Here you can find all information on data protection at Nuremberg University of Music:
Data Protection Declaration |
|
This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided. |
|
For more information on the processing of your data, please use the contact details given below. |
|
|
|
Contact details of the controller |
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the: |
|
University of Music Nuremberg |
Veilhofstraße 34 |
90489 Nuremberg |
Telephone: +49 (0)911 21522-102 |
Telefax: +49 (0)911 21522-104 |
Email: info@hfm-nuernberg.de |
|
The University of Music Nuremberg is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Rainer Kotzian. |
|
Contact details of the Data Protection Officer |
Data Protection Officer of the University of Music Nuremberg |
Mr Falk Hartwig |
University of Music Nuremberg |
Veilhofstraße 34 |
90489 Nürnberg |
Telephone: +49 (0) 911 215 22-180 |
Email: falk.hartwig@hfm-nuernberg.de |
|
Purpose of and legal basis for the processing of personal data |
The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information. |
The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities. |
Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR. |
|
Recipients of personal data |
Technical operation of our data processing systems is conducted by |
|
University of Music Nuremberg |
Central IT |
Kesslerplatz 12 |
90489 Nürnberg |
Telephone: +49 911 5880 4848 |
Email: rz-hotline(x)th-nuernberg.de |
|
|
Storage period for personal data |
Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements. |
|
|
|
General regulations |
Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data: |
|
|
|
|
|
Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy. |
|
Right of revocation |
Insofar as processing is based on consent, you have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. |
|
Right to object |
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data. |
|
|
|
Technical implementation |
Our web server is operated by IT centre of the Nuremberg Institute of Technology (in the following: RZ). The personal data transmitted by you when you visit our website is therefore processed by |
|
University of Music Nuremberg |
Central IT |
Kesslerplatz 12 |
90489 nuremberg |
Telephone: +49 911 5880 4848 |
Email: rz-hotline(x)th-nuernberg.de |
|
on our behalf. |
|
Creation of log files |
By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server: |
|
|
|
|
|
|
The data in this log file is processed as follows: |
|
The IP addresses contained in the log files are not combined with other data, so that the RZ cannot draw conclusions about individual users. |
|
After the end of the connection, data is anonymised by shortening the IP address at domain level so that it is no longer possible to connect the data to individual users. |
|
SSL encryption |
We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred. |
|
Active Components |
We use no active components such as JavaScript, Java-Applets or Active-X-Controls. |
|
Cookies |
We do not set or use cookies. |
|
|
|
Social Media |
On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience. |
|
We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it. |
|
The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (6) of the Bavarian Higher Education Act (BayHSchG), article 3 of the BayHschG, article 4 (1) sentences 1 and 2 of the BayEGovG, section 5 (1) point 2) of the German Broadcast Media Act (TMG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR. |
|
Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations. |
|
If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations. |
|
Additional data protection information on the service providers or services |
Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers. |
|
You can limit the scope of data processing to some extent by adjusting your browser setting or installing browser add-ons. Useful information about this is available at https://www.privacy-handbuch.de/handbuch_21.htm (available only in German). The providers also offer individual settings to regulate advertising and tracking, for example. This may only be possible if you have an account with the respective provider. We have listed important information sources as well as terms of use for the most important ones here. |
|
|
Facebook (including Instagram) |
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Facebook, Inc. 1601 Willow Road Menlo Park, California 94025, USA |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Google YouTube |
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
|
|
|
|
|
|
|
Events |
For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations. |
|
|
We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website. |
|
Do you have any questions? |
If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly: |
|
Data Protection Officer of the University of Music Nuremberg |
Mr Falk Hartwig |
University of Music Nuremberg |
Veilhofstraße 34 |
90489 Nürnberg |
Telephone: +49 (0) 911 215 22-180 |
Email: falk.hartwig@hfm-nuernberg.de |
Information on data protection for use of video conferencing systems | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
This privacy information refers to the processing of personal data in the context of the provision and use of video conferencing systems as a collaboration and communication solution. | |||||||||||||||||||||||||
Since 1 December 2021, meeting and webinar solutions provided by external video conferencing providers are so-called telecommunications services within the meaning of the Telekommunikation-Telemedien-Datenschutz-Gesetz (Telecommunications Telemedia Data Protection Act - TTDSG) and are therefore subject to telecommunications secrecy pursuant to § 3 TTDSG. | |||||||||||||||||||||||||
Note: If you join using the “Zoom” website or the website of another provider we use, the provider is responsible for the data processing. | |||||||||||||||||||||||||
A visit to the website may be necessary for the use of the respective video conferencing system in order to download the software (app). | |||||||||||||||||||||||||
However, the respective tool can also be used without the application by clicking on the respective invitation and, if necessary, entering further access data for the respective online lesson directly in the browser version of the tool. The basic functions of the respective tool can be used via the browser version, which can be found on the website of the respective tool. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
University of Music Nuremberg | |||||||||||||||||||||||||
Veilhofstraße 34 | |||||||||||||||||||||||||
90489 Nürnberg | |||||||||||||||||||||||||
Telephone: +49 (0)911/21522-102 | |||||||||||||||||||||||||
Telefax: +49 (0)911/21522-104 | |||||||||||||||||||||||||
Email: info(a)hfm-nuernberg.de | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
The University of Music Nuremberg is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Rainer Kotzian. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
You can contact our official Data Protection Officer at: | |||||||||||||||||||||||||
Data Protection Officer of the University of Music Nuremberg | |||||||||||||||||||||||||
Mr Falk Hartwig | |||||||||||||||||||||||||
Hofstallstr. 6–8 | |||||||||||||||||||||||||
97070 Würzburg | |||||||||||||||||||||||||
Telephone: +49 (0) 911 215 22-180 | |||||||||||||||||||||||||
Email: falk.hartwig(a)hfm-nuernberg.de | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Personal data is processed exclusively for the provision and use of the video conferencing systems as an aid for teaching, research and administration, including statistical evaluation. The purpose of the data processing is the use for cooperation within the scope of the official activities at the university for the fulfilment of the university tasks according to article 2 of the BayHSchG. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
This covers the use of licensed products and services, the provision of updates, the guarantee of information security as well as technical and customer-related support in the following scenarios: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
doozzoo: | |||||||||||||||||||||||||
For seminars, lectures, events, etc. with the need for music-specific additional functions. Not suitable for confidential meetings/conversations and exchange of sensitive data. This offer is a contractually bound service of a commercial provider (https://doozzoo.com/de/datenschutz/). | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Jitsi Meet: | |||||||||||||||||||||||||
For ad hoc video conferences in smaller groups for the purpose of general agreements. Limited suitability for video conferences of a confidential nature, e.g. committee meetings, internal consultations, examinations, defence. Data processing takes place exclusively on servers of the university. The organiser can protect the video conference with a password. If this is done, conferences with a confidential character are also possible. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Microsoft Teams | |||||||||||||||||||||||||
For seminars, lectures, events, etc. with a focus on presentation or discussion via audio/video. Not suitable for confidential meetings/conversations and exchange of sensitive data. Microsoft Teams is a service of Microsoft Corporation (https://www.microsoft.com/de-DE/microsoft-365/microsoft-teams/group-chat-software). | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: | |||||||||||||||||||||||||
For seminars, lectures, events, etc. with a focus on presentation or discussion via audio/video. Suitable for video conferences of a confidential nature such as committee meetings, internal consultations, examinations, defences, provided the conference is protected via end-to-end encryption. This offer is a contracted service of the telecommunications provider Zoom Video Communications Inc. For further information on the processing of personal data by the provider itself, please refer to Zoom's privacy policy: https://zoom.us/privacy In principle, it is possible for all communication participants using Zoom to communicate with you. Support is provided by Zoom under its own responsibility. Please avoid disclosing personal data unless necessary for the resolution of the problem. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Data processing for purposes other than those specified or permitted by law (e.g., for internal security system checks and to ensure internal network and information security in accordance with article 6 (1) of the Bavarian Data Protection Act (BayDSG)) does not take place. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Any use for private purposes within the scope of the licenses provided is excluded. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
There will be no performance or behavioural monitoring based on your use. Use for the creation of personal statistics is not permitted. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Automated decision-making or profiling in the legal sense does not take place. You cannot use the application without providing your personal data. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Legal basis: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Depending on the type and scope of use of the video conferencing systems, the following personal data may be processed. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
doozzoo: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Jitsi Meet: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Microsoft Teams: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
doozzoo: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Jitsi Meet: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Microsoft Teams | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
doozzoo: | |||||||||||||||||||||||||
Personal data processed in connection with the use of doozzoo will in principle not be disclosed to third parties unless it is specifically intended to be disclosed. | |||||||||||||||||||||||||
The video conferencing provider doozzoo as well as any subcontractors necessarily receive knowledge of the processed data insofar as this is required or provided for in the context of the order processing contract or any contractual relationships with subcontractors. | |||||||||||||||||||||||||
For details, please refer to the following overview. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Jitsi Meet: | |||||||||||||||||||||||||
Unless otherwise stipulated by law, no data is transferred to third parties. This may become necessary in the context of hardware and software maintenance. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Microsoft Teams | |||||||||||||||||||||||||
Personal data processed in connection with the use of Microsoft Teams will not be disclosed to third parties unless it is intended for disclosure. | |||||||||||||||||||||||||
The video conferencing provider Microsoft Teams as well as any subcontractors necessarily receive knowledge of the processed data insofar as this is required or provided for within the framework of the order processing contract or any contractual relationships with subcontractors. | |||||||||||||||||||||||||
For details, please refer to the following overview. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: | |||||||||||||||||||||||||
Personal data processed in connection with the use of Zoom will generally not be disclosed to third parties unless it is specifically intended for disclosure. | |||||||||||||||||||||||||
The video conferencing provider Zoom as well as any subcontractors necessarily obtain knowledge of the processed data to the extent that this is required or provided for in the context of the order processing agreement or any contractual relationships with subcontractors. | |||||||||||||||||||||||||
For details, please refer to the following overview. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
doozzoo: | |||||||||||||||||||||||||
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have limited our storage location to data centres in the European Union (currently: Frankfurt and Amsterdam). However, we cannot exclude the possibility that data is routed via internet servers located outside the EU. This may be the case in particular if participants in video conferences are located in a third country. However, the data is encrypted during transport over the internet and thus protected against unauthorised access by third parties. For more information, please refer to the following links of the provider and its sub-processors: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Jitsi Meet: | |||||||||||||||||||||||||
Unless otherwise stipulated by law, no data is transferred to a third country. This may become necessary in the context of hardware and software maintenance. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Microsoft Teams: | |||||||||||||||||||||||||
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot exclude the possibility that data is routed via internet servers located outside the EU. This can be the case in particular if participants in video conferences are in a third country. However, the data is encrypted during transport via the internet and thus protected against unauthorised access by third parties. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: | |||||||||||||||||||||||||
We use a software solution from the provider Zoom, headquartered in San Jose, California/USA, for the provision and execution of video conferences. Thus, data processing takes place in a third country. An adequate level of data protection is guaranteed by the conclusion of so-called EU standard data protection clauses, which Zoom has concluded with the subcontractors (see article 46 of the GDPR). | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
We will delete your data pursuant to article 17 (1) point a of the GDPR if we no longer need it for the purposes for which it was collected or otherwise processed. In the event that your data is processed on the basis of a declaration of consent or if you have submitted a justified objection to processing, we will delete your data immediately. Something else applies in the event that we are obligated to retain the data due to legal retention obligations or if the data is transferred to the state archives (Landesarchiv). | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Zoom: Time limits for the deletion of the different categories of data
|
| ||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Pursuant to articles 15 et seq. of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data: | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
Insofar as processing is based on consent, you have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). | |||||||||||||||||||||||||
If the legal requirements are met, we will then not further process your personal data. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
If you choose to exercise the rights stated above, the public office will check whether the legal requirements for doing so have been met. | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| |||||||||||||||||||||||||
We reserve the right to change this data protection declaration to accommodate changes to legislation or changes in the services we provide (e.g., if we introduce new services). | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
If you have any further questions, please feel free to contact the Data Protection Officer. |