February 2025
The protection of personal data is an important concern for Hochschule Bremen. We process personal data of the users of our websites in compliance with the applicable data protection regulations, in particular the European Data Protection Regulation (GDPR) and the Bremen Implementation Act for the EU Data Protection Regulation (BremDSGVOAG).
Without authorization, collected data will neither be published by the Hochschule Bremen nor passed on to third parties.
This data protection information applies to all websites of Bremen University of Applied Sciences, even if they are created and hosted independently by departments or faculties.
Hochschule Bremen
Neustadtswall 30
28199 Bremen
Germany
Phone: +49 421 5905 2736
E-mail: datenschutz@hs-bremen.de
Please note that communication by e-mail is fundamentally insecure if you do not take suitable protective measures yourself.
If you wish to send PGP-encrypted messages to us, please use our PGP communication key (ASC, 4 KB) (public key) for encryption.
To uniquely authenticate this public PGP key, here is the fingerprint:
238A 6279 7F6D BC83 C892 EB9A 76E0 9D7C 5783 C0E1
As a matter of principle, we only process personal data of the users of our online offer insofar as this is necessary for the provision of a functioning website as well as its contents and our services. In principle, it is not necessary for you to provide personal data in order to use our website. However, if you wish to make use of special offers and services of the university via our internet pages, we may require your personal data. The personal data of our users is only processed with their consent.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Section 6 (1) a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Section 6 (1) b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which the university is subject, Section 6 (1) c or e GDPR serves as the legal basis. Insofar as the processing of personal data is necessary for the performance of a task which is in the public interest and which has been assigned to the controller, Section 6 (1) e GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Section 6 (1) d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of Hochschule Bremen or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Section 6 (1) f GDPR serves as the legal basis for the processing.
Unless we provide detailed information on the storage period, we delete personal data when it is no longer required for the stated processing purposes and no statutory retention obligations prevent deletion.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected in our log files:
The legal basis for the temporary storage of the data and the log files is Section 6 (1) f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Section 6 (1) f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest.
If the data is stored for a longer period, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign the calling client.
In addition, we store the complete IP address transmitted by your web browser for a strictly limited period of seven days in the interest of being able to recognise, limit and eliminate attacks on our websites. After this period, we delete or anonymise the IP address. The legal basis is Section 6 (1) f GDPR.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object.
We use cookies in order to optimise our website in terms of user-friendliness, effectiveness and security. These are small text files that are placed on your terminal device and stored in your browser. They include cookies that are technically necessary for the operation of our website, as well as cookies for anonymous web analysis or for extended functions and services.
Necessary cookies enable basic functions and are required for the proper functioning of the website.
The legal basis for the processing of personal data using technically necessary cookies is Section 6 (1) f GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a change of pages.
We need cookies for the following applications: saving the settings of the visitors selected in the cookie banner, displaying access-protected content.
The user data collected through technically necessary cookies are not used to create user profiles.
You can change your settings for optional cookies on this website at any time by clicking on this link to call up the cookie banner with the setting options.
We use the open source software tool Matomo on our website to analyse user behaviour. We can use the statistics obtained to improve our website and make it more interesting for users.
The software places a cookie on the user's computer. The IP address is anonymised during this process so that the user remains anonymous to us. The software runs exclusively on the servers of our website. The user's personal data is only stored there. The data is not passed on to third parties.
If individual pages of our website are accessed, the following data is stored:
Data processing is based on your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, follow this link, please and make the appropriate settings via our banner.
The data is automatically deleted after 6 months.
Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
If you send us enquiries via the contact form/registration form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry/registration and in the event of follow-up enquiries. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Section 6 (1) a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
The purpose of data processing when registering for the use of offers/services is the realisation of the respective offer or the provision of certain content and services (e.g. topic-based newsletters, conferences, general events, course offers, preparation courses, information offers and events) on our website
If registration is required for the utilisation of offers or services, we generally process the personal data provided during registration. As a rule, this involves master or contact data (name, address, telephone number, e-mail address) and, if applicable, the matriculation number.
Insofar as Hochschule Bremen obtains your consent as the data subject for individual processing operations on its websites, the legal basis is Section 6 (1) a GDPR.
Your personal data will not be passed on to other organisations or persons.
The personal data will be stored until the purpose of processing has been achieved and the respective procedure has been completed. They will be deleted immediately as soon as the stated purpose has been achieved or the relevant procedure has been completed.
It is possible to contact us via our website using the e-mail address provided. If a user makes use of this option, the personal data of the user transmitted in the e-mail will be stored. In this context, the data will not be passed on to third parties.
The data will be used exclusively for processing the conversation. For the processing of the data, your consent will be obtained as part of the sending process and separate reference will be made to the information to be provided in accordance with Section 13 GDPR as well as the right of revocation with regard to the consent.
The legal basis for the processing of data is Section 6 (1) a GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Section 6 (1) f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Section 6 (1) b GDPR.
The processing of the personal data from the input mask serves us exclusively to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and the objection to storage can be made by e-mail to: datenschutz@hs-bremen.de. All personal data stored in the course of contacting us will be deleted in this case.
The usage regulations for information processing systems of the Hochschule Bremen apply to the use of internal access-protected websites.
In the case of access-protected Internet pages of the university, which only concern information platforms accessible to university members and staff, the following personal data is collected from the logged-in, registered users (students, staff or university members with a user account) during their stay on these pages:
The legal basis for the processing of data after registration is Section 6 (1) e GDPR.
The collection of the user's data serves to enable the use of the access-restricted websites (connection establishment), as well as for the purposes of system security, the technical administration of the network infrastructure and the optimisation of the offers.
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case after logging out or closing the web browser.
Our website may contain links to external social networks such as Facebook, Instagram, Twitter, YouTube, XING, LinkedIn etc. When you follow the links by clicking on them, your browser establishes a direct connection with the servers of the providers. We would like to point out that this data protection declaration applies exclusively to the pages of the Hochschule Bremen website. The functions assigned to the links of the networks, in particular the transmission of information and user data, are not activated by visiting our internet pages, but only by clicking on the corresponding links.
For the purpose and scope of data collection by the networks and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information there.
The university operates online presences in various social networks (LinkedIn, Facebook, Instagram, YouTube, XING) for the purpose of informing the public about the fulfilment of its tasks (Section 4 (9) of the Bremen Higher Education Act). When visiting these profiles, personal data of users outside the European Union may be processed. Therefore, a lower level of data protection may exist. The corresponding data processing is carried out by the external operators of these networks and on the basis of their data protection declarations. Please inform yourself there about the corresponding processing modalities. We would like to point out that you use social networks and their functionalities on your own responsibility. The Hochschule Bremen has no influence on the type and scope of the data processed by the respective provider, the type of processing and use or the transfer of this data to third parties.
We operate profiles on the following social media platforms:
Below you will find information on the processing of your data.
As soon as one of our profiles is accessed on the respective social media platform, the terms and conditions and data processing guidelines of the respective providers apply. The providers regularly process personal data in connection with analysis services. In addition to the IP address, user behaviour and the information provided by the user is generally evaluated. As a result of the processing operations triggered by the call, we are jointly responsible with the provider of the social media platform in accordance with Section 26 GDPR, insofar as personal data is processed by us and the respective platform operator. This applies in particular to so-called "insight data". In this case, we have concluded a joint responsibility agreement with the respective platform operator, to which we provide a link below. We are not the original provider and merely utilise the options offered by the social media platforms.
User data is often processed within and outside of social media platforms for market research and advertising purposes without us being able to influence the type and scope of the specific data processing. In order to create user profiles and statistics that record the behaviour and resulting interests of users, cookies are generally used that remain on your end device until they are deleted by the user. We cannot influence or prevent the implementation and provision of such statistics. Data collection may therefore also affect users who are not logged in. The information provided by the respective provider on data processing, configuration options to protect your privacy, information on contact options and other opt-out options and, if available and concluded, the agreement in accordance with Section 26 GDPR can be found in the provider's privacy policy. Insofar as we can influence the specific scope of data processing and parameterise data processing, we work towards data protection-compliant handling by the provider of the social media platform within the scope of the options available to us, which are linked below.
We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos does not automatically result in the third-party provider's content being loaded, we only display locally stored preview images of the videos in a first step. This means that the third-party provider does not receive any information.
Only after you click on the preview image will the third-party provider's content be loaded. This provides the third-party provider with the information that you have accessed our site and the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider.
Embedding takes place on the basis of your consent, provided you have given your consent by clicking on the preview image. Please note that embedding many videos means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal.
Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA. This is based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc. Under the above-mentioned agreement pursuant to Section 26 GDPR, Meta has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfil all obligations under the GDPR with regard to this data and to provide the data subjects with the essentials of this obligation.
Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a group company of Google LLC 1600 Amphitheatre Parkway Mountain View CA 94043
Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
The data entered on our profiles, such as user names, comments, videos, images, likes, public messages, shared posts, etc. are published by the respective social media platform and may be visible to other users. We only reserve the right to delete content if necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via this.
Every user can contact us via the options available on the social media platform. Contact is made, for example, by email, direct message or via the community functions offered. We process the data provided directly in the message and in the user profile. We can only view the information stored in your public profile, and only if you have such a profile. The data transmitted to us in this process is only processed for the purpose of communicating with the respective user and at no time for other purposes. The legal basis for this data processing is Section 6 (1) f GDPR. Our legitimate interest lies in responding to the communication, improving the user experience in a target group-orientated manner when visiting our Website.
In addition, we have a legitimate interest in the comprehensive external presentation and provision of up-to-date information about Hochschule Bremen. The legal basis for data processing in connection with the external presentation of Hochschule Bremen is therefore also Article 6 (1) f GDPR.
The legal basis for data processing is Section 6 (1) b GDPR if it concerns the initiation or execution of a contractual relationship.
We only store the data transmitted to us until the purpose of the data processing has been achieved, we no longer need the data to pursue or defend against legal claims or to fulfil statutory retention periods. If you also interact with the platform, this data may remain visible until you delete it.
The data collected when using the community function will be processed by us for as long as we operate the company profile or your interaction on our company profile is not deleted by you.
We do not intend to transfer personal data to a third country.
The social media platforms collect diagnostic and service data, use it on their own responsibility for their own purposes and may also process personal data in third countries without us being able to influence this. However, the platform operators have generally concluded the standard data protection clauses adopted by the EU Commission, which we have linked to above and which can be used as a basis for transferring data to the USA. Data is also transferred to the USA on the basis of an adequacy decision by the EU Commission pursuant to Section 45 GDPR (see EU-US Data Privacy Framework).
Hochschule Bremen together with General Students’ Council (AStA) and Niedersachsentarif GmbH, has concluded an agreement on the processing of personal data under joint responsibility in accordance with Section 26 GDPR. The background to this agreement is the contract for the purchase of the Deutschlandticket. Since the university processes personal data together with the General Students’ Council (AStA) and Niedersachsentarif GmbH, but each processes it independently, a contract had to be concluded in accordance with Section 26 GDPR.
The agreement specifies the data processing and contains regulations on responsibility and accountability for data processing. Furthermore, the agreement regulates the handling of information obligations and data subject rights. Furthermore, the agreement contains provisions on data security, how to deal with data breaches and the requirements in connection with the commissioning of processors.
Data subjects can contact the Hochschule Bremen and the other responsible parties (Niedersachsentarif GmbH; General Students’ Council (AStA)) regarding data processing in connection with the Deutschlandticket.
If the Hochschule Bremen processes your personal data, you have the following rights as a data subject within the meaning of the GDPR:
You have the right to withdraw your consent at any time (Section 7 (3) GDPR). In addition, if we process data on the basis of a legitimate interest (Section 6 (1) f GDPR), you can object to the processing under the conditions of Section 21 GDPR.
In addition, you have a right of access (Section 15 GDPR), a right to rectification (Section 16 GDPR), a right to erasure (Section 17 GDPR), the right to request restriction of processing (Section 18 GDPR) and the right to data portability (Section 20 GDPR) under the conditions of the relevant provisions.
You also have the right to lodge a complaint with a supervisory authority in accordance with Section 77 GDPR.