Privacy Policy
1. An overview of data protection
General information
Privacy policy
Introduction
We, the Fachhochschule des Mittelstands (FHM) GmbH - University of Applied Sciences - as operator of the OIC-Platform are the responsible party for the processing of the personal data of the users of the platform. Our contact details can be found in the imprint of the platform, and the contact persons for questions regarding the processing of personal data are named directly in this privacy policy.
We take the protection of your privacy and your private data very seriously. We collect, store and use your personal data only in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
With this privacy policy, we inform you to what extent and for what purposes personal data is processed in connection with the use of the platform.
Personal data
Personal data is information about an identified or identifiable natural person. This includes all information about your identity, such as your name, e-mail address or postal address. In contrast, information that cannot be associated with your identity (such as statistical information about the number of users of the platform) is not considered personal data.
In principle, you can use our platform without disclosing your identity and without providing personal data. We will then only collect general information about your visit to our platform. For some of the services offered, however, personal data is collected from you. This data will then only be processed by us for the purposes of using this platform, in particular for providing the requested information. When collecting personal data, only the data that is mandatory must be provided. In addition, further information may be possible, in which case it is voluntary. In each case, we indicate whether the information is mandatory or voluntary. We then provide information on the specific details in the corresponding section of this data protection declaration.
Automated decision-making based on your personal data does not take place in connection with the use of our platform.
Processing of personal information
Your information is stored by us on specially protected servers within the European Union. These are protected by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Access to your data is only possible for a few authorized persons. These are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, however, complete protection against all dangers is not possible.
Your personal data is transmitted over the Internet in encrypted form. We use TLS encryption (Transport Layer Security) for data transmission.
Disclosure of personal data to third parties
As a matter of principle, we only use your personal information to provide the services you have requested. Insofar as external service providers are used by us in the course of providing the service, their access to the data is also exclusively for the purpose of providing the service. We take technical and organizational measures to ensure compliance with data protection regulations and also oblige our external service providers to do the same.
Furthermore, we do not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
If we transfer your personal data ourselves or through service providers to countries outside the European Union, we comply with the special provisions of Art. 44 et seq. DSGVO for this purpose and also oblige our service providers to comply with these regulations. We will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured in particular by an adequacy decision of the EU Commission or by appropriate guarantees pursuant to Art. 46 DSGVO.
Legal basis for data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) a) DSGVO is the legal basis for the data processing.
Insofar as we process your personal data because this is necessary for the performance of a contract or in the context of a relationship with you similar to a contract, Art. 6 (1) (b) DSGVO is the legal basis for data processing.
Insofar as we process your personal data for the fulfillment of a legal obligation, Art. 6 para. 1 lit. c) DSGVO is the legal basis for data processing.
Furthermore, Art. 6 (1) lit. f) DSGVO is the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
Within the scope of this privacy policy, we always indicate the legal basis on which we base the processing of your personal data.
Data deletion and storage period
We always delete or block your personal data when the purpose for storing it no longer applies. However, storage may take place beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, we delete or block your personal data after the end of the corresponding requirements.
Use of our platform
Information about your computer
If you access our platform without having registered, no information about you will be stored. After you register, we collect the following information about your computer each time you access our platform: your computer's IP address, your browser's request, and the time of that request. We also collect product and version information about the computer's browser used. We further collect from which website the platform was accessed. Your login is stored by token in the browser's local storage. The remaining data is stored for a maximum of 90 days.
We use this data for the operation of the platform, in particular to detect and eliminate errors, to determine the utilization of the platform and to make adjustments or improvements. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f) DSGVO.
Use of cookies
For our platform - as on many websites - cookies are used. Cookies are small text files that are stored on your computer and save certain settings as well as data for exchange with the platform from us via your browser. A cookie usually contains the name of the domain from which the cookie file was sent as well as information about the age of the cookie and an alphanumeric identifier.
Cookies allow us to recognize your computer and make any preferences and settings immediately available. The cookies we use are - as far as possible - so-called session cookies, which are automatically deleted at the end of the browser session. Occasionally, cookies with a longer storage period may also be used so that your preferences and settings can also be taken into account the next time you visit our platform.
Furthermore, we do not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
If we transfer your personal data ourselves or through service providers to countries outside the European Union, we comply with the special provisions of Art. 44 et seq. DSGVO for this purpose and also oblige our service providers to comply with these regulations. We will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured in particular by an adequacy decision of the EU Commission or by appropriate guarantees pursuant to Art. 46 DSGVO.
Legal basis for data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) a) DSGVO is the legal basis for the data processing.
Insofar as we process your personal data because this is necessary for the performance of a contract or in the context of a relationship with you similar to a contract, Art. 6 (1) (b) DSGVO is the legal basis for data processing.
Insofar as we process your personal data for the fulfillment of a legal obligation, Art. 6 para. 1 lit. c) DSGVO is the legal basis for data processing.
Furthermore, Art. 6 (1) lit. f) DSGVO is the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
Within the scope of this privacy policy, we always indicate the legal basis on which we base the processing of your personal data.
Data deletion and storage period
We always delete or block your personal data when the purpose for storing it no longer applies. However, storage may take place beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, we delete or block your personal data after the end of the corresponding requirements.
Use of our platform
Information about your computer
If you access our platform without having registered, no information about you will be stored. After you register, we collect the following information about your computer each time you access our platform: your computer's IP address, your browser's request, and the time of that request. We also collect product and version information about the computer's browser used. We further collect from which website the platform was accessed. Your login is stored by token in the browser's local storage. The remaining data is stored for a maximum of 90 days.
We use this data for the operation of the platform, in particular to detect and eliminate errors, to determine the utilization of the platform and to make adjustments or improvements. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f) DSGVO.
Use of cookies
For our platform - as on many websites - cookies are used. Cookies are small text files that are stored on your computer and save certain settings as well as data for exchange with the platform from us via your browser. A cookie usually contains the name of the domain from which the cookie file was sent as well as information about the age of the cookie and an alphanumeric identifier.
Cookies allow us to recognize your computer and make any preferences and settings immediately available. The cookies we use are - as far as possible - so-called session cookies, which are automatically deleted at the end of the browser session. Occasionally, cookies with a longer storage period can also be used so that your presettings and preferences can also be taken into account the next time you visit our platform.
Comments
You have the possibility to comment on posts on our platform. To do this, you must be logged in to your user account. The publication of the comments takes place under the name that you provided during the registration for the customer account. Logging into your user account is still required so that we can contact you if we have any objections to your comments and ask you to comment on them; we also store the IP address. Without this information, you will not be able to post comments. However, only the name or pseudonym you have selected will be displayed when the comment is published. The legal basis for processing your data is your consent in accordance with Art. 6 (1) a) DSGVO.
Groups
On our platform, you can join groups or create groups yourself. In these "co-creation groups", members are enabled to work cooperatively on joint projects. To join or create a group, you must be logged into your user account. The name you provided during the registration process for the account will be used for this... Logging into your user account is still required so that we can contact you if you have any complaints about your group and ask you to comment on them; we also store the IP address. Without this information, you will not be able to join or create a group. However, only the name or pseudonym you have selected will be displayed in the group. The legal basis for processing your data is your consent in accordance with Art. 6 (1) a) DSGVO.
Your rights and contact
We attach great importance to explaining the processing of your personal data as transparently as possible and also to informing you about the rights to which you are entitled. If you would like more detailed information or to exercise the rights to which you are entitled, you can contact us at any time so that we can take care of your request.
Data subject rights
With regard to the processing of your personal data, you have extensive rights. First of all, you have an extensive right to information and, if necessary, you can request the correction and/or deletion or blocking of your personal data. You may also request a restriction of processing and have a right of objection. With regard to the personal data you have provided to us, you also have a right to data portability.
If you would like to exercise any of your rights and/or receive more information about this, please contact our administrators. Alternatively, you can also contact our data protection officer.
Revocation of consent and objection
Once you have given your consent, you may freely revoke it at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The contact persons for this are also our administrators and our data protection officer.
If the processing of your personal data is not based on consent but on another legal basis, you can object to this data processing. Your objection will result in a review and, if necessary, termination of the data processing. You will be informed of the result of the review and - if data processing is nevertheless to be continued - you will receive more detailed information from us as to why the data processing is permissible.
Data protection officer and contact
We have appointed an internal data protection officer who supports us in data protection issues and whom you can also contact directly. If you have any questions regarding our handling of personal data or require further information on data protection issues, please do not hesitate to contact our data protection officer:
University of Applied Sciences
Data Protection Officer
Ravensberger Street 10 G
33602 Bielefeld
Telephone: 0521 966 55 179
E-mail: datenschutz@fh-mittelstand.de
Complaints
If you believe that the processing of your personal data by us is not in accordance with this Privacy Policy or the applicable data protection regulations, you have the right to lodge a complaint with the supervisory authority. You can also complain to our data protection officer. The data protection officer will then review the matter and inform you of the outcome of the review.
Further information and changes
Links to other websites
Our platform may contain links to other websites. These links are usually marked as such. We have no influence on the extent to which the applicable data protection provisions are observed on the linked websites. We therefore recommend that you also inform yourself about the respective data protection declarations of other websites.
Changes to this data protection declaration
The status of this data protection declaration is indicated by the date (below). We reserve the right to change this data protection declaration at any time with effect for the future. An amendment will be made in particular in the event of technical adjustments to the platform or changes to the data protection requirements. The current version of the data protection declaration can always be accessed directly via the platform. We recommend that you regularly inform yourself about changes to this data protection declaration.
Status of this data protection declaration: July 2021