Privacy Policy

Data protection information for this website

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. You can find detailed information on data protection in our data protection declaration below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the “Note on the responsible body” section in this data protection declaration.

How do we collect your data?

Your data is collected on the one hand when you communicate it to us. This can, for example, be data that you enter in a contact form. Other data is recorded automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. Internet browser, operating system or time of page access). This data is recorded automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have with regard to your data?

You have the right at any time to receive information about the origin, recipient and purpose of your stored personal data free of charge. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to lodge a complaint with the responsible supervisory authority.

You can contact us at any time about this and other questions on data protection.

Analysis tools and third-party tools

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs.

You can find detailed information about these analysis programs in the following data protection declaration.

General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

AStA of the HTW Berlin, Chair
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: asta@students-htw.de

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage period

Unless a more specific storage period is specified within this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will occur once these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we will process your personal data on the basis of Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, provided that special categories of data are processed in accordance with Art. 9 Para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing will also be carried out on the basis of Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or to accessing information on your device (e.g. via device fingerprinting), data processing will also be carried out on the basis of Section 25 Para. 1 TTDSG. Consent can be revoked at any time. If your data is required to fulfil the contract or to carry out pre-contractual measures, we will process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, if your data is required to fulfil a legal obligation, we will process it on the basis of Art. 6 (1) (c) GDPR. Data processing can also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The legal bases applicable in each individual case are provided in the following paragraphs of this data protection declaration.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Article 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARAGRAPH 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED IN ORDER TO CARRY OUT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF TO OBJECT TO SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING IN SO FAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request that the data be transferred directly to another responsible party, this will only be done if it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time about this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time to do this. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data was/is unlawful, you can request that the data processing be restricted instead of deleted.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
• If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Objection to advertising emails

The use of contact data published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example through spam emails.

Data collection on this website

Cookies

Our websites use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are either temporarily stored on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to store cookies and comparable recognition technologies has been requested, processing will be carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in this data protection declaration and, if necessary, ask for your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data will not be merged with other data sources.

This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry, including all personal data resulting from it (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Analysis tools and advertising

Burst Statistics

This website uses the analysis tool Burst Statistics to statistically evaluate visitor access. The provider is the company

Burst Statistics B.V.
Kalmarweg 14-5
9723JG
Groningen
Netherlands
Website: https://burst-statistics.com

We can use Burst Statistics to analyze the use of our website. Burst Statistics records, among other things: Log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that the website visitors have carried out on the site (e.g. clicks and views).

The data collected with Burst Statistics is stored exclusively on our own server.

This analysis tool is used on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

---

Source: https://www.e-recht24.de

Data protection information on AStA department accounts

The operation of the AStA account procedure is the responsibility of the system administrator and the Data Protection and Information Management Department (DuIT) of the AStA of the HTW Berlin, Treskowallee 8, 10318 Berlin.

In addition to the provisions listed in our general data protection declaration, the following general conditions apply to the use of this procedure. For further use in participating directory services (LDAP), we summarize your personal information about your HTW account in an identity management system with which you can use personalized services at the HTW Berlin. Depending on your (contractual) relationship with the HTW Berlin, data from the student services, the human resources department or the campus management system is automatically used as the source. Some of the data is entered into the identity management system manually with an account application.

• The data is used to avoid duplicates – i.e. to correctly assign people who come from different data sources.
• For the purposes of authentication and authorization (logging into IT systems), the AStA account is synchronized with HTW’s internal directory services (LDAP).
• The date of changes to your data is logged to detect misuse and errors

Data categories processed

• General personal data
• Identification numbers
• Organizational data

Retention periods

The data belonging to the AStA account is deleted at the latest when the last degree program, employment relationship, course or the end date specified on the account application will be removed from the identity management system and the end systems involved after a defined period of time. The owner of the AStA account will be informed automatically by email about the deactivation or deletion.

General information

The AStA of the HTW Berlin is responsible for data processing, represented by

Chairperson:

AStA of the HTW Berlin, Chair
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: asta@students-htw.de

Contact details of the data protection officer:

AStA of the HTW Berlin, Data Protection Officer
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: duit@students-htw.de

According to Art. 15 EU GDPR, you are entitled to free information about whether your personal data is being processed and, if so, which personal data this involves. If the data is incomplete or incorrect, you have the right to have it rectified (Article 16 of the EU GDPR). In addition, Article 17 of the EU GDPR guarantees you the right to erasure if the reason for processing no longer applies or if there is no statutory regulation (e.g. retention obligations) to the contrary. Please note that erasure of your data before the expiry of the erasure period does not enable subsequent inquiries from you to be processed without additional information and effort. In addition, you have the right to restrict processing (Article 18 of the EU GDPR) and the right to data portability (Article 20 of the EU GDPR). According to Article 21 of the EU GDPR, you may have the right to object to otherwise legal processing of personal data for reasons of a particular personal situation.

You also have the right to complain to the supervisory authority responsible for HTW Berlin if you have any doubts about the processing of data concerning you:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berliner
E-Mail: mailbox@datenschutz-berlin.de
Telephone: +49 30 138 89 – 0

Data protection information for the semester ticket office

Based on the guidelines in the social fund statutes

Sozialfonds-Satzung_2012.pdf

Data protection declaration for the semester ticket office – social fund

1. Responsible body

The General Student Committee of the Berlin University of Applied Sciences (HTW Berlin) manages the semester ticket office. The data protection officer of the AStA of the HTW Berlin is responsible for all data protection issues within the scope of the application and administration processes.

2. Purpose of data collection

The purpose of collecting personal data is to process and manage applications for grants from the social fund in accordance with Section 18a Paragraph 5 BerlHG and the provisions of the social fund statutes.

3. Legal basis for data processing

The personal data is processed on the basis of Art. 6 Paragraph 1 Letter b) GDPR (performance of the contract) in order to grant students a grant from the social fund upon application.

4. Data collected and processed

The following personal data is collected to process the applications:

• Personal identification data: name, registration number, contact details (address, email)
• Proof of income and, if applicable, information on financial circumstances, rental agreement, bank statements
• Documents relating to particularly difficult cases such as internship contracts, proof of degree qualifications or other certificates
• Further information on income and expenses that are necessary for the needs assessment

5. Data transfer and order processing

Personal data is used exclusively for the purpose of processing applications and is only passed on to third parties if this is necessary for the administration of the social fund. If external service providers are commissioned, data processing is carried out on the basis of an order processing contract that ensures compliance with data protection law.

6. Storage period

The data is stored for the duration of the application processing and beyond in accordance with statutory retention periods. After completion of the process and expiry of all deadlines, the data is securely deleted.

7. Rights of the data subjects

Data subjects have the right to:

• Information about the personal data stored (Art. 15 GDPR)
• Correction of incorrect data (Art. 16 GDPR)
• Deletion of personal data, provided there is no legal reason for retention (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Objection to processing (Art. 21 GDPR)

To exercise these rights, contact the data protection officer of the AStA of the HTW Berlin:

AStA of the HTW Berlin, data protection officer
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: duit@students-htw.de

8. Contact

If you have any questions about the processing of data or the exercise of data protection rights, students can contact the semester ticket office or the data protection officer of the AStA of the HTW Berlin:

Semester ticket office of the HTW Berlin
E-mail: semesterticket@students-htw.de
Telephone: 030-5019-2388

Data protection officer of the AStA of the HTW Berlin
E-mail: asta-duit@students-htw.de

Data protection information on job advertisements

Data protection declaration – application

We are pleased that you are interested in a position in our company. Below we would like to provide you with information on the processing of your personal data in connection with your application.

Who is responsible for data processing?

The responsible party in terms of data protection law is

Personnel Commission of the AStA of the HTW Berlin
Treskowallee 8
13187 Berlin

Which of your data do we process and for what purposes?

We process the data that you sent us in connection with your application in order to check your suitability for the position and to carry out the application process.

What legal basis is this based on?

The legal basis for the processing of your personal data in this application process is primarily Section 26 Paragraph 1 Sentence 1 BDSG. After that, the processing of data that is required in connection with the decision on establishing an employment relationship is permitted.

To which recipients will the data be passed on?

Only people who need the data for the application process to run properly have access to your data. After receiving your application, your applicant data will be reviewed by the responsible application team. Suitable applications will then be forwarded to those responsible for the respective organizational unit and the committee representatives to be involved.

How long will the data be stored?

Applicants’ data will be deleted no later than 6 months after the end of the application process. If you take up your position with us after the application process, your data will be transferred to our personnel information system.

Where is the data processed?

Data processing takes place exclusively in our in-house data center.

Your rights as a “data subject”

You have the right to rectification, erasure, restriction of processing and data portability; your right to erasure may be partially restricted by legal regulations, e.g. from the tax code. Upon written request, we will inform you in accordance with applicable law whether and which personal data about you we have stored. You also have the right to object to processing. If you exercise your right of objection, this may result in us not being able to consider you for the desired position.

General information

The AStA of the HTW Berlin, represented by the

Chairperson:

AStA of the HTW Berlin, Chair
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: asta@students-htw.de

Contact details of the data protection officer:

AStA of the HTW Berlin, Data Protection Officer
Wilhelminenhofstraße 75A
12459 Berlin
E-mail: duit@students-htw.de

According to Art. 15 EU GDPR, you are entitled to free information about whether your personal data is being processed and, if so, which personal data this involves. If the data is incomplete or incorrect, you have the right to have it rectified (Article 16 of the EU GDPR). In addition, Article 17 of the EU GDPR guarantees you the right to erasure if the reason for processing no longer applies or if there is no statutory regulation (e.g. retention obligations) to the contrary. Please note that erasure of your data before the expiry of the erasure period does not enable subsequent inquiries from you to be processed without additional information and effort. In addition, you have the right to restrict processing (Article 18 of the EU GDPR) and the right to data portability (Article 20 of the EU GDPR). According to Article 21 of the EU GDPR, you may have the right to object to otherwise legal processing of personal data for reasons of a particular personal situation.

You also have the right to complain to the supervisory authority responsible for HTW Berlin if you have any doubts about the processing of data concerning you:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berliner
E-Mail: mailbox@datenschutz-berlin.de
Telephone: +49 30 138 89 – 0

Further data protection information from the AStA and the HTW Berlin

Software and components used in the IT infrastructure of the AStA

We use open source software because it enables free access to the code base, which supports review, further development and thus both the promotion of innovation and the increase of security.

Hosted on our own servers, used for internal purposes

• NextCloud
  Cross-departmental work, internal documentation
• OnlyOffice
  Spreadsheet and word processing
• Univention
  Account management
• SOGo
  E-mails
• Roundcube
  E-mails
• Element
  Internal Chat
• Matrix
  Internal Chat
• PreTix
  Ticket/Event system
• Zammad
  E-mail management for the technical committee
• GitTea
  Code management
• WordPress
  Hosting, design and account management of the websites
  • AStA of the HTW Berlin
    Website of the AStA of the HTW Berlin
  • Wellbeing
    AStA project page: Evaluation

Provided and managed by HTW Berlin

All links lead to HTW Berlin pages

• Recording of teaching using BigBlueButton
• Digital teaching & learning
• E-mail / Webmail
• Telephony
• Wiki for administration
• Zoom