The Hochschule Bremen has the protection of any personal data you let us have very much at heSection We process personal data of the users of our websites in compliance with the applicable data protection regulations, in particular the European Data Protection Regulation (GPDR) and the Bremen Implementation Act for the EU Data Protection Regulation (BremGDPRAG).
Without authorization, collected data will neither be published by the Hochschule Bremen nor passed on to third parties.
Below we provide you with the essential information on data processing.
The controller within the meaning of the GDPR is the:
Hochschule Bremen (a public corporation and institution of the Free Hanseatic City of Bremen)
As a matter of principle, we only process personal data of the users of our online offer insofar as this is necessary for the provision of a functioning website as well as its contents and our services. In principle, it is not necessary for you to provide personal data in order to use our website. However, if you wish to make use of special offers and services of the university via our internet pages, we may require your personal data. The personal data of our users is only processed with their consent.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Section 6 (1) a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Section 6 (1) b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which the university is subject, Section 6 Para. 1 c or e GDPR serves as the legal basis. Insofar as the processing of personal data is necessary for the performance of a task which is in the public interest and which has been assigned to the controller, Section 6 (1) e GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Section 6 (1) d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of Hochschule Bremen or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Section 6 (1) f GDPR serves as the legal basis for the processing.
Unless we inform you in detail about the storage period, we delete personal data when they are no longer required for the stated processing purposes and no statutory retention obligations prevent deletion.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected in our log files:
The legal basis for the temporary storage of the data and the log files is Section 6 (1) f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Section 6 (1) f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest.
If the data is stored for a longer period, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign the calling client.
In addition, we store the complete IP address transmitted by your web browser for a strictly limited period of seven days in the interest of being able to recognise, limit and eliminate attacks on our websites. After this period, we delete or anonymise the IP address. The legal basis is Section 6 (1) p.1 f GDPR.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object.
Necessary cookies enable basic functions and are required for the proper functioning of the website.
The legal basis for the processing of personal data using technically necessary cookies is Section 6 (1) f GDPR.
We need cookies for the following applications: saving the settings of the visitors selected in the cookie banner, displaying access-protected content.
The user data collected through technically necessary cookies are not used to create user profiles.
You can change your settings for optional cookies on this website at any time by clicking on this link to access the cookie settings banner.
We use the open-source software tool Matomo (formerly Piwik) on our website to analyse user behaviour. The statistics obtained enable us to improve our offer and make it more interesting for users.
The software sets a cookie on the computer of the user. The IP address is anonymised during this process so that the user remains anonymous to us. The software runs exclusively on the servers of our website. Personal data of the user is only stored there. The data is not passed on to third parties.
If individual pages of our website are accessed, the following data is stored:
The data processing is based on your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
The data is automatically deleted after 6 months.
We also offer our users the option of opting out of the analysis process. In this way, another cookie is set on their system, which signals to our system not to save their data. If the user deletes the corresponding cookie from their system in the meantime, they must set the opt-out cookie again.
We embed videos on our websites that are not stored on our servers. To ensure that accessing our web pages with embedded videos does not automatically lead to the content of the third-party provider being reloaded, we only display locally stored preview images of the videos in a first step. This does not provide the third-party provider with any information.
Only after a click on the preview image is the content of the third-party provider reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission to upload content from the third-party provider.
The embedding is based on your consent, provided you have given your consent by clicking on the thumbnail. Please note that the embedding of many videos results in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having any legal recourse. If we use providers in insecure third countries and you consent, the transfer to an insecure third country will be based on Section 49 (1) a of the GDPR.
Adequate level of data protection
Revocation of consent
No adequate level of data protection. The transfer is made on the basis of Section 49 (1) a GDPR.
If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.
On some pages, we include contributions from the Facebook platform of the provider Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you access the posts, a connection to the Facebook server is established. If you are logged into your Facebook account, Facebook can assign your surfing behaviour to you personally. You can prevent this by logging out of your account first.
On some pages, we include contributions from the Twitter platform of the provider Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.
When you call up the posts, a connection to the Twitter server is established. If you are logged into your Twitter account, Twitter can assign your surfing behaviour to you personally. You can prevent this by logging out of your account first.
If you send us enquiries via the contact form/registration form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry/registration and in the event of follow-up enquiries. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Section 6 (1) a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
The purpose of data processing during registration for the use of offers/services is the realisation of the respective offer or the provision of certain contents and services on our internet pages.
The purpose of the data collection, unless already stated below, is indicated on the respective page at the point where the data is to be entered by you. The purpose of data processing when registering for the use of offers/services is the realisation of the respective offer or the provision of certain contents and services on our internet pages.
Insofar as Hochschule Bremen obtains your consent as the data subject for individual processing operations on its websites, the legal basis is Section 6 (1) a GDPR.
Your personal data will not be passed on to other bodies or persons.
The personal data are stored until the purpose of the processing has been achieved and the respective procedure has been completed. They are deleted without delay as soon as the stated purpose has been achieved or the procedure concerned has been completed.
It is possible to contact us via our website using the e-mail address provided. If a user makes use of this option, the personal data of the user transmitted in the e-mail will be stored. In this context, the data will not be passed on to third parties.
The data will be used exclusively for processing the conversation. For the processing of the data, your consent will be obtained as part of the sending process and separate reference will be made to the information to be provided in accordance with Section 13 GDPR as well as the right of revocation with regard to the consent.
The legal basis for the processing of data is Section 6 (1) a GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Section 6 (1) f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Section 6 (1) b GDPR.
The processing of the personal data from the input mask serves us exclusively to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and the objection to storage can be made by e-mail to: email@example.com. All personal data stored in the course of contacting us will be deleted in this case.
The usage regulations for information processing systems of the Hochschule Bremen apply to the use of internal access-protected websites.
In the case of access-protected Internet pages of the university, which only concern information platforms accessible to university members and staff, the following personal data is collected from the logged-in, registered users (students, staff or university members with a user account) during their stay on these pages:
Legal basis for the processing of personal data
The legal basis for the processing of data after registration is Section 6 (1) e GDPR.
The collection of the user's data serves to enable the use of the restricted access Internet pages (connection establishment), as well as the purposes of system security, the technical administration of the network infrastructure and the optimisation of the offers.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case after logging out or closing the web browser.
Our website may contain links to external social networks such as Facebook, Instagram, Twitter, YouTube, XING, LinkedIn etc. When you follow the links by clicking on them, your browser establishes a direct connection with the servers of the providers. We would like to point out that this data protection declaration applies exclusively to the pages of the Hochschule Bremen website. The functions assigned to the links of the networks, in particular the transmission of information and user data, are not activated by visiting our internet pages, but only by clicking on the corresponding links.
For the purpose and scope of data collection by the networks and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information there.
The university operates online presences in various social networks (Twitter, LinkedIn, Facebook, Instagram, YouTube, XING) for the purpose of informing the public about the fulfilment of its tasks (Section 4 (9) of the Bremen Higher Education Act). When visiting these profiles, personal data of users outside the European Union may be processed. Therefore, a lower level of data protection may exist. The corresponding data processing is carried out by the external operators of these networks and on the basis of their data protection declarations. Please inform yourself there about the corresponding processing modalities. We would like to point out that you use social networks and their functionalities on your own responsibility. The Hochschule Bremen has no influence on the type and scope of the data processed by the respective provider, the type of processing and use or the transfer of this data to third parties.
If the Hochschule Bremen processes your personal data, you have the following rights as a data subject within the meaning of the GDPR:
You can request confirmation as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information about the following:
You have a right of rectification and/or completion vis-à-vis the university if the personal data processed concerning you are inaccurate or incomplete. The university must make the correction without delay. If your personal data is processed for scientific, historical or statistical research purposes, the right of access may be restricted to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impair them and the restriction is necessary for the fulfilment of the research or statistical purposes.
You may request the restriction of the processing of personal data concerning you under the following conditions:
Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the university before the restriction is lifted. If your personal data is processed for scientific, historical or statistical research purposes, the right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
You may request the university to delete the personal data concerning you without delay; the university is obliged to delete this data without delay if one of the following reasons applies:
If the university has made the personal data concerning you public and is obliged to erase it pursuant to Section 17 (1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
The right to erasure does not exist insofar as the processing is necessary
If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the university, the university is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by the university about such recipients.
You have the right to receive the personal data concerning you that you have provided to the university in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Section 6 (1) e or f GDPR; this also applies to profiling based on these provisions. The university will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
If your personal data is processed for scientific, historical or statistical research purposes, you also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Section 89 (1) of the GDPR.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
In accordance with Section 7 (3) GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
1. is necessary for the conclusion or fulfilment of a contract between you and the university,
2. is permitted on the basis of legal provisions of the Union or the Member States to which the higher education institution is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
3. is done with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Section 9(1) of the GDPR, unless Section 9 (2) a or g of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. With regard to the cases mentioned in (1) and (3), the university shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from the university, to express your point of view and to contest the decision.
To exercise your above-mentioned data protection rights, please contact firstname.lastname@example.org.
Without prejudice to the above rights or to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The State Commissioner for Data Protection and
Freedom of Information of the
Free Hanseatic City of Bremen
Phone: +49 471 596 2010 or
+49 421 361 2010
Fax: +49 421 496 18495