We are delighted that you are interested in our website - and therefore in our university. The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. As it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us.
It is generally possible to visit our website without providing (personal) data; if there are any exceptions to this for selected services, we will explain these in the following sections. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and any other provisions relevant to data protection.
Hochschule des Bundes für öffentliche Verwaltung
Dr. Sabine Leppek
Willy-Brandt-Straße 1
50321 Brühl
Germany
Phone: +49 (0)228 99 629-0
E-mail: postzb@hsbund.de
Website: https://hsbund.de/DE/00_Home/home-node.html
De-Mail: poststelle@hsbund.de-mail.de
Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster
Germany
Data protection team for general data protection inquiries:
Team e-mail: bdsb@hsbund.de
We use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24, 48155 Münster, Germany, to ensure that data protection information in connection with the services on our website is always up to date. The content of our privacy policy is hosted on the servers of Cortina Consult and managed centrally. Any necessary changes are implemented promptly by Cortina Consult and displayed immediately via direct integration on our website.
Chapter 3 of the EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we explain to you below in relation to the processing of your personal data:
This requirement concerns in particular information on the following details of data processing:
We will correct any incorrect data immediately, provided that you inform us accordingly.
Provided that the processing is no longer necessary and one of the following conditions is met:
Provided that one of the following conditions is met:
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
If we collect or have collected and process personal data from you (on the basis of Art. 6 para. 1 e or f or Art. 9 para. 2 a GDPR ), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can prove compelling legitimate interests for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is associated with such direct advertising. You also have the right to object to the processing of your data by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR , unless such processing is necessary for the performance of a task carried out in the public interest.
If we collect or have collected and process personal data from you, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or if you have expressly consented to the processing. In any case, we will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
You have the right to revoke consent to the processing of personal data at any time.
The following information applies to data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. We have also implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all risks is not possible.
We process personal data in accordance with the provisions of the EU General Data Protection Regulation, depending on the type and purpose of processing as follows:
| Authorization | Requirement of the GDPR |
| Informed consent | Art. 6 para. 1 a |
| Performance of a contract | Art. 6 para. 1 b |
| Implementation of pre-contractual measures | Art. 6 para. 1 b |
| Fulfillment of legal obligations | Art. 6 para. 1 c |
| Protection of vital interests | Art. 6 para. 1 d |
| Safeguarding our legitimate interest | Art. 6 para. 1 f |
Our legitimate interest as defined in Article 6 1 f GDPR is based on the performance of our business activities to maintain our operational capability and ensure the employment of our employees.
Once the purpose of storage no longer applies, the retention periods are generally at least six or ten years. Data is generally deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
We only store your personal data for the period required to fulfill the specified purpose. Once the purpose no longer applies and any retention periods have expired, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
As soon as you visit our website, our web server collects some general data and technical information - as shown in the table below:
Data collected | Purpose of the survey |
|---|---|
| browser types and versions used | correct display of the page content |
| Operating system used, visitor origin (referrer, for example Google), subpages clicked on | Optimization of our website content as well as our advertising |
| Date and time of access to the website as well as the visitor\'s IP address and internet service provider | Ensuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse |
Other data and information for security in the event of attacks | Providing relevant information to law enforcement agencies in the event of a cyberattack |
Under certain circumstances (for example due to legal or contractual regulations), you are obliged to provide us with your personal data. Examples of such processing are as follows:
| Nature or purpose of the processing | Need |
|---|---|
| In the employee context (e.g. transmission of data to the tax office) | Compliance with legal requirements (for example tax regulations) |
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. We have also implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all risks is not possible.
If necessary, in deviation from or in addition to the above-mentioned general information, you will find details on the individual data processing on our website below.
| Purpose of processing | Applicant data is collected, processed and used for the purpose of selecting potential employees. |
| Legal basis (pursuant to Art. 6 / 9 GDPR) | |
| Recipient, if applicable (if forwarded) | The data will not be passed on to third parties and/or to a third country. |
| If applicable, intention to transfer to a third country or international organization (including information on the Commission\'s adequacy decision or suitable guarantees) | Forwarding does not take place and is not planned. |
| If known: Duration of data storage | The personal data of applicants that we do not hire will be stored for possible legal claims (for example under the General Equal Treatment Act (AGG)) for the required period (maximum 6 months) and then immediately destroyed or deleted. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | For a smooth application process, it is necessary that you provide us with the requested information truthfully. |
| Consequences of non-compliance (in case of failure to provide the required data) | Failure to do so (for example failure to provide the required data) may result in you not being able to conclude an employment contract with us. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves, but may also originate from third parties under certain circumstances. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Master data, contact data, application data |
| Change of purpose if necessary | If we take you on as an employee after the application process has been completed, the purpose for processing the relevant data will change: in this case, the data will be used in future to implement and maintain the employment relationship. |
| Purpose of processing | Prospective students are reminded by e-mail of application deadlines and the start of individual degree programs and calls for applications. |
| Legal basis (pursuant to Art. 6 / 9 GDPR) | |
| Recipient, if applicable (if forwarded) | The data will not be passed on to third parties and/or to a third country. |
| If applicable, intention to transfer to a third country or international organization (including information on the Commission\'s adequacy decision or suitable guarantees) | Forwarding does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves, but may also originate from third parties under certain circumstances. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Contact details |
| Change of purpose if necessary | none |
| Purpose of processing | Processing and, if necessary, responding to the request of the form sender |
| Legal basis (pursuant to Art. 6 / 9 GDPR) | |
| Recipient, if applicable (if forwarded) | The data will not be passed on to third parties and/or to a third country. |
| If applicable, intention to transfer to a third country or international organization (including information on the Commission\'s adequacy decision or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (for example due to legal or contractual regulations) / necessity | There is no obligation. |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Data and categories requested in the respective form. |
| Change of purpose if necessary | none |
| Purpose of processing | This is an open source web analytics service used to analyze user behavior and optimize the website. |
| Legal basis (according to Art. 6 / 9 GDPR) | legitimate interest (Art. 6 para. 1 lit. f GDPR) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Browser language, Browser type, Device operating system, Device type, Geographic location, IP address, Number of visits, Referrer URL, Screen resolution, Usage data, Subpages visited. |
| Change of purpose if necessary | none |