Privacy policy
Table of contents
General data protection information
We appreciate your interest in using the website of the MODUS project – enhancing student mobility across educational boundaries through recognition, published by the Stiftung zur Förderung der Hochschulrektorenkonferenz (Foundation for the Promotion of the German Rectors’ Conference (HRK)).
We, the Stiftung zur Förderung der Hochschulrektorenkonferenz, take the protection of personal data and their confidential treatment very seriously. Below you will find general information on data protection in the HRK MODUS project as well as information on the processing of your personal data and your rights when using our offer.
Your personal data are processed exclusively in compliance with the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”).
1. The controller responsible for the processing of your personal data is:
Stiftung zur Förderung der Hochschulrektorenkonferenz
Ahrstraße 39
53175 Bonn
Germany
Tel.: +49 228 887-153
Fax: +49 228 887-280
E-mail: post[at]hrk.de
Website: www.hrk.de/home/
2. Our data protection officer can be contacted as follows:
Mr Florian Reichert
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Germany
Tel.: +49 228 227 226-0
Contact: www.scheja-partner.de/en/contact/contact.html
Website: www.scheja-partner.de/en/index.html
3. Subject matter of data protection
The subject matter of data protection is personal data, i.e., any information relating to an identified or identifiable natural person (“data subject”). This includes data such as name, postal address, e-mail address or phone number.
If you have any questions regarding the processing of your personal data, you may contact us free of charge. Please use our contact details stated above.
4. Your data subject rights
You have the following rights regarding the processing of your personal data:
4.1 Right to access
You have the right to obtain confirmation from us as to whether or not we process any personal data concerning you. If this is the case, you have the right to obtain access to your personal data and further information regarding the processing.
4.2 Right to rectification
You have the right to obtain the rectification of your inaccurate personal data and to have incomplete personal data completed.
4.3 Right to erasure (“right to be forgotten”)
Under certain circumstances, you have the right to obtain erasure of your personal data. This right exists, for example, when the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if the personal data were processed unlawfully.
4.4 Restriction of processing
Under certain circumstances, you have the right to request restriction of the processing of your personal data. In this case, we only store the personal data for which you gave your consent or for which the GDPR allows processing. For example, you may have a right to restrict processing if you contested the accuracy of your personal data.
4.5 Data portability
If you provided us with personal data on the basis of a contract or consent, you may request to receive the personal data provided by you in a structured, commonly used and machine-readable format or to transmit these data to another controller responsible for the processing – provided that the legal requirements are met.
4.6 Withdrawal of consent
If you gave your consent to the processing of your personal data, you may withdraw this consent at any time with effect for the future. This does not affect the lawfulness of processing of your personal data before the withdrawal.
4.7 Right to object
Right to object on a case-by-case basis: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)(f) GDPR (data processing on grounds of a balancing of interests). If you lodge an objection, we no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to object to data processing for direct marketing purposes: You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you object to processing, your personal data are no longer processed for these purposes.
4.8 Right to lodge a complaint with the supervisory authority
Moreover, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data infringes applicable law. For this, you may approach the data protection authority that is responsible for your habitual residence, place of work or the place of the alleged infringement or the data protection authority that is responsible for us. The competent supervisory authority is that of the federal state in which you live, work or an alleged infringement took place that is the subject matter of the complaint.
If you have any questions regarding the assertion of your above-mentioned data subject rights, you may contact us free of charge. Please use our contact details stated above.
5. Amendment of this privacy policy
We reserve the right to amend and revise this privacy policy from time to time. Please refer to the current version of our privacy policy.
Last update of the privacy policy: 08.03.2022.
Website use
When using the offers of the HRK MODUS project – enhancing student mobility across educational boundaries through recognition, the general data protection information applies.
1. Details on services, cookies, etc.
1.1 Own services
To the “Own services” table (in German, pdf)
1.2 Integration of third-party services including cookies and comparable technologies
We integrate third-party services in order to enable you to use their functions, services and features. These integrated third-party services are designed and provided by the respective providers. Therefore, we have only limited influence on the design, content and function of these third-party services or the processing of personal data by their providers. Please obtain information directly from the providers of the integrated services.
We use cookies and comparable technologies on our website in order to offer a comprehensive range of functions, to make use more convenient and to be able to optimise our offers. Cookies are small text files that are generated by a web server and stored on your computer during the online visit by means of the web browser used.
On the one hand, we use “session cookies” for this purpose. These are erased automatically once your browser session has ended.
On the other hand, we also use long-term cookies, which are primarily used to provide you, a visitor to our website, with permanently recurring settings. This allows us to adapt our website individually to your wishes. Long-term cookies also allow us to analyse the usage behaviour of visitors, but only within the scope of the cookie's validity period.
Moreover, in connection with the integration of certain third-party services, further cookies may be set by their providers (“third-party cookies”).
If you do not want any cookies to be used, you may prevent cookies from being stored on your device by making the appropriate settings in your internet browser or by making these settings individually in the Cookie Center. Please note that this might restrict the functionality and scope of functions of our offer. Furthermore, we only set certain cookies if you previously consented to this (see below). You can also make use of separate objection options for certain cookies (see below). Please refer to the information in the table below for detailed information on the type, scope, purposes, legal bases and options to object to data processing in connection with these cookies.
To the “Third-party services” table (in German, pdf)
1.3 Links
Our website contains “hyperlinks” to websites of other providers. If you follow these links by clicking on them, you are redirected from our website directly to the website of another provider. You can recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your personal data on the part of these providers as we have no influence on this.
Participation in face-to-face events
When using the offers of the HRK MODUS project – enhancing student mobility across educational boundaries through recognition, the general data protection information applies. When you register for a face-to-face event via our website, you find the data protection information on the online registration process in the special information on data protection on our website. The information presented below relates to the processing of data during the planning, implementation and follow-up of face-to-face events organised by us.
1. Scope of processing of personal data
In the context of your participation in events, we process your contact details in the form of your form of address, name, institution, your function there and your e-mail address as well as usually your title, department, postal address and any favoured parallel forums/lectures, suggested topics for the event.
Moreover, in the case of personal participation in the event, we process photo, video and/or audio material on which you are determinable/identifiable by use of photo, video and/or sound technology, provided that you gave your consent to the creation of photo, video and audio material. The photo, video and/or audio material might include special categories of personal data pursuant to Art. 9 GDPR (e.g., information on my health status such as wearing a hearing aid).
Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership as well as biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
2. Purposes and legal bases
2.1 Data processing for the purpose of performing a contract (event participation)
We process your personal data in order to prepare, implement and follow up your participation in an event organised by us (business relationship). The purposes include in particular the following:
- Organising event participation
- Creating conformations of participation (upon request)
- Printing the programme in which you are listed with your name, function and institution
Data processing takes place on the basis of Art. 6(1)(b) GDPR.
Your personal data that might fall within the special categories of personal data within the meaning of Art. 9(1) GDPR are processed on the basis of Art. 9(2) GDPR, i.e., only if a statutory legitimation exists for the intended processing.
We erase the data when they are no longer required for the purposes pursued by us, i.e., preparing and implementing the business relationship, and no other legal bases apply, in particular statutory or contractual retention periods.
2.2 Consent
Under some circumstances, we also process your personal data on the basis of a declaration of consent submitted by you.
This is done in cases in which you agreed to the processing of photo, video and audio material in the course of the event. The purpose pursued by processing follows from the content of the respective declaration of consent; usually, the created photo, video and audio material is used for a positive public image of the HRK and its events.
Moreover, name badges stating your name and institution will be produced on the basis of your consent and handed out on the day of the event so that they can be worn visibly, thus making it easier to contact and address participants. Of course, wearing these badges is voluntary. If this is not wanted, the badges will be destroyed in compliance with data protection regulations.
Data processing takes place on the basis of Art. 6(1)(a) GDPR.
You may withdraw your consent at any time. Please note, however, that this withdrawal only takes effect for the future, i.e., the lawfulness of data processing based on your consent before its withdrawal is not affected.
We erase the data when they are no longer required for the purposes pursued by us, the retention period stated in the consent has elapsed or you withdrew your consent and no other legal basis exists. If the latter is the case, we erase the data once the other legal basis ceases to apply.
2.3 Processing for the purpose of safeguarding legitimate interests
If you have not given your consent, we also process your personal data in order to safeguard our legitimate interests, however, only if we assume – after balancing our interests in executing the processing against your possibly conflicting interests, fundamental rights and freedoms – that our interests override.
This is the case when we approach you for promotional purposes (e.g., supply you with information on further events organised by us) and you have not objected to this form of direct approach. Here, our legitimate interests are promoting and organising events and providing the respective information.
This is also the case when we provide you with evaluation forms after events (possibly also via a service provider) and ask for your feedback. Here, our legitimate interests are evaluating and optimising our processes and events.
We erase the data when they are no longer required for the purposes pursued by us and no other legal basis applies in particular if you objected to being approached by us.
2.4 Fulfilment of legal obligations
We also process personal data to comply with legal obligations that we are subject to. Obligations may arise, for example, from commercial law, tax law, the Money Laundering Act, financial law or criminal law. In addition, such obligations may also arise from statutory regulations under administrative law, for example, on the prevention and control of infectious diseases. The purposes of processing result from the respective legal obligation; generally, processing serves the purpose of fulfilling governmental control and disclosure obligations.
In the context of Covid-19, we process your first and last name, address, date and period of your attendance and, if available, your telephone number, if necessary, also for the purpose of providing information to the public health department or the local police authority in accordance with Sections 16, 25 IfSG (German Infection Protection Act), to which we transmit the data upon request insofar as this is necessary to trace potential infection routes in connection with Covid-19.
Data processing takes place on the basis of Article 6(1)(c) GDPR. When we collect data due to a legal obligation, you are obliged to provide those personal data required to fulfil the legal obligation. If you do not provide these data, we might not be able to comply with your request.
We erase the data after the legal obligation ceases to apply, provided no other legal basis applies. If the latter is the case, we erase the data once the other legal basis ceases to apply.
3. Third-party data collection
We mainly process the personal data directly submitted by you. In some constellations, we also obtain your personal data from third parties, i.e., co-organisers of the event and/or third parties creating photo, video and audio material for us (e.g., freelance photographers or photo agencies). If necessary, we will inform you separately in more detail.
4. Obligation to provide data
Within the scope of our business relationship, you are obliged to provide those personal data required in order to prepare and implement your requested participation in an event organised by us and to fulfil the associated contractual or legal obligations or the processing of which is required by law. Without these data, participating in the event might not be possible. The other data that we process on the basis of your declaration of consent are, of course, no mandatory data.
5. Transfer of personal data to third parties
We only transfer your personal data to external recipients if a legal justification exists or if you gave your consent to that. External recipients may be the following:
- Processors: Service providers whom we use to render event planning services. These processors are selected carefully and reviewed regularly to ensure that your personal data are in good hands. The service providers may process your personal data exclusively for the purposes that we specified.
- Public bodies: Public authorities and institutions such as public prosecutor’s offices, courts or fiscal authorities to which we might be obliged to transfer personal data in individual cases.
- Private bodies: Private bodies to which we transfer your personal data on the basis of a legal provision, contract or your consent, for example, other event participants, recipients of any audio, photo and video material and co-organisers.
6. Transfer to third countries
Your personal data are not transferred to third countries.
Participation in online events using Webex
When using the offers of the HRK MODUS project – enhancing student mobility across educational boundaries through recognition, the general data protection information applies.
1. Collection of personal data within the scope of an online event using Webex
We enable participation in virtual events using the Webex video conference system. For technical details of the provider, please visit their website:
(www.webex.com/).
Within the scope of your virtual participation in our event using the Webex video conference system, the following data are generally the subject-matter of processing:
- User data: display name, e-mail address, if any, profile picture (optional), preferred language
- Meeting meta data: date, time, meeting ID, telephone number, location
- Text, audio and video data: You may have the option to use the chat function in an online meeting. In this respect, your text entries are processed to display them in the online meeting. In order to allow for the display of videos and playing of audios, the data of your terminal’s microphone and video camera, if any, are processed correspondingly during the course of the meeting. You may switch off the camera or mute the microphone at any time.
- Recordings of the event: if you explicitly gave your consent.
For participating in an online meeting and entering the meeting room, you are at least required to provide your display name. Otherwise, participation is unfortunately not possible.
2. Purposes and legal bases of the processing of your personal data
2.1 Data processing for the purpose of performing a contract (event participation)
We process personal data whenever this is necessary to prepare and execute the virtual participation in the above-named event using the Webex video conference system. The purpose of processing is to organise and execute your participation. Data processing takes place on the basis of Article 6(1)(b) GDPR.
2.2 Consent
Under some circumstances, we also process your personal data on the basis of a declaration of consent submitted by you, i.e., in cases in which you agreed to recordings being made in the course of the virtual Webex event. The purpose pursued by processing follows from the content of the respective declaration of consent; usually, the created recordings are used for a positive public image of the project and its events as well as for respective documentations.
Data processing takes place on the basis of Art. 6(1)(a) GDPR.
You may withdraw your consent at any time. Please note, however, that this withdrawal only takes effect for the future, i.e., the lawfulness of data processing based on your consent before its withdrawal is not affected.
2.3 Processing for the purpose of safeguarding legitimate interests
If you have not given your consent, we also process your personal data in order to safeguard our legitimate interests, however, only if we assume – after balancing our interests in executing the processing against your possibly conflicting interests, fundamental rights and freedoms – that our interests override.
This is the case when we approach you for promotional purposes (e.g., supply you with information on further project events) and you have not objected to this form of direct approach. Here, our legitimate interests are promoting and organising events and providing the respective information.
This is also the case when we provide you with evaluation forms after events (possibly also via a service provider) and ask for your feedback. Here, our legitimate interests are evaluating and optimising our processes and events.
We erase the data when they are no longer required for the purposes pursued by us and no other legal basis applies, in particular, if you objected to being approached by us.
3. Transfer of personal data to third parties
Within the HRK, only those persons have access to your personal data who require it for the purposes stated in section 2.
We only pass on your personal data to external recipients if this is necessary for the process, if any other legal permission exists or if you gave us your consent.
External recipients can be public authorities and institutions such as public prosecutor’s offices, courts or fiscal authorities to which we are obliged to transfer personal data for compelling legal reasons. In the context of video conferences, external recipients also include the other participants of the respective video conference.
Moreover, external recipients can be processors such as the Webex provider, i. e., Cisco Systems Inc. Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany. Processors are selected carefully and reviewed regularly to ensure that your privacy is maintained. The service providers may use the data exclusively for the purposes that we specified.
4. Transfer to third countries
Within the scope of this data processing, your personal data are transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state that is a party to the Agreement on the European Economic Area. Prior to such transfer we ensure that, apart from legally permitted exceptions, either the recipient provides for an adequate level of data privacy (e.g., on the basis of an adequacy decision by the European Commission, appropriate safeguards such as the agreement of standard data protection clauses of the European Commission with the recipient) or you gave your explicit consent.
Such transfer to third countries takes place, for example, for the execution of your virtual participation using the Webex video conference system. In the course of this, we may also transfer data to Cisco Systems Inc., 300 East Tasman Dr. San Jose, CA 95134, USA (standard data protection clauses pursuant to Art. 46(2) GDPR).
We can provide you with an overview of the recipients in third countries and a copy of the concretely agreed regulations to ensure the adequate level of data privacy. Please use the contact options provided on the above-mentioned website.
5. Period of storage of personal data
We store personal data only as long as this is necessary to fulfil the purposes. In the case of a withdrawal/objection, we erase your personal data unless their processing is allowed pursuant to the relevant legal provisions. We also erase your personal data if we are legally obliged to do so.
Any recordings (see subsection 2.2.) are erased unless otherwise agreed individually with you.