Privacy notice for the research information system at Hochschule München
Data protection is a key priority for Hochschule München (HM) and a legal obligation. To ensure that personal data is adequately protected during transmission, HM uses state-of-the-art encryption methods (e.g. SSL/TLS) and secure technical systems.
Data controller
HM Hochschule München University of Applied Sciences
Lothstraße 34
D-80335 München
Tel.: +49 89 12 65 - 0
Fax: +49 89 12 65 - 3000
Email: kommunikation@hm.edu
Website: www.hm.edu
HM Hochschule München University of Applied Sciences is a public-law body. It is legally represented by its President, Prof. Dr Martin Leitner.
Government Data Protection Officer
The Data Protection Officer at Hochschule München can be contacted by email at datenschutzbeauftragter@hm.edu and by telephone on +49 9951 99990-500.
Purpose and legal basis of the processing
Within the framework of Bay.FIS, personal data is processed for the purpose of operating an electronic, database-driven management system containing key performance indicators relating to the research output of HM staff engaged in scientific work. Research outputs recorded in Bay.FIS comprise information on research activities such as research projects, doctorates, intellectual property rights and publications. The key performance indicators processed in Bay.FIS are linked to data records relating to internal and external individuals (authors, Project Managers, partners, etc.) as well as organisational units within HM and external institutions.
The data on publicly funded third-party projects processed in Bay.FIS is made available to the public on the HM website . In addition, data on contract research projects and doctoral projects is published following written authorisation.
The legal basis for data processing is the performance of a public task pursuant to Article 6(1)(e), paragraphs 2 and 3 of the GDPR in conjunction with Article 2(2), sentence 5 of the Bavarian Higher Education Act (BayHIG) in conjunction with Article 12(5) of the Bavarian Higher Education Act (BayHIG) (informing the public about research activities and research results), in conjunction with Article 7(1) of the Bavarian Higher Education Act (BayHIG) (quality assurance in the field of research), in conjunction with Article 8 of the Bavarian Higher Education Act (BayHIG) (strategic university management), in conjunction with Article 22 of the Bavarian Higher Education Act (BayHIG) (gender equality mandate), in conjunction with Article 11(1) of the Bavarian Higher Education Act (BayHIG) (performance evaluations for the allocation of funds).
The data entered into Bay.FIS is also used for the purposes of compiling higher education statistics in accordance with Article 6(1)(e), (2) and (3) of the GDPR in conjunction with the HStatG, BStatG, FPStatG and BayStatG.
Where consent has been given for data processing, such processing is based on Article 6(1)(a) of the GDPR. This applies in particular to the optional fields in the relevant form. Data subjects have the right to withdraw their consent with future effect in accordance with Article 7(3) of the GDPR by contacting fis@hm.edu.
There are no plans to process special categories of personal data. Should this occur in exceptional circumstances, it will be done on the basis of Article 9(2)(b) and (h) of the GDPR, Article 88(1) of the GDPR, and Article 8(1), first sentence, points 2 and 3 of the Bavarian Data Protection Act (BayDSG).
Recipients or categories of recipients of personal data
Access to the content of the Bay.FIS portal at Hochschule München is, in principle, restricted to Hochschule München staff members who have been granted access to the portal.
The scope of access rights to specific personal data depends on whether a user belongs to a particular user group and is determined by what is strictly necessary:
- The university management and the departments FO, FI, GS, HE and QED, HE have full access to the ‘Publications’, ‘Projects’, ‘Doctorates’ and ‘Partners’ sections, as well as to the personal data contained therein.
- The HM departments FO, FI, GS, HE, IL and QM, as well as the Managing Directors of the research institutes and the university management, also have full access to the complete lists of individuals.
- Deans, Managing Directors and heads of research institutes have access to projects, doctorates and publications from the respective department or institute
- Professors have access to their own projects, doctorates, intellectual property rights and publications.
- Individual staff members in the FO department have full access to the intellectual property rights recorded in the system. Furthermore, each staff member at HM has view and edit rights only in respect of their own intellectual property rights.
The website publishes information on all publicly funded third-party projects (both ongoing and completed), as well as approved doctorates and contract research projects.
For projects, in addition to the project name and description, the Project Management team and participating organisations are also named.
Retention period for personal data
When students leave the university, the data entered in Bay.FIS is not, as a rule, deleted.
Log files are generally retained in non-anonymised form for 180 days.
Rights of those affected
Under the General Data Protection Regulation, you have the following rights:
- Where personal data is processed, data subjects have the right to obtain information about the data held about them (Article 15 of the GDPR).
- If inaccurate personal data is processed, you have the right to have it rectified (Article 16 of the GDPR).
- Where the legal conditions are met, data subjects may request the erasure or restriction of processing (Articles 17 and 18 of the GDPR).
- Where consent has been given for data processing, or where a contract for data processing exists and the data processing is carried out using automated means, data subjects may have a right to data portability (Article 20 of the GDPR).
- Data subjects have the right to withdraw their consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of that consent prior to its withdrawal (Article 7 of the GDPR).
- Data subjects have the right to request information as to whether automated decision-making, including profiling, is taking place (Article 22 of the GDPR).
- Data subjects have the right to object at any time to the processing of their data on grounds relating to their particular situation, where the processing is carried out solely on the basis of Article 6(1)(e) or (f) of the GDPR (Article 21(1), first sentence, of the GDPR).
Should the rights set out above be exercised, the public authority will check whether the legal requirements for doing so have been met.
Furthermore, you have the right to lodge a complaint with a supervisory authority. The authority responsible for Hochschule München is the Bavarian State Commissioner for Data Protection.
You can contact them using the following contact details:
Postal address:
Postfach 22 12 19
80502 München
Address:
18 Wagmüllerstraße
80538 München
Tel.: +49 89 212672 - 0
Fax: +49 89 212672 - 50
Email: poststelle@datenschutz-bayern.de
Website: https://www.datenschutz-bayern.de/
Further information regarding our Privacy Policy
Hochschule München reserves the right to amend the Privacy Policy from time to time to ensure that it always complies with the latest legal requirements or to reflect changes to the services described in the Privacy Policy, for example when new services are introduced. The new Privacy Policy will then apply to any subsequent visits to the website.
If you have any questions, please feel free to contact the Data Protection Officer (datenschutzbeauftragter@hm.edu) or send an email to: kommunikation@hm.edu.
Last updated: 10 March 2021
The information on this page was translated into English for your convenience. In case of any discrepancies between the English and German versions, the German version shall prevail.