Data Protection Policy

The Munich School of Philosophy takes your privacy very seriously and complies with legal data protection regulations. The Datenschutzregelung der Ordensgemeinschaften Päpstlichen Rechts (data protection policy of the pontifical religious communities - KDR-OG) applies throughout the Munich School of Philosophy. In the following, we explain how we deal with your personal data.

 

1. What is personal data?

Any information that refers to a specific identified or identifiable person. A person is identifiable if it is possible to identify them directly or indirectly. This could, for example, be by reference to an identifier such as a name, to an identification number, to location data, an online identifier or to one or more specific characteristics.

2. Basic information

2.1. Who is responsible for processing my data (controller)?

Hochschule für Philosophie München 
Kaulbachstraße 31a
D-80539 München
Telephone number: +49-89-2386-2300
Info(at) hfph.de

2.2. How can I reach the Munich School of Philosophy’s Data Protection Officer?

Winfried Rau, Winfried Rau Consulting
Hollergasse 10
67281 Bissersheim
Telephone number: +49-6359-872-7507
dsb(at)tintus-consulting.de

2.3 Supervisory authority

The supervisory authority responsible for the Munich School of Philosophy is the shared Data Protection Officer of the Deutsche Ordenskonferenz (German association of religious orders) with responsibility for southern Germany:

Herr Jupp Joachimski
Wittelsbacherring 9
53115 Bonn
joachimski(at)orden de

3. Additional important information

3.1. Why does the Munich School of Philosophy process my data?

On our website, we perform administrative functions and offer our services as well as information on our activities for the public. Personal data is only processed by the Munich School of Philosophy if and to the extent that this is necessary to provide a fully functional website, to provide the site content or to provide the offered services and perform the available administrative functions. The reason for processing is either a legal provision or consent given by the user in connection with a user action.

3.2. Why is the Munich School of Philosophy permitted to process my data?

Section 6 (1b) KDR-OG is the legal basis for processing in cases in which we ask for consent for processing data for a particular purpose. The legal basis for processing personal data that is necessary to fulfil a contract when the data subject is party to this contract, as is for example the case with data processing activities connected to the delivery of goods or the provision of a service or other consideration is section 6 (1c) KDR-OG. The same applies for processing activities that are necessary before a contract is concluded, for example to process enquiries. In cases where a legal obligation of our university makes the processing of personal data necessary, for example the obligation concerning taxation, the legal basis for processing is section 6 (1d) KDR-OG. In rare cases, the processing of personal data may become necessary in order to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises was injured, and their name, age and health insurance details or other vital information needed to be made available to a physician, hospital or similar third party. In such cases the legal basis for processing personal data is section 6 (1e) KDR-OG. Finally the legal basis for processing personal data may be section 6 (1g) KDR-OG.

3.3. What data is collected?

3.3.1. Cookies

The web pages of the Munich School of Philosophy use cookies. Cookies are text files that are stored on a computer using an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character sequence that allows web pages and servers to reference the specific browser in which the cookie was stored. This allows the websites and servers that are accessed, to differentiate the individual browser used by a data subject to access them from other internet browsers that contain different cookies. A particular internet browser can be recognised and identified through the unique cookie ID.

Using cookies allows the Munich School of Philosophy to provide more user friendly services on this website, that would not be possible without the use of cookies.

The information and services on our website can be optimised for the user with the help of cookies. As already mentioned, cookies allow us to recognise repeat users of our website. The purpose of this recognition is to make the use of our website easier for the user. For example, a user of a website that uses cookies does not need to enter access data each time they visit the site, as this is taken care of by the website and the cookie stored on the user's computer system.

You can prevent the use of cookies by our website at any time using the privacy settings of your internet browser, and so reject cookies permanently. Cookies that have already been set, can also be deleted using your internet browser or other software programs. This is possible in all commonly used internet browsers. If you deactivate cookies in your browser, some features of our website may not be fully functional.

3.3.2. Collection of general data and information

The Munich School of Philosophy website collects a set of general data and information each time the site is viewed by a data subject or an automated system. This general data and information is stored in the server's log files. Collected data may be (1) type and version of browser used, (2) the operating system used by the system accessing the site, (3) the website from which the website is accessed (so-called referrer), (4) the individual pages of our website that are viewed, (5) date and time of website access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information, that serves the purpose of  risk prevention in the case of attacks on our IT systems.

The Munich School of Philosophy does not draw any conclusions about the data subject while using this general data and information. Rather, this information is needed to (1) display the content of our website correctly, (2) optimise the content of and advertising for our website, (3) ensure the long-term functioning of our IT  systems and the technology used on our website and finally (4) be able to provide law enforcement agencies with the necessary information in case of a cyber attack. This anonymously collected data is thus analysed by the Munich School of Philosophy on the one hand for statistical purposes, on the other hand with the aim of increasing data protection and data security within our organisation, with the ultimate goal of ensuring the best possible level of protection for the personal data processed by us. The anonymous data stored in the server log files is stored separately from all personal data submitted by a data subject.

3.3.4. Newsletter subscription

On our website, you are offered the possibility of subscribing to our university newsletter. The personal data forwarded to the controller responsible for processing the data is the data entered when subscribing.

The Munich School of Philosophy uses the newsletter to inform interested people regularly about the university’s news and events. Our university newsletter can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject has subscribed to the newsletter. For legal reasons a confirmation email is sent to the email address of the data subject once they have entered this address for the first time for newsletter receipt. This is part of the double opt-in procedure. The purpose of this confirmation email is to check that the owner of the email address, as a data subject, has authorised the receipt of the newsletter.

We also store the IP address given by the internet service provider (ISP) for the computer system used by the data subject at the time of subscription, as well as the date and time of subscription. Collecting this data is necessary to be able to trace any possible misuse of the email address of a data subject at a later date, and thus serves to legally protect the controller.

The data collected when a data subject subscribes to our newsletter is used solely for the purpose of sending our newsletter. The only other possible use is to send subscribers to the newsletter information that is necessary for the operation of the newsletter service or to maintain the subscription. This may be the case if there are changes to the newsletter service or changes to the technical requirements. The personal data collected in connection with the newsletter service is not made available to third parties. The subscription to our newsletter can be cancelled at any time. Consent to store personal data, given for the purpose of sending the newsletter, can be revoked at any time. Each newsletter contains a link for revoking the consent. You also have the possibility to cancel your newsletter subscription directly on the controller’s website or to inform the controller in other ways that you no longer wish to receive the newsletter.

3.3.5. Newsletter tracking

The Munich School of Philosophy's newsletter contains so-called tracking pixels, also known as web beacons. A tracking pixel is a miniature graphic image that is embedded in emails sent in HTML format and that allows a log file to be recorded and this log-file to be analysed. This makes it possible to evaluate the impact of newsletter mailings. Using the tracking pixel, the Munich School of Philosophy can tell if and when an email message has been opened by a data subject and which links within the newsletter the data subject has accessed.

The personal data collected using these tracking pixels in the newsletter is stored and analysed by the controller with the purpose of optimising newsletter distribution and of better adapting the content of future newsletters to the interests of the data subject. This personal data is not made available to third parties. Data subjects have the right to revoke their consent, given specifically for this purpose in the double opt-in procedure at any time. Once consent has been revoked, the personal data is deleted by the controller. Un-subscribing from the newsletter will be considered to be a revocation of consent by the Munich School of Philosophy.

3.3.6. Contact via our website

In accordance with legal regulations, the Munich School of Philosophy's website contains various information that allows you to contact us electronically, including contact forms and a general email address. If a data subject contacts us via email or a contact form, the transmitted personal data is saved automatically. Personal data that is transmitted to the Munich School of Philosophy voluntarily by a data subject in this way is stored for the purpose of processing the request or contacting the data subject. This personal data is not made available to third parties.

3.3.7. Enrolment

You can enrol as a student at the Munich School of Philosophy using the enrolment form. The information given on these forms is necessary to process your enrolment and includes legally prescribed information on your education to date.

The legal basis for processing your data in the context of enrolment is section 6 (1b-d) of the KDR-OG.

Incomplete and not successfully completed applications for enrolment are deleted after no more than one year.

Data of successfully enrolled students, especially data pertaining to examinations is stored in accordance with legal retention periods.

3.4. How long is my data stored?

The Munich School of Philosophy processes and stores personal data of data subjects only for as long as needed to achieve the purpose of processing or as determined by legal regulations (e.g. retention periods).

If the purpose of processing is no longer given or the legal retention period has expired, the personal data is routinely blocked or deleted according to the legal provisions.

3.5. Do I have to submit my data?

In order for us to achieve the goals set out in section 3.1 of this data protection policy (reasons for processing) it is necessary that you submit your personal data.

This is essential and also legally required, so that we can conclude and carry out a contract with you.  If you do not provide your personal data, we cannot conclude a contract with you. In case of complaints you may refer to the supervisory authority (responsible diocese data protection officer) at any time.

You have the right to take legal action against the supervisory authority (section 49 (1) of the KDR-OG) or against us (section 49 (2) of the KDR-OG).

3.6. Automated decision making / profiling

Automated decision making and profiling do not occur.

4. What are my rights?

4.1. Note on your rights

As a data subject you have, amongst others, the following rights according to the KDR-OG (in the following referred to as “data subject rights”):

4.2. Right to access according to section 17 of the KDR-OG

You have the right to demand information on whether we are processing personal data of yours. If we are processing personal data of yours, you have the right to be told:

  • the purposes of processing
  • the categories of personal data processed
  • the recipients or categories of recipients of personal data, especially recipients in non-EU countries or international organisations
  • if possible the storage period for personal data; or, if this is not possible, the criteria for determining the storage period
  • that you have the right to rectification or erasure of the personal data concerning you, or to limitation of processing by the data controller or to object to such processing
  • that you have the right to lodge a complaint with a supervisory authority
  • if the personal data was not collected directly from the data subject: all available information on the source of the data
  • if an automated decision-making procedure (including profiling) as stipulated by section 24 (1) and section 24 (4) of the KDR-OG is in place and - at least in these cases - to be given clear information on the logic involved as well as the scope and intended effects of such processing for the data subject
  • that you have the right to be informed if your data is transmitted to a non-EU country, and whether an adequate level of protection is ensured by the recipient, and if so what guaranties this is based on
  • that you have the right to demand a copy of your personal data. The first copy is free. An appropriate fee may be charged for further copies. Copies may only be provided if this does not infringe on the rights of others.

4.3. Right to rectification according to section 18 of the KDR-OG

You have the right to demand the rectification of your data, if it is incorrect or incomplete. This right includes the right to have supplementary explanations or messages added. Data must be corrected or completed without undue delay.

4.4. Right to erasure of personal data according to section 19 of the KDR-OG

You have the right do demand that we delete your personal data if...

  • ... the personal data is no longer necessary to fulfil the purpose for which is was collected.
  • ... the data is being processed based on your consent, and you have revoked your consent, unless there is another legal basis for the processing.
  • ... you have objected to data processing based on so-called legitimate interest; in this case the data need not be deleted if there are legitimate interests in the data being processed that take precedence over your objection.
  • ... you have objected to data processing for direct marketing purposes.
  • ... your data was processed unlawfully.

There is no right to deletion of personal data if...

  • ... your demand to delete the data infringes on the right to freedom of expression and information,
  • ... it is necessary to process the data...
    • ... to fulfil a legal obligation (e.g. legal retention periods)
    • ... to perform a task in the exercise of official authority or in the public interest and in accordance with applicable law (this includes “public health”) or
    • ... for archiving or research purposes.
    • ... the personal data is required to assert, exercise or defend legal claims.

Deletion must be performed immediately (without undue delay). If we have made personal data public (for example online), then we have to ensure to the extent that this is technically possible and reasonable that other controllers or processors are informed of your demand for deletion including deletion of links, copies or replicas.

4.5. Right to restriction of processing according to section 20 of the KDR-OG

You have the right to demand restriction of processing of your personal data in the following cases:

  • If you have contested the accuracy of your personal data, you can demand that your data shall not be used until the matter has been decided and thus to restrict its processing.
  • If your data has been or is being processed unlawfully, you may demand the restriction of processing rather than deletion.
  • Should you need your personal data for asserting, exercising or defending legal claims, but we no longer need your personal data, then you can demand that we restrict processing of the data in question.
  • If you have objected to the processing of your data, but it has not yet been clarified whether our legitimate interest in processing the data outweighs your interest, you can demand that your data shall not be used until the matter has been decided and thus to restrict its processing.

If the processing of personal data concerning you has been restricted, such data may be stored, it may, however, only be processed...

  • ... with your consent,
  • ... for asserting, exercising or defending legal claims,
  • ... for protecting the rights of another natural or legal person, or
  • ... for reasons of important public interest.

If a restriction of processing should be lifted, you will be informed in advance.

4.6. Right to data portability according to section 22 of the KDR-OG

You have the right to demand that we provide data that you have made available to us in a common electronic format (for example as a PDF or Excel file).

You can also demand that we transmit this data directly to another company, if this is technically possible.

You have this right if the following requirement is fulfilled: We are processing your data on the basis of your consent or to fulfil a contract and are using automated processes to do so.

The exercise of your right to data portability may not infringe on the rights and freedoms of other people.

If you exercise your right to data portability, you still have the right to erasure.

4.7. Right to object to processing according to section 23 of the KDR-OG

If your data is being processed for the performance of a task in the public interest or to pursue a legitimate interest , you can object to the processing. For this, you need to inform us of the reasons resulting from your particular situation for your objection. Such reasons may be for example special family circumstances or interests in secrecy that are worthy of protection.

In case of an objection we are obliged to cease all further processing, unless...

  • ... there are compelling reasons for processing that are worthy of protection and that outweigh your interests, or
  • ... the processing is required to assert, exercise or defend legal claims.

You can object to the use of your data for the purpose of direct marketing activities at any time; this also applies to profiling, if the profiling is connected to direct marketing activities. If you object to the processing, we may no longer use your data for the purpose of direct marketing.

Please note: We do not carry out or commission any kind of direct marketing or profiling activities.

4.8. Prohibition of automated decision-making/profiling according to section 24 of the KDR-OG

Decisions of ours that have a legal consequence for you or cause you severe limitations, may not be made solely on the basis of automated processing of personal data. This prohibition includes profiling. This prohibition is not valid, if the automated decision...

  • ... is necessary for entering into or performing a contract between you and the data controller
  • ... is authorised by legal provisions, if these legal provisions include appropriate measures for the protection of your rights and freedoms as well as your legitimate interests, or
  • ... is based on your explicit consent.

Decisions based solely on the automated processing of special categories of personal data (= sensitive data) are only permitted if...

  • ... they are based on your explicit consent, or
  • ... there is an important public interest in the processing

and appropriate measures for the protection of your rights and freedoms as well as your legitimate interests have been taken.

4.9. Exercising data subject rights

To exercise your data subject rights, please contact us. Enquiries that  are submitted electronically are usually processed electronically. There is generally no charge for the information, notifications and measures, including the exercise of data subject rights, that have to be provided according to the KDR‑OG. For any further copies we may charge a fee based on the administrative cost.

If there are justified doubts concerning your identity, we can demand additional information from you for the purpose of identification.

Requests for information are usually dealt with immediately, within one month of receiving the request. The period for dealing with requests may be increased by a further two  months if this is necessary due to the complexity and/or number of requests; in the case of such an extension, we will inform you of the reasons for the delay within a month of receiving your request. Should we not react to a request, we will inform you of the reasons and of the possibility to lodge a complaint with a supervisory authority or seek recourse to a judicial remedy immediately within a month of receiving your request.

5. Data protection notes concerning integrated components on this website

5.1. Data protection information concerning the use of Matomo

The Munich School of Philosophy has integrated the use of Matomo on this website. Matomo is an open source software tool for web tracking. Web tracking is the collection, storage and analysis of data on the behaviour of visitors of web sites. A web tracking tool collects data on the website from which the website is accessed (so-called referrer), the individual pages of our website that are accessed, or how often and for how long an individual page is viewed. Web tracking is usually used to optimise the internet site and for cost/benefit analyses of online advertising.

The software runs on the Munich School of Philosophy's server; the log files that are sensitive from a data protection point of view are stored solely on this server.

The purpose of the Matomo component is to analyse the traffic on our web site. The controller uses the data and information gained from Matomo to analyse the use of this website and to collate reports showing the activity on our website, amongst other things.

Matomo sets a cookie on the data subject's IT system. We have already explained above what cookies are. Setting the cookie allows us to analyse the use of our website. Every time the data subject accesses an individual page of this website, the internet browser on the data subject's IT system is automatically caused to send data for the purpose of online analysis to our server. This technical procedure gives us access to personal data, such as the data subject's IP address that serves, amongst other things, to trace the location of the visitors and where the clicks are generated.

The cookie is used to store personal data, for example the time of access, the place from which the page was accessed and the frequency of visits to the web site. This personal data, including the IP address of the internet connection used by the data subject, is transmitted to our server. We store this personal data. We do not pass this personal data on to third parties.

You can prevent the use of cookies by our website at any time using the privacy settings of your internet browser, and so reject cookies permanently, as already stated above. These privacy settings, if used, also prevent Matomo from setting a cookie on your IT system. Cookies that have already been set by Matomo, can also be deleted using your internet browser or other software programs.

Please note: Deleting all Munich School of Philosophy cookies, for example, means that the Matomo deactivation cookie is also deleted and may need to be activated again. 

For further information and the current version of Matomo’s data protection policy, follow this link: https://matomo.org/privacy/.

You have the possibility to prevent the tracking and linking of actions you take here on this website. This protects your privacy, but it also prevents the owner of the site from learning from your actions and improving the usability of the site for you and other users.

Your visit to this website is currently being recorded by Matomo web analysis software. To opt out, remove the tick from this box.

5.2. Data protection information concerning the use of YouTube

The Munich School of Philosophy has integrated some components of YouTube on this website. YouTube is an online video portal that allows video publishers to upload video clips free of charge and allows other users to watch, assess and comment on these videos, also free of charge. YouTube permits the publication of all types of videos, which is why entire films or television programmes are available, as well as music videos, trailers and videos produced by the users themselves.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Every time the data subject accesses an individual page of this website that is operated by the Munich School of Philosophy and that contains a YouTube component (YouTube video) the internet browser on the data subject's IT system is automatically caused by the YouTube component to download a version of the respective YouTube component from the YouTube website. For further information on YouTube, follow this link: www.youtube.com/yt/about/de/ This technical procedure gives YouTube and Google information on which specific page on our website was visited by the data subject.

If the data subject is logged into YouTube at the time, YouTube can see which specific page on our website was visited by the data subject each time they access a page that contains a YouTube video. This information is collected by YouTube and Google and connected to the data subject's YouTube account.

YouTube and Google always receive information that the data subject has accessed our web site, if the data subject is logged on to YouTube at the time of accessing our web site; this information is sent, independently of whether they click on a YouTube video or not. If the data subject does not not wish this information to be transmitted to YouTube and Google, they can prevent it by logging out of their YouTube account before accessing our website.

For information on how YouTube and Google collect, process and use personal data, see the data protection policy published by YouTube at www.google.de/intl/de/policies/privacy/

5.3. Data protection information concerning the use of Google Web Fonts

This page uses so-called web fonts provided by Google, so that fonts are displayed uniformly. When you access a page, your browser loads the necessary web fonts into your browser cache, so that the fonts can be displayed correctly.

To do this, your browser has to connect to Google servers. This means that Google is informed that our website was accessed from your IP address. We use Google Web Fonts with the aim of creating a consistent and attractive representation of our web content. This represents a legitimate interest as defined by section 6 (1g) KDR-OG.

If your browser does not support web fonts, a standard font available on your computer will be used.

For further information about Google Web Fonts, please refer to https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/.

This data protection policy was created using the data protection policy generator of the DGD, Deutsche Gesellschaft für Datenschutz GmbH (German data protection association) and adapted to the needs of the Munich School of Philosophy.

Please note:

Der englische Text in diesem Dokument dient lediglich als Information über die Inhalte des zugehörigen deutschsprachigen Dokumentes. Rechtsverbindlich ist allein die Ausfertigung in deutscher Sprache.

The English text in this document only serves the purpose of providing information on the contents of the corresponding German text. Only the German text is legally binding.