Privacy Policy



1 Responsible persons

Name and contact details of the person responsible and, if applicable, their representatives:

Heilbronn University
Max-Planck-Straße 39
74281 Heilbronn
Germany

Heilbronn University is legally represented by the Rector, Prof.-Dr. Ing. Oliver Lenzen.

Phone: 07131 / 504-0
E-mail: [email protected]
Website: www.hs-heilbronn.de

2 Data protection officer

We have appointed an external data protection officer at our university. You are welcome to address confidential data protection concerns directly to this officer:

German Data Protection Office
Maximilian Musch
Richard-Wagner-Str. 2
88094 Oberteuringen
Oberteuringen, Germany
Tel: +49 (0) 7542 / 949 21 02
E-mail: [email protected]

Internal data protection office:
If you have any questions about data protection, the internal data protection office of Heilbronn University is also at your disposal: [email protected]

3 Objectives, purposes and description of processing

Our online platform pursues a transparent and responsible data processing policy that ensures the protection of privacy and compliance with applicable data protection regulations. The objectives, purposes and description of the processing of user data are set out in detail below:

Objectives of data processing:

  1. Creating an account to use the platform: The account is required to log into the platform and access the various functions and services. Registration is voluntary and allows users to manage their projects or ideas and interact with other users.
  2. Forgotten password: Users have the option of resetting their password if they have forgotten it. They can request a password recovery email via a corresponding function.
  3. Creating projects or ideas: Users can upload and publish their projects or ideas on the platform, whether they are projects from their private environment or ideas that they have developed during their studies. This function allows users to showcase their creativity and receive feedback from the community.
  4. Viewing ideas or projects and creating comments: The platform offers users the opportunity to view other users' projects or ideas and leave comments. This promotes interactive exchange and enables users to support and inspire each other.
  5. Uploading various materials for projects or ideas: Users can upload various materials to their projects or ideas, such as Word or PDF documents. This allows them to provide additional information and present their projects or ideas more comprehensively.
  6. Communication between users via comment functions: The platform offers comment functions through which users can communicate with each other. This allows users to give feedback, ask questions and share their projects or ideas.
  7. Recommendation system for interesting ideas, projects or people: A recommendation system is used to suggest interesting ideas, projects or people to users. These recommendations are based on the user's history and the tags entered during the registration process. As a result, users receive personalised suggestions that correspond to their interests and preferences.

Description of the data processing:
Data processing includes the collection, storage, processing and use of personal data in accordance with the statutory provisions on data protection. The processed data includes the following user information such as name, email address, profile picture and information on projects created or comments submitted (see point 4 Data categories).
The data collected is used exclusively for the above-mentioned purposes and is only stored for as long as is necessary to fulfil these purposes. Appropriate security measures are taken to ensure the confidentiality, integrity and availability of the data and to prevent unauthorised access, use or disclosure.

4 Data categories

Below we inform you about the type of data and data categories that are processed in connection with the IdeaLize platform:

The following general personal data is collected and processed as part of the registration and use of the IdeaLize platform:

  • Master data
    • Surname, first name
    • Enrolled degree programme
    • User name
    • Password (stored in encrypted form)
  • Contact details
    • E-mail address
  • Movement data
    • Profile picture
    • Interests (for automated suggestions for ideas/projects and people)
    • Comments
  • IP address (currently planned that only users from Germany can register for IdeaLize)
  • Project data
    • Title
    • Description
    • If applicable, associated course in which the project/idea was created
    • Any links and files added to the project by users (these can be images, PDF, Word or video files, etc.)

No particularly sensitive personal data according to Art. 9 para. 1 GDPR is processed.

5 Sources of data collection

We process the data that you provide to us in connection with the use of and registration on the IdeaLize platform.

6 Legal basis for data processing

The legal basis for the provision of the online platform is the public interest or the mission of Heilbronn University in accordance with Art. 6 para. 1 lit. e GDPR in conjunction with Sections 2, 12 LHG. The processing is also carried out in the context of providing the platform to the data subjects for their purposes and thus on the basis of Art. 6 para. 1 lit. b GDPR.

7 Further data protection information

7.1 Existence of automated decision-making (profiling)

We do not use any purely automated decision-making processes in accordance with Art. 22 GDPR.
If we wish to use such a procedure in individual cases in the future, we will inform you of this separately.

Comment: A recommendation system uses the interests entered in the registration process to provide suggestions for suitable projects/ideas or people. (The following will be integrated in the future: Via viewed or bookmarked projects, suggestions for similar projects, ideas or people will also be made available to the user on the basis of this data).

7.2 Scope of the obligations to provide us with data

Use of the IdeaLize platform is voluntary. There is no obligation to use the platform.

7.3 Storage and deletion periods

In principle, we process the data in the aforementioned procedures for as long as is necessary to fulfil our tasks.

Standard deletion periods after inactivity:
After registration, personal data such as user profile information is automatically deleted if the user does not perform any actions in their account (e.g. login) within 1 year.
The user receives a notification before the automatic deletion and has the option of extending the deletion period through a simple activity (e.g. login).

Deletion at the express request of the user:
Users can have their account and all associated personal data deleted at any time. Deleted data will be irrevocably removed from our systems within 4 weeks.
In addition to deleting their account, users also have the option of deleting all content they have created, such as projects, ideas or contributions. This option allows the user to retain control over their personal data and content and ensure that none of the content they have created remains on the platform after their account has been deleted.
Deleted content will be irrevocably removed from our systems within a specified period of time to ensure the user's privacy and data protection rights.

Comment on copyright confirmation and disclaimer:
When registering on the IdeaLize platform and uploading files, the user has confirmed that he/she owns the copyright to the uploaded content or has the necessary rights to use it on the platform. The owner of the platform accepts no liability for copyright infringements by users. It is the responsibility of users to ensure that they have the necessary rights to the content they upload.

8 Recipients of the data

At our university, those internal departments or organisational units receive your data that need it to fulfil our obligations or in the context of processing and implementation.
Your data will only be passed on to external parties as part of the hosting of the platform at Hetzner. The data is processed exclusively on the instructions of Heilbronn University and is not used for any other purposes as part of the contract processing agreement between Heilbronn University and Hetzner. An order processing contract has been concluded between the parties in accordance with the provisions of Art. 28 GDPR. In addition, adequate measures for the protection of personal data in accordance with Art. 32 GDPR are applied. Your data will not be passed on to third parties.
Data is also not transferred to organisations in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries).

9 Your rights

Under certain circumstances, you can assert your data protection rights against us. If possible, your requests to exercise your rights should be sent in writing or by email to the address given above.

  • You have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (if necessary with restrictions according to § 9 LDSG).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
  • If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. statutory retention obligations or the restrictions according to § 10 LDSG) or an overriding interest on our part (e.g. for the defence of our rights and claims) do not conflict with this.
  • Taking into account the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.
  • You can also object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we will stop processing your data. This right of objection only applies if there are special circumstances relating to your personal situation, whereby our company's rights may conflict with your right of objection.
  • You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party in accordance with the requirements of Art. 20 GDPR.
  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
The competent supervisory authority in the state of Baden-Württemberg:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
E-mail: [email protected]
Internet: https://www.baden-wuerttemberg.datenschutz.de