Sign In

Privacy Policy in accordance with the EU General Data Protection Regulation (GDPR)

Skip Navigation LinksTHUEnglishPrivacy Policy

Our Privacy Policy: the full version

Details of the responsible body
For the purposes of the General Data Protection Regulation and national data protection laws, as well as other legal provisions concerning data protection, the responsible body is the
Technische Hochschule Ulm
University of Applied Sciences
Prittwitzstrasse 10
D-89075 Ulm
Ulm University of Applied Sciences is a public body.It is legally represented by the President Prof. Dr. Volker Reuter.
Telephone: +49 (0)731 50-208
Fax: +49 (0)731 50-28270

Official Data Protection Officer

Our official data protection officer at the University of Applied Sciences is Prof. Dr. Markus Schäffter.
Telephone: +49 (0)731 50-208
Fax: +49 (0)731 50-28270

Data-processing during the use of our website
Extent of processing of personal data
Fundamentally, we only collect and use the personal data of our users as far as it is necessary for the provision of a functioning website, including our content and services.
The collection and use of our users’ direct personal data (name, contact data) routinely takes place only with the consent of the user.An exception applies in those cases where, for factual reasons, it is not possible to obtain consent in advance and the processing of the data is permitted by legal provisions.

Legal basis for the processing of personal data
Where we obtain consent for processing the personal data of the affected person, Art. 6(1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
When processing personal data which is required for the fulfillment of a contract – where the affected person is one of the contracting parties – the legal basis is Art. 6(1) lit. b GDPR.This also applies to processing operations which are required to implement pre-contractual measures.
As far as the processing of personal data is necessary for fulfilling a legal obligation, Art. 6(1) lit. c GDPR serves as the legal basis.
In the case that processing is necessary to protect the vital interests of the affected person or another natural person, Art. 6(1) lit. d GDPR serves as the legal basis.
If processing is necessary for our legitimate interests or those of a third party, and the legitimate interests, fundamental rights and freedoms of the affected person do not override the first-mentioned interest, Art. 6(1) lit. f GDPR serves as the legal basis for processing.

Data deletion and duration of storage
Personal data will be deleted or blocked as soon as the reason for its storage no longer applies and any legally-applicable retention periods have elapsed.
Protocol files which aid the detection of misuse or the maintenance of a proper service are deleted or overwritten after six months at the latest.

Data-processing for the provision of the website
Description and scope of data processing
Every time our website is called up, our system automatically records data and information from the computer system calling up the website.
Here the following data are collected:
(1) Information about the browser type and the version used
(2) The operating system of the user’s computer
(3) The Internet Service Provider of the user
(4) The IP address of the user, potentially also the DNS name
(5) The date and time of access
(6) The URL of the website via which the user’s system accessed our website
(7) The URL of the website called up by the user’s system via our website
These data are stored temporarily in log files on our IT systems.Storage of this data along with other personal data of the user does not occur.

Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6(1) lit. f GDPR.

Purpose of the data processing
The system must temporarily store the IP address in order to deliver the website to the user’s computer.To achieve, this the user’s IP address must be stored for the duration of the session.
The storage of the stated files in log files occurs in order to ensure the functionality of the website.In addition, the data helps us optimize our website and ensure the security of our IT systems.An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, data processing is also necessary for the pursuit of our legitimate interests in accordance with Art. 6(1) lit. f GDPR.

Duration of storage
The data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected.In the case of data collection for the provision of the website, this occurs when the relevant session is terminated.
For data stored in log files, this is generally the case after seven days at the latest (rolling protocol).Storage exceeding this period is possible.In this case, the users’ IP addresses are deleted or anonymized so that it is no longer possible to identify the clients calling up the website.
Opting out and removal options
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website.Therefore, the user cannot opt out of this.

Use of cookies
Our website uses cookies.Cookies are text files which are saved in the internet browser or saved by the internet browser on the user’s computer system.If a user calls up a website, a cookie can be saved on the operating system of the user.This cookie contains a distinguishing character string which enables the browser to be identified definitively if the website is called up again.

We use cookies to make our website more user-friendly.Some elements of our website require that the browser calling up our webpage can still be identified after changing pages.
The cookies are used to save and transmit the following data to our IT systems:
(1) Language settings
(2) Name of the end device
(3) Browser details
(4) Login information after successful log on

Legal basis for the use of cookies
The legal basis for the use of cookies is Art. 6(1) lit. f GDPR.For these purposes, data processing is also necessary for the pursuit of our legitimate interests in accordance with Art. 6(1) lit. f GDPR.

Duration of storage
The duration of storage depends on the type of cookie.We use session cookies, which the browser deletes from the user’s computer when the browser is closed or when logging out of our website using the appropriate link.

Information on the use of Social Media
It is generally possible to use our online offer without submitting personal data. However, in certain circumstances, it may be necessary to process your personal data. The processing of personal data is performed in accordance with the EU General Data Protection Regulation (GDPR). As a public educational institution, we take our responsibility to set an example very seriously. When using social media, we adhere to the following fundamental principles:

View our Privacy Policy for Social Media.


Ulm University of Applied Sciences does not use any tracking services such as Facebook Pixel, Google Analytics etc. However, please note that the processing, storage, deletion and use of personal data in social networks is the responsibility of the relevant service provider and Ulm University of Applied Sciences has no influence upon this.

Opting out and removal options
The use of cookies helps make the website easy to use and is important for operating the website.The user does not have the option of opting out, however the user can configure their browser in such a way that cookies are prevented from being saved.

Rights of the affected person
If we process your personal details, as an affected person you have the following rights under data protection law.

Right to information
You can demand information from us, the operator of the website, about the type, scope and purpose of our processing of your personal details.

Right to correction
If your personal details are incorrect, you have the right to correction or completion of these details.

Right to deletion or restriction of processing
If your details are incorrect or incomplete, or you doubt the legality of the data processing, you can demand that the appropriate details are deleted, or if appropriate, their use restricted while investigations are carried out.This is the case if data is no longer needed for the purpose for which it was originally collected, or if you originally gave consent which you have since revoked.

Right to revoke consent
If the data-processing is based on consent given, you have the right to withdraw this consent at any time, effective from the moment consent is revoked.If you revoke your consent for your data to be processed for the purposes of direct marketing, your personal details will no longer be processed for these purposes.You have the option of exercising your right to revoke your consent in an automated form.

Right to file a complaint with a Data Protection Authority
If you believe that the processing of your personal data infringes data protection law, you have the right to file a complaint with a Data Protection Authority.The appropriate Data Protection Authority is the one responsible for your place of residence or, if applicable, for your place of work.
The Data Protection Authority to which you submitted your complaint will inform you, as the complainant, about the status and results of your complaint, including the option of a legal remedy.