Data Privacy Policy

STATEMENTS FROM THE WEST COAST UNIVERSITY OF APPLIED SCIENCES CONCERNING DATA PRIVACY

The website, www.fh-westkueste.de, is operated by the West Coast University of Applied Sciences. The protection of personal data is very important for the West Coast University of Applied Sciences. Your personal information is collected following the principles of data economy and only used and passed on for specific purposes. This Data Privacy Policy lays out the purposes for which your data is collected, who is using it and how it is protected.

1. An overview of data protection

General
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website
The party responsible for processing data on this website is:

Fachhochschule Westküste
Fritz-Thiedemann-Ring 20
25746 Heide
Tel.: +49 (0) 481 8555-0
praesidium(at)fh-westkueste.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data Protection Officer

Mandatory Data Protection Officer
We have appointed a Data Protection Officer for our organisation.

dsgvoNORD GmbH
Eichkamp 24d
24116 Kiel
Tel: +49 (0) 431 301 400 600
Fax:  +49 (0) 431 301 400 609

dsb(at)dsgvo-nord.de
www.dsgvo-nord.de

4. Data collection on our website

Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

HIS eG: Processing of log data (access data)
When using the website, the access to pages, whether the access was successful, the time, the volume of data transferred and the IP address of the requesting computer to detect errors. The collection of log data is not done by the university itself but by HIS eG in the context of outsourced server operation. The processing in this regard by HIS eG has its legal basis in the order processing agreement existing between the university and HIS eG. The processing takes place only internally and on the basis of Art. 6 para. 1 f) EU-GDPR, whereby the legitimate interest lies in the error detection. The saved log data will be deleted automatically after 7 calendar days.

Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

5. Social media

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

You can customise your advertising settings independently in your user account. Click on the following link and log in:https://www.facebook.com/settings?tab=ads.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.

You can customise your Twitter privacy settings in your user account. Click on the following link and log in:https://twitter.com/personalization.

For details, see the Twitter Privacy Policy: https://twitter.com/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

6. Analytics and advertising

Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.

A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by easily deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.

The storage of „Conversion“ cookies and the use of this tracking tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.

To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.

You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.

Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.

If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.

7. Plugins and tools

YouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

8. Application procedure for international exchange programmes including scholarships

MoveON

  • The MoveON mobility programme is used for:
  • The administration of contracts with partner universities as well as the contact details of the contact partners
  • The digital conclusion of contracts with ERASMUS partner universities
  • The administration of digital ERASMUS+ Learning Agreements
  • The provision of exchange-relevant information for students and staff as well as prospective students
  • The application procedure for places at partner universities (see below)
  • The forwarding of information that is relevant to scholarships or residency to applicants that have already been selected
  • The administration of student of staff mobility to partner universities
  • The application procedure, administration and reporting to the ERASMUS+ scholarship programme (see below)
  • The application procedure, administration and reporting for international students at the West Coast University of Applied Sciences (incoming application, see below)

The data is entered by the applicants themselves after registration and the creation of an alphanumeric password with special characters and, in the case of a successful application, supplemented with programme-relevant information. The data of the partner universities is provided by the contact partners of the universities themselves and entered into the system by the International Office.
When using the online application forms, the user enters an email address and their first and last names. The other data depends on the programme that the user is applying to and is laid out in the following sections. Names, contact details and information necessary for programme implementation are also processed in the context of scholarship administration. The processing is not carried out by the West Coast UAS itself, but rather by QS Unisolution GmbH. The processing has its legal basis in the contract processing agreement between the university and QS Unisolution GmbH. The server is located in Germany.

Places at partner universities
Students who wish to apply for a place at a partner university enter the following information into MoveON to apply for a place at a partner university:

  • Name, personally created password, date of birth, gender, nationality/s
  • Address data as well as telephone numbers and e-mail addresses
  • Value judgements, e.g. certificates, proof of language skills
  • Study-related information (e.g. matriculation number, current semester of study, current degree programme, does the applicant need the stay for recognition of compulsory semester abroad)
  • Information about the desired stay: priorities, desired partner university, desired date, Learning Agreements
  • Selection-relevant information: language skills, letter of motivation, certificates, e.g. for honorary positions
  • Up to two emergency contacts and the existence of powers of attorney can be given

After a successful application, the key data of the planned stay, the name and the degree programme of the applicant are passed on internally to the degree programmes (management/coordination) and the head of the language department for the planning of the capacities in the semester concerned.
Externally, names, nationality/s and contact details, information relevant to the studies and residence are forwarded to the target partner university as part of the nomination process. Depending on how the target university is organised, this is done by either e-mail or entry into a nomination portal.
The collection of the data is for the purpose of carrying out the application process for places at partner universities. The personal information is deleted by the administrators 5 years after the student’s exmatriculation. Until then, it must be kept is case of appeal proceedings in recognition processes. For ERASMUS+ funded stays, the retention period mentioned in the ERASMUS+ section applies.

Incoming application forms
Students from other (partner) universities who would like to apply for an exchange place at the West Coast University of Applied Sciences enter the following information into MoveON for the application:

  • Name, personally created password, date of birth, place and country of birth, gender, nationality/s
  • Identity documents (passport, identity card) including validity period and photo
  • Address data as well as telephone numbers and e-mail addresses
  • Study-related information (e.g. home institution, current semester, current degree programme, current study level)
  • Desired stay/dates/level of study
  • Native language/language qualification data in German/English including certification
  • Value judgements, information relevant to the selection and admission: curriculum vitae, school-leaving certificates, university entrance examination, university entrance qualification, university certificates, overview of achievements, Learning Agreement/subject list, ASP (document for Chinese or Vietnamese applicants)
  • Up to two emergency contacts may be given
  • Voluntary information on the student’s current health condition

The admission-relevant information and certificates are checked by the International Office. The key data of the planned stay, the nationality, the name, the e-mail address as well as the degree programme and the course selection of the candidate are passed on internally to the degree programmes (management/coordination) and the head of the language department for the planning of the capacities in the semester concerned as well as for assistance in creating a timetable after the International Office have finished their checks.
The contact data as well as information on the student’s health condition will be passed on to the relevant service offices for support purposes after the student has given his/her consent. The consent to pass on the data may be revoked at any time.

ERASMUS+
This applies to students and employees who are applying for ERASMUS+ funding.
 
The purpose of processing the data of applicants or scholarship holders is

  • The administration of the programme and the determination of funding levels
  • Language preparation (online assessment, online courses)
  • The assurance of the qualitative framework conditions
  • The automatic sending of links as well as reminder e-mails for receipts and/or reports after the funded residency
  • The reporting to the DAAD as well as the European Commission as the funding body (EU programme)

The following programmes and portals are used:

  • MoveON (see above)
  • Mobility Tool+ (specified by the EU Commission)
  • Online Linguistic Support System (specified by the EU Commission)

Data collected for the ‘Employee’ target group:

  • Name, contact data, duration of previous employment
  • Purpose, institution, time, duration and country of the stay
  • Working/teaching language on site
  • The host institution and the contact partner as well as the contact details of the contact partner on site
  • Assessment of the residency and the supervision
  • Amount of funding and basis for assessment (special needs: disabilities/children)
  • In the case of a guest lecturer position: the main subject area, the teaching module, the level of study of the guest lecturer, number of teaching units, number of students reached

Data collected for the ‘Student’ target group:

  • Name, personally created password, date of birth, gender, nationality/s, native language
  • Address data as well as telephone numbers and e-mail addresses
  • Study-related information (e.g. the matriculation number, current semester of study, current course of study, level of study)
  • Residence-related characteristics: purpose of stay, time, duration, country, host institution/company, grades, compulsory stay or voluntary stay such as a graduate internship, internship/study content, if applicable whether the internship promotes digital skills
  • Characteristics for special funding lines (voluntary information on travel dates, special needs, illnesses)
  • Selection-relevant information: internship allowance, previous participation in the ERASMUS+ programme with mention of the funding period
  • In the case of a grant: address, bank details, responsible tax office, insurance carrier and number, grant amount, assessment basis (special needs: disabilities/children) within the framework of a grant agreement between the West Coast UAS and the recipient
  • Documentation required to prove the correct use of the funds and compliance with the quality requirements: internship certificate/grading system, experience reports, language test before and after the stay, number of ECTS planned, taken and recognised

The above-mentioned data must be made available to the EU Commission as well as to the DAAD, as the West Coast UAS administers the budget made available to it on behalf of both institutions within the framework of participation in the ERASMUS+ programme. Within the framework of the programme participation, it is stipulated that the above-mentioned be kept for 5 years after the receipt of the feedback letter on the final report of the respective project. Currently, this means that the data must be kept for a period of 7 years for the above-mentioned people. After this period, the personal information will be deleted by the administrators/the International Office.