Thank you for visiting our website and for your interest in our university and our study programs, courses, and services. Protecting your personal data is a top priority for us. The Ravensburg-Weingarten University of Applied Sciences (hereinafter "RWU", "we" or "us") attaches great importance to the security of users' data and compliance with data protection regulations.
The technical terms used in this Data Protection Declaration are to be understood as they are legally defined in Article 4 of the GDPR.
Principles for the Collection and Processing of Personal Data
It is possible to visit our website without providing any personal data. The use of specific services on the university website, may however, require the processing of personal data. If the processing of personal data is necessary and requires legal consent, we will obtain the consent of those whose data is being processed.
The Processing of Personal Data
Automated Data Processing
You can visit our site without actively providing any personal information. However, we automatically store access data (server log files) each time you visit our website. This data includes for example, the name of your internet service provider, the operating system used, the website which directed you to us, the date and duration of the visit, and the data you accessed on our website while visiting. For security reasons (e.g. detecting denial-of-service attacks) we also store the IP addresses of computers which access our website for a period of 7 days. These data are evaluated exclusively for the improvement of our services and cannot be traced back to you personally. The information collected is not aggregated with any other data sources. The legal basis for the processing of these data is Article 6, Paragraph 1, Point e) in conjunction with Article 6, Paragraph 3, Point b) of the GDPR as well as § 4 of the Landesdatenschutzgesetz (LDSG) Baden-Württemberg (the version effective as of June 21st, 2018), in addition to § 2 of the Landeshochschulgesetz (LHG) Baden-Württemberg.
We process and use the data for the following purposes:
1. Provision of the RWU website,
2. Improvement of our websites
3. Prevention and detection of errors, malfunctions, and misuse of the websites.
Data processing of this kind is either carried out to fulfill the RWU website user agreement or to further the public interest in ensuring the functionality and error-free operation of the RWU as well as to adapt this website to the requirements of the users.
The Use of Google Services
We have created a number of resources (e.g. fan pages) on various social media platforms that provide information about RWU and give us the opportunity to communicate with you. We have no influence on how your personal data is processed by these platforms and only the respective operator of the platform has full knowledge of the content of the data transmitted and how it is used. Cookies are typically stored in your browser when you visit a social media platform.
You may be affected by this data collection even if you are not yourself registered on the respective platform. It is beyond our knowledge whether the data is transferred outside the European Economic Area.
If we process your personal data on a social media platform, it is done in accordance with Article 6, Paragraph 1, Point e) and Article 6, Paragraph 3, Point b) of the GDPR in conjunction with § 4 of the LDSG and § 2 of the LHG. It is in the interest of all RWU stakeholders that we be able to present RWU to the outside world in a variety of ways, as well as avail ourselves of the most effective communication channels with which to reach the visitors of our website. Article 6, Paragraph 1, Point a) of the GDPR may also be the legal basis for the processing of your data if you have given your consent to the social media platform operator. You can obtain detailed information about how the various platform operators process personal data as well as your right to object, your right to obtain that data, and more specific information about the respective platforms by referring to the following platform operators' privacy policies:
Operator: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Cookie information: https://www.facebook.com/policies/cookies/
Specific information about Facebook fan pages: When you visit our Facebook fan page, Facebook processes your personal data (Facebook Insights). This data is transmitted to us anonymously by Facebook as part of Facebook Insights. This anonymized data is statistical data about our fan page subscribers. In addition, Facebook provides us with your profile data when you interact with us or our page, for example by liking or commenting on posts, writing to us via Facebook, or following our page.
Operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Cookie information: https://policies.google.com/technologies/ads
Specific information about YouTube accounts or channels: When you watch our YouTube videos, YouTube processes your personal data. This data is transmitted to us anonymously by YouTube as part of YouTube STUDIO. This anonymized data is statistical data about the subscribers to our channel.
Operator: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Cookie information: https://help.instagram.com/1896641480634370?ref=ig
Specific information about Instagram profiles: When you visit our Instagram company page, Instagram processes your personal data. This data is transmitted to us anonymously by Instagram as part of Instagram Insights. This anonymized data is statistical data about our profile subscribers. In addition, we receive your username from Instagram when you interact with us or our site, for example, by liking or commenting on posts or following our site.
If you send us inquiries or information by email, your data (email address, content of your email, subject line of your email and date/time) including the contact data you provide in the email (first name, last name, possibly telephone number or address if you share those with us) will be stored by us for the purpose of processing the inquiry and in case we need to contact you for follow-up questions. We do not pass this data on to third parties without your consent. Our collection and processing of this data adheres to Article 6, Paragraph 1, Point a) of the GDPR. Users should be advised that emails can be intercepted, read, or altered by unauthorized third parties during transmission. RWU uses software to filter out unwanted emails (spam filter). The spam filter can on occasion also reject non-spam emails if they have been incorrectly identified as spam based upon certain parameters. The data you send via email will remain with us until you ask us to delete it, revoke your consent for us to store it, or the original purpose for storing the data is no longer applicable (e.g. after we have finished processing your inquiry). Note that other existing laws - in particular mandatory data retention periods - may have precedence.
Online Application Portal
Transmission of Data
Internal Data Transmission
The RWU is a state university located in Weingarten, Germany. We transfer your data internally to the administration and HR departments in order to fulfill our contractual and legal obligations. The transfer or disclosure of your data will only take place to the extent necessary for these purposes and in compliance with relevant data protection regulations.
Interuniversity Data Transmission
The data you provide us may be shared with partner universities for administrative purposes. This exchange of data occurs either to promote the public interest, to fulfill a contract, or to fulfill the terms and conditions for using the university websites. Should the processing of your data take place outside the European Economic Area (EEA), this will be done in compliance with all applicable data protection laws and in accordance with Article 44 of the GDPR.
Transmission to Other Recipients
Please note that providing personal data is sometimes required by law or may also be done to adhere to the terms of a contract (e.g. information pertaining to a contractual partner). If the processing of your data takes place outside the EEA, this transfer will take place in compliance with all applicable data protection laws and especially in accordance with Article 44 of the GDPR.
Transmission Outside the European Economic Area
We transfer your data to countries outside the EEA. This takes place for the purposes mentioned above (interuniversity transmission as well as transfer to other third parties). These transfers only take place in order to fulfill our contractual and legal obligations or based upon your consent. Furthermore, the transmission of data takes place in compliance with all applicable data protection laws, especially Article 44 of the GDPR. Adequacy decisions by the European Commission in particular, as well as safeguards (e.g. standard data protection clauses, etc.) are also taken into account.
Automated Decision Making & Profiling
We do not use automated decision-making processes or profiling.
As a general principle, we store your data only as long as is necessary to provide our services or fulfill our duties, or for the period of time stipulated by European law or other applicable legislation. Unless otherwise required by law, we will delete your personal data once the purpose for collecting it has been fulfilled. Examples of data held longer to comply with regulations include documents such as contracts and invoices, which must be held for a certain period of time to comply with tax and commerce guidelines.
RWU employs technical and organizational security measures to protect the data we process and store against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improving to reflect the latest technological developments. For example, this site uses SSL encryption (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can confirm that an individual page on our website is being transmitted in encrypted form if you see the browser address bar change from "http://" to "https://" and a lock symbol appears in the address bar. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. We would like advise you that many forms of online data transmission (e.g. when communicating by email) do have security vulnerabilities. It is never possible to ensure the complete protection of data against access by unauthorized third parties.
Legal Basis for Data Processing
We rely upon Article 6, Paragraph 1, Point a) of the GDPR as the legal basis upon which we process data that has been provided to us with consent for a specific purpose.
If the processing of personal data is necessary for the execution of a contract to which the subject of said data is themselves a party, the processing is based on Article 6, Paragraph 1, Point b) of the GDPR. The same applies to all data processing which is necessary for the performance of preliminary contractual operations.
If we are subject to a legal obligation which necessitates the processing of personal data, that processing is done in compliance with Article 6, Paragraph 1, Point c) of the GDPR.
If the processing of personal data is necessary to protect that person's vital interests or those of another natural person, the processing is based on Article 6, Paragraph 1, Point d) of the GDPR.
If the processing is necessary for the performance of a duty carried out by the RWU in the public interest or in the exercise of official authority, Article 6, Paragraph 1, Point e), as well as Paragraph 3, Sentence 1, Point b) of the GDPR, in conjunction with Section 4 of the LDSG serve as the legal basis for that processing.