Privacy Policy
Information on Data Processing according to Art. 13 of the GDPR

Thank you for visiting our applicant platform. We are committed to respecting your privacy and ensuring that your personal data are protected. As such, we collect, process and use your personal data in accordance with that specified in this privacy policy, as well as with applicable German laws governing data protection.

We abide by the EU General Data Protection Regulation and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), in particular. In terms of internet usage, we look to the German Teleservices Act (Telemediengesetz, TMG) in order to protect your personal data. Below you will find more information regarding the data we collect when you visit our website and how these data are used.

Below you will find more information regarding the data we collect at the bbw Hochschule - University of Applied Sciences when you visit our learning platform and how these data are used.


Name and address of the Data Controller
The Data Controller as per the GDPR, other national laws on data protection applicable in Member States and any other regulations on privacy is the:

bbw Akademie für Betriebswirtschaftliche Weiterbildung GmbH
as the responsible body for the bbw Hochschule - University of Applied Sciences
Rheinpfalzallee 82
10318 Berlin, Germany

Tel.: +49 (0) 30 319909 50
Email: info@bbw-hochschule.de


Name and address of the Data Protection Officer
The Data Protection Officer for the Data Controller is:

Mr Andreas Thurmann

DataSolution LUD GmbH
Isarstr. 13
14974 Ludwigsfelde, Germany

Tel.: +49 (0) 3378 202513
Email: mail@ds-lud.de


General Information on Data Processing

Scope of Personal Data Processing
As a basic principle, we only collect and use our users’ personal data insofar as this is required to provide a functional website, as well as content and services. The personal data of our users are only ever collected and used with users’ consent. Exceptions thereto constitute cases where it is not possible to first obtain consent for practical reasons and where data processing is permitted by law.

Legal Grounds for Personal Data Processing
If we obtain consent from the data subject to process their personal data, Art.6(1), point a of the GDPR shall serve as the legal grounds. When processing personal data in order to fulfil a contract or initiate a contractual relationship (application), Art.6(1), point b of the GDPR shall serve as the legal grounds for processing these data without consent. If it is necessary to process personal data in order to fulfil a legal obligation, e.g. the Berliner Hochschulgesetz (Berlin Higher Education Act), Art.6(1), point c of the GDPR shall serve as the legal grounds. If it is necessary to process data in order to safeguard a legitimate interest of our company or a third party and the interests, basic rights and fundamental freedoms of the data subject do not supersede the former interest, Art.6(1), point f of the GDPR shall serve as the legal grounds for processing.

Data Deletion and Storage Period
Personal data are either deleted or blocked as soon as the reason for storage ceases to exist. Data may continue to be stored if this has been specified by European or national legislators in Union regulations, laws or other provisions which the Data Controller must observe. Data are blocked or deleted when the storage period specified in the relevant standards comes to an end, unless it is necessary for the data to be stored in order to conclude or fulfil a contract.


Your Online Application

Description and Scope of Data Processing
If you share your personal data with us during the application process, these data shall be organised into the following data types and categories for collection, processing and/or usage purposes:

Registration
•    Personal data (first and last name, place of residence)
•    Login details (email address, password)

Profile information
•    Personal data (title, academic level, first and last name, name at birth where applicable, date, place and country of birth, gender and nationality)
•    Contact details (home address, telephone number and mobile number where applicable)
•    Picture for your student ID/semester ticket

Background
•    General information (regarding studies at previous institutions)
•    University entrance qualification
•    Final examinations/graduation
•    Information regarding study-related periods abroad

Document upload
•    CV
•    University entrance qualification
•    Health insurance certificate
•    Bachelor’s degree certificate, where applicable
•    Certificate of ex-matriculation, where applicable
•    Proof of employment with mandatory social security contributions, where applicable
•    Proof of language skills, where applicable
•    Other documents, such as a cover letter, where applicable

If you apply online via our website, this takes place via the academyFIVE online application system by Simovative GmbH, Landsberger Str. 110, 80339, Munich, Germany. Any data you enter shall be transferred in encrypted format. Simovative GmbH shall undertake to handle your submitted data in accordance with the law on data protection. They shall implement all organisational and technical measures in order to protect your data.

We shall initially use the personal data you submit for the exclusive purpose of processing your application for the selected programme. Only those involved in the application process shall receive knowledge of your personal data. All employees tasked with data processing shall be obliged to keep data confidential. We do not pass your personal data on to third parties unless you have given your consent thereto, or unless we are obliged to do so due to legal provisions and/or official directives or court orders.

Legal Grounds for Data Processing
The relations established in order to prepare a contract or the act of concluding a contract with the applicant shall serve as the legal grounds for data processing. We will obtain your consent prior to publishing your image on our Campus Management System and learning portal at a later point in time.

Purpose of Data Processing
The personal data entered into the form shall be processed by us alone in order to process your application.

Storage Period
If your application for a degree programme at the bbw Hochschule- University of Applied Sciences is successful, your data shall be stored in our Campus Management System. Your data shall be deleted from this system as soon as they are no longer needed to achieve the purpose for which they were collected. In the event of contractual relations, we shall delete the data obtained as soon as national, statutory or contractual regulations with regard to storage, or the provisions of commercial law in this regard, have been fulfilled.

During the application process, you have the option of withdrawing your application on your profile page. If you choose to do so, all personal data shall be deleted or anonymised for statistical purposes. If you have not started a degree programme with us, but your applicant profile continues to be stored, your data shall be automatically deleted after 3 years at the latest. This shall not apply if legal regulations prevent deletion, necessitating continued storage for the purposes of giving evidence, or if you have given your express consent to a longer storage period. There shall be no notice given regarding data deletion.

Option of Objection and Removal
The user may object to their data being processed at any time. We have set up the following email address for this purpose: widerspruch@bbw-gruppe.de. We would like to point out that, if you object to data processing, it will not be possible to complete your application, nor can we continue our discussions.

Furthermore, if you have given permission for teachers or students to be able to view your image, you always have the option of preventing your image from being published for third parties to see by changing the settings on your profile or by contacting the Data Controller directly at a later point in time.



Contact Form/Email Contact Information

Description and Scope of Data Processing
If there is a contact form available on our website, this can be used to get in touch via electronic means. If you choose to use this option, the data entered into the form shall be sent to us and stored. This includes the following data: name, email address, subject line and message.

An alternative way to get in touch is using the email address provided. In this case, the personal data shared with us via email will be stored.

No data are transferred to third parties as part of this process.

Legal Grounds for Data Processing
Our legitimate interest in data processing within the scope of the contact made by the enquiring party shall serve as the legal grounds for data processing.

Purpose of Data Processing
Personal data shall be processed by us alone for the purposes of dealing with your enquiry.

Storage Period
Your data shall be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. With regard to personal data sent via email, this is the case when dialogue with the user has ended. Dialogue ends when the circumstances indicate that the issue being dealt with has been definitively resolved.

Option of Objection and Removal
You may object to your personal data being processed at any time. We have set up the following email address for this purpose: widerspruch@bbw-gruppe.de. You may also contact the email recipient directly.


Making the Website Available and Generating Log Files

Description and Scope of Data Processing

For operating and maintenance purposes, Simovative GmbH and third party service providers may collect files logging interactions which have occurred via this application (system logs) or use other personal data (e.g. IP address) to this end.

For technical reasons, your internet browser automatically transmits data when you access academyFIVE products. The following data are stored separately to any other data you may share with us:

•    Date and time of access,
•    Browser type and version,
•    Operating system used,
•    URL of the website you visited previously,
•    Amount of data sent,
•    IP address where the access took place.

These data are only stored for technical reasons and are not traced back to a specific individual at any time.

Legal Grounds for Data Processing
Safeguarding our legitimate interest in accordance with Art. 6(1), clause 1, point f of the GDPR shall constitute the legal grounds for temporarily storing data and log files.

Purpose of Data Processing
It is necessary for the IP address to be temporarily stored in the system in order to make the website available on the user’s computer. To this end, the user’s IP address must be stored whilst they are visiting the website.

Log files are created and stored in order to ensure that the website is functional. In addition, we use data in order to optimise the website and make sure that our IT systems are secure. This process does not involve data analysis for marketing purposes.

Our legitimate interest in data processing also forms the basis of these purposes.

Storage Period
Your data shall be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. In the event that data are collected so that the website can be made available to the user, deletion occurs when the user’s session has ended.

In the event that data are stored as log files, deletion shall occur after seven days at the latest. It is possible that data may be stored for a longer period. If this is the case, users’ IP addresses shall be deleted or masked so that they no longer bear relation to the client who made the access.

Option of Objection and Removal
In order for the website to function, it is strictly necessary to collect data to make the website available, as well as to save data in log files. As such, the user does not have the option to opt-out.


Use of Cookies

Description and Scope of Data Processing
Cookies are small files which enable us to store specific information related to you, the user, on your computer whilst you are visiting our website. Cookies help us to determine how often our web pages are used and the number of users who do so. They also help us to make our pages as easy and efficient as possible for you to use.

We use what are known as “session cookies”, which are only temporarily stored for the time you are using our website. Session cookies are saved on your storage medium in order to make sure that certain settings and functions on our website work over your browser. The cookies we use are deleted after you have finished the session on your browser, or in other words, when you have closed your browser.

On our website, we do not use any cookies or tracking tools which enable users’ browsing habits to be analysed.

Legal Grounds for Data Processing
Our legitimate interest in data processing forms the legal grounds for processing personal data by using cookies which are essential for technical purposes.

Purpose of Data Processing
We use cookies which are essential for technical purposes to make our website easier for users to navigate. It would not be possible to offer some of the functions on our website without using cookies. For these functions, it is necessary for your browser to be recognised even after you’ve changed pages. The user data, collected through cookies which are essential for technical purposes, are not used to build user profiles.

Storage Period, Option of Objection and Removal
Cookies are stored on the user’s computer and sent to our site from there. This means that, as a user, you have full control over how cookies are used. By changing the settings for your internet browser, you can disable or restrict cookies. Saved cookies can be deleted at any time. You can even arrange for this to be done automatically. If you disable cookies for our website, it may not be possible to use all the functions to their full extent.

It is also possible to use our website without cookies and scripts. You can change your browser settings to prevent cookies and scripts from being stored, to restrict them on certain websites or so that you receive a notification when a cookie has been sent. You also have the option of deleting cookies from your computer’s hard drive at any time.

You may install browser add-ons in order to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser extensions. Not only do these block any kind of JavaScript, but they also block selected trackers, Java, Flash and other plugins on websites.

If you are worried about cookies from third-party providers, you may choose to disable these cookies only and still allow the cookies which enable our website to work properly.

Please find below browser-specific information on how to disable cookies:

Mozilla Firefox: link

Google Chrome: link

Internet Explorer: link

Safari: link

Please note that, if you choose to disable cookies, your website view and user interface will be restricted.


Rights of the Data Subject

If your personal data are processed, you are a data subject as per the GDPR and you have the following rights in relation to the Data Controller:

•    You have the right to receive information regarding the personal data stored about you, the purposes of processing, the storage duration and if data have been transferred elsewhere.

•    If data are incorrect or are no longer required for the purposes for which they were collected, you may demand that they be rectified or deleted, or you may restrict the processing thereof. You may also view and, where applicable, correct your data yourself, provided that this is possible within the processing procedure.

•    If grounds for your personal data not to be processed arise due to your specific personal circumstances, you may object to your data being processed, if this processing is based on a legitimate interest. The Data Controller will no longer process your personal data, unless proof exists to show that there are compelling, legitimate grounds for processing which supersede your interests, rights and freedom, or unless data are processed to assert, exercise or defend legal claims.

•    If your personal data are processed for direct marketing purposes, you have the right to object to your personal data being processed for this kind of advertising at any time; this also applies for profiling if this is related to such direct marketing. If you object to your data being processed for direct marketing or profiling, your personal data will no longer be processed for these purposes.

You have the right to withdraw your declaration of consent under data protection law at any time. By withdrawing your consent, this does not make it illegal for data to have been processed with your consent up to the point the consent was withdrawn.


The Right to Lodge Complaints with a Supervisory Authority
Without prejudice to any other administrative or judicial appeals, you, as a data subject, have the right to lodge a complaint with a supervisory authority for data protection, especially in the member state of your place of residence or place where the presumed infringement has occurred. This is the case if you believe that your personal data have been processed in breach of data protection.

The supervisory authority with which you lodged the complaint will inform you on the status and outcome of your complaint, including the possibility of a judicial appeal.

More information can be found on the website for the Federal Commissioner for Data Protection and Freedom of Information. Follow the link.


Security

The website provider implements technical and organisational security measures in accordance with Art. 32 of the GDPR in order to protect data about you, and managed by us, from being accidentally or intentionally manipulated, lost, destroyed or accessed by unauthorised individuals. Our security measures are continuously improved as new technology becomes available. Only a few authorised parties and individuals obliged to abide by specific rules on data protection, who are involved in technical, administrative or editorial data operations, shall have access thereto.

For reasons of security and in order to protect the transfer of confidential content that you send to us, as the site operator, our website uses SSL/TLS encryption. In this way, third parties will not be able to view the data which you share with us via this website. You can recognise an encrypted connection with the “https://” in your browser’s address bar and adjacent lock symbol.


Modifications and Updates

We reserve the right to modify, update or add to this privacy policy at any time. If a directive on privacy is revised, it shall only apply to the personal data collected or modified after the revised directive has entered into force.


Valid | June 2020