Data protection information in accordance with Article 13 (1) and (2) of the General Data Protection Regulation (GDPR ) on the processing of personal data in the context of the application for and allocation of study places at the Zittau/Görlitz University of Applied Sciences (HSZG).
Zittau/Görlitz University of Applied Sciences
Theodor-Körner-Allee 16
02763 Zittau
Please send inquiries regarding data processing to informationssicherheit(at)hszg.de
Your request will be forwarded to the responsible department and processed promptly.
The data protection officer can be contacted at
DID Dresdner Institut für Datenschutz
Hospitalstraße 4
01097 Dresden
Web.: www.dids.de
Tel.: +49 (0)351 / 655 772 - 0
E-Mail: datenschutz(at)hszg.de
The HSZG processes your personal data as part of your application for a study place for the purposes of admission, enrolment and further teaching and study organization.
All applicant data collected by the HSZG in connection with an application for a study place is processed on the basis of § 14 para. 1 no. 1 SächsHSFG and in accordance with § 3 SächsDSDG and Art. 6 para. 1 lit. e, f GDPR.
The HSZG has a legitimate interest in the processing of log data to detect and correct errors and to improve the website as part of the provision of its website (application portal). Furthermore, pursuant to Art. 6 para. 1 lit. c GDPR, Art. 5 para. 1 lit. f GDPR and Art. 32 para. 1 lit. b GDPR, there is a legal obligation to ensure the security of personal data when processing it. The HSZG fulfills this obligation, among other things, by processing account data to restrict access to non-public and protected parts of the website. The data used to identify smartphones when using the website with an account is processed on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR, which is granted when the user of the end device activates the automatic login. The data is used exclusively to uniquely identify the smartphone used in connection with the automatic login. Automatic login is only successful if the digital fingerprint matches and the user name and password can be decrypted and match the actual access data. The processing of log data for the analysis of user behavior is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.
In addition to the data entered into the applicant portal by your applicants for the award decision, the HSZG processes the following personal data for the provision of its website (applicant portal).
Processing of log data (access data)
When using the website, the following information is collected to detect errors
The IP address is stored in abbreviated form so that identification is not possible or only possible with an effort that is disproportionate to the gain in knowledge of the requesting connection.
Account
In order to use non-public areas of the website, such as applicant and alumni management, you must have a user account. The following personal data is required to create an account.
Automatic login for smartphones
When using the website with an account, you have the option of remaining logged in with your smartphone. For this purpose, a cookie with the encrypted access data is stored on the end device. At the same time, a digital fingerprint of the end device is stored on the server. The digital fingerprint is calculated from several parameters. The following information is evaluated for this purpose.
Cookies
This application uses cookies, i.e. small files with short texts for technical processing. Without cookies, for example if they have been deactivated in the browser, it is not possible to use this application in full. Only essential cookies are used. Essential cookies enable basic functions and are necessary for the proper functioning of the website. They cannot be deselected and are listed below.
| Cookie name | Content (example) | Purpose | Valid until |
|---|---|---|---|
| JSESSIONID | R5E0F8CC126518A2FF92F4614XYZABC | Identification of the user's current session | At the end of the session |
| lastRefresh | 1406342235039 | Stamp of the last update or the last call of this application | At the end of the session |
| sessionRefresh | 0 | Enables the client-side display of the (remaining) runtime of the current user session | At the end of the session |
| download-complete | The presence of the cookie indicates to the browser that an (internal) file download has been completed. | At the end of the session | |
| cs.sys.hisinoneAutoLogin | abc1234___::___def5678 | If automatic login is active, an access key is saved here. | For logging out on the respective device. The server-side data can also be deleted for other devices in the device management. |
| cs.sys.requestPerformance | a4d76e62-eb45-44df-ad7e-19b612f36956 | If the performance analysis is active, an assignment is made here between the server-side and client-side processing of the same browser request. | At the end of the session |
Processing of log data for the analysis of user behavior
In order to optimize the website, the HSZG automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The following data is processed
This data is not merged with data from other sources.
Log data, account data and data from automatic logins from smartphones are not transmitted.
The stored log data is automatically deleted after 7 calendar days.
If the applicant identity (account data) is not used for the application, if the application is unsuccessful or if no enrolment takes place for any other reason, the data will be deleted 9 weeks after the start of the semester as part of the semester clean-up. Account data will be deleted automatically upon the user's express request for deletion, at the latest upon exmatriculation/leaving the university or if misuse is detected. If the automatic login with smartphone is no longer used for 4 weeks, it is automatically deleted. In addition, the user can revoke the automatic login at any time via the settings in his/her account, e.g. if the smartphone has been lost. By storing the above data for the respective end device, the user can also keep several of his/her end devices separate in his/her account and, if necessary, deactivate the automatic login for individual end devices.
As a person affected by the processing of your personal data, you have the following rights if the legal requirements are met.
According to Art. 13 (2) lit. e GDPR, the provision of personal data of applicants is not required by law.
However, without the complete provision of the account data, no user account can be assigned and thus the non-public areas of the website cannot be used. Without the complete provision of the personal data required for admission and enrolment, an applicant cannot be considered for the allocation of a study place.
No automated decision-making or profiling in accordance with Art. 22 GDPR is carried out when allocating study places.