Privacy notice

Privacy notice


This privacy notice applies to the following websites:


1. General information

Data protection is our concern and our legal obligation. To protect the security of your data appropriately during transfer, we use the latest encryption procedures (e.g. SSL/TLS) and secure technical systems.
JavaScript is used as an active component for the websites. If you have disabled this function in your browser, you will receive an instruction to activate the function.


2. Controllers

We, Weihenstephan-Triesdorf University of Applied Sciences (HSWT) and Ansbach University of Applied Sciences (HSA), are the joint controllers of the website and have entered into a joint agreement (link) on this subject.

The Legal notice (link) contains the controllers’ contact details.


3. Joint point of contact for data subjects

The joint point of contact for data subjects is HSWT’s data protection officer.

Dr. Matthias Kopp
Weihenstephan-Triesdorf University of Applied Sciences
Am Hofgarten 4
85354 Freising
T: +49 8161 71-5963
datenschutz [at]

Any data subject can make direct contact with our data protection officer at any time with any questions or suggestions on the subject of data protection, and can also contact the data protection officer at HSA (link).


4. Purpose and legal basis for processing

In accordance with Art. 2(6) of the BayHSchG [Bavarian Higher Education Act], Art. 4(1) sentences 1 and 2 of the BayEGovG [Bavarian E-Government Act] in conjunction with Art. 4(1) of the BayDSG [Bavarian Data Protection Act], and Art. 6(1)(1)(e) of the EU GDPR, our websites are where we offer our services, administrative support and information about our activity to the public.

We disclose any content and contributions that violate rights of third parties, constitute a criminal offence or misdemeanour or do not comply with the legal or contractual code of conduct by reporting them to the competent authority and by blocking or deleting them.

We use cookies and log files to test and maintain our web service and to guarantee network and information security as per Art. 6(1) of the BayDSG [Bavarian Data Protection Act], section 13(7) of the TMG and Art. 11(1) of the BayEGovG [Bavarian E-Government Act]. If the purpose for processing is not compromised, we will anonymise or pseudonymise personal data.


5. Data categories

Administration and data redaction

For administration and data redaction purposes, function identifiers and personal identifiers with access protection mechanisms are created and changes that have been undertaken with these identifiers logged.

Log files

The web server of the Institute of Biomass Research is operated by LRZ, Boltzmannstraße 1, 85748 Garching b. München, Germany. The personal data processed there is subject to the applicable data protection regulations.

If you access this website or other websites, you transfer data to our web server via your web browser. Whenever you access a website, the following data are recorded so that there can be communication between your web browser and our web server. Depending on the access log used, the log data record will contain information with the following content:

  • the IP address of the requesting computer
  • date and time of the request
  • the access method/function requested by the requesting computer
  • the input values transmitted by the requesting computer (file name, etc.)
  • access status of the web server (file transferred, file not found, command not executed etc.)
  • name of the requested file
  • type and version of the web client and operating system
  • URL from which the file was requested/the desired function was requested

Data is processed in the log file as follows:

  • The log entries are automatically evaluated on a continuous basis so that any attacks on the web server can be identified and appropriate action can be taken.
  • Manual analyses are carried out on a case-by-case basis, for example when faults, errors and security incidents are reported.
  • Log entries are anonymised by abbreviating the IP address.
  • We do not track users in any way.


This website uses cookies. We use cookies to make our website more user-friendly. Some elements of our website require the requesting browser to be identified even after a page change. These functionalities can be deactivated in the browser settings by each individual user.


Details concerning cookies

Name of the cookie
Stored data Duration Description
wordpress_test_cookie the text “WP Cookie Check” Session cookie, deleted when you close your web browser. WordPress sets this cookie when you navigate to the homepage. The cookie checks whether your web browser allows or rejects cookies.
viewed_cookie_policy the text “yes” oder “no” Persistent cookie, valid for one year. WordPress uses this cookie to identify the user’s cookie settings.
wordpress_xxxxx Login authentication in an encrypted form Session cookie, deleted when you close your web browser. WordPress uses these cookies to store authentication details. Use is restricted to the administration console.
wordpress_logged_in_xxxxx Login details in an encrypted form Session cookie, deleted when you close your web browser. WordPress uses these cookies to show whether you are logged in and who you are.
wp-settings-xxxxx, wp-settings-time-xxxxx Text that stores your preferred settings Persistent cookie, valid for one year. WordPress uses these cookies to customise the administration interface and possibly also the homepage depending on your settings.



If you write to us with a concern or opinion by email, post, telephone or fax, the information given is processed for the purposes of processing the concern, for possible follow-up questions and for exchanging opinions.


6. Registration on our website

You have the option of registering on the website for certain additional services, indicating personal data. Which personal data is transmitted to us is determined by the respective input mask used for the registration. The personal data you enter is processed solely for our own internal use.

Registration is voluntary and enables us to offer content or services that may only be offered to registered users due to the nature of the matter in question.


7. Events

As part of our events, we process the data required for registration and organisational purposes in accordance with Art. 6(1)(e) of the GDPR.

We delete data in accordance with legal data retention periods: business correspondence is deleted after six years and invoicing documents are deleted after ten years, unless the participants’ data is required for a longer period so that copies or certificates of participation can be issued.


8. Photos and video footage

As part of our press and PR work, we take photos and record videos at events and meetings and publish them on our website. The basis for this is Art. 6(1)(e) in conjunction with Art. 4 of the BayDSG [Bavarian Data Protection Act].


9. Transfer of personal data to a third country or international organisations

This does not take place.


10. Deletion of personal data and restriction of personal data processing

We process the data subject’s personal data only for the period of time required to achieve the purpose for which the data is processed or only if we are required to process data on account of legislation or regulations that are passed by European Union legislators and regulators or other legislators or regulations to which we are subject. Should there no longer be any reason to process the data or if a retention period prescribed by a European Union directive or regulation or by another relevant legislator expires, the personal data will be restricted from processing or deleted routinely and in accordance with statutory regulations. This does not affect archive rights.


11. Rights of the data subject

You have the following rights according to the General Data Protection Regulation:

  • You can request access to information on whether or not we are processing your personal data. If we are, you have the right to obtain access to the personal data and further information concerning the processing of this data (Art. 15 of the GDPR). Please note that this right of access may be restricted or excluded in certain cases (see Art. 10 of the BayDSG [Bavarian Data Protection Act] in particular).
  • If personal data concerning you is not (or no longer) applicable or is incomplete, you can request the rectification and, if applicable, completion of the data (Art. 16 of the GDPR).
  • If the legal requirements are met, you can request the erasure of your personal data (Art. 17 of the GDPR) or the restriction of processing of your data (Art. 18 of the GDPR). However, the right to erasure under Art. 17(1) and (2) of the GDPR does not apply if (among other reasons) personal data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 17(3)(b) of the GDPR).
  • If you have given your consent to data processing or if a contract exists pertaining to data processing and if such data processing is carried out via automated processes, you have a right to data portability where this is applicable (Art. 20 of the GDPR).
  • You also have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data concerning you (Art. 21 of the GDPR). After you object, we will stop processing your personal data provided the legal requirements are met.

Should you exercise your above-mentioned rights, the public body will review whether statutory requirements are met.

You also have the right to complain to a supervisory authority, within the meaning of Art. 51 of the GDPR, about the processing of your personal data. The supervisory authority responsible for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 München, Germany.


12. Other information relevant to the privacy notice

We reserve the right to update this Privacy Notice from time to time so that it is always in compliance with current legal requirements, or to implement changes to our services in the privacy notice, e.g. when new services are introduced. The new privacy notice shall then apply when you next visit the website.