Privacy Policy

Content

  1. General information
     
  2. Contact details of the data controller
      
  3. Contact details of the data protection officer
     
  4. Description and scope of data processing
    1. with regard to the online application
    2. with regard to the provision of the website and the creation of log files
    3. with regard to the use of cookies
       
  5. Legal basis for data processing
     
  6. Data deletion and storage period
    1. with regard to personal data
    2. with regard to the provision of the website and the creation of log files
    3. with regard to the use of cookies and scripts, incl. possibilities of objection and elimination
       
  7. Links to websites of other providers
     
  8. Purpose of data processing
    1. with regard to your online application
    2. with regard to the provision of the website and the creation of log files
    3. with regard to the use of cookies
       
  9. Transmission of personal data to third parties
     
  10. Obligation to notify according to Art. 13 para. 2 lit. e) DSGVO
     
  11. Possibilities of objection and elimination
    1. with regard to personal data
    2. with regard to the provision of the website and the creation of log files
    3. with regard to the use of cookies
       
  12. Rights of data subjects
    1. Right to information, Art. 15 para. 1 DSGVO
    2. Right to rectification, Art. 16 DSGVO 
    3. Right to restriction of processing, Art. 18 DS-GVO
    4. Right to erasure, Art. 17 DSGVO
    5. Right to information, Art. 19 DSGVO
    6. Right to data portability, Art. 20 DSGVO
    7. Right to object, Art. 21 DSGVO
    8. Right to withdraw consent under data protection law, Art. 7 (3) DSGVO
    9. Right to complain to the supervisory authority, Art. 13 para. 2 lit. d) DSGVO.
       
  13. Security
     
  14. Up-to-dateness and validity of the data protection declaration

 

  1. General information
     
    The University of Music and Performing Arts (HfMDK) takes the protection of personal data very seriously. We collect and process personal data of visitors to our content management system academyFIVE in compliance with the European Data Protection Regulation (DSGVO), the Hessian Data Protection and Freedom of Information Act (HDSIG) and, where applicable, the Federal Data Protection Act (BDSG).
     
    Your data will neither be published by us nor passed on to third parties without authorization. The following text explains what data is collected during your visit to our system and how exactly it is used.
     
     
  2. Contact details of the responsible party
     
    The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is the Frankfurt University of Music and Performing Arts (HfMDK), legally represented by its President Prof. Elmar Fulda.
     
    University of Music and Performing Arts Frankfurt am Main
    Eschersheimer Landstrasse 29-39
    D 60322 Frankfurt am Main'
    T. +49.69.154.007-0
    F. +49.69.154.007-108
     
    The University of Music and Performing Arts Frankfurt am Main, as a university of the State of Hesse, is both a public corporation and a state institution.
     
     
  3. Contact details of the data protection officer
     
    If you have any questions about data protection, please contact the persons responsible for data protection at the HfMDK Frankfurt am Main directly:
     
    Anja Kuhn (Data Protection Officer)
    Jürgen Simon (Deputy Data Protection Officer)'
    Email: datenschutz@orga.hfmdk-frankfurt.de
     
     
  4. Description and scope of data processing
     
    As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only after consent or if legal regulations allow it.
     
    1. With regard to online applications
       
      If you provide us with personal data as part of the application process, this data is divided into the following data types and data categories for collection, processing and / or use:
       
      Registration:
         - Personal data (first and last name)
         - Access data (e-mail address, password)
       
      Profile data:
         - Personal data (title, academic degree, first and last name, birth name if applicable,
           date of birth, place of birth, country of birth, gender, nationality)
         - Contact data (private address, if applicable semester address, telephone number, if
           applicable mobile phone number)
         - Picture for the student administration
       
      Work history:
         - General information (on studies at previous universities)
         - University entrance qualification
         - Final examinations/PhD
         - Information on study-related stays abroad
       
      Document upload:
         - Curriculum vitae
         - University entrance qualification
         - Insurance certificate of the health insurance company
         - Bachelor's degree certificate, if applicable
         - Exmatriculation certificate, if applicable
         - If applicable, proof of employment subject to social insurance contributions
         - Language certificates, if applicable
         - if applicable, phoniatric certificate (study programs in voice acting)
         - if applicable, further documents, such as a letter of motivation
       
      If you apply online from our website, this will be done through the online application system academyFIVE from
       
      Simovative GmbH,
      Landsberger Str. 110,
      80339 Munich,
      Germany.
       
      All data entered by you will be transmitted in encrypted form. Simovative GmbH is committed to handling your transmitted data in accordance with data protection regulations. It takes all organizational and technical measures to protect your data.
       
      We initially use the personal data you provide exclusively for processing your application for the selected course of study. Only persons involved in the application process will be given access to your personal data. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are obliged to disclose data due to statutory provisions and/or official or court orders.
       
       
    2. Regarding the provision of the website and the creation of log files
       
      Simovative GmbH and third party services may collect files for operational and maintenance purposes that record the interaction that takes place through this application (system logs), or use other personal data (e.g. IP address) for this purpose.
       
      When accessing academyFIVE's products, your internet browser automatically transmits data for technical reasons. The following data is collected separately from other data that you may transmit to us and is stored until it is automatically deleted:
       
         - Date and time of access,
         - browser type and version,
         - operating system used,
         - URL of the previously visited website,
         - Amount of data sent,
         - IP address of the access
       
      These data are stored exclusively for technical reasons and are not assigned to a specific person at any time.

        
    3. Regarding the use of cookies
       
      Cookies are small text files that make it possible to store specific information related to the user on the user's computer while the user is visiting our website. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our offers as convenient and efficient as possible.
       
      We use so-called "session cookies", which are temporarily stored exclusively for the duration of the use of our Internet pages. The session cookies are stored on the user's data carrier in order to ensure certain settings and functionalities on our websites via their browser. The cookies we use are deleted after the end of the browser session, i.e. after closing the user's browser.
       
      We do not use cookies or tracking tools on our website that enable an analysis of the user's surfing behavior.
       
       
  5. Legal basis for data processing
     
    Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) a) DSGVO serves as the legal basis.
     
    When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. In the present case, this concerns a contract initiation relationship or the conclusion of a contract with the applicant.
     
    Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which the HfMDK is subject, Article 6 (1) c) DSGVO serves as the legal basis. Decisive for the processing of data or personal data, if necessary also using technically necessary cookies, is our legitimate interest in data processing in the context of contacting us on the part of the inquirer. The legal basis for the temporary storage of the data and the log files is the processing for the protection of our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.
     
    If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, Art. 6 (1) e) DSGVO serves as the legal basis.
     
     
  6. Data deletion and storage period
     
    1. With regard to personal data.
       
      The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored has been achieved. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
       
      In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
       
      Within the application period, you can withdraw the application in your profile. In this case, all personal data will be deleted or anonymized for statistical purposes. If you have not started a course of study with us and your applicant profile is still stored, your data will be deleted automatically, at the latest after three years. This does not apply if legal regulations prevent deletion, if further storage is required for the purpose of providing evidence, or if you have expressly consented to longer storage. There will be no notification of the deletion of the data.
       
       
    2. With regard to the provision of the website and the creation of log files
       
      The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
       
      In the case of storage of data in log files, this is the case after seven days at the latest. In the event that attacks and disruptions are pursued, the data from the access will be stored until the conclusion of the respective procedure. In addition, anonymized storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
       
        
    3. with regard to the use of cookies and scripts, including options for objection and removal.
       
      Cookies are stored on the user's computer and transmitted by them to our site. Therefore, users have full control over the use of cookies. By changing the settings in the Internet browser, the transmission of cookies can be disabled or restricted. Cookies that have already been stored can be deleted at any time. This can also be done automatically.
       
      It is also possible to use our offers without cookies and scripts. In the respective browser, the storage of cookies and scripts can be deactivated or restricted to certain web pages. The browser can also be set to notify users as soon as a cookie is sent. Cookies can also be deleted by users from the hard drive of their computers at any time. Browser add-ons can be installed to block scripts. In addition, cookies from third-party providers only can also be rejected. In this case, users will still receive the cookies that allow our website to function properly.
       
      If cookies or scripts are disabled for our website, it may no longer be possible to fully use all of the website's functions. In these cases, a limited display of the page and a restricted user experience are to be expected.
       
       
  7. Links to websites of other providers
     
    This data protection declaration applies to the academyFIVE content management system of the HfMDK insofar as the HfMDK is the responsible party in terms of data protection. The pages of the content management system may contain links to websites of other providers. The HfMDK has no influence on whether these providers also comply with the statutory data protection provisions. Information regarding responsibility for the content provided on a website can be found in the respective imprint of the website.
     
     
  8. Purpose of data processing
     
    1. With regard to your online application
       
      The processing of personal data from the input mask is solely for the purpose of contacting you and processing your application.
       
       
    2. with regard to the provision of the website and the creation of log files.
       
      This data is processed to enable the use of the pages of the academyFIVE content management system (connection establishment), to guarantee system security, the technical administration of the network infrastructure, and the optimization of the Internet offering (error analysis). IP addresses are only evaluated in the event of attacks on the system's network infrastructure.
       
      The temporary storage of the IP address by the system is therefore necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
       
      The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
       
      Our legitimate interest in data processing also lies in these purposes.
       
       
    3. With regard to the use of cookies
       
      The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.
       
       
  9. Transmission of personal data to third parties
     
    Personal data processed in the context of the use of the academyFIVE content management system is generally not transferred to third parties. In exceptional cases this can be done on the basis of a legal permission or an individual permission.
     
    As a matter of principle, no personal data is transferred to countries outside the European Economic Area (EEA) and associated countries (no "third country transfer"). If this should nevertheless be necessary, any relocation of the service or partial work in this regard requires the prior consent of the HfMDK and may only take place if the special requirements of Art. 44 ff DSGVO are met.
     
     
  10. Obligation to notify according to Art. 13 para. 2 lit. e) DSGVO
      
    In principle, there is neither a contractual nor a legal obligation to communicate personal data on the pages of the academyFIVE content management system of the HfMDK. However, if certain data is not communicated, the system can only be used in a restricted manner or not at all.
     
     
  11. Possibilities of objection and removal
     
    1. with regard to personal data
       
      The user has the possibility to object to the processing of your data at any time. The objection should be sent to the data protection officer of the HfMDK at the email address datenschutz@orga.hfmdk-frankfurt.de. We would like to point out that in the event of an objection, the application cannot be completed or the conversation cannot be continued.
       
       
    2. With regard to the provision of the website and the creation of log files
       
      The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
       
       
    3. Regarding the use of cookies
       
      See section 6.3 of this data protection declaration.
       
       
  12. Rights of data subjects
     
    If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
     
    1. Right to information, Art. 15 para. 1 DSGVO
    2. Right to rectification, Art. 16 DSGVO
    3. Right to restriction of processing, Art. 18 DS-GVO
    4. Right to erasure, Art. 17 DSGVO
    5. Right to information, Art. 19 DSGVO
    6. Right to data portability, Art. 20 DSGVO
    7. Right to object, Art. 21 DSGVO
    8. Right to withdraw consent under data protection law, Art. 7 (3) DSGVO
    9. Right to complain to the supervisory authority, Art. 13 para. 2 lit. d) DSGVO
       
       
    1.  Right to information, Art. 15 (1) DSGVO.
       
      You may request confirmation from the controller as to whether personal data concerning you is being processed.
       
      If such processing is taking place, you may request information from the controller about the following:
       
         - The purposes for which the personal data are processed;
         - the categories of personal data that are processed;
         - the recipients or categories of recipients to whom the personal data concerning you
           have been or will be disclosed;
         - the planned duration of the storage of the personal data concerning you or, if concrete
           information on this is not possible, criteria for determining the storage period;
         - the existence of a right to rectification or erasure of the personal data concerning you,
           a right to restriction of processing by the controller or a right to object to such
           processing;
         - the existence of a right of appeal to a supervisory authority;
         - any available information on the origin of the data, if the personal data are not collected
           from the data subject.
       
       
    2. Right to rectification, Art. 16 DSGVO.
       
      You have a right to rectification or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
       
       
    3. Right to restriction of processing, Art. 18 DSGVO
       
      You may request the restriction of the processing of personal data concerning you under the following conditions:
       
         - if you contest the accuracy of the personal data concerning you for a period enabling
           the controller to verify the accuracy of the personal data;'
         - if the processing is unlawful and you object to the erasure of the personal data and
           request instead the restriction of the use of the personal data;
         - the controller no longer needs the personal data for the purposes of processing, but
           you need it for the establishment, exercise or defense of legal claims;
         - if you have objected to the processing pursuant to Article 21 (1) DS-GVO and it is not
           yet clear whether the legitimate grounds of the controller outweigh your grounds.
       
      If the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
       
      If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
       
      Your right to restriction of processing may be limited to the extent that it is likely to make impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
       
       
    4. Right to erasure, Art. 17 DSGVO.
       
      Obligation to delete
       
      You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:
       
         - The personal data concerning you are no longer necessary for the purposes for which
           they were collected or otherwise processed.
         - You revoke your consent on which the processing was based pursuant to Art. 6 (1) a)
           DS-GVO and there is no other legal basis for the processing.
         - You object to the processing pursuant to Art. 21 (1) DS-GVO and there are no
           overriding legitimate grounds for the processing or you object to the processing
           pursuant to Art. 21 (2) DS-GVO.
         - The personal data concerning you have been processed unlawfully.
         - The erasure of the personal data concerning you is necessary for compliance with a
           legal obligation under Union law or the law of the Member States to which the
           controller is subject.
       
       
      Exceptions
       
      The right to erasure does not exist insofar as the processing is necessary:
       
         - for the exercise of the right to freedom of expression and information;
         - for compliance with a legal obligation which requires processing under Union or
           Member State law to which the controller is subject, or for the performance of a task
           carried out in the public interest or in the exercise of official authority vested in the
           controller;
         - for archiving purposes in the public interest, scientific or historical research purposes,
           or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as erasure
           would render impossible or seriously prejudice the achievement of the purposes of
           such processing;
         - for the assertion, exercise or defense of legal claims.
       
    5. Right to information, Art. 19 DSGVO.
       
      If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
       
       
    6. Right to data portability, Art. 20 DSGVO
       
      You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
       
         - the processing is based on consent pursuant to Art. 6 (1) a) DSGVO or Art. 9 (2) a)
           DSGVO or on a contract pursuant to Art. 6 (1) b) DSGVO and
         - the processing is carried out with the help of automated procedures.
       
      In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
       
      The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
       
       
    7. Right to object, Art. 21 DSGVO.
       
      You have the right to object at any time, on grounds relating to your particular situation, to processing carried out on the basis of Art. 6(1)(e) DSGVO; this also applies to profiling based on these provisions.
       
      The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
       
      You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO.
       
      Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.
       
       
    8. Right to withdraw consent under data protection law, Art. 7(3).
       
      You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
       
       
    9. Right to complain to the supervisory authority, Art. 13 para. 2 lit. d) DSGVO.
       
      Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
       
      Your competent supervisory authority depends on the federal state of your residence, work or the alleged violation. A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
       
       
  13. Security
     
    The website provider uses technical and organizational security measures in accordance with Art. 32 DSGVO to protect your data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to this data is only possible for a few authorized persons and persons with a special obligation to protect data who are involved in the technical, administrative or editorial management of data.
     
    For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
     
     
  14. Actuality and validity of the privacy policy
     
    This data protection declaration is currently valid and dated 13.01.2021.
     
     
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.