SRH Hochschule Heidelberg

Data Privacy Policy

Data protection and data security for our organisation’s customers and partners as well as interested parties and users of our website are of high importance within our organisation. We created this Privacy Policy to provide you with an overview of how your personal data is collected and processed when using our website, and what you can do to ensure your data is better protected, where applicable.

Data Processing Controller

SRH Hochschulen GmbH - SRH Universities
Ludwig-Guttmann-Straße 6
69123 Heidelberg

Phone: +49 6221 6799-882
Fax: +49 6221 6799-883
E-Mail: info.hshd@srh.de
Internet: www.hochschule-heidelberg.de

Data protection officer of the company

SRH Hochschulen GmbH 
Ludwig-Guttmann-Straße 6
69123 Heidelberg

Direct contact to the data protection coordinator:
Mail: Datenschutz.hshd@srh.de

Direct contact to the data protection officer of SRH Hochschule Heidelberg GmbH: datenschutzbeauftragter-srh@symbion-ag.de

What is personal data?

Personal data is any information that relates to an identified or identifiable natural person. What is essential here therefore is whether a personal reference can be made using the collected data. This includes information such as your name, address, telephone number or email address. Information which is not directly connected to your actual identity, such as favourite websites or number of users of a site, is not regarded as personal data.

How do we collect and process your personal data?

If the online service includes the option to enter personal or commercial data (email addresses, names, addresses, etc.), this data may be disclosed by the user on a purely voluntary basis. Emails are transmitted via a contact form. When you send such a message, your personal data is collected only to the extent necessary to reply. The email is sent in an unencrypted manner. If you have provided us with any personal data, we shall only use this data for the technical administration of the web pages and to respond to your wishes and requests, which as a rule means to process any contract concluded with you or to reply to any queries you may have. The legal basis for processing is Article 6(1)(a) and Article 6(1)(b) GDPR. It is only if you have given us your consent beforehand, or if you – subject to it being provided for under statutory regulations – have not raised an objection, that we will also use this data for product-related surveys, marketing and statistical purposes. In this case the legal basis for processing is Article 6(1)(a) GDPR and Article 6(1)(f) GDPR. Your personal data is not disclosed, sold or transmitted in any other way to third parties unless it is necessary in order to fulfil a contract or you have given your express consent. Any consent granted can be revoked at any time with future effect.

How do we use your personal data and how do we disclose it?

If the online service includes the option to enter personal or commercial data (email addresses, names, addresses, etc.), this data may be disclosed by the user on a purely voluntary basis. Emails are transmitted via a contact form. When you send such a message, your personal data is collected only to the extent necessary to reply. The email is sent in an unencrypted manner.

If you have provided us with any personal data, we shall only use this data for the technical administration of the web pages and to respond to your wishes and requests, which as a rule means to process any contract concluded with you or to reply to any queries you may have.

It is only if you have given us your consent beforehand, or if you – subject to it being provided for under statutory regulations – have not raised an objection, that we will also use this data for product-related surveys, marketing and statistical purposes.

Your personal data is not disclosed, sold or transmitted in any other way to third parties unless it is necessary in order to fulfil a contract or you have given your express consent. Any consent granted can be revoked at any time with future effect.

For how long will my data be stored?

Generally speaking, we store all information that you send to us until the respective purpose, i.e. the contractual purpose, has been fulfilled. This means, for example, until any queries have been resolved, or in the case of newsletters, until you choose to unsubscribe from them. If an extended storage period is permissible by law, the data will be stored within this framework.

If you no longer wish that we utilise your data, we will of course comply with this request immediately (please also refer to the address stated under “Contact”).

When will my data be deleted?

The deletion of the stored personal data is carried out if you revoke your consent to such storage, if knowledge of such data is no longer necessary for the fulfilment of the purpose pursued with the storage, or if the storage of such data is inadmissible on other legal grounds. Data for invoicing and accounting purposes will not be affected by a deletion request.

Use of cookies

We make use of so-called cookies during your visit to our website. Cookies are small data files which are stored on your computer. Cookies help us check on the frequency of use and the number of users who visit our web pages, and to make our services to you as convenient and efficient as possible.

On the one hand, we use so-called “session cookies”, which are exclusively stored temporarily for the duration of your use of one of our web pages. On the other hand, we also use “permanent cookies” in order to record data on visitors who repeatedly access one of our web pages. The purpose of using cookies is to be able to offer you optimal user guidance as well as to "recognise" you and thus be able to present to you as diversified a website as possible along with new content during repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address, etc. are not stored. No individual profile is created on your usage behaviour.

Our website offer can also be used without cookies. You can change your browser settings to disable cookies, restrict them to certain websites or set your browser to alert you whenever a cookie is sent. Please note, however, that applying such settings may affect the way in which the website is displayed or limit user guidance.

Cookies that are needed to carry out electronic communication processes or to provide certain functions that you wish to use (such as the shopping cart function) are stored on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies on your computer to allow it to provide you with a technically flawless, streamlined service. If other cookies (such as cookies for analysing your browsing behaviour) are stored on your computer, they will be treated separately in this Privacy Policy.

What we do to ensure security of data processing

Our organisation takes all of the necessary technical and organisational security measures to ensure your personal data is protected from loss or misuse. Accordingly, your data shall be stored in a secure operational environment that is not open to the public. In certain cases, your personal data is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and our organisation’s servers if your browser supports SSL.

Or: SSL and TLS encryption

For security reasons and to protect the transfer of confidential content, such as the orders or enquiries that you send to us as the website operators, this site uses SSL and TLS encryption. You can identify an encrypted connection from the padlock symbol in your browser bar and the fact that “http://” in the address bar changes to “https://”.

If SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Should you wish to contact our organisation via email, we would like to point out that the confidentiality of the transmitted information cannot be guaranteed. The content of emails may be viewed by third parties. We would therefore recommend that you arrange for confidential information to be sent to us exclusively by post.

Your data protection rights

In accordance with the various statutory provisions in place, you shall be entitled to obtain information at any time, and free of charge, regarding your stored personal data, its origin and potential recipients and the purpose of the data processing (Article 15 GDPR) and, where applicable, the right to rectification of inaccurate data (Article 16 GDPR), the right to erasure of such data (Article 17 GDPR), the right to restriction of processing according to Article 18 GDPR, the right to object (Article 21 GDPR) and the right to receive the personal data that you have provided according to Article 20 GDPR. The limitations according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure.

In addition, you shall also have the right to lodge a complaint with a responsible supervisory authority in the event of infringements under data protection law (Article 77 GDPR in conjunction with Section 19 BDSG). The responsible supervisory authority in data protection matters is the state data protection officer of the federal state in which our organisation has its registered office. A list of data protection officers and their contact details can be found in the link below.

How you can withdraw your consent to data processing

A lot of data processing operations can only take place with your express consent. You can withdraw your consent at any time. All you have to do is send us a simple email. The legality of any data processing carried out before you withdraw your consent will not be affected by the withdrawal of your consent.

Kontakt bei Fragen, Beschwerden, Geltendmachung Ihrer Rechte

Contact details in the event of queries or complaints and assertion of your rights

Should you have any queries or complaints or wish to assert your data protection rights, please feel free to contact us.
Via post: SRH Hochschule Heidelberg GmbH, Ludwig-Guttmann-Straße 6, 69123 Heidelberg.
Via email: datenschutz.hshd@srh.de 

Changes to the privacy policy

Changes may be made to these privacy notices that must also be published in a timely manner on this website.

Newsletter

Newsletter

If you have given us your explicit consent, we will use your email address and personal details you have provided on a voluntary basis in order to send you our newsletter on a regular basis. All you need to do is enter an email address in order to receive the newsletter. Additional personal details you have provided on a voluntary basis are merely used to personalise the newsletter. At the end of each newsletter, you will find a link where you can unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time via email: XX

Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. ("Google"). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google uses cookies. The information generated by the cookie regarding use of this website by the user is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate use of our website by users, to produce reports on website activity for website operators and providing other services relating to website activity and internet usage. As part of this process, pseudonymised usage profiles of users may be generated out of the data processed.

We only use Google Analytics with IP anonymisation enabled. This means that the IP address of users will first be abbreviated by Google within the member states of the European Union or in other states party to the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports about website activities and to provide additional services relating to website and internet use. The IP address transmitted by the user’s browser will not be merged with other data by Google.

Online appointment booking via etermin

This website uses the eTermin service for online appointment bookings. The provider is eTermin GmbH, Im Wiesengrund 8, 8304 Wallisellen, Switzerland (hereinafter referred to as "eTermin"). For the purpose of booking an appointment, you enter the requested data and the desired date in the mask provided for this purpose. The data entered will be used for the planning, realisation and, if necessary, follow-up of the appointment. Furthermore, eTermin records log files (number and time of page views, browser, browser version and operating system as well as an anonymised IP address). The appointment data is stored for us on the servers of eTermin, whose privacy policy you can view here: www.etermin.net/online-terminbuchung-datenschutz. The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as the appointment enquiry is aimed at the conclusion of a contract. In addition, Art. 6 para. 1 lit. f GDPR applies. The website operator has a legitimate interest in making appointments with interested parties as uncomplicated as possible. If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. We have concluded an order processing contract (AVV) with eTermin GmbH. This is a contract prescribed by data protection law, which ensures that the latter only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Browser Plugin

You can prevent cookies from being stored by means of a special setting in your browser software; we must inform you, however, that if you do so, you will not be able to use all of the functions on this website fully. You can also prevent collection of the data (including your IP address) generated by the cookies and related to your use of the website by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

 

Further information on the use of data for advertising purposes by Google, as well as settings options and procedures available for opting out can be found on Google’s website:

- How Google uses information from sites or apps that use our services.
- Advertising
- Control the information Google uses to show you ads
- Take control of your Google ads experience

Data processing

We have concluded an agreement with Google on contract data processing and implement in full the strict provisions of the German data protection authorities for the use of Google Analytics.

Google Adwords and Google Conversion Tracking

We use the online advertising programme “Google AdWords” and conversion tracking in the context of Google AdWords. A cookie is placed on your computer by Google Adwords for this purpose if you have reached our website via a Google Ad. These cookies lose their effectiveness after 30 days and cannot be used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, both Google and we are able to recognise that you have clicked on the advert and have been forwarded to this page.

Every Google AdWords customer receives a different cookie. Cookies therefore cannot be traced via the websites of AdWords customers. The information that is gathered with the help of conversion cookies serves to produce conversion statistics for AdWords customers who have opted for conversion tracking. As a result, the customers are informed about the total number of users who have clicked on their advert and have been forwarded to a site with a conversion tracking tag. However, they do not receive any information with which the users could be personally identified. Users who do not wish to participate in tracking can simply disable the Google conversion tracking cookie via their internet browser under the user settings. This user will then not be included in the conversion tracking statistics.

The basis for storing “conversion cookies” is Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web content and the advertising shown with it.

Google Analytics Remarketing

Our websites make use of the functionality of Google Analytics Remarketing in conjunction with the multi-device functionality of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This functionality makes it possible with Google Analytics Remarketing to link ad target groups to the multi-device functionality of Google AdWords and Google DoubleClick. This enables interest-related and personalised ads, which have been adjusted for you based on your previous usage and browsing habits on a device (e.g. mobile phone), to be displayed on another one of your devices (e.g. tablet or PC).

If you have given your consent accordingly, Google will then link your web and app browsing history to your Google account for this purpose. As a result, the same personalised ads will be displayed to you on each device on which you are logged in to your Google account.

 

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for multi-device ad promotion. You can permanently opt out of multi-device remarketing/targeting by disabling personalised ads in your Google Account; to do this, simply follow this link: www.google.com/settings/ads/onweb/.

 

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google (Article 6(1)(a) GDPR). For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes.

Further information along with the various privacy regulations can be found in Google’s privacy policy link below.

Google Maps

This site uses the Google Maps service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. More information on the handling of user data can be found in Google's privacy policy.

Google Search

We are happy for you to search for content on our website by using our search function. We make use of Google’s service for this purpose.

Generally speaking, no data will be sent to the search engine provider (Google) if the official web pages of our organisation in which “Google Custom Search” is integrated are visited. Data is only transmitted to Google once the user has activated the Search box, started a full text search and accessed the search results page. The user’s data is also transmitted to Google at the same time when using the search function within the search results page.

Google uses cookies, such as the PREF, NID or SID cookie in order to tailor ads in Google products, such as Google Search, to your individual details. Google uses cookies, for example, to collect data about your most recent search requests, your previous interaction with ads from an advertiser or the search results and your visits to the website of an advertiser. By doing so, you will receive personalised ads on Google. By using the full text search and the accompanying visit to the search results page, you consent to the use of the Google search engine and, thus, the transmission of data to the Google service. These include, for example, search terms entered by you and the IP address of the computer you are using. Please note that other data protection standards apply to Google than the standards applicable to our organisation’s online service. We wish to draw your explicit attention to the fact that the processing, including in particular the storage, deletion and use, of personal data that may potentially be transmitted is the responsibility of the search engine provider, and that our organisation, as the operator of its own website, does not have any influence on the nature and scope of the transmitted data or on its subsequent processing. If you are logged in to Google at the same time, the Google service is able to directly assign the information to your user profile. You should ensure you that you are logged out in order to avoid profile information about you being collected.

More information on how user data is dealt with by Google Privacy Policy.

Application and use of YouTube

YouTube components are integrated into this website. YouTube is an internet video portal that gives video publishers the opportunity to upload video clips free of charge, and also gives other users the opportunity to view, rate and comment on these video clips free of charge. YouTube authorises the publication of all kinds of videos, which is why entire film and television programmes along with music videos, trailers or videos made by users themselves can be viewed via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

 

Each time you visit a page on our website into which a YouTube component has been integrated (YouTube Video), your internet browser is automatically instructed by the respective YouTube component to download the corresponding YouTube component from YouTube. Further information on YouTube can be retrieved at www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google are both informed of the specific sub-pages on our website that you have visited.

 

If you are logged in to YouTube at the same time, YouTube is informed when you visit a sub-page containing a YouTube video of which specific sub-page of our website the data subject has visited. This information is collated by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will always be informed via the YouTube component about the fact that the data subject has visited our website if you are also logged in to YouTube at the same time as visiting our website. This happens regardless of whether you click on a YouTube video or not. If you do not want such information to be transferred to YouTube and Google, you can prevent this from happening by logging out of your YouTube account before visiting our website.

The privacy regulations published by YouTube give an insight into the collection, processing and use of personal data by YouTube and Google.

Registration

The data subject has the option to register on the website of the controller responsible for processing by entering personal data. In terms of which personal data is transmitted to the controller responsible for processing, this is evident from the respective input screen used for the registration. The personal data entered by the data subject will be collected and stored exclusively for internal use by the controller responsible for processing and for internal purposes. The controller responsible for processing may instigate disclosure to one or more processors, such as a package service provider, who will also only use the personal data for internal use attributable to the controller responsible for processing.

By registering on the website of the controller responsible for processing, the IP address assigned by your internet service provider (ISP), the date and the time of the registration are stored. This data is stored against the backdrop that this is the only way to prevent misuse of our services, and that this data makes it possible, where required, to identify any criminal acts and copyright infringements committed. The storage of this data is necessary in this regard to protect the controller responsible for processing. No disclosure of this data is made to third parties, unless there is a legal obligation to pass this on or the disclosure of this data serves the purposes of criminal or law enforcement.

Registration of the data subject by entering personal data on a voluntary basis helps the controller responsible for processing to offer to the data subject certain content or services that may only be offered to registered users owing to the nature of the issues involved. In addition, registration of the data subject (in the Privacy Policy Generator) enables monitoring of the use of text published by us and subject to copyright protection, along with a review of the linking and specification of the author’s name, and is also used for internal documentation purposes. Furthermore, we also use the data collected via the Privacy Policy Generator for customer acquisition purposes, including in particular for contact by telephone and the dispatch of advertising material via post and email. The option remains open to registered individuals to arrange for the personal data specified for registration purposes to be deleted in its entirety from the database of the controller responsible for processing.

The controller responsible for processing must provide information, upon request to do so and at any time, to each data subject as to what personal data is stored about the data subject. In addition, the controller responsible for processing must rectify or delete personal data upon request or receipt of information to do so by the data subject, unless such action runs contrary to statutory retention obligations. The data protection officer along with all of the employees of the controller responsible for processing named in this Privacy Policy are on hand for the data subject as the interlocutor in this context.

Facebook

Our website contains links to Facebook, an external social network. This website is operated solely by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The links within the framework of our website are identifiable by way of the Facebook logo or the “Like” add-on (no Facebook plug-ins are used).

When visiting our website, the functionalities and the transmission of data to Facebook are not enabled automatically. It is only by clicking on the links that the Facebook plug-ins are enabled and your browser establishes a direct connection to Facebook's servers. If you follow the links and are also logged in to your Facebook user account at the same time, the information confirming you have visited our website will be forwarded to Facebook. Facebook is able to assign your visit to the website to your account. This information is transmitted to Facebook and stored there. In order to prevent this from happening, you need to log out of your Facebook account before clicking on the link.

For information on the purpose and extent of data collection and the further processing and use of your data by Facebook as well your rights in this regard and settings options for the protection of your personal privacy, please refer to the Facebook Privacy Policy.

Nutzung von Facebook Remarketing

We make use of the “Custom Audiences” remarketing function of Facebook Inc. (“Facebook”) on our website. Visitors to our website are then presented with interest-based advertising (“Facebook Ads“) when visiting Facebook’s website. We have implemented Facebook’s remarketing tag on our website for this purpose. This tag establishes a direct connection to Facebook’s servers when visiting the website. Information is then transferred to the Facebook servers confirming that you have visited our website; Facebook assigns this information to your personal Facebook user account. You can find more detailed information on Facebook’s collection and use of data, your associated rights and options for protecting your privacy in Facebook’s Privacy Policy. Alternatively you can disable the “Custom Audiences” remarketing function at www.facebook.com/settings/. You must be logged in to Facebook to do this.

Twitter

We have included a Twitter widget on our website to display tweets from our Twitter account. A connection to Twitter’s servers is established. Log data is sent to Twitter after a cookie is placed on your computer. According to its own information, Twitter starts deleting, removing the identification or logging this data within a maximum 10 days; this can take up to a week. Further information can be found in Twitter’s Privacy Policy.

Unibuddy

The "Unibuddy" service is embedded into our websites and does not run on our servers. Unibuddy is used to connect you and your questions with current students, alumni, and staff via an iFramed chat on our website. In order to ensure that accessing our websites with embedded services does not automatically lead to third-party content being reloaded, in a first step we ask you in our cookie banner to allow this service.

Only after a click on "okay", can content from Unibuddy be reloaded. We have no control over further data processing by Unibuddy. Embedding takes place on the basis of your consent pursuant to Art. 6 (1) 1 GDPR.

Xing Events

On our website, functions of the service "XING" and "XING Events" are integrated. "XING" is an internet-based social network. "XING Events" is a component for event marketing, event handling and ticketing. The operating company of XING and XING Events and the responsible party in terms of data protection law is XING SE, Hamburg, Germany.

Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored in this process. In particular, no IP addresses are stored or the user’s behavior is evaluated.

If you are logged in to XING, XING recognizes which websites you are visiting. This information is collected by XING and assigned to your XING account.

If you purchase a ticket as part of an event using the ticketing functions of XING Events, XING Events stores your associated data for the purpose of processing the contract and may link this to your XING account.

For further information on data protection at XING SE, please refer to the XING privacy policy.

Eveeno

We use the event software eveeno (https://eveeno.com/de/) for the purpose of organising events. eveeno complies with the European Data Protection Regulation (DSGVO). The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a DSGVO.
The applicable data protection regulations of eveeno can be found at eveeno.com/de/privacy, the contact details at eveeno.com/de/about.

Matomo

With your consent, we use the open-source software Matomo for analyzing and statistically evaluating the use of the website. For this purpose, cookies are used. The information obtained about the use of the website is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the usage of the website. The collected data will not be shared with third parties.

The IP addresses are anonymized (IP masking), so that allocation to individual users is not possible.

The processing of data is based on Article 6(1)(a) of the GDPR. We pursue our legitimate interest in optimizing our website for our external representation.

You can revoke your consent at any time by deleting the cookies in your browser or changing your privacy settings.

Matomo Cookieless Tracking

We utilize the open-source software Matomo for the analysis and statistical evaluation of anonymized usage data on our website. The information obtained regarding website usage is exclusively transmitted to our servers and summarized in anonymized usage profiles. We use this data to assess website usage. The collected data will not be shared with third parties.

IP addresses are anonymized (IP masking), preventing any association with individual users. We have activated the "do-not-track" setting and ensured that personally identifiable information (such as email addresses) is not stored.

Data processing is based on Article 6(1)(f) of the GDPR, representing our legitimate interest in optimizing our online offerings.

You have the option to decide whether this anonymized collection and analysis may take place. If you wish to opt out, please click the following link to place the Matomo deactivation cookie in your browser.