Data protection is an important concern for the University of Passau. We therefore attach great importance to data-efficient and user-friendly processing of personal data in connection with the fulfilment of our tasks.
This data privacy policy also applies to the processing of personal data and information within the meaning of § 25 TDDDG in the context of this website, including the services offered there.
The data controller within the meaning of the General Data Protection Regulation (GDPR) and national data protection laws of the EU member states, as well as other data protection regulations is the:
University of Passau
Innstr. 41
94032 Passau
Germany
Phone: +49 851 5090
E-mail: president@uni-passau.de
Please contact our data protection officer directly if you have any questions relating to data privacy and data security:
insidas GmbH / actago GmbH
Weidenstr. 66
94405 Landau a. D. Isar
Phone: +49 9951 99990 500
E-Mail: datenschutz@uni-passau.de
The purpose of the processing is to fulfil the public tasks assigned to us by law. Unless otherwise stated, the legal basis for the processing of your data results from Art. 4(1) Bavarian Data Protection Act (BayDSG) in conjunction with Art. 6(1)(e) GDPR. Accordingly, we are permitted to process the data required to fulfil a task incumbent upon us. Where you have consented to the processing of your data, such processing is based on Article 6(1)(a) GDPR.
If necessary, your data will be transmitted to the competent supervisory and auditing authorities to exercise the respective control rights.
Log data may be forwarded to the Landesamt für Sicherheit in der Informationstechnik (State Office for Information Security) on the basis of Art. 44 BayDiG in order to prevent threats to information security (for details, see "Logging").
Your data will be stored only as long as required for the fulfilment of responsibilities in compliance with the statutory retention periods.
If we process your personal data, you have the following rights as a data subject:
Further restrictions, modifications and, where applicable, exclusions of the aforementioned rights may result from GDPR or national legislation.
The data protection officer can provide more information on these rights.
You have the right to lodge a complaint with the Bayerischer Landesbeauftragter für den Datenschutz (Bavarian state commissioner for data protection). The contact details are:
Postal address: Postfach 22 12 19, 80502 München, Germany
Street address: Wagmüllerstr. 18, 80502 München, Germany
Phone: +49 89 212672 0
Fax: +49 (0)89 212672 50
Online complaint form: https://www.datenschutz-bayern.de/service/complaint.html
Our web server is operated by the University of Passau itself. The personal data you provide when visiting our website is primarily processed by the University of Passau itself.
When you access this or other pages, you transmit data to our web server via your web browser. The following data are recorded during an ongoing connection for communication between your web browser and our web server:
We store this data for reasons of technical security, in particular to defend against attempted attacks on our web server. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a reference to individual users.
This data is forwarded to the State Office for Information Security on the basis of Art. 44 BayDiG in order to prevent threats to information security.
By accessing this service, we offer a connection encrypted with HTTPS and Perfect Forward Secrecy, which is secured, at minimum, with the TLS 1.2 encryption protocol, so that your data are protected against unauthorised access by third parties during data transmission. We recommend that you keep your web browser up to date in order to use this option.
We use cookies to ensure the correct technical and functional provision of this information service. Cookies are small text files that are stored on the device you are using.
The legal basis for the storage of information and the processing of personal data by means of technically necessary cookies is § 25(2) TDDDG and Art. 6(1)(e) GDPR in conjunction with Art. 4 BayDSG.
Technically necessary cookies are only valid for the current session and are automatically deleted as soon as you close your browser.
The use of functional cookies is voluntary. If these cookies are blocked, the provision of certain functions may be impeded.
The legal basis for the use of cookies that are not technically necessary is the user's consent in accordance with § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.
When you access this website, we store cookies (small files) on your device. These have a validity of:
Name: Lastpageuid Storage duration: 24 hours
Contact can be made via the e-mail address provided. Your personal data transmitted with the e-mail is stored. No data will be passed on to third parties in this context.
The data is used exclusively for handling your enquiry.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your personal data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. For personal data sent by e-mail, this is the case when the conversation with you has concluded. The correspondence is deemed to have concluded when it can be inferred from the circumstances that the matter in question has been conclusively resolved.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
You have the option to object, at any time, to the processing of your personal data in the context of your e-mail enquiry. The conversation between you and us cannot then be continued. All personal data stored in the course of contacting us will be deleted in this case.
Information that you send to us by unencrypted electronic mail (e-mail) can potentially be read by third parties during transmission. As a rule, we are unable to verify your identity and do not know who is behind an e-mail address. Legally compliant communication by simple e-mail is therefore not guaranteed. Like many e-mail providers, we use filters against unsolicited advertising ("spam filters"), which, in rare cases, automatically classify legitimate e-mails as unsolicited advertising and delete them. E-mails that contain harmful programmes ("computer viruses") are automatically deleted by us without exception.
If you have concerns about the transmission of personal or other sensitive data, please contact the intended recipient (our staff members) to agree on a suitable encryption method prior to transmission, or use letter post.
This service uses active components such as JavaScript, Java applets and ActiveX controls. You can switch this function off by changing the settings in your web browser.
We use Microsoft 365, a service that is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
The processing of personal data is carried out for the purpose of fulfilling our statutory and official duties (under Art. 6(1)(e) GDPR, Art. 4 BayDSG in conjunction with other legal provisions, such as BayHIG, BayDiG, TDDDG, BayHO).
We have entered into a data processing agreement with Microsoft in accordance with Art. 28 GDPR for the use of the service.
Using this service may involve the transfer of data to a third country (the US). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection. In addition, data transfers are safeguarded by the EU Standard Contractual Clauses and supplementary technical and organisational measures.
Further information can be found in the provider’s privacy policy at the following URL: https://privacy.microsoft.com/de-de/privacystatement
Our website offers newsletters relating to university and student matters. To subscribe to the newsletter, you must provide a valid e-mail address. By subscribing to the newsletter, you agree to receive it and to the procedures described.
The legal basis for the processing of your personal data in connection with the sending of the newsletter is your consent, pursuant to Art. 6(1)(a) GDPR.
We collect your personal data for the purpose of sending you the newsletter. The purpose of processing your personal data in connection with the newsletter is to keep you informed about the latest news and offers.
Your personal data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. Your personal data will therefore be stored for as long as your newsletter subscription remains active.
You can unsubscribe from the newsletter at any time. To do so, you must click on the link provided in every edition of the newsletter. Once you have cancelled your subscription, your personal data will be deleted. Cancelling the subscription also allows you to withdraw your consent.
We use the open-source software Matomo (formerly PIWIK) on our website to analyse our users’ browsing behaviour. This software places a cookie on the user's computer (see above for more information on cookies). When individual pages of our website are accessed, the following data is stored:
The software runs exclusively on our website’s servers. Users’ personal data is stored only there and is not made available to any third parties.
The software is configured so that IP addresses are not stored in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This means that it is no longer possible to link the truncated IP address to the computer making the request.
Processing your personal data enables us to analyse your browsing behaviour. By analysing the data collected, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Anonymising the IP address ensures that your interest in protecting your personal data is properly respected.
Your personal data will be deleted as soon as it is no longer required for our record-keeping purposes. In our case, this happens after 180 days.
You have the right to object to the processing of your personal data for analytical purposes at any time.
If you exercise this right to object (“opt-out”), a technically necessary cookie (mtm_consent_removed) with a duration of 400 days will be set in your browser. This cookie is used solely to inform our systems that your data should no longer be collected.
The cookies contain only anonymised data; as the IP address is stored in an anonymised form, it is not possible to link it to a specific individual.
For more information on the privacy settings for the Matomo software, please visit the following link: https://matomo.org/docs/privacy/
Our website features videos from the external video platform YouTube. By default, only disabled images from the YouTube channel are embedded; these do not establish an automated connection to YouTube’s servers. This means that the platform provider does not receive any data from the user when the webpage is accessed.
You can decide for yourself whether to enable YouTube videos. Only when you enable video playback by clicking on “Permanent activation” do you consent to the necessary data (including the URL of the current page and the user’s IP address) being transmitted to the platform provider.
To save the settings chosen by the user, we set a cookie that stores these parameters. When these cookies are set, we do not store any personal data; they contain only anonymised data used to customise the browser. The videos are then active and can be played by the user. If you wish to disable the automatic loading of YouTube videos, you can uncheck the consent box under the privacy icon. This will also update the cookie settings.
YouTube is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Further information on the purpose and scope of data processing (including processing outside the European Union and outside the USA), as well as information on privacy settings, can be found in the privacy policy:
https://policies.google.com/privacy?hl=de&gl=de
Google processes your personal data in the US and elswhere.
This site uses the open-source mapping tool “OpenStreetMap” (OSM) via an API. The provider is the OpenStreetMap Foundation. In order to use the features of OpenStreetMap, we need to store your IP address. This information is usually transmitted to an OpenStreetMap server and stored there.
The provider of this website has no control over this data transfer. We use OpenStreetMap to ensure that our online content is presented in an appealing way and that the locations listed on our website are easy to find.
Personal data will only be disclosed following consent within the meaning of Art. 6(1)(a) GDPR.
You can find more information on how user data is handled on the OpenStreetMap data privacy page and at http://wiki.openstreetmap.org/wiki/Legal_FAQ
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages that uses a Vimeo plugin, a connection is established with Vimeo’s servers. This tells the Vimeo server which of our pages you have visited. Vimeo also collects your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
When you are logged in to your Vimeo account, you allow Vimeo to link your browsing activity directly to your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo is based on consent in accordance with Art. 6(1)(a) GDPR; consent may be withdrawn at any time.
For further information on how user data is handled, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy https://vimeo.com/privacy
There is a form on our website that can be used to submit online applications for job vacancies. If you choose this option, the data entered in the form will be sent to us and stored. This data is:
*Required fields
When you submit the form, we will seek your consent to the processing of your data and refer you to this privacy policy.
The data will be used solely for the purpose of processing your application.
The legal basis for the processing of personal data in connection with the online application is the performance of a contract and the implementation of pre-contractual measures in accordance with Art. 6(1)(b) GDPR.
We use the personal data you provide in the form solely for the purpose of processing your application.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your personal data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. This applies to personal data provided in the online job application until the application process has been completed, any employment relationship that may have been established has ended and any applicable statutory retention periods have expired.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
You have the right to object to the processing of your personal data in connection with your online job application at any time. In such cases, the job application cannot be processed further. All personal data stored in connection with the job application will be deleted.
The job application process is managed using software provided by BITE GmbH, whose registered office is at Magirus-Deutz-Straße 12, D-89077 Ulm. This service provider is engaged on the basis of Art. 6(1)(a) and (b) GDPR and a data processing agreement in accordance with the first sentence of Art. 28(3) GDPR; the service provider does not use the personal data generated in this process itself or pass it on to third parties.
As part of our public relations work, we maintain an online presence on social media networks and platforms; these form part of our public image and public relations activities in accordance with Art. 2(2) sentences 3 and 5 BayHIG and Art. 17(1) BayDIG. We strive to inform and communicate with interested parties and users in a manner appropriate to the target audience.
For our social media presence, we use the services of the following providers:
Any content, posts and enquiries that are held to be infringing upon the rights of others, constituting a regulatory or criminal offence or are held to be in breach of legal or contractual obligations will be divulged to the competent authorities and/or the social media service concerned. In addition, they will be blocked or deleted.
Please note that when using the services mentioned above, user data may be processed outside the European Union / European Economic Area. This can give rise to risks for users, such as potentially hindering the enforcement of users' rights. With regard to US providers who rely, among other things, on the European Commission's Standard Contractual Clauses, we wish to point out that they thereby commit to complying with EU data protection standards.
Furthermore, users’ data is generally processed for market research and advertising purposes. For example, user profiles can be created based on users’ browsing behaviour and the interests that arise from it. These usage profiles can in turn be used, e.g. to display adverts both on and off the platforms that are likely to match users’ interests. For these purposes, cookies are usually stored on users’ computers, in which their usage behaviour and interests are recorded. Furthermore, data may also be stored in user profiles irrespective of the devices used, particularly where the users are members of the relevant platforms and are logged in to them.
The processing of users’ personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with them in accordance with Art. 6(1)(e) GDPR, Art. 4 BayDSG in conjunction with Art. 2(2) sentences 3 and 5 BayHIG and Art. 17(1) BayDIG. If users are asked by the respective platform providers to consent to the data processing described above, the legal basis for the processing is Art. 6(1)(a) and Art. 7 GDPR.
A detailed explanation of the specific processing activities and the options for opting out is available directly from the respective providers.
We should like to point out that requests for information and the exercise of user rights are most effectively dealt with by the service providers themselves. Only the service providers have access to users’ data and are able to take appropriate action and provide information directly. Details of the services used can be found as follows:
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Privacy Policy / Opt-out: http://instagram.com/about/legal/privacy/.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Privacy policy: https://x.com/de/privacy
Opt-out: https://x.com/settings/account/personalization
Privacy Policy / Opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
Privacy Policy / Opt-out: https://www.tiktok.com/legal/page/eea/privacy-policy/de
Privacy Policy / Opt-out: https://bsky.social/about/support/privacy-policy
Privacy Policy / Opt-out: https://www.whatsapp.com/privacy
We use StudyCheck on our website. The service is provided by OAK – Online Akademie GmbH, whose registered office is at Zollstockgürtel 63, 50969 Cologne. The service allows users to submit reviews and ratings of higher education institutions, which are subsequently used to compile rankings.
The legal basis for this processing is consent pursuant to Art. 6(1)(a) GDPR.
The purpose of the processing is to allow users to participate in and complete the study evaluation.
The University of Passau has no control over the storage of personal data by StudyCheck.
You have the right to object to the processing of your data by StudyCheck at any time. In that case, all data collected in connection with the service will be deleted.
For further information on how StudyCheck handles personal data, please visit:
https://www.studycheck.de/datenschutz
Our website uses plugins from Spotify, an audio streaming platform operated by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.
You can find an overview of the Spotify plugins at: https://developer.spotify.com/. We use Spotify by embedding individual audio files, albums, playlists or podcasts from the platform on our website as so-called iFrames, so that they can be played directly on our website as a stream.
When you visit a page on our website that contains an embedded Spotify plugin, a connection is established with the Spotify servers and the plugin is displayed on our website. This sends information to Spotify about which website you have visited. Your IP address may also be transmitted to Spotify. When you play an embedded audio file, an album or a playlist, this information is also shared with Spotify. If you are logged in as a Spotify user, Spotify will associate this data with your user account.
If you do not want Spotify to be able to link your visit to our website to your Spotify account, please log out of your Spotify account. For further information on data protection at Spotify, please visit www.spotify.com/de/legal/privacy-policy
Unless otherwise regulated, the use of all information we have about you is subject to this data privacy policy.
The controller reserves the right to continuously adapt this data privacy policy to the necessary security measures in line with technological developments and will announce any changes here.
Last revised in April 2026
The controller has put in place technical and organisational measures to protect your data from loss, destruction and unauthorised access.
In addition, the controller’s staff and any service providers are obliged to maintain confidentiality and to comply with data privacy regulations.
For security reasons and to protect the transmission of confidential content that you send to us, the website owner, our website uses SSL or TLS encryption. This means that any data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the address starting with "https://" and the padlock symbol in the URL line.