

In detail, the following types of data are processed when you consent to voluntary web analytics:

  • IP address (will be immediately anonymized before it is stored)
  • URL of the pages accessed
  • date of access
  • referrer (referring website), if applicable
  • operating system
  • manufacturer and type of device used
  • browser (type and version)
  • resolution of the browser window
  • language of the browser
  • region, location, longitude, latitude of the visitor
  • the amount of time spent on the web page
  • the frequency of accessing the web page

Embedded third-party content

Embedded videos

We use embedded YouTube videos in the extended data protection mode. This means: YouTube does not store cookies for users who access a web page containing an embedded YouTube video player but do not click on the video to watch it. If a user clicks on the YouTube video player, YouTube will be informed about the IP address and may store cookies on the user’s computer. However, personal cookie information will not be stored if you click on embedded videos. Before the connection with third-party content is established, our website will expressly notify you of the external content and potential additional data processing activities by third parties. You can also consent to the display of third-party content in our tool for data protection settings. In this case, the third-party content is reloaded and you will not receive a separate notification for the embedded content since you already received the information in the tool for data protection settings. You can adjust these settings at any time. For more details on data processing by YouTube, please see the Privacy Policy of YouTube. We do not collect personal data within the context of embedding YouTube videos.

Embedded maps

We use embedded maps from the Google Maps service in the extended data protection mode. This means: Google Maps does not store any cookies for users who access a web page containing embedded maps from Google Maps but do not click on the map to see it. If a user clicks on the map, Google will be informed about the IP address and may store cookies on the user’s computer. However, personal cookie information will not be stored. Before the connection with third-party content is established, our website will expressly notify you of the external content and potential additional data processing activities by third parties. You can also consent to the display of third-party content in our tool for data protection settings. In this case, the third-party content is reloaded and you will not receive a separate notification for the embedded content since you already received the information in the tool for data protection settings. You can adjust these settings at any time. For more details on data processing by Google Maps, please see the Privacy Policy of Google Maps. We do not collect personal data within the context of embedding maps from Google Maps.

Embedded VVS route planner

Our website contains an embedded VSS route planner. The external provider of the route planner does not store any cookies for users who access a web page containing an embedded route planner but do not click on the route planner to see it. If a user clicks on the route planner, the external provider of the service will be informed about the IP address and may store cookies on the user's computer. Before the connection with third-party content is established, our website will expressly notify you of the external content and potential additional data processing activities by third parties. You can also consent to the display of third-party content in our tool for data protection settings. In this case, the third-party content is reloaded and you will not receive a separate notification for the embedded content since you already received the information in the tool for data protection settings. You can adjust these settings at any time. For more information on data processing by the VVS route planner, please see the VVS Data Privacy Statement. We do not collect personal data within the context of embedding the VVS route planner.

Embedded tender tool

Our website contains a tender tool (service of the Staatsanzeiger für Baden-Württemberg GmbH & Co. KG and Vergabe24 GmbH). The external provider of the tender tool does not store cookies for users who access a web page containing the embedded tender tool but do not click on the tender tool to see it. If a user clicks on the tender tool, the external service provider will be informed about the IP address and may store cookies on the user's computer. Before the connection with third-party content is established, our website will expressly notify you of the external content and potential additional data processing activities by third parties. You can also consent to the display of third-party content in our tool for data protection settings. In this case, the third-party content is reloaded and you will not receive a separate notification for the embedded content since you already received the information in the tool for data protection settings. You can adjust these settings at any time. For more information on data processing by the tender tool, please see the data protection declaration of the service provider. We do not collect personal data within the context of embedding the tender tool.

Other data processing activities

Below you will find information on further data processing activities, besides those related to your use of our website for information purposes.

Contacting us

Our website contains contact forms. You are welcome to use these forms to contact us electronically. The data you enter into the contact forms (e.g. first name, last name, e-mail address, your message) are transferred to and stored by us. In addition, the following data are stored when you send your message to us:

  • date and time of sending the message

Alternatively, you can use the e-mail addresses provided to contact us. In this case, the user's personal data transmitted in the e-mail are stored.

No data are forwarded to third parties in this context. The data are only used for processing the conversation.

The legal basis for processing the data is Art. 6 paragraph 1 (e) GDPR in conjunction with section 2 LHG. In individual cases, data are processed after the user has given their consent in accordance with Art. 6 paragraph 1 (a) GDPR. The legal basis for processing data that are transmitted while sending an e-mail or submitting a contact form is Art. 6 paragraph 1 (f) GDPR if processing the data is required for ensuring network security and information security. This also constitutes the legitimate interest of the higher education institution in processing the data.

The data will be deleted once they are no longer necessary to achieve the purposes for which they were collected. The personal data from the contact form that are sent via e-mail will be deleted as soon as the conversation with the user has ended. The conversation has ended if the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data that are sent when the contact form is submitted will be deleted after 14 days.

Subscribing to our newsletter

On our website, there are various options to subscribe to our newsletter. We use a two-step subscription process. After we receive an e-mail address, we send a confirmation link to this e-mail address. In order to subscribe to our newsletter, you need to click on this link. The legal basis for this data processing is your consent in accordance with Art. 6 paragraph 1 (a) GDPR. The data processed in connection with the subscription are specified in the respective form (e.g. your e-mail address or name). In order to be able to provide proof, we store the date and time of your subscription/confirmation as well as your IP address when you subscribe to our newsletter. The legal basis for storing these data is Art. 6 paragraph 1 (f) GDPR. Our legitimate interest is to be able to provide proof of the subscriptions. You may unsubscribe from our newsletter at any time.

For sending out newsletters, we also work with contractors.

Registering for events

If you register for an event at Esslingen University of Applied Sciences, we process your data for the purpose of organising and conducting the respective event. The data that are transmitted to and stored by us are specified in the contact form / registration form (e.g. first name, last name, e-mail address, phone number, function). In addition, the following data are stored when you send your message to us:

  • date and time of the registration

During the sending process, you may be asked to consent to the processing of your data and are made aware of this data protection declaration.

You may also register by using the e-mail addresses provided. In this case, the user's personal data transmitted in the e-mail are stored.

The legal basis for processing your registration data is Art. 6 paragraph 1 (e) GDPR in conjunction with section 2 LHG. The legal basis for processing your data, once the consent of the user has been obtained, is Art. 6 paragraph 1 (a) GDPR. The legal basis for processing the data transmitted when an e-mail is sent or a registration form is submitted is, besides the user’s consent, Art. 6 paragraph 1 (f) GDPR if processing the data is required for ensuring network security and information security. This also constitutes the legitimate interest of the higher education institution in processing the data.

After your registration has been submitted, the persons organising the event at Esslingen University of Applied Sciences will process your data. If applicable, we also transmit the required data to service providers, but only to the extent required to conduct the event. We have concluded agreements on data processing on behalf of the controller or confidentiality agreements with these service providers.

If the event is held via our video conference system, the information on our video conference system is also relevant.

Your personal data will be deleted once they are no longer necessary to achieve the purposes for which they were collected. We do not intend to store the data after the event has taken place.

Using the video conference system of Esslingen University of Applied Sciences

Below, we would like to inform you about the personal data we process when you use the UCC Cloud Powered by Cisco-Webex (video conference system used at Esslingen University of Applied Sciences) and about your rights under data protection law.

The controller processing your data is Esslingen University of Applied Sciences (for its address for service, see above).

If you visit the Cisco-Webex website, the controller is the service provider. However, visiting the Cisco-Webex website is only required in order to download the software required to use the service. You can also use Cisco-Webex via the Cisco-Webex app. The basic features are also available in the browser version.

What is the legal basis for processing my data?

When processing your personal data, we comply with the provisions of the General Data Protection Regulation (GDPR), the data protection act of the Land of Baden-Württemberg (LDSG) and the act on the higher education institutions in the Land of Baden-Württemberg (LHG BW).

In accordance with Art. 6 paragraph 1 (e) GDPR in conjunction with section 2 LHG, your data are processed in order to fulfil the tasks of the higher education institution. If personal data of employees are processed, the requirements set forth in section 15 subsection 1 LDSG have to be fulfilled (data processing is required for the implementation of the employment relationship). If the meetings are held as part of a contractual relationship and you are a party to the contract, the legal basis for processing is Art. 6 paragraph 1 (b) GDPR. To a certain extent, we also process your data on the basis of consent given in accordance with Art. 6 paragraph 1 (a) GDPR.

What is the purpose of processing my data?

Your personal data are processed for the purpose of online communication and collaboration, in particular online teaching, as well as holding meetings and events (e.g. presentations). The scope of data processing also depends on the information you provide us with before or while you participate in an online meeting and on the settings you choose. We collect and store the following data:

Registration data:

  • user details (name, e-mail address)
  • password
  • browser
  • IP address

Hosting and usage data:

  • meeting meta data (topic, IP addresses of the participants, device information)
  • phone number when participating via phone, start time and end time, country name
  • configuration and communication data (device name, geographical data, IP address, user agent identifier, operating system type and version, client version, endpoint MAC addresses, time zone, domain name, activity protocols, hardware type)
  • conference information (title, date, time, duration, number of meetings, number of participants, name of the host, display resolution, dial-in method, diagnosis information)
  • support services / support (name, e-mail address, phone number, authentication information, system information, error log files)
  • access and administration rights for online self-service products
  • feedback on user evaluation during the conference for quality and surveillance purposes
  • records of all incoming and outgoing contacts for monitoring, training, coaching, and quality purposes

User-generated data:

  • video and sound data of participants, if applicable (only if the camera / microphone is activated)
  • chat messages, shared documents, presentation material
  • meeting recordings, if applicable
  • transcriptions of sound recordings, if applicable
  • uploaded files containing personal data
  • surveys, polls
  • personal data disclosed during the meeting or collaboration

What are the data sources?

We process the personal data we receive in connection with the use and the data we collect from you within the scope of your application/enrolment/registration or a contractual relationship.

Who will receive my data?

Some of the user-generated data will be shared with other users of the Webex services if this is required for collaboration or communication purposes. The computing centre of Esslingen University of Applied Sciences will receive name, e-mail and password to create Cisco-Webex accounts. The computing centre will also receive the hosting and usage data for failure analysis purposes.

In order to provide the entire communication and collaboration services, Esslingen University of Applied Sciences uses the processor T-Systems International GmbH, Hahnstr. 43, 60528 Frankfurt.

Are my data transmitted to a third country?

Our processor T-Systems International GmbH, Hahnstr. 43, 60528 Frankfurt has engaged the subcontractor Cisco International Ltd, UK, which transfers individual data (pseudonymised host name, Webex meeting site address (URL), start and end time of the Webex Meetings) to the US. This transfer by our processor is covered by an adequate level of data protection by standard data protection clauses (Art. 46 paragraph 2 (c) and (d) GDPR). For the United Kingdom, the EU Commission has adopted an adequacy decision, which confirms an equivalent level of data protection to that under EU law.

How long will my data be stored?

We will process and store your personal data only as long as this is required to achieve the above-stated purpose. User-generated data will be deleted 60 days after a user account is deactivated at the latest. The processor will delete the registration, hosting and usage data seven years after the contract has been terminated.

What are my rights under data protection law?

For information on your rights as data subject, please see the section Rights of the data subject.

Business collaboration

In order to initiate and engage in business collaborations, Esslingen University of Applied Sciences processes the personal data required for these purposes. The business contact details of the individuals named as persons of contact as well as the contents of the correspondence and other data that are the basis of the contractual relationship are subject of the data processing. The legal basis for this data processing is Art. 6 paragraph 1 (b) GDPR.

The data will be deleted once they are no longer necessary to achieve the purposes for which they were collected and after the respective retention period has ended.

Applying to open positions at Esslingen University of Applied Sciences

We at Esslingen University of Applied Sciences are delighted that you are interested in working with us. We know that you entrust us with some very personal information when sending us your application materials. Therefore, transparency is very important to us. Below, we want to explain in a comprehensible way which data we process and on which legal basis, who has access to these data and how long we store your data.

A) Controller and data protection officer

The controller processing your data is Esslingen University of Applied Sciences (for its address for service, see above).

B) Purposes and legal basis of data processing

During the application procedure, we only process data which you send or otherwise disclose to us. We use an application management software to process these data. We may contact you via phone if we have any questions regarding your application. If you do not wish to be contacted via phone, please let us know. In this case, we will use another communication channel to contact you and ask that you call us.

During the application process, personal data such as your name, address, phone number and e-mail address will be stored in the application database. In addition, we store your application materials (e.g. cover letter, CV, certificates) in our software.

During the application process, your application materials may also be printed. The materials will only be stored in the application management software. We will digitise any documents that we receive in paper form.

We only process your data to evaluate if you have the required aptitude and qualifications for the position you are applying for and to contact you if we have any questions regarding your application or to inform you about the application process. The legal basis for processing applicants’ data in application processes is Art. 6 paragraph 1 (b) GDPR, section 15 LDSG in conjunction with sections 83 to 85 of the civil service act of the Land of Baden-Württemberg (LBG).

If your application materials contain special categories of personal data, e.g. health data, data revealing religious beliefs or ethnic origin, the data processing is also covered by Art. 9 paragraph 2 (b) GDPR, due to our statutory obligations as employer and the resulting protection of your basic rights.

You may object to the processing of your personal data at any time. In particular, you always have the option to withdraw your application. You may revoke any consent given to us at any time. For more information on your rights, please refer to E.

C) Recipients

After we have received your application, the human resources department at Esslingen University of Applied Sciences as well as the person responsible for the position you applied for will look through your application. Applications which meet the criteria will be forwarded to the employees of Esslingen University of Applied Sciences who are involved in the application process. The staff council and, if required, the representatives for disabled persons will also receive the personal data contained in the application materials.

We use a software provided by Haufe-Lexware Services GmbH & Co. KG, Fraunhoferstr. 5, D-82152 Planegg for the application process. Haufe-Lexware Services GmbH & Co. KG is our service provider. We cannot rule out that the service provider may also see your personal data while maintaining and operating the systems. We have therefore concluded a contract on data processing on behalf of the controller with this service provider to ensure that the data are processed in a reliable manner. The employees of our service provider as well as our employees have committed themselves to confidentiality.

D) Storage period

Your personal data will be deleted once they are no longer necessary to achieve the purposes for which they were collected. In case the application process results in an employment relationship of any kind, your data are stored for the time being and transferred to the personnel file. Otherwise, the application process ends when you receive a rejection letter or e-mail.

In the latter case, your personal data will be deleted six months after you received the rejection letter or e-mail, unless a longer storage period is required for the defence of legal claims. This also applies to application data received in paper form. We explicitly inform employees and departments involved in the application process that they must destroy any prints and notes they may have made after the application process has ended to comply with data protection laws.

E) Your rights

For information on your rights as data subject, please refer to the section Rights of the data subject.

F) Important information

Applicants who fail to provide relevant personal data might not be considered for the position in question.

If you object to the processing of your data in the application management software used by us, we are not able to consider your application. We might consider your application if you provide reasons relating to your particular situation due to which you cannot be expected to have your application materials digitised and stored in the application management software used by us.

The selection of suitable candidates is not automated and we do not use any automated processing (“profiling”) within the meaning of Art. 4 number 4 GDPR.

Rights of the data subject

Under data protection law, you have the following rights:

  • the right of access in accordance with Art. 15 GDPR,
  • the right to rectification in accordance with Art. 16 GDPR,
  • the right to erasure in accordance with Art. 16 GDPR,
  • the right to restriction of processing in accordance with Art. 18 GDPR,
  • the right to object in accordance with Art. 21 GDPR relating to the particular situation of the data subject,
  • as well as the right to data portability in accordance with Art. 20 GDPR.

In accordance with Art. 77 GDPR, you also have the option to lodge a complaint with the data protection supervisory authority responsible (Art. 51 paragraph 1 GDPR in conjunction with section 25 subsection 1 LDSG). The supervisory authority responsible is the commissioner for data protection and freedom of information of Baden-Württemberg:

The Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart

Information on your right to object according to Art. 21 GDPR

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Art. 6 paragraph 1 (e) GDPR (data processing in the public interest, e.g. teaching and studying activities, research, further education) or (f) (processing for the purpose of a legitimate interest of the controller or a third party) at any time. We will then no longer process your personal data, unless we can prove legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Please send the revocation of your consent to the controller. Formal requirements must not be observed.

Do you have any questions about the collection, use or processing of your personal data? Do you want to make use of your right of access or your right to have personal data rectified, blocked or erased? Or do you want to object to the use of your data or revoke your consent? 

Please contact the data protection officer of Esslingen University of Applied Sciences. For contact details, see above (e.g. datenschutz(at)hs-esslingen.de).

Data processing in connection with the social media activities of Esslingen University of Applied Sciences

Data processing in connection with taking and publishing photos and videos

apply

Interested? Find out more! about our degree programmes