Skip to main content

Data protection

  • Data Protection Declaration

    This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.

    For more information on the processing of your data, please use the contact details given below.

    A. General information

    Contact details of the controller

    The controller, i. e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:

    University of Music Nuremberg

    Veilhofstraße 34

    90489 Nürnberg

    Telephone: +49 (0)911 21522-102

    Telefax: +49 (0)911 21522-104

    Email: info(at)hfm-nuernberg.de

    The University of Music Nuremberg is an organisation under public law and a state institution (article 4 (1) of the Bavarian Higher Education Innovation Act (BayHG). It is represented by the president, Prof. Rainer Kotzian.

    Contact details of the Data Protection Officer

    Data Protection Officer of the University of Music Nuremberg

    Mr Falk Hartwig

    University of Music Nuremberg

    Veilhofstraße 34

    90489 Nürnberg

    Telephone: +49 (0) 911 215 22-180

    Email: datenschutz(a)hfm-nuernberg.de

    Purpose of and legal basis for the processing of personal data

    The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.

    The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.

    Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.

    Recipients of personal data

    Technical operation of our data processing systems is conducted by

    Nuremberg Institute of Technology

    Central IT

    Kesslerplatz 12

    90489 Nürnberg

    Telephone: +49 911 5880 4848

    Email: rz-hotline(at)th-nuernberg.de

    Storage period for personal data

    Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.

    B. Rights of the data subject

    General regulations

    Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:

    • You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
    • If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
    • If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply, however, if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
    • If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
    • If there is an international transfer of personal data without the basis of an adequacy decision of the EU Commission, you have the right to obtain a copy of the contractual safeguards from us upon request.
    • You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is:

    Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München.

    In addition to the right of appeal, you can also seek a judicial remedy.

    Right of revocation

    Insofar as processing is based on consent, you have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

    Right to object

    You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.

    C. Information about the website

    Technical implementation

    Our web server is operated by the Central IT of the Nuremberg Institute of Technology (in the following: RZ). The personal data transmitted by you when you visit our website is therefore processed by

    Nuremberg Institute of Technology

    Central IT

    Kesslerplatz 12

    90489 Nürnberg

    Telephone: +49 911 5880 4848

    Email: rz-hotline(at)th-nuernberg.de

    on our behalf.

    Creation of log files

    By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:

    • IP address of the requesting computer
    • Date and time of access
    • Name and URL of the accessed file and data volume transmitted
    • Access status (file transmitted, not found etc.)
    • Identifying data of browser and operating system used (if transmitted by the browser accessing the site)
    • The website from which our website is accessed (if transmitted by the browser accessing the site)

    The data in this log file is processed as follows:

    • In some instances, for example if an error or security breach is reported, a manual analysis is performed.

    The IP addresses contained in the log files are not combined with other data, so that the RZ cannot draw conclusions about individual users.

    After the end of the connection, data is anonymised by shortening the IP address at domain level so that it is no longer possible to connect the data to individual users.

    SSL encryption

    We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.

    Active Components

    We use no active components such as JavaScript, Java-Applets or Active-X-Controls.

    Cookies

    Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic sequence of characters that enables the browser to be uniquely identified when the website is called up again.

    We use cookies to make our website functional. Some elements of our website require that the calling browser can be identified even after a page change.

    The following technically necessary cookies are used:

    Cookie name Purpose Expiration
    cookie_optin This cookie is used to store your cookie settings for this website. 1 year
    fe-typo-user This cookie is a standard session cookie. It stores the login for the closed area when the user logs in. session

    We also use functional cookies on our website. With these cookies, the website is able to provide enhanced functionality and personalization. They may be set by us or by third-party vendors whose services we use on our sites. If you do not allow these cookies, some or all of these services may not function properly.

    The following functional cookies are used:

    Cookie name Purpose Expiration
    uslk_umm_121983_s

    This website uses the Userlike messaging software to enable real-time communication via live chat.

    		 1 year

    Analysis of user behaviour (web tracking systems; audience reach measurement)

    For the purpose of optimising our website based on user needs we use the web analysis tool Matomo to analyse user behaviour on the site. Matomo (formerly Piwik) is an open source software application that creates statistical analyses of user access. Matomo software is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zeeland.

    We have generally deactivated the use of tracking cookies so that no tracking cookies are stored on the user's end device. Remaining Matomo cookies are automatically deleted the next time the website is accessed.

    The user data collected in the context of the use of Matomo is only processed by us and is not shared with third parties.

    D. Information on specific instances of data processing

    Social Media

    On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience.

    We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it.

    The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (2) sentences 4 and 5, article 12 of the Bavarian Higher Education Innovation Act (BayHIG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR.

    Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations.

    If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations.

    Additional data protection information on the service providers or services

    Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers.

    You can limit the scope of data processing to some extent by adjusting your browser setting or installing browser add-ons. Useful information about this is available at https://www.privacy-handbuch.de/handbuch_21.htm (available only in German). The providers also offer individual settings to regulate advertising and tracking, for example. This may only be possible if you have an account with the respective provider. We have listed important information sources as well as terms of use for the most important ones here.

    Facebook (including Instagram)

    Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

    X (earlier Twitter)

    Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

    Google YouTube

    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    Collection of further data

    If you enter personal or business data (e-mail addresses, names, addresses, etc.) on our website, this data will be used exclusively for sending the requested information or for the purposes stated in the form. Your data is encrypted during transport using software (SSL) and is protected from being read by third parties. The use of the services offered there is on a voluntary basis.

    Newsletter

    You can subscribe to our newsletter. Your email address is stored for the purpose of sending the newsletter and processed only for the purpose of sending the newsletter. The newsletter is sent on the basis of your consent.

    Your address and your order are sent to the distribution company, Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris for the purpose of processing your order. More information on Mailjet is available here:

    Double-opt-in procedure: The subscription to our newsletter always uses a so-called double-opt-in procedure: This means that you receive an email upon registration; this message asks you to confirm your registration. This confirmation is necessary to prevent people from registering with other people's email addresses. Registrations for the newsletter are logged so that the registration process can be documented in accordance with legal requirements.

    Possibility to object (opt out): You may cancel your subscription to our newsletter, i.e. revoke your consent or object to further receipt, at any time. A link for cancelling the subscription is provided at the end of each newsletter, or you can use any of the above-mentioned ways to contact us, preferably email.

    Contact form

    The data you enter is stored for the purpose of communicating with you individually. To do this we need a valid email address. This serves the purpose of assigning and subsequently answering your enquiry. Any further information is optional.

    Captcha

    To ensure network and information security and as protection against (spam)bot attacks, a captcha is used during registration. This function is used to distinguish whether an entry is made by a natural person or by misuse through machine and automated processing (bot).

    We use the anti-spam system hCaptcha on this website. The provider is Intuition Machines Inc, 2211 Selig Dr, Los Angeles, CA 90026, United States (hereinafter "IM").

    The purpose of hCaptcha is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyses the behavior of the website visitor based on various characteristics. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). hCaptcha also processes data from you in the USA, among other places.

    Data processing is governed by the Standard Contractual Clauses (SCC) contained in the Data Processing Addendum to IMI's Terms and Conditions or Data Processing Agreements.

    For more information about hCaptcha, please see the Privacy Policy and Terms of Use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

    We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing.

    The legal basis for the processing of your personal data from the contact form is your consent pursuant to article 6 (1) point a) of the GDPR; for the security function Captcha this is your consent according to § 25 (1) of the Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG). If you use the captcha by entering the displayed text, you consent to the use of this security application. If you do not use the captcha, you cannot continue the registration process and must contact us by other means (e.g., by mail). A revocation of consent, which is possible at any time, is only effective for the future.

    The purpose of data processing is, with regard to the contact form, to respond to your inquiry and, with regard to the captcha, to implement the legal obligation to ensure appropriate security according to the state of the art (article 32 in conjunction with article 5 (1) point f) and (2) of the GDPR) by implementing security functions. We would like to point out that messages that you send to us by email via our pages www.hmtm.de are forwarded to us unencrypted. Please note that under certain circumstances these messages can be read or even falsified by third parties during transport through the worldwide Internet. For confidential messages, we therefore recommend that you use the postal service.

    The data is stored for as long as is necessary for the fulfilment of the task, for documentation obligations or due to legal retention periods.

    Live Chat

    For our website we use the messaging and chat software Uselike of the company Userlike UG, Probsteigasse 44-46, 50670 Cologne.

    Userlike does have a German headquarters and stores data encrypted in Germany. In addition, Userlike also uses Amazon Web Services (AWS), among others a web server, for technical data delivery. In this process, your IP address is stored and processing of your data also occurs in the USA, among other places. The data processing is based on the corresponding standard contractual clauses (SCC).

    We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing.

    You can use the chat like a contact form to chat with our colleagues in near real time. When you start the chat, the following personal data is collected:

    • date and time of the chat call,
    • browser type/version,
    • IP address,
    • operating system used,
    • URL of the previously visited website,
    • amount of data sent.
    • And if specified: First name, surname, and e-mail address.

    Depending on the course of the conversation with our colleagues, further personal data may arise in the chat, which are entered by you. The nature of this data depends largely on your request or the problem that you describe to us.

    The purpose of processing all this data is to provide you with a fast and efficient way to contact us and thus improve our service.

    By accessing the website, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that runs on your computer and enables the chat.

    The data processing is based on your consent pursuant to article 6 (1) point a) of the GDPR. You can revoke your consent at any time. To do so, please follow this link: www.userlike.com/de/terms

    Registration on this website/use of our portal

    You can register on this website to use our classified ads portal. If you wish to use our portal, you must register by entering your first and last name, your e-mail address and a password of your choice. We use the data you enter for this purpose of using the service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

    For this service, we use the so-called double-opt-in procedure, i. e. you will receive an e-mail in which you must confirm that you are the owner of the specified e-mail address and wish to receive the notifications. Your provided data will be stored by us until you delete your user account.

    The legal basis for the processing of the data is article 6 (1) point a) of the GDPR if the user has given his consent. The processing of your registration data (personal information) is carried out for the purpose of enabling access to the portal and the services contained therein and serves to establish a free user relationship. The processing of the data entered during registration is carried out for the purpose of implementing the user relationship established by the registration (article 6 (1) point b) of the GDPR).

    Ads in our classifieds portal can be read without the need for a login. However, only the text of your classified ad (type and category of display, title and description) is accessible to the other participants of the website.

    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected during the registration process, when the registration on our website is cancelled or modified. As a user, you have the option to cancel the registration at any time. You can manage and change all details in the protected login area.

    Classified ads are automatically deleted eight weeks after activation, unless activation is extended.

    Expired classified ads can be reactivated within one year. They remain visible to users in the protected log-in area. If the ads are not renewed within this period, the ad data will be irrevocably deleted.

    Cookie consent with sgalinski Cookie opt-in

    On the website of the study service as part of a consent management (“cookie banner”), we offer the possibility to decide according to your specifications the setting of cookies in the area of our offer.

    Our website uses the sgalinski cookie opt-in technology of Stefan Galinski Internet services to obtain and document your consent to the storage of certain cookies on your device.

    Provider of this technology is:
    sgalinski Internet Services
    Propietor: Stefan Galinski
    Bahnhofstr. Gernrode 52
    37339 Gernrod
    Website: https://www.sgalinski.de/

    When you enter our website, a connection to our server will be established in order to obtain your consent and other statements about the use of cookies.

    Subsequently, sgalinski Cookie Opt-In stores a cookie in your browser in order to be able to assign the consent you have shared or their revocation. The data collected in this way is stored until you ask us to delete the sgalinski cookie opt-in cookie itself or the purpose for the data storage is omitted. Mandatory statutory retention obligations remain unaffected.

    The use of sgalinski cookie opt-in takes place in order to obtain the legally required consents for the use of cookies. The legal basis for this is article 6 (1) point c) of the GDPR.

    Events

    For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.

    E. Amendments to our data protection declaration

    We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e. g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.

    Do you have any questions?

    If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly:

    Data Protection Officer of the University of Music Nuremberg

    Mr Falk Hartwig

    University of Music Nuremberg

    Veilhofstraße 34

    90489 Nürnberg

    Telephone: +49 (0) 911 215 22-180

    Email: falk.hartwig(at)hfm-nuernberg.de

  • In accordance with Article 13 of the General Data Protection Regulation (DSGVO), we would like to inform you in the following which data we collect during the personnel selection process and how this data is further processed. For further information on the storage of data when visiting our websites, in particular with regard to technical usage data, please refer to our general data protection declaration (https://www.hfm-nuernberg.de/datenschutz).

    1. Contact details of the controller

    The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:

    University of Music Nuremberg

    Veilhofstraße 34

    90489 Nürnberg

    Telephone: +49 (0)911/21522-102

    Telefax: +49 (0)911/21522-104

    Email: info(a)hfm-nuernberg.de

    The University of Music Nuremberg is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Professor Rainer Kotzian.

    2. Contact details of the Data Protection Officer

    You can contact our official Data Protection Officer at:

    Data Protection Officer of the University of Music Nuremberg

    Mr Falk Hartwig

    University of Music Nuremberg

    Veilhofstraße 34

    90489 Nürnberg

    Telephone: +49 (0) 911 215 22-180

    Email: datenschutz(a)hfm-nuernberg.de

    3. Purpose of and legal basis for the processing of personal data

    The processing of your application data serves the purpose of deciding on the establishment of an employment relationship, or the decision on appointment as teaching personnel.

    Applicant management software is used to support this, but decisions are not based exclusively on automated principles. First of all, we save the data provided to us. On the basis of this information, we check whether an invitation to a preliminary interview can be considered as part of the selection process. If you are basically suitable, we will collect further personal data that is important for the selection decision. If you are considered for employment, we will inform you about this additional information to be collected.

    Legal basis

    Your personal data is processed on the following legal bases:

    The legal basis for the processing of personal data in the context of pre-contractual measures for an employment contract sought with the application is article 6 (1) point b of the GDPR.

    The legal basis for the processing of personal data in the context of the recruitment to the preparatory service sought with the application is article 6 (1) point e, (2), (3) of the GDPR in conjunction with article 103 of the Bayerisches Beamtengesetz (Bavarian Civil Service Act - BayBG) in combination with article 103 of the BayBG in combination with. Art. 26 Leistungslaufbahngesetz (Performance Career Act - LlbG).

    The legal basis for the processing of personal data in the context of the appointment as professor sought with the application is article 6 (1) point e, (2), (3) GDPR in combination with article 103 BayBG in combination with article 26 LlbG in combination with article 18 Bayerisches Hochschulpersonalgesetz (Bavarian Higher Education Personnel Act - BayHSchPG).

    If you provide us with special categories of personal data in the application process, we process them on the legal basis of article 103 (1) 1 no. 2 BayBG and article 9 (2) point b and h GDPR in combination with article 88 (1) GDPR in combination with article 8 (1) sentence 1 no. 2 and 3 Bayerisches Datenschutzgesetz (Bavarian Data Protection Act - BayDSG).

    There is no legal obligation to provide the data. However, if certain data marked accordingly are not provided, the corresponding application cannot be considered.

    4. Categories of personal data

    For the personnel selection process, the following personal data is collected:

    • First name and surname
    • Name, date and place of birth
    • Nationality
    • Contact details (home address, telephone number, e-mail address – if provided voluntarily
    • Information on family situation (marital status, spouse, children)
    • Photo
    • Education and work experience including qualifications and references, off-the-job training and further education, university studies

    Other information to be collected in the course of the selection process (see point 3)

    5. Recipients of personal data

    Your data will be shared with the following departments to the extent necessary to carry out the personnel selection procedure

    • Internal administrative departments or persons, insofar as they are to be involved in the recruitment process
    • Staff representatives (Staff Council), insofar as corresponding participation rights exist
    • Company involved in the application of the application management software:  BITE GmbH, Magirus-Deutz-Str. 16, 89077 Ulm, Telephone: 0731/14 11 50-0, email: info@b-ite.de
    • State Office for the Protection of the Constitution (Landesamt für Verfassungsschutz), insofar as required within the framework of the examination of loyalty to the Constitution in the public service

    In connection with the appointment as teaching personnel, your personal data will be passed on to the following further external bodies, insofar as the passing on of the data is necessary in each case:

    • Bavarian State Higher Education Fund (Staatsoberkasse Bayern) as the body responsible for the payment of remuneration.
    • Bavarian State Ministry of Science and the Arts and the Bavarian State Ministry of Finance, Regional Development and Home Affairs in the context of technical and legal supervision
    • Auditing offices and the Bavarian Supreme Audit Office in accordance with the requirements of the auditing authorities within the framework of statutory auditing
    • Financial authorities for notification in accordance with the Ordinance on Notifications to the Financial Authorities by Other Authorities and Public Broadcasters
    • Artists' Social Insurance Fund

    If necessary, your data will be transmitted to the relevant supervisory and auditing authorities for the exercise of the respective control rights.

    In the event of electronic transmission, data may be forwarded to the State Office for Information Security in order to prevent threats to information technology security and processed there on the basis of article 12 et seq. of the Bayerisches E-Government-Gesetz (Bavarian E-Government Act - BayEGovG).

    6. Transferring Personal Data to a non-EU Country

    We do not plan to transfer your personal data to a non-EU country.

    7. Storage period for personal data

    We store your personal data obtained in the course of the personnel selection process for at least six months.

    In the event of an unsuccessful application or its withdrawal, we will also destroy or delete the data you have submitted after three months following rejection. The retention or storage of the data within the aforementioned periods is necessary in the event of any legal action (e.g. claims in accordance with the Allgemeinen Gleichbehandlungsgesetz (General Equal Treatment Act - AGG)).

    If you are hired, you will be informed separately about the regulations that apply to the handling of your personal data. Personal data from your application will be included in the personnel file if they have a direct internal connection with the employment relationship after it has been established. The legal basis for this processing is paragraph 3 (6) of the Tarifvertrag für den Öffentlichen Dienst der Länder (Collective Agreement for the Public Service of the Länder - TV-L) or § 50 Beamtenstatusgesetz (Civil Servant Status Act – BeamtStG).

    8. Rights of the data subject

    Pursuant to articles 15 et seq. of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data: 

    • You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
    • If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
    • If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply in certain cases, however, such as if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
    • If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
    • You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy.
    • You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR).

    If you choose to exercise the rights stated above, the university will check whether the legal requirements for doing so have been met.

    If you demand erasure of your personal data, this will be considered as a withdrawal of the application.

    9. Amendments to our data protection declaration

    The university reserves the right to change this data protection declaration to accommodate changes to legislation or changes in the services we provide (e.g., if we introduce new services).

    If you have any further questions, please feel free to contact the Data Protection Officer.

    This privacy information refers to the processing of personal data in the context of the provision of data protection breach notifications at the university.

    1. Contact details of the controller

    The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:

    University of Music Nuremberg
    Veilhofstraße 34
    90489 Nuremberg

    Telephone: +49 (0)911 21522-102
    Telefax: +49 (0)911 21522-104

    Email: info@hfm-nuernberg.de

    The University of Music Nuremberg is an organisation under public law and a state institution. It is represented by the president, Professor Rainer Kotzian.

    2. Contact details of the Data Protection Officer

    You can contact our official Data Protection Officer at:

    Data Protection Officer of the University of Music Nuremberg

    University of Music Nuremberg
    Veilhofstraße 34
    90489 Nürnberg

    Telephone: +49 (0) 911 215 22-180
    Email: datenschutz@hfm-nuernberg.de

    3. Purpose of and legal basis for the processing of personal data

    When reporting data protection violations, personal data will be collected and processed for the following purposes:

    •            For internal processing and documentation purposes, the personal data provided by the notifying person will be collected.

    •            If the personal data breach leads to a risk to the rights and freedom of natural persons, a notification is made to the Bavarian Data Protection Commissioner.

    Legal basis:

    The legal basis for data processing is and 6 (1) point c) articles 33, 34 of the GDPR in conjunction with article 4 (1) of the Bavarian Data Protection Act (Bayerisches Datenschutzgesetz - BayDSG).

    4. Categories of personal data

    For internal processing and documentation, personal data provided by the reporting person is collected. This includes:

    •            Information about the reporting person: surname, first name, contact details (e-mail address, telephone no., facility).

    •            Time and general description of the incident

    •            Information on measures taken

    •            Information on the categories of personal data and scope (number of persons involved and number of data sets affected).

    5. Categories of data subjects

    The personal data of the person reporting the incident and, if applicable, of the persons affected by the data protection incident are processed.

    6. Recipients of personal data

    Information on data breaches is sent by email to the email address datenschutzvorfall@hfm-nuernberg.de. It serves as a permanent, person-independent contact point for reports of data protection violations. The incoming e-mails are processed and evaluated by an incident team.

    Pursuant to article 33 (1) of the GDPR, the university is legally obliged to transmit the data recorded in the notification of a data protection breach to the Bavarian State Commissioner for Data Protection.

    In individual cases, data may also be transferred to third parties on the basis of legal permission, for example to law enforcement agencies for the purpose of investigating criminal offences within the framework of the provisions of the Code of Criminal Procedure (Strafprozessordnung - StPO).

    If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with article 28 of the GDPR.

    7. Transferring Personal Data to a non-EU Country

    Not planned at present.

    8. Storage period for personal data

    The legal basis for the retention is article 33 (5) of the GDPR in conjunction with section 195 of the German Civil Code (Bürgerliches Gesetzbuch - BGB); the data is retained for 3 years.

    9. Rights of the data subject

    Pursuant to articles 15 et seq. of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:

    •            You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).

    •            If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).

    •            If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply in certain cases, however, such as if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).

    •            You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy.

    If you choose to exercise the rights stated above, the public office will check whether the legal requirements for doing so have been met.

    10. Amendments to our data protection declaration

    We reserve the right to change this data protection declaration to accommodate changes to legislation or changes in the services we provide (e.g., if we introduce new services).

  • This data protection declaration informs you about the processing of personal data in the context of evaluations and surveys at the Nuremberg University of Music (e.g., Teaching evaluations, general studyability, graduate survey and other surveys and evaluations) in accordance with article 13 of the General Data Protection Regulation (GDPR).

    Surveys are conducted exclusively electronically using the EvaSyS software, which allows surveys to be created, published, and conducted using various survey media (online and/or paper-based) and survey modes (e.g., via online link or TAN procedure). The survey results are recorded on the servers of the university and can be evaluated and/or exported by the survey creators using internal functions.

    The results will be processed using analysis programs (e.g. EvaSys) for data analysis and presentation. The publication to be produced will include data in aggregated form, from which, however, no conclusions can be drawn about the individual participants.

    1. Contact details of the controller

    The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:

    Nuremberg University of Music
    Veilhofstraße 34
    90489 Nuremberg
    Telephone: +49 (0)911 21522-102
    Telefax: +49 (0)911 21522-104
    Email: info@hfm-nuernberg.de

    The Nuremberg University of Music is an organisation under public law and a state institution (article 4 (1) of the Bavarian Higher Education Innovation Act (BayHIG)). It is represented by the president, Prof. Rainer Kotzian.

    2. Contact details of the Data Protection Officer

    You can contact our official Data Protection Officer at:

    Data Protection Officer of the Nuremberg University of Music
    Mr Falk Hartwig
    Nuremberg University of Music
    Veilhofstraße 34
    90489 Nürnberg
    Email: datenschutz(a)hfm-nuernberg.de

    3. Purpose of and legal basis for the processing of personal data

    • The personal data are needed to ensure and improve the quality of studying and teaching at the university. The results of the analysis serve as a basis for the derivation of measures for the
    • Further development and improvement of the study organization and the study environment (e.g., evaluation of overall studyability),
    • Further development and improvement of the teaching performance/competence of the lecturers in the courses (course evaluation),
    • Improvement of study offerings and study conditions as well as the transition into the job market (e.g., graduate survey).
    • Improvement of the university's event offerings.

    The data collected in the system is processed for the following purposes in accordance with the respective legal basis (article 6 (1) of the GDPR).

    Teaching evaluation:

    The evaluation of teaching for the purpose of quality assurance of the work of the university is carried out within the framework of the fulfillment of the public task assigned to the university pursuant to article 6 (1) point e of the GDPR in conjunction with article 7 (3) of the Bavarian Higher Education Innovation Act (Bavarian Higher Education Innovation Act - BayHIG (evaluation of teaching) in conjunction with § 11 of the Quality Management Statutes (Qualitätsmanagementsatzung - QMS).

    Graduate survey, evaluation of general studyability:

    The evaluation of the study programs and study conditions as well as the transition to the labor market for the purpose of quality assurance is carried out within the framework of fulfilling the public task assigned to the university pursuant to article 6 (1) lit. e of the GDPR in conjunction with article 7 (2) of the BayHIG (quality assurance), article 76 (2) of the BayHIG (review of content and forms of study) in conjunction with §§ 12, 13 QMS.

    Other evaluations:

    The legal basis for the collection of personal data in the context of participation in an (online) survey is usually the consent of the data subjects pursuant to article 6 (1) point a) of the GDPR. In the case of evaluations in the areas of studies and teaching, the legal basis is the fulfillment of the public task assigned to the university pursuant to article 6 (1) point e GDPR in conjunction with article 7 (2) of the BayHIG (quality assurance), article 76 (2) of the BayHIG (review of content and forms of study) in conjunction with § 10 QMS.

    4. Categories of personal data

    In order to invite you to participate in a survey for the quality assurance of our work, e.g. in the form of evaluations in accordance with the BayHIG, we generally only process your name and your university e-mail address. If you are not a member of the university, e.g. because you have already successfully completed your studies at the university, we will use the communication data, usually your e-mail address, that you have provided to us.

    As a rule, no personal data is collected in the questionnaires themselves.

    In deviating cases, this is pointed out separately and the consent of the data subject is obtained separately.

    The following personal data is processed as part of surveys:

    • Log data of the participants: generated when participants use the web application (domain, IP address of users, requests, session ID, timestamp, status code)
    • Survey content: Ratings of people and services
    • Master data: For user accounts in the system, data transferred from the central administration of the university is stored (first and last name, title (e.g. Prof. or Dr.), e-mail address)
    • When conducting the student teaching evaluation, the salutation, title, first and last name, e-mail address and information of the courses to be evaluated are additionally processed by the teachers.
    • When conducting the graduate evaluation, information on socio-demographics, information on the study situation, information on the course of studies, information on the acquisition of competencies and information on the transition to the professional world/the professional situation is also processed from the graduates.

    5. Recipients of personal data

    Only authorized persons who are directly involved in the evaluation and survey process have access rights to evaluation data.

    We share the data within the university as follows:

    • Teaching evaluation: Teachers, students, as well as deans of studies & university management receive the summarized student evaluations (evaluation data) per course from the (central) survey tool. Within the university, the personal data are disclosed to the respective body of the university, the students and the university management according to article 7 (3) 3, article 76 (2) 2 no. 2 of the BayHIG.
    • Graduate survey: An anonymous report of the results is sent to the university management, the deans of studies, the study commissions and the student representatives.
    • Evaluation of study conditions: The anonymized (partial) results reports are sent to the university management, the deans of studies, the study commissions and, if applicable, the subject groups and the student representatives. The overall results are also made available to all students enrolled at the university (see article 7 (3) sentence 3 of the BayHIG).
    • Other evaluations: The persons conducting and participating the events receive the summarized evaluations.

    6. Transferring Personal Data to a non-EU Country

    In principle, data processed in the system will not be transferred to countries outside the European Economic Area and associated countries. If this should be necessary, separate information will be provided.

    7. Storage period for personal data

    We store your personal data only for as long as is necessary to fulfil our legal duties.

    • Protocol data of the participants: Storage for a maximum of 7 days.
    • Survey content: The data generated by the responses in the questionnaire are anonymized promptly if necessary and stored in the system on the university's internal servers for at least the duration of an evaluation cycle (preparation, survey phase, follow-up and evaluation) but at least 5 years. However, this data can no longer be traced back to the individual, as the answers in the questionnaire are not linked to the contact details.
    • Master data: User accounts remain in the system until the personal data record is deleted at the university or until the user authorization expires, after which they are deleted.

    8. Rights of data subjects

    Pursuant to articles 15 et seq. of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data: 

    • You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
    • If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
    • If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply in certain cases, however, such as if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
    • If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
    • You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. 
    • You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.

    9. Right to object

    Insofar as the data processing is based on your consent, you have the right to revoke your consent at any time. The data processing carried out until then remains lawful, the revocation applies only for the future. In this case, your personal data will be deleted immediately.

    If you choose to exercise the rights stated above, the public office will check whether the legal requirements for doing so have been met.

    10. Amendments to our data protection declaration

    The University reserves the right to change this data protection declaration to accommodate changes to legislation or changes in the services we provide (e.g., if we introduce new services).

    If you have any further questions, please feel free to contact the Data Protection Officer.