Data protection officer of the company
SRH Hochschule Heidelberg GmbH
Direct contact to the data protection coordinator:
Phone: +49 6221 6799-854 /-882
Direct contact to the data protection officer of SRH Hochschule Heidelberg GmbH: firstname.lastname@example.org
What is personal data?
Personal data is any information that relates to an identified or identifiable natural person. What is essential here therefore is whether a personal reference can be made using the collected data. This includes information such as your name, address, telephone number or email address. Information which is not directly connected to your actual identity, such as favourite websites or number of users of a site, is not regarded as personal data.
How do we collect and process your personal data?
If the online service includes the option to enter personal or commercial data (email addresses, names, addresses, etc.), this data may be disclosed by the user on a purely voluntary basis. Emails are transmitted via a contact form. When you send such a message, your personal data is collected only to the extent necessary to reply. The email is sent in an unencrypted manner. If you have provided us with any personal data, we shall only use this data for the technical administration of the web pages and to respond to your wishes and requests, which as a rule means to process any contract concluded with you or to reply to any queries you may have. The legal basis for processing is Article 6(1)(a) and Article 6(1)(b) GDPR. It is only if you have given us your consent beforehand, or if you – subject to it being provided for under statutory regulations – have not raised an objection, that we will also use this data for product-related surveys, marketing and statistical purposes. In this case the legal basis for processing is Article 6(1)(a) GDPR and Article 6(1)(f) GDPR. Your personal data is not disclosed, sold or transmitted in any other way to third parties unless it is necessary in order to fulfil a contract or you have given your express consent. Any consent granted can be revoked at any time with future effect.
How do we use your personal data and how do we disclose it?
If the online service includes the option to enter personal or commercial data (email addresses, names, addresses, etc.), this data may be disclosed by the user on a purely voluntary basis. Emails are transmitted via a contact form. When you send such a message, your personal data is collected only to the extent necessary to reply. The email is sent in an unencrypted manner.
If you have provided us with any personal data, we shall only use this data for the technical administration of the web pages and to respond to your wishes and requests, which as a rule means to process any contract concluded with you or to reply to any queries you may have.
It is only if you have given us your consent beforehand, or if you – subject to it being provided for under statutory regulations – have not raised an objection, that we will also use this data for product-related surveys, marketing and statistical purposes.
Your personal data is not disclosed, sold or transmitted in any other way to third parties unless it is necessary in order to fulfil a contract or you have given your express consent. Any consent granted can be revoked at any time with future effect.
For how long will my data be stored?
Generally speaking, we store all information that you send to us until the respective purpose, i.e. the contractual purpose, has been fulfilled. This means, for example, until any queries have been resolved, or in the case of newsletters, until you choose to unsubscribe from them. If an extended storage period is permissible by law, the data will be stored within this framework.
If you no longer wish that we utilise your data, we will of course comply with this request immediately (please also refer to the address stated under “Contact”).
When will my data be deleted?
The deletion of the stored personal data is carried out if you revoke your consent to such storage, if knowledge of such data is no longer necessary for the fulfilment of the purpose pursued with the storage, or if the storage of such data is inadmissible on other legal grounds. Data for invoicing and accounting purposes will not be affected by a deletion request.
We make use of so-called cookies during your visit to our website. Cookies are small data files which are stored on your computer. Cookies help us check on the frequency of use and the number of users who visit our web pages, and to make our services to you as convenient and efficient as possible.
On the one hand, we use so-called “session cookies”, which are exclusively stored temporarily for the duration of your use of one of our web pages. On the other hand, we also use “permanent cookies” in order to record data on visitors who repeatedly access one of our web pages. The purpose of using cookies is to be able to offer you optimal user guidance as well as to "recognise" you and thus be able to present to you as diversified a website as possible along with new content during repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address, etc. are not stored. No individual profile is created on your usage behaviour.
Our website offer can also be used without cookies. You can change your browser settings to disable cookies, restrict them to certain websites or set your browser to alert you whenever a cookie is sent. Please note, however, that applying such settings may affect the way in which the website is displayed or limit user guidance.
What we do to ensure security of data processing
Our organisation takes all of the necessary technical and organisational security measures to ensure your personal data is protected from loss or misuse. Accordingly, your data shall be stored in a secure operational environment that is not open to the public. In certain cases, your personal data is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and our organisation’s servers if your browser supports SSL.
Or: SSL and TLS encryption
For security reasons and to protect the transfer of confidential content, such as the orders or enquiries that you send to us as the website operators, this site uses SSL and TLS encryption. You can identify an encrypted connection from the padlock symbol in your browser bar and the fact that “http://” in the address bar changes to “https://”.
If SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.
Should you wish to contact our organisation via email, we would like to point out that the confidentiality of the transmitted information cannot be guaranteed. The content of emails may be viewed by third parties. We would therefore recommend that you arrange for confidential information to be sent to us exclusively by post.
Your data protection rights
In accordance with the various statutory provisions in place, you shall be entitled to obtain information at any time, and free of charge, regarding your stored personal data, its origin and potential recipients and the purpose of the data processing (Article 15 GDPR) and, where applicable, the right to rectification of inaccurate data (Article 16 GDPR), the right to erasure of such data (Article 17 GDPR), the right to restriction of processing according to Article 18 GDPR, the right to object (Article 21 GDPR) and the right to receive the personal data that you have provided according to Article 20 GDPR. The limitations according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure.
In addition, you shall also have the right to lodge a complaint with a responsible supervisory authority in the event of infringements under data protection law (Article 77 GDPR in conjunction with Section 19 BDSG). The responsible supervisory authority in data protection matters is the state data protection officer of the federal state in which our organisation has its registered office. A list of data protection officers and their contact details can be found in the link below.List of data protection officers
How you can withdraw your consent to data processing
A lot of data processing operations can only take place with your express consent. You can withdraw your consent at any time. All you have to do is send us a simple email. The legality of any data processing carried out before you withdraw your consent will not be affected by the withdrawal of your consent.
Kontakt bei Fragen, Beschwerden, Geltendmachung Ihrer Rechte
Contact details in the event of queries or complaints and assertion of your rights
Should you have any queries or complaints or wish to assert your data protection rights, please feel free to contact us.
Via post: SRH Hochschule Heidelberg GmbH, Ludwig-Guttmann-Straße 6, 69123 Heidelberg.
Via email: email@example.com
Changes may be made to these privacy notices that must also be published in a timely manner on this website.
If you have given us your explicit consent, we will use your email address and personal details you have provided on a voluntary basis in order to send you our newsletter on a regular basis. All you need to do is enter an email address in order to receive the newsletter. Additional personal details you have provided on a voluntary basis are merely used to personalise the newsletter. At the end of each newsletter, you will find a link where you can unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time via email: XX
We use Google Analytics, a web analysis service provided by Google Inc. ("Google"). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google will use this information on our behalf to evaluate use of our website by users, to produce reports on website activity for website operators and providing other services relating to website activity and internet usage. As part of this process, pseudonymised usage profiles of users may be generated out of the data processed.
We only use Google Analytics with IP anonymisation enabled. This means that the IP address of users will first be abbreviated by Google within the member states of the European Union or in other states party to the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports about website activities and to provide additional services relating to website and internet use. The IP address transmitted by the user’s browser will not be merged with other data by Google.
You can prevent cookies from being stored by means of a special setting in your browser software; we must inform you, however, that if you do so, you will not be able to use all of the functions on this website fully. You can also prevent collection of the data (including your IP address) generated by the cookies and related to your use of the website by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.
Further information on the use of data for advertising purposes by Google, as well as settings options and procedures available for opting out can be found on Google’s website:
We have concluded an agreement with Google on contract data processing and implement in full the strict provisions of the German data protection authorities for the use of Google Analytics.
Google Adwords and Google Conversion Tracking
We use the online advertising programme “Google AdWords” and conversion tracking in the context of Google AdWords. A cookie is placed on your computer by Google Adwords for this purpose if you have reached our website via a Google Ad. These cookies lose their effectiveness after 30 days and cannot be used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, both Google and we are able to recognise that you have clicked on the advert and have been forwarded to this page.
Every Google AdWords customer receives a different cookie. Cookies therefore cannot be traced via the websites of AdWords customers. The information that is gathered with the help of conversion cookies serves to produce conversion statistics for AdWords customers who have opted for conversion tracking. As a result, the customers are informed about the total number of users who have clicked on their advert and have been forwarded to a site with a conversion tracking tag. However, they do not receive any information with which the users could be personally identified. Users who do not wish to participate in tracking can simply disable the Google conversion tracking cookie via their internet browser under the user settings. This user will then not be included in the conversion tracking statistics.
Google Analytics Remarketing
Our websites make use of the functionality of Google Analytics Remarketing in conjunction with the multi-device functionality of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This functionality makes it possible with Google Analytics Remarketing to link ad target groups to the multi-device functionality of Google AdWords and Google DoubleClick. This enables interest-related and personalised ads, which have been adjusted for you based on your previous usage and browsing habits on a device (e.g. mobile phone), to be displayed on another one of your devices (e.g. tablet or PC).
If you have given your consent accordingly, Google will then link your web and app browsing history to your Google account for this purpose. As a result, the same personalised ads will be displayed to you on each device on which you are logged in to your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for multi-device ad promotion. You can permanently opt out of multi-device remarketing/targeting by disabling personalised ads in your Google Account; to do this, simply follow this link: www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google (Article 6(1)(a) GDPR). For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes.
We are happy for you to search for content on our website by using our search function. We make use of Google’s service for this purpose.
Generally speaking, no data will be sent to the search engine provider (Google) if the official web pages of our organisation in which “Google Custom Search” is integrated are visited. Data is only transmitted to Google once the user has activated the Search box, started a full text search and accessed the search results page. The user’s data is also transmitted to Google at the same time when using the search function within the search results page.
Application and use of YouTube
YouTube components are integrated into this website. YouTube is an internet video portal that gives video publishers the opportunity to upload video clips free of charge, and also gives other users the opportunity to view, rate and comment on these video clips free of charge. YouTube authorises the publication of all kinds of videos, which is why entire film and television programmes along with music videos, trailers or videos made by users themselves can be viewed via the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time you visit a page on our website into which a YouTube component has been integrated (YouTube Video), your internet browser is automatically instructed by the respective YouTube component to download the corresponding YouTube component from YouTube. Further information on YouTube can be retrieved at www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google are both informed of the specific sub-pages on our website that you have visited.
If you are logged in to YouTube at the same time, YouTube is informed when you visit a sub-page containing a YouTube video of which specific sub-page of our website the data subject has visited. This information is collated by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will always be informed via the YouTube component about the fact that the data subject has visited our website if you are also logged in to YouTube at the same time as visiting our website. This happens regardless of whether you click on a YouTube video or not. If you do not want such information to be transferred to YouTube and Google, you can prevent this from happening by logging out of your YouTube account before visiting our website.
The data subject has the option to register on the website of the controller responsible for processing by entering personal data. In terms of which personal data is transmitted to the controller responsible for processing, this is evident from the respective input screen used for the registration. The personal data entered by the data subject will be collected and stored exclusively for internal use by the controller responsible for processing and for internal purposes. The controller responsible for processing may instigate disclosure to one or more processors, such as a package service provider, who will also only use the personal data for internal use attributable to the controller responsible for processing.
By registering on the website of the controller responsible for processing, the IP address assigned by your internet service provider (ISP), the date and the time of the registration are stored. This data is stored against the backdrop that this is the only way to prevent misuse of our services, and that this data makes it possible, where required, to identify any criminal acts and copyright infringements committed. The storage of this data is necessary in this regard to protect the controller responsible for processing. No disclosure of this data is made to third parties, unless there is a legal obligation to pass this on or the disclosure of this data serves the purposes of criminal or law enforcement.
Our website contains links to Facebook, an external social network. This website is operated solely by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The links within the framework of our website are identifiable by way of the Facebook logo or the “Like” add-on (no Facebook plug-ins are used).
When visiting our website, the functionalities and the transmission of data to Facebook are not enabled automatically. It is only by clicking on the links that the Facebook plug-ins are enabled and your browser establishes a direct connection to Facebook's servers. If you follow the links and are also logged in to your Facebook user account at the same time, the information confirming you have visited our website will be forwarded to Facebook. Facebook is able to assign your visit to the website to your account. This information is transmitted to Facebook and stored there. In order to prevent this from happening, you need to log out of your Facebook account before clicking on the link.
Nutzung von Facebook Remarketing
The "Unibuddy" service is embedded into our websites and does not run on our servers. Unibuddy is used to connect you and your questions with current students, alumni, and staff via an iFramed chat on our website. In order to ensure that accessing our websites with embedded services does not automatically lead to third-party content being reloaded, in a first step we ask you in our cookie banner to allow this service.
On our website, functions of the service "XING" and "XING Events" are integrated. "XING" is an internet-based social network. "XING Events" is a component for event marketing, event handling and ticketing. The operating company of XING and XING Events and the responsible party in terms of data protection law is XING SE, Hamburg, Germany.
Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored in this process. In particular, no IP addresses are stored or the user’s behavior is evaluated.
If you are logged in to XING, XING recognizes which websites you are visiting. This information is collected by XING and assigned to your XING account.
If you purchase a ticket as part of an event using the ticketing functions of XING Events, XING Events stores your associated data for the purpose of processing the contract and may link this to your XING account.