STATEMENTS FROM THE WEST COAST UNIVERSITY OF APPLIED SCIENCES CONCERNING DATA PRIVACY
1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Tel.: +49 (0) 481 8555-0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data Protection Officer
Mandatory Data Protection Officer
We have appointed a Data Protection Officer for our organisation.
Tel: +49 (0) 431 301 400 600
Fax: +49 (0) 431 301 400 609
4. Data collection on our website
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
HIS eG: Processing of log data (access data)
When using the website, the access to pages, whether the access was successful, the time, the volume of data transferred and the IP address of the requesting computer to detect errors. The collection of log data is not done by the university itself but by HIS eG in the context of outsourced server operation. The processing in this regard by HIS eG has its legal basis in the order processing agreement existing between the university and HIS eG. The processing takes place only internally and on the basis of Art. 6 para. 1 f) EU-GDPR, whereby the legitimate interest lies in the error detection. The saved log data will be deleted automatically after 7 calendar days.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
5. Social media
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
Individual social networks
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
You can customise your advertising settings independently in your user account. Click on the following link and log in:https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.
You can customise your Twitter privacy settings in your user account. Click on the following link and log in:https://twitter.com/personalization.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
6. Analytics and advertising
Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.
In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.
A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by easily deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.
The storage of „Conversion“ cookies and the use of this tracking tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.
To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.
If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.
7. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Userlike with extended data privacy mode
We use Userlike (hereinafter called “Userlike”) to process user inquiries via our support channels or live chat systems. The provider is Userlike UG (a limited liability company), Probsteigasse 44 – 46, 50670 Cologne, Germany.
Messages you send to us may be stored in the Userlike ticket system or answered by our staff in live chat. When you communicate with us through Userlike, we and Userlike store, among other things, your name and email address, if you have provided them, and your chat history. This data is summarized in a profile.
Messages that are addressed to us remain in our possession until you ask us to delete them or the reason for the data storage is no longer effective (e.g., after your inquiry has been processed). This shall be without prejudice to any statutory provisions – especially statutory mandatory retention obligations.
Userlike is deployed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in marketing activities that are as effective as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information please consult the Userlike data protection declaration: https://www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
8. Application procedure for international exchange programmes including scholarships
- The MoveON mobility programme is used for:
- The administration of contracts with partner universities as well as the contact details of the contact partners
- The digital conclusion of contracts with ERASMUS partner universities
- The administration of digital ERASMUS+ Learning Agreements
- The provision of exchange-relevant information for students and staff as well as prospective students
- The application procedure for places at partner universities (see below)
- The forwarding of information that is relevant to scholarships or residency to applicants that have already been selected
- The administration of student of staff mobility to partner universities
- The application procedure, administration and reporting to the ERASMUS+ scholarship programme (see below)
- The application procedure, administration and reporting for international students at the West Coast University of Applied Sciences (incoming application, see below)
The data is entered by the applicants themselves after registration and the creation of an alphanumeric password with special characters and, in the case of a successful application, supplemented with programme-relevant information. The data of the partner universities is provided by the contact partners of the universities themselves and entered into the system by the International Office.
When using the online application forms, the user enters an email address and their first and last names. The other data depends on the programme that the user is applying to and is laid out in the following sections. Names, contact details and information necessary for programme implementation are also processed in the context of scholarship administration. The processing is not carried out by the West Coast UAS itself, but rather by QS Unisolution GmbH. The processing has its legal basis in the contract processing agreement between the university and QS Unisolution GmbH. The server is located in Germany.
Places at partner universities
Students who wish to apply for a place at a partner university enter the following information into MoveON to apply for a place at a partner university:
- Name, personally created password, date of birth, gender, nationality/s
- Address data as well as telephone numbers and e-mail addresses
- Value judgements, e.g. certificates, proof of language skills
- Study-related information (e.g. matriculation number, current semester of study, current degree programme, does the applicant need the stay for recognition of compulsory semester abroad)
- Information about the desired stay: priorities, desired partner university, desired date, Learning Agreements
- Selection-relevant information: language skills, letter of motivation, certificates, e.g. for honorary positions
- Up to two emergency contacts and the existence of powers of attorney can be given
After a successful application, the key data of the planned stay, the name and the degree programme of the applicant are passed on internally to the degree programmes (management/coordination) and the head of the language department for the planning of the capacities in the semester concerned.
Externally, names, nationality/s and contact details, information relevant to the studies and residence are forwarded to the target partner university as part of the nomination process. Depending on how the target university is organised, this is done by either e-mail or entry into a nomination portal.
The collection of the data is for the purpose of carrying out the application process for places at partner universities. The personal information is deleted by the administrators 5 years after the student’s exmatriculation. Until then, it must be kept is case of appeal proceedings in recognition processes. For ERASMUS+ funded stays, the retention period mentioned in the ERASMUS+ section applies.
Incoming application forms
Students from other (partner) universities who would like to apply for an exchange place at the West Coast University of Applied Sciences enter the following information into MoveON for the application:
- Name, personally created password, date of birth, place and country of birth, gender, nationality/s
- Identity documents (passport, identity card) including validity period and photo
- Address data as well as telephone numbers and e-mail addresses
- Study-related information (e.g. home institution, current semester, current degree programme, current study level)
- Desired stay/dates/level of study
- Native language/language qualification data in German/English including certification
- Value judgements, information relevant to the selection and admission: curriculum vitae, school-leaving certificates, university entrance examination, university entrance qualification, university certificates, overview of achievements, Learning Agreement/subject list, ASP (document for Chinese or Vietnamese applicants)
- Up to two emergency contacts may be given
- Voluntary information on the student’s current health condition
The admission-relevant information and certificates are checked by the International Office. The key data of the planned stay, the nationality, the name, the e-mail address as well as the degree programme and the course selection of the candidate are passed on internally to the degree programmes (management/coordination) and the head of the language department for the planning of the capacities in the semester concerned as well as for assistance in creating a timetable after the International Office have finished their checks.
The contact data as well as information on the student’s health condition will be passed on to the relevant service offices for support purposes after the student has given his/her consent. The consent to pass on the data may be revoked at any time.
Registration form for free-movers
West Coast UAS students who are spending a semester abroad at a non-partner university. Students enter the following data:
- Name, self-selected password, date of birth, gender
- Telephone number and e-mail address
- Study-related information (e.g. current semester, current degree programme, current level of study)
- Dates of the planned stay abroad
- Contact person in case of emergency
The data remain in the International Office and are only used to contact the student or the host institution in emergencies or crisis situations.
This applies to students and employees who are applying for ERASMUS+ funding.
The purpose of processing the data of applicants or scholarship holders is
- The administration of the programme and the determination of funding levels
- Language preparation (online assessment, online courses)
- The assurance of the qualitative framework conditions
- The automatic sending of links as well as reminder e-mails for receipts and/or reports after the funded residency
- The reporting to the DAAD as well as the European Commission as the funding body (EU programme)
The following programmes and portals are used:
- MoveON (see above)
- Mobility Tool+ and Beneficiary Module (specified by the EU Commission)
- Online Linguistic Support System (specified by the EU Commission)
Data collected for the ‘Employee’ target group:
- Name, contact data, duration of previous employment
- Purpose, institution, time, duration and country of the stay
- Working/teaching language on site
- The host institution and the contact partner as well as the contact details of the contact partner on site
- Assessment of the residency and the supervision
- Amount of funding and basis for assessment (disabilities/children/chronic diseases)
- In the case of a guest lecturer position: the main subject area, the teaching module, the level of study of the guest lecturer, number of teaching units, number of students reached
Data collected for the ‘Student’ target group:
- Name, personally created password, date of birth, gender, nationality/s, native language
- Address data as well as telephone numbers and e-mail addresses
- Study-related information (e.g. the matriculation number, current semester of study, current course of study, level of study)
- Residence-related characteristics: purpose of stay, time, duration, country, host institution/company, grades, compulsory stay or voluntary stay such as a graduate internship, internship/study content, if applicable whether the internship promotes digital skills
- Characteristics for special funding lines (voluntary information on travel dates, means of transport, fewer opportunities: voluntary information on chronic diseases, disabilities, children, information on academic background of parents, jobs)
- Selection-relevant information: internship allowance, previous participation in the ERASMUS+ programme with mention of the funding period
- In the case of a grant: address, bank details, responsible tax office, insurance carrier and number, grant amount, assessment basis (fewer opportunities/green travel) within the framework of a grant agreement between the West Coast UAS and the recipient
- Documentation required to prove the correct use of the funds and compliance with the quality requirements: internship certificate/grading system, experience reports, language test before and after the stay, number of ECTS planned, taken and recognised
The above-mentioned data must be made available to the EU Commission as well as to the DAAD, as the West Coast UAS administers the budget made available to it on behalf of both institutions within the framework of participation in the ERASMUS+ programme. Within the framework of the programme participation, it is stipulated that the above-mentioned be kept for 5 years after the receipt of the feedback letter on the final report of the respective project. Currently, this means that the data must be kept for a period of 7 years for the above-mentioned people. After this period, the personal information will be deleted by the administrators/the International Office.