This internet sites can always be used without providing any personal data. The processing of personal data may be necessary however when a data subject wishes to access and use particular services of our business through our website. If personal data have to be processed and if there is no legal basis for such processing then we will generally obtain the consent of the data subject. Personal data such as the name, postal address, email address or phone number of a data subject are always processed according to the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection requirements applicable to the Ostbayerische Technische Hochschule Regensburg. Our business uses this privacy statement to inform the public about the nature, extent and purpose of the personal data which we collect, use and process. This privacy statement also advises data subjects about the rights to which they are entitled.
As the party responsible for processing this data (‘the controller’) the Ostbayerische Technische Hochschule Regensburg has put in place numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed on this website. However internet-based data transmissions can have security vulnerabilities such that total protection cannot be guaranteed.

Personal data
This is all information relating to an identified or identifiable natural person (‘data subject’ hereafter); a natural person is considered to be identifiable when they can be identified directly or indirectly, in particular by being associated with an identifier such as a name, with an identification number, with location data, with an online identification or with one or more particular characteristics which are an expression of that natural person’s physical, physiological, genetic, psychic, economic, cultural or social identity;

Processing
This involves any operation, executed with or without the aid of automated procedures, or any such series of operations in conjunction with personal data, such as collecting, recording, organising, ordering, storing, adapting or altering, reading out, retrieving, using, disclosure through transmission, distribution or other form of supply, matching or linking, restricting, deletion or destruction; Other definitions will be found in GDPR Section 4. https://gdpr-info.eu/art-4-gdpr/

The party responsible for data acquisition on this website is:
The party responsible for data acquisition on this website is: Prof. Johann-Peter Scheck
C/o Ostbayerische Technische Hochschule Regensburg
Galgenbergstr. 34
93053 Regensburg
Telefon +49 (0) 941 943 1184  
E-Mail: johann-peter.scheck@oth-regensburg.de

The Ostbayerische Technische Hochschule Regensburg is a public law body under Article 11(1) sentence 1 of the Bavarian Higher Education Act.

When our website is visited the following information is stored in the server log files as standard:
• the page from which the file was requested – referrer URL
• the name of the file
• the date and time of the query
• a description of the type of web browser/browser version used
• the installed operating system, its language and preset resolution
• the host name of the accessing computer
• the transmitted data volume
• the access status/HTTP status code (i.e. whether the file was sent or possibly not found etc.)
• the used IP address and its localisation.
The stored data are used solely for internal statistical purposes and do not allow for any conclusions by which you could be identified.

We process the said data for the following purposes:
• to guarantee the proper and frictionless connection set-up to the website, • to guarantee the use of the website, • to evaluate system security and stability. GDPR Article 6(1) point f constitutes the legal basis for data collection. The legitimate interest follows from the described purpose of the data collection. You can visit our website without giving any details about your person. Under no circumstances do we use the collected data to draw any conclusions by which you could be identified.

Cookies
The website uses cookies. Cookies are small text files which your browser automatically creates and stores on your terminal (laptop, tablet, smartphone etc.) when you visit our website. Cookies do not cause any damage to your terminal, they contain no viruses, trojans or other malware. Cookies store information which arises in conjunction with the terminal that is specifically used, but this does not mean that we receive direct knowledge of your identity as a result.  We use cookies to gather statistics about the use of our websites and to optimise our offer for you. Most browsers accept cookies automatically. You can configure your browser so that cookies are not stored on your computer or so that a message always appears before a new cookie is created. Completely blocking cookies can mean that you may not be able to use all the functions of our website.
GDPR Article 6(1) point f constitutes the legal basis for the use of cookies on our website.

Instructions (examples) for blocking cookies:
Internet Explorer
Firefox
Chrome
Safari
Opera


Contact form and Communication by email
When you send us enquiries using the contact form your details from the enquiry form, including contact data which you provide in it, are stored with us for processing the enquiry and for any follow-up questions. We will not disclose this data without your consent. The data provided on the contact form is therefore processed solely on the basis of your consent (GDPR Article 6(1) point a). You can cancel your consent at any time simply by sending an informal message by email to datenschutz@oth-regensburg.de. The lawfulness of data processing operations carried out up until consent is cancelled remains unaffected by the cancellation. The data you provide in the contact form stays with us until you ask us to delete it, cancel your consent to its storage or until the purpose of storing the data ceases to apply (e.g. when your enquiry has been dealt with). This shall not affect mandatory legal provisions – in particular retention periods.
We also communicate by email with the consent of the particular data subject (GDPR Article 6(1) point a). Emails can be business letters, so we store these emails including the email address until the end of tax-law and/or commercial-law periods and/or retention periods according to other regulations. After the expiry of the retention obligation and towards the end of the calendar year we review whether there is any continuing need for processing. If this is not the case then the data are deleted.

Data protection when sending application documents
If you send us application documents we will only use them to decide on your application, your data are not disclosed to third parties. Since an application usually contains sensitive personal data, we must point out that you are yourself responsible for encrypting the data if necessary. If you encrypt your data then we would ask you to let us know the password by telephone. Application data are stored and administered separately from other records and only used for the purpose of application selection. If an employment relationship comes into being then the necessary data are transferred from the application process to the personnel file. If no employment relationship comes into being then the application documents are automatically deleted no later than six months from notification of the decision to reject and provided such a deletion is not opposed by other legitimate interests pursued by the controller or the applicant has expressly consented to a longer storage and retention period for their application (applicant pool). The legal basis for data processing is GDPR Article 6(1) points a and b (consent and contract initiation). The retention period after rejection follows from GDPR Article 6(1) point f (statement of legally compliant action, e.g. under the General Equal Treatment Act - AGG).  

Embedding of YouTube videos
We use YouTube plugins to embed videos. If you are logged in with YouTube as a member then YouTube will assign this information to your personal user account. Using the plugin, such as clicking the start button of a video for example, will also assign this information to your user account. You can stop this by logging out of your YouTube user account and other user accounts operated by YouTube LLC and Google Inc. before you use our website, and deleting the corresponding cookies of these companies. To find out more about data processing and to get hints on data protection by YouTube (Google) go here: https://policies.google.com/privacy?hl=en
GDPR Article 6(1) point f constitutes the legal basis. YouTube videos are embedded to make the pages more attractive. The underlying promotional purpose is deemed to be a legitimate interest in the sense of the GDPR

Links
Facebook, Instagram, Twitter, Xing are not embedded in our website and we do not collect data. Clicking on a link will take you to the respective website where the data protection regulations published on it will apply.

What do we use your data for?
We use your data to deliver our products and services (fulfilling the contract purpose), to evaluate site visitor numbers and access numbers and to optimise and protect our website. With your consent, we use data you have entered to respond to your contact enquiry/message.

Disclosure of data
Your personal will not be disclosed to third parties for any purposes other than those listed below.
We only pass on your personal data to third parties when:
• You have expressly consented to this under GDPR Article 6(1) point a,
• disclosure is necessary pursuant to GDPR Article 6(1) point b for the performance of a contract to which you are a party, or to carry out pre-contractual measures in response to your enquiry,
• in the event that disclosure is required under GDPR Article 6(1) point c for compliance with a legal obligation or that processing is necessary for compliance with a legal obligation to which the controller is subject,
• in the event that under GDPR Article 6(1) point d processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• in the event that under GDPR Article 6(1) point e processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• in the event that under GDPR Article 6(1) point f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Rights of the data subject
You have the right:
• pursuant to GDPR Article 7(3) to withdraw at any time the consent you have given. As a result, we shall thenceforth no longer be able to continue the data processing that is based on this consent;
• pursuant to GDPR Article 15 to obtain information about your personal data processed by us. In particular, you can demand information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to rectification, erasure, restriction or objection, the right to lodge a complaint, the source of your data if they were not collected by us, and about the existence of automated decision-making, including profiling, and, if necessary, meaningful information about the details thereof;
• pursuant to GDPR Article 16 to obtain without delay the rectification of inaccurate personal data or the completion of incomplete personal data about you that are stored with us;
• pursuant to GDPR Article 17 to obtain the erasure of your personal data stored with us unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• pursuant to GDPR Article 18 to obtain restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose their erasure and we no longer need the data but you still require them for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to GDPR Article 21;
• pursuant to GDPR Article 20 to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format, or to obtain the transmission of those data to another controller;
• pursuant to GDPR Article 77 to lodge a complaint with a supervisory authority. For this purpose you can usually contact the supervisory authority at your habitual place of residence or place of work or our domicile.
•
Right to object
If your personal data are processed on the basis of GDPR Article 6(1) point e or on the basis of legitimate interests pursuant to GDPR Article 6(1) point f, you have a right to object to the processing of your personal data pursuant to GDPR Article 21. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your data are processed for direct marketing purposes you have a general right to object which we will observe without the indication of a particular situation. (GDPR Article 21(2)) Your rights to withdraw consent or to object can be exercised without formalities. Just send us an email for example. (webinhalt@oth-regensburg.de)

Length of time for which personal data are stored
The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage and/or so far as this is necessary/mandatory under relevant legal requirements. After the expiry of the retention obligation and towards the end of the calendar year we review whether there is any continuing need for processing. If this is not the case then the data are deleted.

Data security
We use the SSL (Secure Sockets Layer) protocol on our website. Whether an individual page of our website is transmitted encrypted can be seen from the closed key or lock icon. We also deploy suitable technical and organisational measures to protect your data from accidental or deliberate manipulation, partial or total loss or destruction or against unauthorised third party access. Our security measures are being constantly improved in line with technological developments.