Privacy policy

Privacy policy

 

This privacy policy applies to the following websites:


https://en.biomasseinstitut.de

 

1. General

Data protection is our concern and our legal obligation. In order to adequately protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL/TLS) and secure technical systems. Javascript is used as an active component for the website. If you have disabled this function in your browser, you will receive a message asking you to activate it.

 

2. Responsible bodies

The website is managed by us, the Weihenstephan-Triesdorf University of Applied Sciences (HSWT).

You can find the contact details of the responsible persons in the legal notice (link).

 

3. Joint point of contact for affected persons

The joint point of contact for affected persons is the data protection officer at HSWT

Data Protection Officer

x-tention Informationstechnologie GmbH
Margot-Becke-Ring 37, 69124 Heidelberg
datenschutzbeauftragter.hswt@x-tention.com

Data Protection Coordinator

datenschutz@hswt.de

Status of the privacy policy: 26 February 2025

https://www.hswt.de/hochschule/hochschule/datenschutzbeauftragter.html

Any data subject may contact the data protection officers directly at any time with any questions or suggestions regarding data protection.

 

4. Purpose and legal basis of processing

In accordance with Art. 2 (6) BayHSchG, Art. 4 (1) sentences 1 and 2 BayEGovG in conjunction with Art. 4 (1) BayDSG and Art. 6 (1) sentence 1 lit. e EU GDPR, we offer our services and administrative services as well as information for the public about our activities on our websites.

If your personal data is processed, this is done on the legal basis of Art. 6 GDPR. Your personal data will only be passed on to third parties on the basis of Art. 6 GDPR. As a matter of principle, your data will not be passed on to third parties without your express consent. The Institute for Biomass Research will only pass on your personal data to third parties if this is legally permissible (e.g. on the basis of Article 6 GDPR) and/or necessary.

The website is hosted by the service provider Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften, Boltzmannstraße 1, 85748 Garching b. München.

We will disclose and block or delete any content and contributions that violate the rights of third parties or constitute a criminal offence or administrative offence, or that do not comply with legal or contractual obligations of conduct, by forwarding them to the competent authority.

We use cookies and log files to check or maintain our web service and to ensure network and information security in accordance with Art. 6 (1) BayDSG, § 13 (7) TMG, Art. 11 (1) BayEGovG. We anonymise or pseudonymise personal data insofar as this does not impair the purpose of processing.

 

5. Data categories

Administration and data redaction

For administration and editing purposes, function IDs and personal IDs with access protection mechanisms are created and changes made with these IDs are logged.

Log files

The web server of the Biomass Institute is operated by the LRZ, Boltzmannstraße 1, 85748 Garching b. München. The personal data processed in this context is subject to the applicable data protection regulations.

When you visit this or other websites, you transmit data to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server. Depending on the access protocol used, the log data record contains information with the following content:

  • the IP address of the requesting computer
  • Date and time of the request
  • the access method/function requested by the requesting computer
  • the input values transmitted by the requesting computer (file name, etc.)
  • Access status of the web server (file transferred, file not found, command not executed, etc.)
  • Name of the requested file
  • Type and version of the web client and operating system
  • URL from which the file was requested/the desired function was initiated

The data in this log file is processed on the basis of the legitimate interest of the Institute for Biomass Research / Weihenstephan-Triesdorf University of Applied Sciences in accordance with Art. 6 (1) (f) GDPR as follows:

  • The log entries are continuously evaluated automatically in order to detect attacks on the web servers and respond accordingly.
  • In individual cases, i.e. in the event of reported malfunctions, errors and security incidents, a manual analysis is carried out.
  • Log entries are anonymised by truncating the IP address.
  • We do not use any form of user tracking.

Web analysis

The university uses the “Statify” plugin on this website.

Statify does not store any personal data such as IP addresses, but counts page views and not visitors. No cookies are set. The following data is stored in total:

  • Timestamp: Time of page view.
  • Linking page: Hierarchical information about which page the visit came from.
  • Page accessed: The page accessed within your website.

Cookies

This site uses cookies. Cookies are text files that are stored on your computer and enable analysis of your use of the website and automatically recognise you on your next visit. You can prevent the installation of cookies by adjusting the cookie banner or your browser settings accordingly. You also have the option of revoking your consent at any time in the cookie banner or cookie settings. This may mean that you cannot use all offers to their full extent.

Details concerning cookies

Name of the cookie
 Stored data Duration Description
wordpress_test_cookie the text “WP Cookie Check” Session cookie, deleted when you close your web browser. WordPress sets this cookie when you navigate to the homepage. The cookie checks whether your web browser allows or rejects cookies.
viewed_cookie_policy the text “yes” oder “no” Persistent cookie, valid for one year. This cookie is a flag that indicates that a user has viewed the website’s cookie policy.
wordpress_ Login authentication in an encrypted form Session cookie, deleted when you close your web browser. WordPress uses these cookies to store authentication details. Use is restricted to the administration console.
wordpress_logged_in_[hash] Login details in encrypted form Session cookie, deleted when the web browser is closed. WordPress uses these cookies to indicate whether you are logged in and who you are.
wp-settings-[UID], wp-settings-time-[UID] Text that stores preferred settings Persistent cookie, valid for one year. WordPress uses these cookies to personalise the administration interface and, depending on the settings, possibly also on the main page.
wordpress_sec_ Text that stores preferred settings Session cookie, deleted when you close your web browser. Set after login and keeps the user logged in during the browser session.
PHPSESSID Text that stores preferred settings Session cookie, deleted when the web browser is closed. This cookie is used to temporarily store a user’s input into a form on the website so that the input can then be transmitted.
viewed_cookie_policy Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates that a user has viewed the website’s cookie policy.
cookielawinfo-checkbox-advertisement Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates that a user has accepted or excluded the use of the respective cookies on the website.
cookielawinfo-checkbox-analytics Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates whether a user has accepted or rejected the use of the respective cookies on the website.
cookielawinfo-checkbox-functional Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates whether a user has accepted or rejected the use of the respective cookies on the website
cookielawinfo-checkbox-necessary Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates whether a user has accepted or rejected the use of the respective cookies on the website.
cookielawinfo-checkbox-others Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates whether a user has accepted or excluded the use of the respective cookies on the website.
cookielawinfo-checkbox-performance Text “yes” or “no” Persistent cookie, valid for one year This cookie is a flag that indicates whether a user has accepted or excluded the use of the respective cookies on the website.
CookieLawInfoConsent Text that stores preferred settings Persistent cookie, valid for one year WordPress uses this cookie to recognise the user’s cookie settings.
wp-lang Text “de_DE” or “en_EN” Session cookie, deleted when the web browser is closed. This cookie is used to temporarily store the language selected by the user on the website.

 

Communication

If you send us a request or opinion by e-mail, post, telephone or fax, the information provided will be processed for the purpose of handling the request, for possible follow-up questions and for the exchange of opinions. Data processing for the purpose of contacting the Biomass Institute is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntary consent.

Links to external services

Facebook

The university website links to the Facebook website. The operator of the pages is Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland). Instead of Facebook plugins, the university has decided to link to Facebook only so that your personal data is not automatically transmitted to Facebook when you visit the website. This technical solution also prevents the university from automatically collecting your personal data in this regard. By linking, Facebook only processes your personal data when you actively click on the Facebook button. However, if you were already logged into your Facebook account when you visited the university’s website, Facebook will at least process the information about which of the university’s websites you visited with your IP address, at what time and via which browser. Facebook may transfer the processed information to third parties, e.g. US authorities, if required by law or if third parties process this data on behalf of Facebook. The university has no influence on the type and scope of your personal data processed by Facebook.

The university only collects personal data from you via Facebook if you become active on the university’s Facebook fan page, for which the university is jointly responsible with Facebook, and disclose your personal data. By providing data on the university’s Facebook page, you give the university your consent to process this data in accordance with Art. 6 (1) lit. a GDPR. Further information on the handling of your data can be found in Facebook’s privacy policy.

Instagram

The university’s website links to the Instagram website. The operator of the site is Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland). The university only links to the Instagram website instead of integrating Instagram plugins. This means that your personal data is not automatically transferred to Instagram when you visit the university’s website. Instagram only processes your personal data when you actively click on the Instagram button. However, if you are logged into your Instagram account when you visit the university’s website, Instagram will process your personal data. Instagram may transfer this information to third parties, e.g. US authorities, if required by law or if third parties process this data on behalf of Instagram. The university has no influence on the type and scope of your personal data processed by Instagram. For more information on how your data is handled, please refer to Instagram’s data policy.

LinkedIn

The University’s website links to the LinkedIn website. The operator of the site is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Instead of using plugins, the University merely links to LinkedIn. Therefore, your personal data is not automatically transmitted to LinkedIn when you visit the University’s website. Through the link, LinkedIn only processes your personal data when you actively click on the LinkedIn button. LinkedIn may transfer the processed information to third parties, e.g. US authorities, if required by law or if third parties process this data on behalf of LinkedIn. The university has no influence on the type and scope of your personal data processed by LinkedIn. For more information on how your data is handled, please refer to LinkedIn’s privacy policy.

 

6. Registration on our website

You have the option of registering on the website for certain additional services by providing personal data. The personal data disclosed to us in this process is determined by the respective input mask used for registration. The personal data you enter will be processed exclusively for internal use by us.

Registration is voluntary and enables us to offer content or services that, due to their nature, can only be offered to registered users.

Data processing for the purpose of contacting the university is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntary consent.  The personal data collected by the University of Applied Sciences for the use of the contact form will be deleted after your enquiry has been dealt with and after the expiry of the tax and commercial law retention obligations. Once you have given your consent, you can revoke it at any time with effect for the future without giving reasons.

7. Events

In the context of our events, we process the data required for registration and organisation in accordance with Art. 6 (1) lit. b GDPR.

Data is deleted in accordance with the statutory retention periods, which are six years for business letters and ten years for invoices, unless the data of the participants is required beyond this period in order to issue duplicates or confirmations of participation.

8. Photos and video footage

As part of our press and public relations work, photos and videos are taken at events and appointments, which we publish on our website. The basis for this is Art. 6 (1) (e) GDPR in conjunction with § 2 (8) HRG.

 

9. Transfer of personal data to a third country or international organisations

This does not take place.

 

10. Deletion of personal data and restriction of personal data processing

We only process the personal data of the data subject for the period necessary to achieve the purpose of processing or if this has been provided for by the European directive and regulation legislator or another legislator in laws or regulations to which we are subject. If the purpose of processing no longer applies or if a retention period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely deleted in accordance with the statutory provisions. The right to archive in the public interest remains unaffected.

 

11. Rights of data subjects

Under the General Data Protection Regulation, you have the following rights:

  • You may request information about whether we process your personal data. If this is the case, you have the right to obtain information about this personal data and other information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases (see in particular Art. 10 BayDSG).
  • If personal data about you is no longer accurate or is incomplete, you can request that it be corrected and, if necessary, completed (Art. 16 GDPR).
  • Unless there are legal requirements to the contrary, you may request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure under Art. 17 (1) and (2) GDPR does not apply, among other things, if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 17 (3) (b) GDPR).
  • If you have consented to the processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR).
  • For reasons arising from your particular situation, you may also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). Unless there are conflicting legal requirements, we will no longer process your personal data.

If you exercise your above-mentioned rights, the public authority will check whether the legal requirements for this are met.

You also have the right to complain to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich.

 

12. Other information relevant to the privacy notice

We reserve the right to amend this privacy policy from time to time to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.