Legal
Bochum University of Applied Sciences supports the protection of its users' privacy. Personal data will only be used in accordance with the following declaration on data protection and data security (Privacy Policy). The following information provides an overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified. Detailed information can be found in our data protection declaration listed below this text.
Data Protection Laws
As a public corporation under state supervision, Bochum University of Applied Sciences is subject to the provisions of the EU General Data Protection Regulation, the State Data Protection Act of North Rhine-Westphalia (DSG NRW) and other data protection regulations of the Federal Republic of Germany. To protect your rights, we have taken technical and organisational measures and ensured that the data protection regulations are also observed by external service providers who work on this website. Bochum University of Applied Sciences only processes personal data if this data is necessary for the fulfilment of its tasks.
Name and address of the personal responsible
The controller within the meaning of the EU General Data Protection Regulation and other national data protection laws and regulations is
Bochum University of Applied Sciences KdÖR
Legally represented by the President
Am Hochschulcampus 1
44801 Bochum
Bochum, Germany
Tel: +49 234 36186 0
Website: https://www.hochschule-bochum.de/
Name and address of the data protection officer:
Bochum University of Applied Sciences
Mrs Christina Warsitz
Data protection officer
Gesundheitscampus 8
44801 Bochum
Tel: +49 234 36186 9585
Email: christina.warsitz(at)hs-bochum.de
1. Scope of processing of personal data in general
We collect and use the personal data of our users only to the extent necessary to provide a functional website as well as our content and services.
Personal data is collected and processed either with the user's consent or where permitted by applicable legal provisions. Where obtaining prior consent is not feasible for factual reasons, personal data will be processed only if permitted by law.
a) Purpose of processing and legal basis
Where users provide their consent to the processing of personal data, the legal basis is Article 6(1)(a) GDPR.
Where the processing of personal data is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the University, the legal basis is Article 6(1)(e) GDPR.
b) Data retention and deletion
Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.
Data may be retained beyond this period where required by European or national legislation, regulations, or other legal provisions applicable to the Controller.
Data will also be blocked or deleted once the statutory retention period expires, unless further storage is necessary for the conclusion or performance of a contract.
2. Scope of the processing of personal data when providing the website and creation of log files
Whenever this website is accessed, the hosting provider Hetzner Online GmbH automatically collects server log files containing the following information:
IP address
Date and time of the request
Requested webpage
Amount of data transferred
Browser type and version
Operating system
Referrer URL
Request status (e.g., successful)
a) Purpose of processing and legal basis
These data are processed exclusively to ensure the smooth operation of the website and to maintain IT security (for example, to defend against cyberattacks).
The legal basis for the temporary storage of these data and log files is Article 6(1)(e) GDPR.
b) Retention period
No data is permanently stored.
3. Data transmission when contacting us by email
If you contact us via one of the email addresses provided, the personal data transmitted with your email will be stored. Such data will not be disclosed to third parties and will be used exclusively for processing your inquiry and maintaining communication.
a) Purpose of processing and legal basis
The personal data contained in emails is processed solely for the purpose of handling your inquiry, maintaining correspondence, and communicating with you.
The legal basis for processing personal data transmitted by email is Article 6(1)(e) GDPR.
b) Data retention period
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data transmitted by email, this is the case once the conversation and all related communication with the user have ended.
c) Right to object and withdrawal of consent
Users have the right to withdraw their consent to the processing of personal data at any time.
If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the correspondence cannot be continued.
All personal data stored during the course of the communication will then be deleted.
4. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation and the Data Protection Act of the State of North Rhine-Westphalia. In this case, you have the following rights vis-à-vis the controller:
a) Right to information
You have the right to obtain, upon request and free of charge, information about the personal data stored concerning you (Article 15 GDPR).
Where personal data is processed, you may request information regarding:
the purposes for which your personal data is processed;
the categories of personal data concerned;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
the planned storage period for your personal data or, where this is not possible, the criteria used to determine that period;
the existence of the right to rectification or erasure of your personal data, the right to restriction of processing, or the right to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
all available information about the source of the data where the personal data was not collected directly from you.
You also have the right to request information as to whether your personal data is transferred to a third country or an international organization. In this context, you may request information about the appropriate safeguards pursuant to Article 46 GDPR.
b) Right to rectification
You have the right to obtain the rectification and/or completion of inaccurate or incomplete personal data concerning you. The Controller shall make such corrections without undue delay.
c) Right to restriction of processing, data portability, and objection
You may request the restriction of processing of your personal data where one of the following applies:
you contest the accuracy of your personal data for a period enabling the Controller to verify its accuracy;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
the Controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
you have objected to processing pursuant to Article 21(1) GDPR, pending verification whether the legitimate grounds of the Controller override your interests.
Where processing has been restricted, such personal data may, apart from storage, only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
You will be informed before any restriction of processing is lifted.
d) Right to erasure ("Right to be forgotten")
You have the right to request the immediate deletion of your personal data, and the Controller is obliged to erase such data without undue delay where one of the following grounds applies:
the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for processing;
you object to processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object pursuant to Article 21(2) GDPR;
your personal data has been processed unlawfully;
erasure is required to comply with a legal obligation under European Union or Member State law;
the personal data was collected in relation to information society services pursuant to Article 8(1) GDPR.
e) Notification of third parties
Where the Controller has made your personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, the Controller shall, taking account of available technology and implementation costs, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, those personal data.
Exceptions
The right to erasure does not apply where processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority;
for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR in conjunction with Section 10 of the North Rhine-Westphalia Data Protection Act, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise, or defense of legal claims.
f) Notification obligation
Where you have exercised your right to rectification, erasure, or restriction of processing, the Controller is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about those recipients.
g) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used, and machine-readable format.
You also have the right to transmit those data to another controller without hindrance from the original Controller, provided that:
the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR; and
the processing is carried out by automated means.
Where technically feasible, you also have the right to have the personal data transmitted directly from one controller to another.
This right shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
h) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for those purposes.
You also have the right to exercise your right to object by automated means using technical specifications when using information society services, notwithstanding Directive 2002/58/EC.
i) Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time.
The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
j) Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR or the North Rhine-Westphalia Data Protection Act.
The supervisory authority will inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
The competent supervisory authority is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2–4, 40213 Düsseldorf (Germany)
Phone: +49 211 38424-0; Fax: +49 211 38424-10
5. Analytics tools and advertising
No analytics tools or advertising services are used on our website.
In particular, we do not use:
tracking tools (e.g., Matomo or Google Analytics);
marketing or profiling cookies; or
external advertising networks.
As the website uses only technically necessary functions and does not set any cookies requiring user consent, a cookie banner is not required.
No personal data is shared with third parties.
The hosting provider Hetzner Online GmbH acts solely as a sub-processor within the scope of the data processing agreement concluded with the website agency 9elements GmbH, which serves as the data processor, in accordance with Article 28 GDPR.