Data Privacy notice
Data as at 18th November 2019
Data protection and data security for our enterprise’s customers and partners as well as interested parties in and users of our website are of high importance within our enterprise. Transparency regarding the processing of your personal data as well as protecting your data are therefore of key importance to us. We created this Policy to provide you with an overview of how your personal data is collected and processed when using our website, and what you can personally do yourself to ensure your data is better protected, where applicable.
Controller of the processing
SRH University of Applied sciences Hamm
Platz der Deutschen Einheit 1
Phone: +49 (0)2381 9291-0
Data protection officer of the enterprise
Würzburger Straße 23
Phone: +49 (0)151 12159520
What is personal data?
Personal data is any information that relates to an identified or identifiable natural person. What is essential here therefore is whether a personal reference can be made using the collected data. This includes information such as your name, address, telephone number or email address. Information which is not directly connected to your actual identity, such as favourite websites or number of users of a site, is not regarded as personal data.
How we collect and process your personal data
When you visit our web pages, we save the connection data from the requesting computer, the web pages you visit on our website, the date of your visit, identification data of the browser and operating system used and the website you are visiting us from for the duration of your visit as standard. Additional personal data, such as your name, your address, telephone number, or email address is not collected; unless you provide this data voluntarily, e.g. in connection with a registration, with a survey, with a prize competition, with the implementation of a contract, or with a request for information.
How we use your personal data and how we disclose it
If the online service includes the option to enter personal or commercial data (email addresses, names, addresses, etc.), this data may be disclosed by the user on a purely voluntary basis. Emails are transmitted via a contact form. When you send such a message, your personal data is collected only to the extent necessary to reply. The email is sent in an unencrypted manner. If you have provided us with any personal data, we shall only use this data for the technical administration of the web pages and to respond to your wishes and requests, which as a rule means to process any contract concluded with you or to reply to any queries you may have. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. It is only if you have given us your consent beforehand, or if you – subject to it being provided for under statutory regulations – have not raised an objection, that we will also use this data for product-related surveys, marketing and statistical purposes. In this case, the legal basis is Art. 6 (1) lit. a DSGVO. If we use external service providers in the context of order data processing, the processing takes place on the legal basis of Art. 28 DSGVO. Your personal data is not disclosed, sold or transmitted in any other way to third parties unless it is necessary in order to fulfil a contract or you have given your express consent. Any consent granted can be revoked at any time with future effect.
For how long will my data be stored?
Generally speaking, we store all information that you send to us until the respective purpose, i.e. the contractual purpose, has been fulfilled. This means, for example, until any queries have been resolved, or in the case of newsletters, until you to choose to unsubscribe from them. If there is provision in place by law for an extended storage period, the data will be stored within this framework. If you no longer wish us to use your data, we will of course comply with this request immediately (please also refer to the address stated under “Data protection officer of the enterprise”).
When will my data be deleted?
The deletion of the personal data stored is carried out if you revoke your consent to such storage, if knowledge of such data is no longer necessary for the fulfilment of the purpose pursued with the storage, or if the storage of such data is inadmissible on other legal grounds. Data for invoicing and accounting purposes will not be affected by a deletion request.
What we do to ensure security of processing
Our enterprise takes all of the necessary technical and organisations security measures to ensure your per-sonal data is protected from loss or misuse. Accordingly, your data shall be stored in a secure operational environment that is not open to the public. In certain cases, your personal data is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and our enterprise’s servers if your browser supports SSL. For reasons of security and to protect the transfer of confidential content, such as the orders or enquiries that you send to us as the website operators, this site uses SSL and TLS encryption. You can identify an encrypted connection from the padlock symbol in your browser bar and the fact that “http://” in the address bar changes to “https://”. If SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties. Should you wish to contact our enterprise via email, we would like to point out that the confidentiality of the transmitted information cannot be guaranteed. The content of emails may be viewed by third parties. We would therefore recommend that you arrange for confidential information to be sent to us exclusively by post.
Your data protection rights
In accordance with the various statutory provisions in place, you shall be entitled to obtain information at any time, and free of charge, regarding your stored personal data, its origin and potential recipients and the purpose of the data processing (Article 15 GDPR) and, where applicable, the right to rectification of inaccurate data (Article 16 GDPR), the right to erasure of such data (Article 17 GDPR), the right to restriction of processing according to Article 18 GDPR, the right to object (Article 21 GDPR) and the right to receive the personal data that you have provided according to Article 20 GDPR. The limitations according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, you shall also have the right to lodge a complaint with a responsible supervisory authority in the event of infringements under data protection law (Article 77 GDPR in conjunction with Section 19 BDSG). The responsible supervisory authority in data protection matters is the state data protection officer of the federal state in which our enterprise has its registered office. A list of data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
How you can withdraw your consent to data processing
A lot of data processing operations can only take place with your express consent. You can withdraw your consent at any time. All you have to do is send us a simple email. The legality of any data processing carried out before you withdraw your consent will not be affected by withdrawal of your consent.
Changes may be made to these privacy notices that must also be published in a timely manner on this website.
Data protection in the case of job applications and the job application process
We collect and process personal data from applicants in order to handle the application process. Processing can occur electronically. This applies in particular if an applicant sends the corresponding application documents electronically, e.g. via email. Should the applicant sign an employment contract, the data submitted will be saved for the purposes of developing the occupational relationship, under consideration of legal regulations. If no employment contract is signed with the applicant, the application documents will be automatically deleted six months after the rejection decision has been conveyed, provided that no other justified interests prevent the controller responsible for processing from deleting these. In this context, other legitimate reasons could for example be the need for evidence in proceedings in accordance with the Allgemeinen Gleichbehand-lungsgesetz (AGG) [General Law on Equality of Treatment].
We would like to inform you about the processing of personal data in WhatsApp Business communications. We use this communication channel exclusively for the initial contact, which takes place through your address to SRH via WhatsApp. We will not send any confidential information through this channel from our side. Chats you conduct with us will be deleted after 6 months.
The legal basis for the processing is Art. 6 Para. 1 lit. b DSGVO.
During communication via the Messenger WhatsApp Business (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), personal data (e.g. name, telephone number) are processed.
WhatsApp is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection laws.
If you have given us your explicit consent, we will use your email address and personal details you have provid-ed on a voluntary basis in order to send our newsletter to you on a regular basis. All you need to do is enter an email address in order to receive the newsletter. Additional personal details you have provided on a voluntary basis are merely used to personalise the newsletter. At the end of each newsletter, you will find a link where you can unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time via email at email@example.com
This website uses the live chat "Livezilla" (see LiveZilla GmbH, Byk-Gulden-Straße 22, 78224 Singen (www.livezilla.net/home/de/)). Using this tool, anonymous data is collected from our server and stored on a server operated by us for the purpose of web analysis (is this purpose relevant without cookies?) and for operating the live chat system to answer live support queries. Chats, tickets and attachments etc. are automatically deleted after 30 days. The data collected with LiveZilla will not be used to personally identify the visitor to this website without the separate consent of the person concerned. Personal data will not be made available to third parties without written consent, unless required by law. Further data protection information can also be found at: https://www.livezilla.net/disclaimer/de/.
Social networks in general
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data is not opposed by any legal storage obligations and no other information on individual processing methods is subsequently provided.
We maintain an online presence on Twitter to present our company and our services and to communicate with customers/interested parties. Twitter is a service of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for the user in that, for example, later access to the user data may be made more difficult. We also do not have access to this user data. The access possibility lies exclusively with Twitter. Twitter Inc. is certified under the Privacy Shield and is therefore committed to complying with European data protection standards.
We maintain an online presence on YouTube to present our company as well as our services and to communicate with customers/interested parties. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users, e.g. by making later access to user data more difficult. We also do not have access to this user data. YouTube has exclusive access to this data. Google LLC is certified under the Privacy Shield and is therefore committed to complying with European data protection standards.
We maintain an online presence at LinkedIn to present our company and our services and to communicate with customers/interested parties. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for the user to the extent that, for example, later access to the user data may be made more difficult. We also do not have access to this user data. The access possibility lies exclusively with LinkedIn. LinkedIn Corporation is certified under the Privacy Shield and is therefore committed to complying with European data protection standards.
We operate a company presence on the Instagram platform to promote our products and services and to communicate with interested parties or customers.
On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The Instagram Privacy Officer can be reached via a contact form:
We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the DSGVO. This agreement, from which the mutual obligations arise, can be accessed under the following link:
The legal basis for the processing of personal data that takes place as a result and is reproduced below is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the analysis, communication, sale and advertising of our products and services.
The legal basis can also be the user's consent to the platform operator pursuant to Art. 6 Para. 1 lit. a DSGVO. According to Art. 7 para. 3 DSGVO, the user can revoke this consent at any time for the future by notifying the platform operator.
When calling up our online presence on the Instagram platform, Facebook Ireland Ltd. as the platform operator in the EU processes the user's data (e.g. personal information, IP address, etc.).
This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. These profiles enable Facebook Ireland Ltd., for example, to advertise users inside and outside Instagram on an interest-related basis. If the user is logged in to Instagram on their account at the time of the call, Facebook Ireland Ltd. may also link the data to the respective user account.
If the User contacts Instagram via Instagram, the User's personal data entered at that time will be used to process the request. We will delete the user's data provided that the user's request has been conclusively answered and there are no legal obligations to retain the data, such as in the case of subsequent contract processing.
Facebook Ireland Ltd. may also set cookies to process the data.
If the user does not agree with this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented using the browser settings, but by setting the Flash Player accordingly. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions are fully usable.
For more information about the processing activities, how to prevent them and how to delete the data processed by Instagram, please refer to Instagram's Data Policy:
It cannot be ruled out that the processing by Facebook Ireland Ltd. may also take place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
Facebook Inc. has submitted to the "EU-US Privacy Shield" and thereby declares its compliance with the data protection regulations of the EU when processing data in the USA.
"Twitter social plug-in
In our internet presence we use the plug-in of the social network Twitter. Twitter is an Internet service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter referred to as "Twitter".
The certification according to the EU-US data protection shield ("EU-US Privacy Shield")
Twitter guarantees that the EU's data protection requirements will also be complied with when processing data in the USA.
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in improving the quality of our website.
If the plug-in is stored on one of the pages of our website you have visited, your Internet browser will download a display of the plug-in from the Twitter servers in the USA. For technical reasons, it is necessary for Twitter to process your IP address. In addition, the date and time of your visit to our website are also recorded.
If you are logged in to Twitter while visiting one of our websites equipped with the plug-in, the information collected by the plug-in about your specific visit will be recognised by Twitter. Twitter may assign the information collected in this way to your personal user account there. For example, if you use the "Share" button on Twitter, this information is stored in your Twitter user account and may be published on the Twitter platform. If you wish to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter user account.
data protection information that can be called up.
Twitter of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
Privacy information can be found at https://twitter.com/privacy
Through certification according to the EU-US Privacy Shield
Twitter guarantees that the EU's data protection requirements will also be complied with when processing data in the USA.
You can prevent cookies from being stored by means of a special setting in your browser software; we must inform you, however, that if you do so, you will not be able to use all of the functions on this website fully. You can also prevent collection of the data (including your IP address) generated by the cookies and related to your use of the website by Google as well as the processing of this data by Google by down-loading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data for advertising purposes by Google, as well as settings options and procedures available for opting out can be found on Google’s website:
(“How Google uses information from sites or apps that use our services”),
(“Control the information Google uses to show you ads”) and
(“Take control of your Google ads experience”).
We have concluded an agreement with Google on contract data processing and implement in full the strict provisions of the German data protection authorities for the use of Google Analytics.
Google Adwords and Google Conversion Tracking
We use the online advertising program “Google AdWords” and conversion tracking in the context of Google AdWords. A cookie is placed on your computer by Google Adwords for this purpose if you have reached our website via a Google Ad. These cookies lose their effectiveness after 30 days and cannot be used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google are able to recognise that you have clicked on the advert and have been forwarded to this page. Every Google AdWords customer receives a different cookie. Cookies therefore cannot be traced via the websites of AdWords customers. The information that is gathered with the help of conversion cookies serves to produce conversion statistics for AdWords customers who have opted for conversion tracking. As a result, the customers are informed about the total number of users who have clicked on their advert and been forwarded to a site with a conversion tracking tag. However, they do not receive any information with which the users could be personally identified. Users who do not wish to participate in tracking can simply disable the Google Conversion Tracking cookie via their Internet browser under the user settings. This user will then not be included in the conversion tracking statistics. The basis for storing “conversion cookies” is Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web content and the advertising shown with it. Find out more about Google’s privacy regulations (http://www.google.de/intl/de/privacy.html)
Google Analytics Remarketing
Our websites make use of the functionality of Google Analytics Remarketing in conjunction with the multi-device functionality of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This functionality makes it possible with Google Analytics Remarketing to link ad target groups to the multi-device functionality of Google AdWords and Google DoubleClick. This enables interest-related and personalised ads, which have been adjusted for you based on your previous usage and browsing habits on a device (e.g. mobile phone), to be displayed on another one of your devices (e.g. tablet or PC).
If you have given your consent accordingly, Google will then link your web and app browsing history to your Google account for this purpose. As a result, the same personalised ads will be displayed to you on each device on which you are logged in to your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for multi-device ad promotion. You can permanently opt out of multi-device remarketing/targeting by disabling personalised ads in your Google Account; to do this, simply follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google (Article 6(1)(a) GDPR). For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes.
Google Web Fonts
Application and use of YouTube
YouTube components are integrated on this website. YouTube is an Internet video portal that gives video publishers the opportunity to upload video clips free of charge, and also gives other users the opportunity to view, rate and comment on these video clips free of charge. YouTube authorises the publication of all kinds of videos, which is why entire film and television programmes along with music videos, trailers or videos made by users themselves can be viewed via the Internet portal. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Each time you visit a page on our website on which a YouTube component has been integrated (YouTube Video), your Internet browser is automatically instructed by the respective YouTube component to down-load the corresponding YouTube component from YouTube. Further information on YouTube can be re-trieved at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are both informed of the specific subpages on our website that you have visited. If you are logged in to YouTube at the same time, YouTube is informed when you visit a sub-page containing a YouTube video of which specific subpage of our website the data subject has visited. This information is collated by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google will always be informed via the YouTube component about the fact that the data subject has visited our website if you are also logged in to YouTube at the same time as visiting our website. This happens regardless of whether you click on a YouTube video or not. If you do not want such information to be transferred to YouTube and Google, you can prevent this from happening by logging out of your YouTube account before visiting our website. The privacy regulations published by YouTube, which can be retrieved at https://www.google.de/intl/de/policies/privacy/, give an insight into the collection, processing and use of personal data by YouTube and Google.
The Deutsche Bahn AG
Students of the SRH Hochschule Hamm in attendance, dual and part-time studies receive a free NRW semester ticket from Deutsche Bahn AG. As regulated in the scale of fees, the semester ticket of Deutsche Bahn AG is subject to a charge for distance students. Should the student require a semester ticket, he/she can notify the university of this and purchase it at his/her own expense. The university will collect the semester ticket in the name and for the account of the Verkehrsverbund. To this end, the student consents to the transfer of his/her personal data (surname, first name, gender, address, birthday date, e-mail address, birthday date, end of standard period of study) to DB (consent to study-relevant data). Without consent, the semester ticket will not be transmitted and thus not issued. A given consent can be revoked at any time with effect for the future. The purpose and scope of data collection by Deutsche Bahn AG and the further processing and use of your data there, as well as your rights in this regard and setting options to protect your privacy, can be found in the data protection information of Deutsche Bahn AG under the following link:https://www.bahn.com/en/view/home/info/privacy.shtml
The Municipal Library Hamm
Students of the SRH Hochschule Hamm receive a free library card from the Stadtbibliothek Hamm. The library card will be collected by the university in the name of the city of Hamm. To this end, the student consents to the transfer of his/her personal data (surname, first name, gender, address, birthday date, e-mail address, birthday date, end of standard period of study) to the city (consent to study-relevant data). Without consent, the Bib card will not be transmitted and thus issued. A given consent can be revoked at any time with effect for the future. The purpose and scope of the data collection by the City of Hamm and the further processing and use of your data there, as well as your rights in this regard and possible settings to protect your privacy, can be found in the data protection information of the City of Hamm under the following link: https://www.hamm.de/stadtbuecherei/datenschutz.htmlhttps://www.hamm.de/datenschutz.html