Data Protection

1. General information
This information about data protection explains the type, scope and purpose of the processing of your personal data on this website and gives you an overview of your rights in this regard. Personal data are all data by which you can be personally identified. The term “personal data” is used here in accordance with the definition in Article 4 GDPR.

This website presents the “Cleverland” knowledge region, which is to be communicated internally and externally as part of the INTERREG project “euregio campus – Limburg / Niederrhein”. This is a cooperation project of the Hochschule Niederrhein – University of Applied Sciences, Fontys International Business School Venlo, the Municipality of Venlo, the WFMG – Wirtschaftsförderung der Stadt Mönchengladbach GmbH, the City of Mönchengladbach, the WFG Wirtschaftsförderungsgesellschaft Krefeld mbH and the City of Krefeld to promote the cross-border knowledge region Limburg / Niederrhein.

2. Data controller
Hochschule Niederrhein
University of Applied Sciences
legally represented by the President
Dr Thomas Grünewald
Reinarzstr. 49
47805 Krefeld
Tel: +49 (0)2151 822-0
Fax: +49 (0)2151 822-3998
E-mail: webmaster(at)hs-niederrhein.de

3. Data protection officer
Hochschule Niederrhein
University of Applied Sciences
Dorothea Weiler
Internal University data protection officer
Reinarzstr. 49
47805 Krefeld
Tel: +49 (0)2161 186-2230
E-mail: dorothea.weiler(at)hs-niederrhein.de

4. Principles of data processing
• Scope of the processing of personal data
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of our users’ personal data is regularly only carried out with their consent. An exception is made in those cases where prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

• Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation, Article 6 (1) (c) of the GDPR serves as the legal basis. If the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) of the GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of the Niederrhein University of Applied Sciences or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) of the GDPR serves as the legal basis.

• Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was stored ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data in order to conclude or fulfil a contract.

5. Data collection when visiting our website
When using our website for purely informational purposes, i.e. if you do not register or provide us with information in any other way, we only collect the data that your browser sends to our server (server log files). Active components such as JavaScript and Java applets are used on this website. You can deactivate this function by adjusting your Internet browser settings. When you call up our website, we collect the following data, which are technically necessary for us to display the website.

• Description and scope of data processing
Whenever our website is accessed, our system automatically collects data and information from the computer system of the computer accessing the website. The following data is collected:
• Information about the browser type and version
• The operating system used by the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user’s system accesses our website
• Websites that are called up by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

• Legal basis for the data processing
The legal basis for the temporary storage of the above-mentioned data and log files is Article 6 (1) (c) and (f) of the GDPR. For the use of active components, the legal basis is Article 6 (1) (c) GDPR and Article 6 (1) (f) GDPR.

• Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The data are stored in log files to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of the information technology systems. There is no evaluation of the data for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR; in addition, we are obliged under Article 32 GDPR to implement the necessary technical and organisational security measures and must also be able to prove this (Article 24 (1) GDPR). The use of active components is necessary for the optimised presentation of website content and for the use of the services contained in the website. We would like to point out that if you switch off these components in your browser, you may no longer be able to use the corresponding web content or services, or you may only be able to use them to a limited extent.

• Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
For data stored in log files, this will be done after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

• Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection by the user.

6. Use of cookies
The website partly contains cookies. Cookies are text files that are stored by the operator of a website on your devices either temporarily or permanently and which are saved by your browser. If a website is called up, a cookie can be stored on the operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more interesting and user friendly. Some functions of the website cannot be offered without the use of cookies. The legal basis for this is Article 6 (1) (f) of the GDPR – safeguarding our legitimate interests.

Cookies are stored on the user’s computer and transmitted from there to our site. You therefore have full control over the use of cookies. You can prevent the use of cookies by setting your Internet browser so that it does not accept cookies. However, you can also determine in your browser whether you would like to be informed about the setting of cookies and allow cookies only in individual cases, whether you exclude the acceptance of cookies for certain cases or also generally. You can also activate the automatic deletion of cookies when you close your browser. How to do this depends on your browser. If cookies are deactivated for our website, it may not be possible to use all the functions of the website to their full extent.

We use the following cookies:
Session cookies: These are temporary cookies that remain in the cookie file of the browser until you leave the website. These cookies are necessary to ensure the essential function of the website. They are deleted when the browser session ends.

Performance cookies: These collect information about the way a homepage is used by the user. They record which page you call up and whether error messages are displayed. No other data is stored. The information collected here is used to make the website more user-friendly and to tailor it more specifically to the user.

“Matomo cookie” For the “Matomo cookie” we refer to the following information in section

8. Webanalysis by Matomo (formerly PIWIK)
To analyse the surfing behaviour of our users, we use the open source software tool Matomo (formerly PIWIK) on our website. In this context, a cookie is set on your device, as described in section 6. If individual pages of our website are called up, the following data are stored:
• Two bytes of the IP address of the calling system of the user
• The accessed website
• The website from which the user has been directed to the accessed website
• The subpages that are called from the accessed website
• The time spent on the website
• The frequency of visits to the website

The data are not passed on to third parties. The software is set up in such a way that the IP address is not stored completely, but two bytes of the IP address are masked (e.g. 192.169.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

The legal basis for this processing of personal data is Article 6 (1) (f) GDPR. Our legitimate interest in this data processing lies in our need to be able to provide you with a website that is designed to meet your needs and is adapted to the end devices used.

The purpose of processing this personal data is to enable us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This enables us to constantly improve our website and its usability. By making the IP address anonymous, the interest of the users in the protection of their personal data is sufficiently taken into account.

The data are deleted as soon as they are no longer required for our recording purposes. In our case this is after five years at the latest.

Furthermore, we offer you the possibility of opting out of the analysis procedure on our homepage. To do this, you must follow the corresponding link. This will set another cookie on your system, which signals our system not to store the data of the user. If you delete the corresponding cookie from your system in the meantime, you will have to set this opt-out cookie again.

You can find further information on privacy settings at the following link: matomo.org/docs/privacy/.

9. Contact and registration forms
We offer you various access options for contacting us via contact and registration forms or by using e-mail addresses. If you use the contact or registration forms, the submission of your personal data is expressly voluntary. The legal basis here is Article 6 (1) (a) GDPR. In accordance with the service requested by you, only the data required to achieve the purpose of the service will be collected and processed as mandatory data, in compliance with the obligation to minimise data. However, you can also provide additional information voluntarily in some cases. The following are examples of mandatory data that may be collected and processed:

Salutation
First and last name
E-mail address
Postal address
Phone number
University affiliation and course of study
Company and industry
Subject
Your message
Time stamp
User
IP address
Declaration of consent

Whenever you are asked to enter personal data about yourself in the contact or registration forms, your data will be protected for data transmission over the Internet using SSL (secure socket layer) encryption so that it cannot be read by unauthorised persons. You can recognise the fact of the encrypted transmission by the Internet address, where the “s” stands for secure. The data from the contact forms are not stored on the web server, but are sent by e-mail to the responsible employee within the university immediately after you send them. Within the university, the e-mail is encrypted during transmission.

If you send us an e-mail, we would like to point out that there is currently no encrypted transmission, nor is there one when our employees reply to your e-mail. Should you have any reservations about this, please address your inquiry to the responsible contact person by post or telephone.

If you contact us by e-mail, via a contact or registration form, the data you have voluntarily provided must be stored so that we can process your request. The other data (time stamp, user, IP address) are required for reasons of technical administration and the storage of your declaration of consent for reasons of proof of data processing in conformity with data protection regulations in accordance with Article 24 (1) GDPR.

Persons under 16 years of age should not transmit any personal data to us unless the consent of their parents or guardians (holders of parental responsibility) has been granted (Article 8 (1) GDPR). The consent must then be expressly noted in the message (Article 8 (2) GDPR). We do not request personal data from children and young people. We do not knowingly collect such data.

The personal data you enter will only be used for the purpose you have requested and will only be processed by the employee responsible for the service in question or by the bodies expressly named in the relevant form.

We delete the personal data we receive by e-mail or contact or registration form as soon as the storage is no longer necessary for the purpose that you have pursued or in connection with administrative processes triggered by it and the storage obligations that apply to it. Your consent for the processing of the data is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us using the e-mail addresses provided. In this case, the user’s data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of the data is Article 6 (1) (a) and (b) GDPR if the user has given his or her consent. The legal basis for the storage of the declaration of consent is Article 6 (1) (c) GDPR.

The processing of the personal data from the input mask of the corresponding contact and registration forms serves the purpose of providing the requested information, accepting your wishes and suggestions, booking events or similar purposes, which are specified in the respective contact form.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems (Article 6 (1) (c), Article 32 GDPR) and, in the case of storage of the declaration of consent, to fulfil our legal obligation pursuant to Article 6 (1) (c), to provide evidence pursuant to Article 24 (1) GDPR.

The data will be deleted as soon as they are no longer required for the purpose for which they were collected and there are no legally stipulated retention periods for further storage. In the case of the personal data from the input mask of the respective form and those sent by e-mail, the deletion is carried out when the corresponding conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user can revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot be continued.

The revocation of the consent and the objection to the storage is to be sent to the respective address, which is named in the privacy notices of the contact forms. All personal data stored in the course of the contact will be deleted in this case.

10. Social media
In addition to the information on our website, we make selected content available on social media on the basis of Article 6 (1) (3) GDPR to provide information about the project “euregio campus – Limburg / Niederrhein” in these media as well. The aim is also to raise the profile of this project and strengthen our networks.

We do not set social media plugins, but rather social bookmarks. These are integrated as links to the corresponding services and can be recognised by their respective graphic logo. If you click on these links, your browser will establish a direct connection to the respective servers of the social network. Through the connection to the server of the social network, information about the call of our website is stored, even if you are not logged in. This information (including your IP address) is transmitted directly to the operator of the platform and stored at its location. If you are already logged in to the social network, the selection of a link on our website leads directly to the allocation to your profile. Please note that the selection of a link to a social network leads to the social network being able to make an assignment to your profile.

We have no influence on the type and scope of the data that are collected and used by the operators of the social networks. For the purpose and scope of data collection and the further processing and use of data by the operators of the social networks as well as your rights and setting options for the protection of your privacy, please refer to the respective privacy notices at:

Facebook
Facebook Inc., 1601 S. California Ave, Palo Alto, Ca94304, USA

The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights and setting options for protecting your privacy can be found in Facebook’s privacy policy at: www.facebook.com/about/privacy/

Instagram
Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)

The purpose and scope of data collection and the further processing and use of the data by Instagram as well as your rights and setting options for protecting your privacy can be found in Instagram’s privacy policy at: help.instagram.com/155833707900388

Youtube by Google
Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA

The purpose and scope of data collection and the further processing and use of the data by Google as well as your rights and setting options for protecting your privacy can be found in Google’s privacy policy at: policies.google.com/privacy

11. Rights of the data subject
The following list covers all the rights of the data subjects under the GDPR. If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

• Right of access to information, Article 15 GDPR
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from the data controller on the following:

(1) The purposes for which the personal data are processed

(2) The categories of personal data which are processed

(3) The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

(4) The envisaged duration of the storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage

(5) The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the data controller or a right to object to such processing

(6) The existence of a right of appeal to a supervisory authority

(7) All available information on the origin of the data, if the personal data are not collected from the data subject

(8) The existence of automated decision making, including profiling in accordance with Article 22 (1) and (4) GDPR, and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing on the data subject. You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

This right of information may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or to seriously prejudice them and the limitation is necessary for the fulfilment of the research or statistical purposes.

• Right to rectification, Article 16 GDPR
You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you are incorrect or incomplete. The data controller must make the correction without delay.

Your right to rectification may be limited to the extent that it is likely to make it impossible or seriously hinder the achievement of the research or statistical purposes and that the limitation is necessary for the achievement of the research or statistical purposes.

• Right to deletion Article 17 GDPR
1) Duty to delete
You may demand from the data controller that the personal data concerning you be deleted immediately and the data controller is obliged to delete such data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.

(3) You lodge an objection to the processing pursuant to Article 21 (1) GDPR and there is no overriding legitimate reason for the processing, or you lodge an objection to the processing pursuant to Article 21 (2) GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the data controller is subject.

(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

2) Information to third parties
If the data controller has made public the personal data concerning you and is obliged to delete them pursuant to Article 17 (1) GDPR, they will take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

3) Exceptions
The right to deletion does not exist insofar as the processing is necessary,

(1) for the exercise of the right to freedom of expression and information

(2) to comply with a legal obligation requiring processing under Union or national law to which the data controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller

(3) for reasons of public interest in the field of public health pursuant to Article 9 (2) (h) and (i) and Article 9 (3) GDPR

(4) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or

(5) to assert, exercise or defend legal claims.

• Right to restriction of processing, Article 18 GDPR
Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) if you dispute the accuracy of the personal data concerning you for a period which enables the data controller to verify the accuracy of the personal data

(2) if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data

(3) the data controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the purpose of asserting, exercising or defending legal claims or

(4) if you have lodged an objection to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons

If the processing of personal data relating to you has been restricted, such data may be processed – aside from storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the processing of your data has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
Your right to restrict processing may be limited in so far as it is likely to make it impossible or seriously prejudicial to the achievement of the research or statistical purposes and the restriction is necessary for the achievement of the research or statistical purposes.

• Right to be informed, Article 19 GDPR
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.

• Right to data transferability, Article 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another data controller without interference from the data controller to whom the personal data has been communicated, provided that

(1) the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and

(2) the processing is carried out by means of automated procedures

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

• Right of objection, Article 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless they can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.
You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR.
Your right of objection may be limited to the extent that it is likely to make the achievement of the research or statistical purposes impossible or to seriously impair them and the limitation is necessary for the fulfilment of the research or statistical purposes.

• Automated decision-making in individual cases including profiling, Article 22 GDPR
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the data controller

(2) is authorised by Union law or the law of the Member States to which the data controller is subject and that law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR is applicable and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller will take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person on behalf of the data controller, to express its point of view and to challenge the decision.