Data protection is important to us and it is our legal obligation. In order to protect the security of your data during transmission, we use appropriate encryption methods in line with the latest technology (e.g. SSL/TLS) and secure technical systems.
University of Passau
Public body pursuant to art. 11(1) Bavarian Higher Education Act (BayHSchG)
The University of Passau is legally represented by its President, Professor Ulrich Bartosch, Chairperson of the University Executive.
University of Passau
Phone: +49 851 5090
Fax: +49 851 509 1005
Data Protection Officer
Phone: +49 851 509 1107
Pursuant to art. 2(6) of the Bavarian Higher Education Act (BayHSchG) and art. 4(1) sentences 1 and 2 of the Bavarian E-Government Act (BayEGovG), we offer our services and administrative services, as well as information for the general public about our activities, on our website.
Our use of social media is part of our PR work. We aim to provide information according to specific target groups and to discuss our activities with you, in accordance with art. 2(6) Bavarian Higher Education Act (BayHSchG). We permit rapid electronic contact and direct communication using the media of your choice pursuant to § 5(1) item 2 TMG (German Telemedia Act).
We shall transmit content, articles or requests that violate third-party rights or constitute a criminal offence or misdemeanour and that are in breach of statutory or contractual obligations to the competent authorities or the relevant social media service, and shall block or delete them.
Administration and editing
For administration and editing purposes, function identifiers and personal identifiers with access protection mechanisms are generated and changes made with these identifiers are logged.
When you visit this website or other websites, your browser transmits data to our server. While a connection is established, the following data is recorded for communication between your browser and our server:
- full IP address of the requesting computer
- date and time of the request
- address of the requested item
- access status (e.g. file transmitted, file not found)
- volume of data transmitted
- address from which the item was requested
- browser used
Where you communicate your request or opinion to us by e-mail, post, phone, fax or social media, the details provided will be processed for the purpose of handling your request, for any follow-up questions and for exchanging opinions. We always use the same communication channel, unless you request otherwise.
Our IT service providers may also receive your personal data within the context of order processing contracts concluded by us. In order to guarantee the security of our data processing systems, we shall, however, not disclose our service providers.
In accordance with ECJ ruling C210/16 we have a shared responsibility with the relevant social media service to ensure compliance with data protection laws with regard to our social media presence. In our view, this ruling also has an effect on the new General Data Protection Regulation.
The use of our social media profiles is also governed by the regulations of:
- Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland Facebook's data use policy
In our social media profiles we create non-exclusive content and are able to view the posts and interactions of the community. Any content, posts and enquiries that infringe upon the rights of others, constitute a regulatory or criminal offence or are in breach of legal or contractual obligations will be reported to the competent authorities and/or the social media service concerned. In addition, they will be blocked or deleted.
Legal basis: Your consent, art. 6(1)(a) GDPR and art. 2(6) BayHSchG, art. 4(1) sentences 1 and 2 BayEGovG, § 5(1) sentence 2 TMG.
Data recipients and international data transfers
Information on the risks of consenting to the use of services
In the case of the social media referenced below, your data is transmitted without the existence of an adequacy decision and without suitable guarantees with regard to data protection.
Although Facebook and Google may be subject to the obligations of the California Consumer Privacy Act (CCPA), the European Commission has not assessed whether the existing laws are sufficient to provide an adequate level of data protection in the United States of America and the State of California. Legal redress against the recipient can normally only be sought under the national laws of the United States of America. For this reason, data subjects' rights under the GDPR (right of access, art. 15; right of rectification, art. 16; right of deletion, art. 17; right to restrict processing, art. 18) may not be enforceable against the aforementioned providers, or may be more difficult to enforce. Likewise, there is no guarantee as to the effectiveness of withdrawal of consent previously given.
Data retention period
We will check in biennial intervals whether any social media posts and non-public messages you have sent to us still need to be retained to answer any follow-up questions. If it is found that there is no need for further retention, processing of your data will be restricted and your data will be preserved in accordance with the statutory retention requirements as well as the relevant archives acts.
If your communication via a social media service was public or open to segments of the general public, you have the option of deciding directly on the duration for which it is open to the public; alternatively, you may put a request for deletion of the relevant communication to us. We will delete the communication, in accordance with the provisions of the relevant archives acts and related federal and state laws, insofar as it falls within our area of responsibility. If, after deletion, we still have copies of your data, processing of these will be restricted and they will be preserved in accordance with the retention requirements under the relevant statutory requirements as well as the archives acts.
Log files containing personal data are kept for a maximum of seven days before deletion.
The login cookie is deleted when the browser session is closed.
In accordance with the General Data Protection Regulation you have the following rights:
If your personal data are processed, you have the right to receive information about the data stored about you (art. 15 GDPR).
If incorrect personal data are processed, you have the right to have them corrected (art. 16 GDPR).
Subject to specific requirements, you can request the deletion or restriction of the processing and lodge an objection to the processing (articles 17, 18 and 21 GDPR).
If you have consented to data processing or if a contract for data processing exists and data processing is carried out using automated processes, you may have the right to withdraw your consent for the future (art. 7(3) GDPR) and the right to data transferability (art. 20 GDPR).
If you make use of your aforementioned rights, the public authority will check whether the legal requirements for this are met.
You also have the right to complain to the Bavarian state commissioner for data protection.
Bayerischer Landesbeauftragter für den Datenschutz.
Postfach 22 12 19
Bayerischer Landesbeauftragter für den Datenschutz
Phone +49 89 21267 20
Fax +49 89 212672 50
Our website uses Matomo (formerly Piwik). The collected usage information is transferred to our Matomo installation and stored. Your IP address will be rendered anonymous during this process. The stored data will not be passed on to others. If you do not wish to have your data saved and processed, you can prevent the saving at any time with a simple mouse-click. In this case, a so-called opt-out cookie is stored in your browser. No more information will then be transmitted to our Matomo installation.
Warning: If you delete your cookies, this means that the opt-out cookie will also be deleted and may have to be reactivated by you.
We reserve the right to adapt this data privacy statement from time to time so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. All website visits are subject to the relevant data privacy statement in effect at the time.