Information on Data Protection
We process your personal data in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the Brandenburg Data Protection Act (BbgDSG).
Party responsible for data processing
University of Potsdam
represented by the President, Professor Oliver Günther, Ph.D.
Am Neuen Palais 10
14469 Potsdam
Phone: +49 331 977-0
Fax: +49 331-97 21 63
www.uni-potsdam.de/en/university-of-potsdam
Data Protection Officer
Dr. Marek Kneis
Am Neuen Palais 10
14469 Potsdam
Phone: +49 331 977-124409
Fax: +49 331 977-701821
E-mail: datenschutz@uni-potsdam.de
Purpose of data processing
The data collection takes place for the purpose of enrollment and the purposes specified in Section 1 of the Higher Education Statistics Act (HStatG) as well as – in case of successful enrollment – for student administration purposes while studying at the university.
Legal basis for data processing
Legal bases for data processing are: Article 6(1)(e) GDPR in conjunction with Section 15(11) of the Brandenburg Higher Education Act (BbgHG), Sections 3 and 4 HStatG, Sections 1 ff. of the Act of Statistics for Federal Purposes (BStatG), and the Enrollment Regulations of the University of Potsdam, as amended. If you do not provide the data required for enrollment, including the required proof of a higher education entrance qualification and other qualifications, the proof of which is required for admission to the selected degree program in accordance with the provisions of the BbgHG and the enrollment regulations of the University of Potsdam, then you cannot enroll.
The legal basis for the processing of data of University of Potsdam employees who work with the campus management system is: Article 88 GDPR in conjunction with Section 26(1) clause 1 BbgDSG. According to this provision, personal data of employees may be processed by public bodies of the State of Brandenburg for the purpose of implementing the employment relationship. This includes the processing of login data as well as log data when working with systems used for work-related purposes, like HISin One.
Type of data and data retention period
| Personal data and uploaded documents of prospective students who are not enrolled | Data will be deleted 12 months after the end of the process |
| Master data for the identification of a person, such as name and date of birth, as well as data on the period of study and graduation documents, declarations of intent establishing a legal relationship, certificates of de-registration, and data on the periods of enrollment, which are stored in the digital student file | Stored until 45 years after de-registration (especially for the provision of lost documents or duplicates in accordance with Section 30(3) and (4) BbgHG) |
| Master data that are not required for the identification of a person or their period of study (e.g. address and contact data) as well as documents to defend against unjustified objections in case of de-registration of the student without any current examination registrations | Stored until de-registration is implemented + 18 months |
| Master data that are not required for the identification of a person or their period of study (e.g. address and contact data) as well as documents to defend against unjustified objections in case the right to examination remains after de-registration | Stored until de-registration is implemented and examination registration procedure are completed + 18 months |
| Log data (access data) of non-admitted applicants and enrolled persons as well as general logging | Data deleted within 30 days |
| Logging of data bank transactions | Data deleted within 14 days |
| Logging of changes to the collected data in application procedure | Stored until one year after the end of the procedure |
| Logging of changes to the collected data by enrolled persons and employees | Information on who made which changes is anonymized after 18 months |
| Upload of a photo for the PUCK student ID card during enrollment or for a replacement card | Deleted within three months after upload or after filing of the digital student file |
Data transfer to third parties
During the application phase, your data stored by the Division of Student Affairs may be transferred to the offices listed below under the conditions of the legal bases specified in each case:
- recipient: Hochschulstart.de (Stiftung für Hochschulzulassung); based on Section 3 of the University Admissions Act (HZV).
- recipient: HIS Hochschul-Informations-System eG (Goseriede 9, 30159 Hannover) in individual cases to assist with maintenance and support; a commissioned data processing contract was concluded as the basis
- recipient: Campus Unity GmbH (Kurt-Schumacher-Straße 1, 63322 Rödermark) in individual cases to assist with maintenance and support; a commissioned data processing contract was concluded as the basis.
- recipient: Digital Engineering Faculty, UP / HPI gGmbH (Hasso-Plattner-Institut für Digital Engineering gGmbH - Prof.-Dr.-Helmert-Str. 2-3, 14482 Potsdam) for the review of applications; on the basis of the cooperation agreement between the UP and HPI gGmbH and the agreement on joint responsibility for the processing of personal data in connection with the operation of the DEF in accordance with Art. 26 GDPR.
- recipient: SER eGovernment Europe GmbH (Joseph-Schumpeter-Allee 19, 53227 Bonn) and subcontractors in individual cases for the maintenance of the Doxis4 document management system; a commissioned data processing contract was concluded as the basis.
After enrollment, your data stored by the Division of Student Affairs may be transferred to the offices listed below under the conditions of the legal bases specified below:
- recipient: Statutory health insurance provider; legal basis for data transfer: Section 199a (3) SGB V; Categories of data transferred: The date of the student's enrollment and the beginning of the semester; the end of the semester at which membership in the university ends (de-registration); the commencement of doctoral studies.
- recipient: German Pension Fund: Legal basis for data transfer: Section 67a subsection 2 no. 2 b) bb) SGB X, Sections 6, 8 BbgDSG; Categories of data transferred: Date of enrollment; continuation of studies; date of de-registration; completion of studies.
- recipient: Office of Educational Financial Aid (BAföG): Legal basis for data transfer: Section 48 subsection 3 BAföG; Categories of data transferred: Expert opinions on the level of education; further data may also be transferred on the following legal basis: Section 15 subsection 2 BAföG, Sections 3-7 SGB X, Sections 6-8 BbgDSG; categories of data transferred: Continuation of studies; change of academic institution; completion of studies; date of de-registration; periods of leaves of absence.
- recipient: Family benefits office; Legal basis for data transfer: Section 32 (4) sentence 1 no. 2 EStG; Sections 93 (1) sentence 2, 111 AO, Sections 6-8 BbgDSG; Categories of data transferred: Use of semesters on leave of absence
- recipient: Foreigners’ Registration Office: Legal basis for data transfer: Section 16 subsection 2 sentence 5 AufenthG; Categories of data transferred: Information on the credits which must still be earned for the completion of the respective program at the time of the request from the Foreigners’ Registration Office, and the estimated further duration of the studies.
- recipient: SER eGovernment Europe GmbH (Joseph-Schumpeter-Allee 19, 53227 Bonn) and subcontractors in individual cases for the maintenance of the Doxis4 document management system; a commissioned data processing contract was concluded as the basis
- recipient: HIS Hochschul-Informations-System eG (Goseriede 9, 30159 Hannover) in individual cases to assist with maintenance and support; a commissioned data processing contract was concluded as the basis.
- recipient: Campus Unity GmbH (Kurt-Schumacher-Straße 1, 63322 Rödermark) in individual cases to assist with maintenance and support; a commissioned data processing contract was concluded as the basis.
- recipient: Digital Engineering Faculty, UP / HPI gGmbH (Hasso-Plattner-Institut für Digital Engineering gGmbH - Prof.-Dr.-Helmert-Str. 2-3, 14482 Potsdam) for implementation of decentralized examination administration; on the basis of the cooperation agreement between the UP and HPI gGmbH and the agreement on joint responsibility for the processing of personal data in connection with the operation of the DEF in accordance with Art. 26 GDPR.
- recipient: LYSS-IT GmbH (Sulinger Straße 4-6, 27305 Bruchhausen-Vilsen) to assist with maintenance and support; a commissioned data processing contract was concluded as the basis.
Your rights
You have the right to request information from us regarding the processing of personal data pertaining to you. Apart from the possibility to obtain a copy of your personal data, this right allows you to request information on the purposes of the processing, the recipients of the data as well as the duration for which the data is stored.
Should the personal data being processed be incorrect, you can ask for it to be corrected. If the legal requirements of Art. 17 or 18 GDPR are met, you are entitled to the erasure of your personal data or to a restriction of processing. Please note that restricted processing of your data might not be possible in some cases. Under the prerequisites defined in Article 20 GDP, you have the right to receive your personal data in a structured, standard, and machine‐readable format or to request the transfer to another controller. Furthermore, you can object to the processing of your data if the requirements of article 21 GDPR are met.
Should you want to make use of your above-mentioned rights, please contact:
Division of Student Affairs
Dr. Sabina Bieber, Director
Am Neuen Palais 10
14469 Potsdam
Phone: +49 331 977-1016
Fax: +49 331 977-1065
E-mail: sabina.bieber@uni-potsdam.de.
You can also request access to your data from the Chief Information Officer (University of Potsdam, Karl-Liebknecht-Straße 24-25, 14476 Potsdam). You can find the data access request form on the website of the Chief Information Officer (https://www.uni-potsdam.de/en/praesidialbereich/president-vice-presidents/cio.html).
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the responsible data protection authority.
The data specified in the following will be processed within the scope of university applications in the Campus Management System of the University of Potsdam as well as in the service portal for applications, hochschulstart.de.
Account
A prerequisite for using non-public areas of the website, such as applicant management, is the existence of a user account. The following personal data is required to create the account: last name, first name, gender, date of birth, place of birth, nationality, address, e-mail address, and a password of your choice. Without all of this data, it is not possible to assign a user account, which means that the non-public areas of the website cannot be used. The data is being processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 15(11) BbgHG for the purpose of university application and enrollment. The account data will not be transferred to third parties. In the event of non-admission (and no new application in the next application campaign), the application data and the personal data including the account will also be deleted.
Cookies
We use so-called cookies in this application. Cookies are small text files or other storage technologies that are placed and stored on your end device by the internet browser you use. Through the use of cookies, certain information about you, such as your browser or location data or your IP address, is processed to a certain extent based on your individual case. If you manually prevent the use of cookies, this may result in certain features of the website not being available.
The following cookies, which are essential technology for the use of the system, are stored on your end device:
| Name | Inhalt (Beispiel) | Zweck | Gültig bis |
|---|---|---|---|
| JSESSIONID | R5E0F8CC126518A2FF92F4614XYZABC | Identification of the user's current session | End of the session |
| oam.Flash.RENDERMAP.TOKEN | -z4rkkxnzp | Security feature for a temporary cache of the user interface | End of the session |
| lastRefresh | 1406342235039 | Time stamp of the last refresh or the last time of accessing this application | End of the session |
| sessionRefresh | 0 | Enables the client to display the (remaining) runtime of the current user session | End of the session |
| download-complete | The presence of this cookie indicates to the browser that an (internal) file download has been completed. | End of the session | |
| XSRF-TOKEN | sc45cb68-9e99-4a14-bb34-788ea2cck5f5 | Used to protect against cross-site request forgery (attack on a computer system). | End of the session |
The legal basis for the storage of these cookies is Section 25(2)(2) of the Act on Telecommunication, Digital Services and Data Protection (TDDDG).
