Data processing when using a CRM system
We, Hochschule München (hereinafter also referred to as “the University”, “we” or “us”), use a CRM system to maintain and manage our relationships with project and cooperation partners, as well as with interested parties. The CRM system enables us to manage your contact details, respond to your enquiries, send you newsletters on general and specific topics, and invite you to events.
Below, we set out the purposes for which we process your personal data, the legal basis for such processing, the period for which we process your personal data for the purposes set out here, and the rights you have in relation to the processing of your data, should we contact you.
Please take the time to read our privacy policy, as it contains important information about how we handle your personal data.
Contents of these notes
Wherever we use the term ‘data’ in this text, we refer exclusively to personal data within the meaning of Article 4(1) of the GDPR.
Statistical analysis of the usage of our circulars
The CRM system we use enables us to manage existing and potential project and cooperation partners, prospective clients and other contacts from the fields of academia, business, culture and politics. It helps us to organise our outreach and communication channels with contacts who are relevant to the fulfilment of the tasks entrusted to us as a state university. This allows us to analyse our processes in a partially automated manner. Information on our organisational and corporate contacts is stored centrally in our CRM system and linked to further details (e.g. contact persons, projects or events). In addition, initial contacts and activities (e.g. sending enquiries or holding discussions with the relevant contact) are recorded.
In particular, we process the following categories of personal data in our CRM system:
- Salutation, first name, middle name and surname, title,
- Contact and communication details (email address, telephone number, interaction with
- (us),
- Professional details (organisation/company, position/role, organisational unit/department, address, website, organisation size, sector, project category, collaborative activities),
- Campaign data (campaign name, type, lead status, campaign date),
- Details of projects and collaborations (existing projects and collaborations, and those currently under discussion),
- Data relating to services purchased (order and delivery history, type of service),
- Contact type (prospect, existing contact, new contact).
The information referred to is collected exclusively directly from you and processed for the purposes set out in this notice. This means that the information is stored and allocated to the organisational units (departments, administrative offices, departments and/or institutes) within the university responsible for the project, collaboration and/or event, and is used to contact you.
We will not ask you to provide us with so-called ‘special category data’ in our communications, campaigns or contact forms. However, should you voluntarily provide us with such information, we will regard this as your consent to the processing of that data for the purpose of managing the customer relationship, and as your authorisation for us to store this information within our CRM system. In principle, however, we do not store or further process information relating to sensitive personal data, as the technical design of our CRM system does not provide for this. Such data is processed only in exceptional cases.
Access to our CRM system is granted in accordance with the existing authorisation policy, following a separate login and authorisation check. Currently, data in the CRM system can only be viewed and edited university-wide by authorised staff members within the relevant organisational unit. The limited number of authorised users at the university have access to your data where necessary in order to process your data in the CRM system or to respond to your enquiries, in accordance with the purposes set out in this notice. Authorisations are granted in accordance with the ‘need-to-know’ principle. All access to the CRM system and the data it contains is always logged. Your data will not be passed on to third parties outside the university.
Statistical analysis of the usage of our circulars
We carry out statistical analyses of the sending and receipt of our newsletters in order to fulfil our obligation to ensure the cost-effectiveness of our administration. To this end, we collect aggregated data – without being able to establish a specific link to you personally – on how many recipients open our newsletters and which articles are clicked on most frequently. To this end, our newsletters contain a small file, known as a ‘tracking pixel’, which is retrieved from the sending server when the email is opened. Upon retrieval, we process technical information contained in the log files, as well as the technical timestamp, without any personal reference. We use your data exclusively for internal statistical analysis and do not pass it on to third parties.
Unsubscribe
You may, of course, object at any time to receiving further newsletters from the university – and thus also to the future analysis of your opening and clicking behaviour – by unsubscribing from the newsletters. To do so, please click on the unsubscribe button at the bottom of each newsletter.
Purpose
We process your data in our CRM system to respond to your enquiries, to manage our relationships with partners and prospective clients (CRM), to administer our contacts, and to streamline and improve the organisation of our communication and outreach channels, as well as to carry out statistical analysis of your use of our newsletters. The CRM system provides the university’s organisational units with a platform which supports authorised staff – in accordance with an established authorisation scheme – in fulfilling our statutory duty to facilitate and promote the knowledge transfer, as well as in maintaining our relationships with partners and prospective clients.
Legal basis
The processing of your data in connection with the use of our CRM system for the aforementioned purposes – in particular with regard to the provision of invitations and information concerning the organisation, administration, research and Teaching at the university, as well as the statistical analysis of open and click-through rates – takes place within the framework of the university’s performance and fulfilment of its statutory duties. The legal basis for this is Article 4(1) of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6(2), (3) and (1)(e) of the General Data Protection Regulation (GDPR), in conjunction with the general tasks set out in Article 2 of the Bavarian Higher Education Act (BayHIG) and/or with specific provisions laid down in other legislation.
Recipients of your data
We currently use the cloud-based CRM solution ‘1CRM’, provided by visual4 GmbH, Schreiberstr. 27, 70199 Stuttgart, for the technical provision and hosting of our CRM system. visual4 processes your data on our behalf and in accordance with our instructions within the European Union. This means that visual4 does not, and is not permitted to, use your data for its own purposes, in particular not for its own purposes or for its own advertising activities.
For further information on visual4, please refer to the details available via the following link: https://visual4.de/kundenverwaltung-crm/.
Deletion
The data will be deleted as soon as it is no longer required to fulfil the purposes for which it was collected. For data collected for the purposes mentioned above and processed in our CRM system, this will be the case if you, as the data subject, have objected to the processing. Data may also be retained if this is provided for by European or national legislation in EU regulations, laws or other provisions to which the university, as the data controller, is subject. We will block your data from further processing or delete it when a statutory retention period expires, unless further retention of the data is necessary for the performance of a contract.
To ensure that a procedure is in place for deleting personal data from the CRM system, we have implemented a data deletion policy:
- The organisational unit responsible for the contacts regularly checks whether they are still current. Unless there is a legal obligation to retain the data, we will delete your data in full.
- The maximum retention period is currently six years of inactivity. If a contact stored in the CRM system has shown no interactions for six years, or if no changes have been made to the associated record, the contact will be deleted.
We would also like to point out that you may request the deletion of your data at any time. We will then delete your data immediately, provided that there are no statutory retention periods preventing such deletion.
Last updated on 28 March 2024
The information on this page was translated into English for your convenience. In case of any discrepancies between the English and German versions, the German version shall prevail.