Data protection is important to us and it is our legal obligation. In order to protect the security of your data during transmission, we use appropriate encryption methods in line with the latest technology (e.g. SSL/TLS) and secure technical systems.
University of Passau
Public body pursuant to Art. 11(1) Bavarian Higher Education Act (BayHschG)
The University of Passau is legally represented by its President, Professor Ulrich Bartosch, Chairperson of the University Executive.
University of Passau
Phone: +49 851 5090
Fax: +49 851 509 1005
Contact details of the appointed official Data Protection Officer
Johannes Nehlsen, external data protection officer
insidas GmbH & Co. KG
Phone: +49 871 20 54 94 0
Purposes of and legal bases for processing
In accordance with Art. 2(6) BayHschG and Art. 4(1) sentences 1 and 2 BayEGovG, we offer our informational, administrative and other services to the general public on our websites.
Our social media accounts are part of our public relations activities. It is our intention to inform and engage with the public in a target-audience-appropriate manner (see Art. 2(6) BayHschG). We enable you to make electronic contact rapidly and engage in direct communication using the medium of your choice (see § 5(1) item 2 TMG).
Any content, posts and enquiries that are held to be infringing upon the rights of others, constituting a regulatory or criminal offence or are held to be in breach of legal or contractual obligations will be divulged to the competent authorities and/or the social media service concerned. In addition, they will be blocked or deleted.
Administration and editing
For administration and editing purposes, function identifiers and personal identifiers with access protection mechanisms are generated and changes made with these identifiers are logged.
When you visit this website or other websites, your browser transmits data to our server. While a connection is established, the following data is recorded for communication between your browser and our server:
- full IP address of the requesting computer
- date and time of the request
- address of the requested item
- access status (e.g. file transmitted, file not found)
- volume of data transmitted
- address from which the item was requested
- browser used
Where you communicate your request or opinion to us by e-mail, post, phone, fax or social media, the details provided will be processed for the purpose of handling your request, for any follow-up questions and for exchanging opinions. We always use the same communication channel, unless you request otherwise.
Recipients or categories of recipients of the personal data
Our IT service providers may also receive your personal data within the context of order processing contracts concluded by us. In order to guarantee the security of our data processing systems, we shall, however, not disclose our service providers.
Transmission of personal data to and from social media services or other web services
In accordance with ECJ ruling C210/16 we have a shared responsibility with the relevant social media service to ensure compliance with data protection laws with regard to our social media presence. In our view, this ruling also has an effect on the new General Data Protection Regulation.
The use of our social media profiles is also governed by the regulations of:
- Facebook and Instagram by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook's data use policy
In our social media profiles we create non-exclusive content and are able to view the posts and interactions of the community. Any content, posts and enquiries that infringe upon the rights of others, constitute a regulatory or criminal offence or are in breach of legal or contractual obligations will be reported to the competent authorities and/or the social media service concerned. In addition, they will be blocked or deleted.
Legal basis: Your consent, Art. 6(1) lit. a GDPR and Art. 2(6) BayHschG, Art. 4(1) sentences 1 and 2 BayEGovG, § 5(1) sentence 2 TMG.
Data recipients and international data transfers
Information on the risks of consenting to the use of services
In the case of the social media referenced below, your data is transmitted without the existence of an adequacy decision and without suitable guarantees with regard to data protection.
Although the social media service providers may be subject to the obligations of the California Consumer Privacy Act (CCPA), the European Commission has not assessed whether the existing laws are sufficient to provide an adequate level of data protection in the United States of America and the State of California. Legal redress against the recipient can normally only be sought under the national laws of the United States of America. For this reason, data subjects' rights under the GDPR (right of access, Art. 15; right of rectification, Art. 16; right of deletion, Art. 17; right to restrict processing, Art. 18) may not be enforceable against the aforementioned providers, or may be more difficult to enforce. Likewise, there is no guarantee as to the effectiveness of withdrawal of consent previously given.
Data retention period
We will check in biennial intervals whether any social media posts and non-public messages you have sent to us still need to be retained to answer any follow-up questions. If it is found that there is no need for further retention, processing of your data will be restricted and your data will be preserved in accordance with the statutory retention requirements as well as the relevant archives acts.
If your communication via a social media service was public or open to segments of the general public, you have the option of deciding directly on the duration for which it is open to the public; alternatively, you may put a request for deletion of the relevant communication to us. We will delete the communication, in accordance with the provisions of the relevant archives acts and related federal and state laws, insofar as it falls within our area of responsibility. If, after deletion, we still have copies of your data, processing of these will be restricted and they will be preserved in accordance with the retention requirements under the relevant statutory requirements as well as the archives acts.
Other third-party web services
We also complement the services on our website with elements from third parties. These are independently responsible alongside us.
Legal basis for data processing under our responsibility: Art. 6(1) lit. e GDPR in conjunction with Articles 4 and 5 BayDSG. The forwarding to third parties is carried out in accordance with § 19(3) TTDSG.
Vimeo has made guarantees to the University of Passau for international data transfers. A copy of these can be requested from the Data Protection Officer.
Storage period of the personal data
Log files containing personal data are kept for a maximum of seven days before deletion.
The login cookie is deleted when the browser session is closed.
Rights of the data subject
In accordance with the General Data Protection Regulation you have the following rights:
If your personal data are processed, you have the right to receive information about the data stored about you (Art. 15 GDPR).
If incorrect personal data are processed, you have the right to have them corrected (Art. 16 GDPR).
Subject to specific requirements, you can request the deletion or restriction of the processing and lodge an objection to the processing (articles 17, 18 and 21 GDPR).
If you have consented to data processing or if a contract for data processing exists and data processing is carried out using automated processes, you may have the right to withdraw your consent for the future (Art. 7(3) GDPR) and the right to data transferability (Art. 20 GDPR).
If you make use of your aforementioned rights, the public authority will check whether the legal requirements for this are met.
You also have the right to complain to the Bavarian state commissioner for data protection.
Bayerischer Landesbeauftragter für den Datenschutz.
Postfach 22 12 19
Bayerischer Landesbeauftragter für den Datenschutz
Phone +49 89 21267 20
Fax +49 89 212672 50
Technical option for objecting to Matomo web statistics
Our website uses Matomo (formerly Piwik). The collected usage information is transferred to our Matomo installation and stored. Your IP address will be rendered anonymous during this process. The stored data will not be passed on to others. If you do not wish to have your data saved and processed, you can prevent the saving at any time with a simple mouse-click. In this case, a so-called opt-out cookie is stored in your browser. No more information will then be transmitted to our Matomo installation.
Warning: If you delete your cookies, this means that the opt-out cookie will also be deleted and may have to be reactivated by you.
Other information about our Privacy Statement
We reserve the right to adapt this data privacy statement from time to time so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. All website visits are subject to the relevant data privacy statement in effect at the time.