Data processing and data protection declaration

Munich University of Applied Sciences (MUAS)

Data protection is important to us and it is our legal obligation. To protect the security of your data appropriately during transmission, we use suitable encryption procedures (e.g. SSL/TLS) and secure technical systems that correspond to current technological standards.


Responsible Controller

Lothstr. 34
D-80335 Munich
Tel.: +49 (0) 89 12 65 - 0
Fax: +49 (0) 89 12 65 - 3000
Email:
Website: www.hm.edu



The Munich University of Applied Sciences is a public institution that is legally represented by its President Prof Dr Martin Leitner.
Value Added Tax Identification Number, in accordance with § 27 of the Value Added Tax Act (Umsatzsteuergesetz – UStG):
DE 235 059 152


Regulating Governing Body

Bavarian State Ministry of Sciences and the Arts
Salvatorstr. 2
D-80333 Munich


Official Data Protection Officer

You can contact the official data protection officer at Munich University by e-mail at the address and by telephone at 089 60807600.


Purposes and Legal Bases of the Processing

In accordance with Art. 2 Par. 6 BayHSchG, Art. 4 Par. 1 p. 1 and 2 BayEGovG, we offer our services and administrative services on our websites, as well as information for the public about our activities.


Our social media presences are part of our public relations work. It is our aim to provide information orientated towards target groups and to enable exchanges, in accordance with Art. 2 Par. 6 BayHSchG. We enable quick electronic contact and direct communication via the media of your choice, § 5 Par. 1 No. 2 TMG.


Content, contributions or enquiries that infringe third-party rights or qualify as an offence or crime, or which do not correspond to the legal or contractual procedural obligations, are disclosed by us by transmitting them to the responsible authority or social media service and will be blocked or deleted.


We use cookies, logfiles, statistics of social media providers and the web analysis tool Matomo to compile business statistics, to carry out organisational reviews, for testing or maintenance of our web service, and to ensure network and information security in accordance with Art. 6 Par. 1 BayDSG, § 13 Par. 7 TMG, Art. 11 Par. 1 BayEGovG. Insofar as the processing purpose is not compromised, we anonymise or pseudonymise personal data.



Further information is provided under the following points.


Communication

If you send us an enquiry or an opinion by e-mail, post, telephone, fax or social media, the stated details are processed for the purpose of processing the enquiry, as well as any follow-up questions and exchanges of opinion.


Web Tracking and Security

All content on the central websites of Munich University of Applied Science is hosted, maintained and provided on internal servers as well as on servers managed by the Leibniz-Rechenzentrum (LRZ), Boltzmannstaße 1, D- 85748 Garching.


In addition, we process personal data under our own responsibility for:


According to the case law of the ECJ C210/16 we are responsible, in regard of data protection, for our web presence together with our social media providers. We are convinced that this case law also affects the new General Datat Protection Regulation.


Beyond the public web presence, the University of Munich uses internal web portals e.g. the student administrative software PRIMUSS, Beranet, Moodle etc. Information about data protection is available there directly or in the data protection declaration of PRIMUSS.



Advice for using social networks
The Munich University of Applied Sciences (MUAS) values the opportunities for communication offered by social media. MUAS is aware, however, that simply clicking on links to these social media sites can lead to your personal data being passed on, regardless of whether or not you are a member of the social network. This data can technically be used to create a profile for an individual.
MUAS has no direct control over the initiated processes. By clicking these links, you are leaving the area controlled by MUAS. Please bear in mind the data protection regulations and settings of the provider.


Administration and editing

For administration and editing, function identifiers and personal identifiers with access protection mechanisms are set up and changes carried out relating to these identifiers are logged.


Logfiles

Any access to MUAS’s websites is logged and stored in a file. No personal data is stored, with the exception of the IP address. After a maximum of 7 days, only the first two bytes of the IP address will be stored.


The following data is stored in the logfile:

  • Name of file accessed
  • Date and time of access
  • Notification of whether or not the access was successful
  • IP address (shortened after 7 days)
  • Webpage from which the file was accessed
  • Access status (e.g. file transmitted, file not found)
  • Web browser used and screen resolution, as well as the operating system used
  • Transmitted data volume


This stored data is used exclusively to avert danger (in case of attacks) as well as to improve the internet offer. It is not passed on to third parties for commercial or non-commercial purposes.


No data is traced back to individual persons as part of the usage statistics.


Cookies

On the centrally hosted websites of Munich University of Applied Sciences (central website, faculties, departments) so-called cookies are used in order to compile access statistics, for example. Cookies are small text files stored on the website visitor’s computer by their browser. By amending the respective browser settings, storage of cookies can be deactivated and cookies that have already been stored can be deleted.


JavaScript

Some functionalities require JavaScript, such as target group navigation (“I am a student / prospective student”), automatic switch to website view for mobile phones or some search functionalities.


In order to use these functionalities JavaScript needs to be activated in the browser.


The relevant pure information is usually also accessible on the websites without JavaScript.


Usage statistics

To analyse the centrally hosted websites, the statistics software Matomo (previously PIWIK) is used (matomo.org ), which is operated on internal servers by Munich University of Applied Sciences. Matomo uses cookies for the purpose of usage analysis. Every visitor can deactivate the statistical recording of their visit (by activating the “do not track” setting in their browser or by explicitly deactivating tracking via the link “data privacy protection and web tracking ” in the left navigation column on the website).


These analyses enable the compilation of usage statistics allowing Munich University of Applied Sciences to continuously improve the information provided.


Within this context, usage information including the accessing computer’s IP address, which is shortened for reasons of data protection, is transmitted and stored for analysis purposes. By shortening the IP address, the user of the website remains anonymous. Merely a “session ID” (cookie) is taken and stored as a shared key of a website visit. A session ends when the browser is closed.


Information regarding website access used for usage analyses continues to be date, time, place (city), browser type, browser capabilities and language, operating system / type of device, length of visit, visits per server and local time, visited sites, usage history, search machines and keywords used to access the university’s sites, URL referencing the university’s sites


However, every user can deactivate statistical recording of their visit through Matomo (by activating the “do not track” setting in their browser or by explicitly deactivating tracking via the link “data protection, web tracking” in the left navigation column on the website “opt out”).


By deactivating tracking a so-called opt-out cookie is generated in the browser, which ensures Matomo no longer records usage data for this website visit. Note: Should this opt-out cookie be deleted by the user in their browser settings, compilation of statistical data through Matomo is reactivated.


Statistical data generated by the website visit will be used exclusively by Munich University of Applied Sciences to improve its online presence and to ensure the best possible use of resources.


Recipients or categories of recipients of the personal data

If you use our social media channels and pages, their providers also process your personal data.


Our IT service providers can also be recipients of your personal data, in relation to order processing agreements we have concluded. To ensure the security of our data processing systems, however, we do not disclose our service providers.


Passing on personal data to a third country or international organisations

Our US social media providers are subject to the EU-US Privacy Shield and are certified verifiably for individuals to view, so that there is an appropriate legal protection level for personal data:


Information about the data protection of our other social media providers:


Duration of personal data storage

Administration and editing
Personalised administration and editing access to our website are limited for processing after they are no longer relevant for the affected person and are deleted a year after the conclusion of the year in which they became irrelevant.


Logfiles
Are stored as personal data as a rule for a maximum of seven days.


Rights of Affected Persons

In accordance with the General Data Protection Regulation, the affected person is entitled to the following rights:
If your personal data is processed, you have the right to receive information about your personal data that is stored (Art. 15 GDPR).
If incorrect personal data is processed, you have the right to correction (Art. 16 GDPR). If the legal conditions are given, you can request the deletion or restriction of processing, as well as object to the processing (Art. 17, 18 and 21 GDPR).
If you have consented to the data processing or there is an agreement for data processing and the data processing is carried out with the help of automated procedures, you have a right to data portability (Art. 20 GDPR).
If you exert your rights stated above, the public authority checks whether the legal conditions for this are fulfilled.


You also have the right to submit a complaint at a regulatory authority. The authority responsible for MUAS is the Bavarian Federal Authority for Data Protection:
The contact details are as follows:
Postal address: P.O. Box 22 12 19, 80502 Munich
Address: Wagmüllerstraße 18, 80538 München
Telephone: 089 212672-0
Fax: 089 212672-50
E-mail:
Internet: https://www.datenschutz-bayern.de/



Other Information about this Data Protection Statement

We reserve the right to modify this data protection statement occasionally so that it always corresponds to the current legal requirements, or to reflect changes to our services in the data protection statement, e.g. when introducing new services.


The new data protection statement then applies to your visit.


If you have questions, you can either contact the data protection officer () or write an e-mail to: .