SRH University

Privacy policy

Privacy Policy

The protection of your privacy and personal data is important to us at SRH University of Applied Sciences Heidelberg ("SRH University", "we", "us"). We would therefore like to inform you below about how we handle your personal data ("data"). The following "Privacy Policy" applies to all data processed by us, in particular in the context of our websites, mobile applications, via our official social media pages or other channels and in the context of our other business activities. For cookies, plug-ins and similar technologies, please also refer to our "Cookie/Plug-in Policy", which is part of this Privacy Policy.

This Privacy Policy describes:

  • Who is responsible for data processing?
  • What data do we process, for what purposes, for how long and on what legal basis?
  • Log files
  • Making contact with us
  • Registration on our website
  • Emails/newsletters
  • Customer relation management: Hubspot, Cobra CRM, Dream Apply
  • Online meeting: Teams, Zoom
  • Online appointment booking: eTermin, HubSpot
  • Event booking: Eveeno, Eventbrite
  • Consultancy: Unibuddy
  • Communication and chat: WhatsApp
  • Who do we transfer your data to?
  • International data transfers
  • How long will your data be stored?
  • Data protection for minors
  • Automated decision making
  • Is the provision of data mandatory?
  • What rights do you have as a data subject?
  • Right to lodge a complaint
  • Who is responsible for data processing?

SRH University is responsible for the processing of your personal data within the meaning of the General Data Protection Regulation ("Data") in accordance with this Privacy Policy and the Cookie/Plug-in Policy. This responsibility means ensuring that your personal data is processed in accordance with applicable data protection law.

Contact details of the sponsoring company:
SRH Hochschulen GmbH
Ludwig-Guttmann-Str. 6
69123 Heidelberg, Germany
T +49 6221 6799 882
[email protected]
www.srh-university.de

Contact details Data Protection Officer

Mr Jörg Flierenbaum
Robert-Koch-Straße 3
97230 Estenfeld
E-mail: [email protected]

What data do we process, for what purposes, for how long and on what legal basis?

We process data for the purposes described below. In addition, we refer to our cookie/plug-in policy and the processing described there in the context of cookies, plug-ins and similar technologies.

Log files

When you visit our website without contacting us or logging in, your browser automatically transmits the following information to our server:

  • IP address of your end device
  • Information about your browser (e.g. main language, user agent, version)
  • the website you were on immediately before landing on our website
  • the URL or requested file, title of the page displayed
  • the URL of the page that was accessed before the current page
  • link clicks on external domains
  • the date and time of your visit
  • Location of the user
  • screen resolution
  • Volume of data transferred
  • Status information, e.g. error messages, page generation time

This data is used

  • to send the requested website content to your browser. The full IP address is only stored to the extent necessary to deliver the requested content to you;
  • to send your IP address to a service provider in order to map your public IP address with company and industry-related information (no personal information). This company and industry-related information is processed in our web measurement system. In this process step, your IP address is never stored with our service provider or in our system;
  • to protect us from attacks and to ensure the proper operation of our website.

The legal basis for processing this data is Article 6(1)(f) of the General Data Protection Regulation ("GDPR"). Our legitimate interest in the processing of the data follows from the above-mentioned purposes for data processing and the secure, fast and efficient provision of the website as well as the defence against and prosecution of unlawful attacks. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case as soon as the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymised by deleting the last eight bits so that it is no longer possible to identify you.

Contact us

If you contact us via our website and provide your data, e.g.

  • e-mail address
  • your name
  • your address
  • telephone number

the disclosure of your data is voluntary. E-mails are sent via a contact form. We use the data you provide exclusively to answer your enquiry, to prevent misuse of the contact form and to ensure the security of our information technology systems.

Insofar as we need to use your data to store it for our own security purposes and to protect our rights, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

If your request is related to the fulfilment of a contract or if the processing of your data is necessary for the implementation of pre-contractual measures, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise, the processing is based on your consent given with the enquiry in accordance with Article 6 para. 1 sentence 1 lit. a GDPR. By contacting us and providing your data, you consent to the use of the data you have provided. You can revoke your consent at any time with effect for the future by sending us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

We will store your data for as long as and to the extent necessary to answer and fulfil your request or until we receive a request from you to delete your data. Please note: If you ask us to delete your data, we may not be able to answer and fulfil your request.

In the event that external service providers (such as call centres) are used in connection with your contact to process your request, the processing by the external service providers is carried out exclusively on our behalf and instructions on the basis of an agreement in accordance with Art. 28 GDPR.

Registration on our website

You have the option of registering on the website by providing your data. Which personal data is transmitted to the data controller is determined by the respective input mask used for registration, e.g.

  • e-mail address
  • your name
  • your address
  • telephone number

The data provided during registration is used to offer you content or services which, due to the nature of the matter, can only be offered to registered users. The data is also used for statistical purposes. Furthermore, the registration of the data subject (in the data protection declaration generator) can be used to monitor the use of the texts issued by us and protected by copyright, as well as to check the setting of links and the naming of authors, as well as for our own documentation purposes. In addition, we use the data collected via the data protection declaration generator for customer acquisition, in particular for contacting customers by telephone and sending advertising by post and e-mail.

The legal basis for processing is our legitimate interest in sending advertising, Art. 6 para. 1 sentence 1 lit. f GDPR. In addition, we base the processing on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as your registration is necessary to fulfil contractual or pre-contractual obligations. Finally, the basis for the processing of the data voluntarily provided by you during registration is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

The data may also be passed on to external service providers (e.g. parcel service providers or Internet service providers - ISPs) in connection with your registration. In this case, they process the data exclusively on our behalf and in accordance with our instructions on the basis of an agreement concluded with us (Art. 28 GDPR).

As part of the registration on the website, in addition to the above-mentioned data

  • the IP address assigned by the data subject's (ISP),
  • the date and
  • the time of registration are stored.

If you have registered, you are free to have the personal data provided during registration completely deleted from our database, unless the further storage of this data is still required for compelling legal reasons.

Newsletter / Emails

If you register for our newsletter with your e-mail address and thus give your consent, we will regularly send you our newsletter with information about current offers on our degree programmes, discount campaigns on tuition fees and study-related information events as well as information for founders, alumni and other activities for our graduates. To receive our newsletter, it is sufficient to provide an e-mail address and your name. The additional voluntary information about you is only used to personalise the newsletter.

We use the so-called double opt-in procedure to register for our newsletter: After you have registered, we will send you an e-mail to the e-mail address you have provided. In this e-mail, we ask you to confirm that you wish to receive the newsletter. If you confirm your registration for our newsletter, we will save your e-mail address, IP address and the time of registration and confirmation. The purpose of this processing is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. To send you our newsletter, we use the services of external service providers, some of whom are located outside the EU. These external service providers process your data exclusively in accordance with our instructions on the basis of an agreement pursuant to Art. 28 GDPR. Insofar as processing outside the EU occurs in the context of the involvement of these service providers, we use the standard contractual clauses of the European Commission as a basis. You can access these as follows: https: //eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de.

At the end of each newsletter you will find a link that you can use to unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time by sending an email to [email protected].

If you revoke your consent and unsubscribe from the newsletter, we will store the fact of your revocation in a list for three years after the end of the year in which the revocation was made to ensure that you do not receive any further newsletters after you have given your revocation.

Customer Relation Management: Hubspot, Cobra CRM, Dream Apply

We use HubSpot as our Customer Relation Management (CRM) for communication and operational work as well as Cobra CRM, where all information is collated. If you contact us by e-mail, the data you provide may also be processed in our Customer Relation Management. We use Dream Apply in the case of applications from customers who are interested in our degree programmes.

The provider of Dream Apply ("Dream Apply") is DreamApply OÜ, Harju, Tallinn, Tatari 64, 10134. Dream Apply helps us to manage and process the data of our customers' applications for degree programmes. Dream Apply's privacy policy can be found at: www.dreamapply.com/de/privacy-policy.

We use Dream Apply to carry out pre-contractual measures in relation to our customers; the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. b GDPR.

The provider of Cobra CRM ("Cobra CRM") is cobra computer's brainware GmbH, Weberinnenstr. 7 78467 Konstanz. The use of Cobra CRM is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most efficient customer management and customer communication possible. Data protection information on Cobra CRM can be found at: www.cobra.de/rechtliches/datenschutz.

The provider of HubSpot CRM ("HubSpot") is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA. HubSpot enables us, among other things, to manage existing and potential customers and customer contacts. With the help of HubSpot, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). HubSpot also enables us to record and analyse the user behaviour of our contacts on our website. Like other CRM systems, HubSpot also stores various user data, such as

  • Name
  • address
  • email address
  • IP address

The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most efficient customer management and customer communication possible. Insofar as cookies are used in the context of Hubspot CRM, they are used on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future. If you generally do not want HubSpot to collect data using cookies, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

Details on data protection can be found in HubSpot's privacy policy:

https://legal.hubspot.com/de/privacy-policy.

Data transfer to the USA is based on the EU-US Data Privacy Framework ("DPF"). The company is certified in accordance with the DPF. The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA.

We have concluded an agreement with HubSpot, Dream Apply and Cobra CRM in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Online meeting: Teams, Zoom

We use Microsoft 365, Microsoft Teams, both services of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") and Zoom Video Communications, Inc., 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA ("Zoom") to handle our communication.

If you hold an online meeting or consultation with us, e.g. for the purpose of advice on all aspects of your studies, the following data will be stored

  • Your display name
  • your profile picture, if applicable
  • the preferred language
  • date, time, meeting ID
  • if applicable, your telephone number and
  • exchanged texts, audio and video data

processed.
The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. b GDPR or Art. 6 para. 1 sentence 1 lit. a GDPR for information that is not absolutely necessary for the meeting and that you provide to us voluntarily. We process your data in order to answer your enquiry or to advise you. Your personal data will be stored for the duration of the fulfilment of the task and then deleted, unless there is another legal basis for further processing of the data. Longer retention periods may result in particular from retention periods under commercial and tax law.

We have concluded agreements with Microsoft and Zoom in accordance with Art. 28 GDPR. Insofar as the integration of Microsoft and Zoom results in the transfer of your data to the USA, this is based on the DPF. Both Microsoft and Zoom are certified companies under the DPF.

Further information on data processing by Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement and by Zoom at https://explore.zoom.us/en/privacy/.

Online appointment booking: eTermin, HubSpot

Our website uses the services of third-party providers such as eTermin or HubSpot for online appointment bookings. In the case of eTermin, the provider is eTermin GmbH, Im Wiesengrund 8, 8304 Wallisellen, Switzerland (hereinafter "eTermin"). In the case of HubSpot, the provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA.

For the purpose of booking an appointment, you enter the requested data and the desired date in the mask provided for this purpose. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. We also record log files (number and time of page views, browser, browser version and operating system as well as an anonymised IP address). The appointment data is stored for us on the servers of eTermin and Hubspot, whose privacy policy you can view here:
https://www.etermin.net/online-terminbuchung-datenschutz

https://legal.hubspot.com/de/terms-of-service


The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the appointment enquiry is aimed at concluding a contract. In addition, we base the processing on Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in making appointments as uncomplicated as possible.

We have concluded agreements with eTermin GmbH and Hubspot in accordance with Art. 28 GDPR. These are contracts prescribed by data protection law, which ensure that the data is only processed in accordance with our instructions and in compliance with the GDPR.

Event booking: Eveeno, Eventbrite

We use the services of Eveeno and Eventbrite for participant management and ticket booking for conferences, seminars and business events. The provider of Eveeno is Eveeno, Ellenbogen 8, D-91056 Erlangen, Germany ("Eveeno"). The purpose of Eveeno's service and the associated data processing is the organisation and provision of online and hybrid events. The following data is processed in this context:

  • First name
  • surname
  • e-mail address
  • your address
  • telephone number

Eveeno stores the data for a maximum of 12 months by default. The storage period can be adjusted in the Eveeno profile and the deletion of the data can be requested. Further information can be found in the provider's privacy policy:

https://eveeno.com/de/privacy and
eveeno.com/doc/hilfe-und-faq/datenloeschung/

The provider of Eventbrite is Eventbrite, Inc, Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA ("Eventbrite"). Purpose of the Eventbrite service When you book a ticket with us, Eventbrite collects all the data you provide when booking (name, email address, etc.). In addition, your payment data, your IP address and other metadata (browser, operating system, version, end device) are also collected. You can view Eventbrite's privacy policy here:

https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-voneventbrite?lg=de.

The legal basis for processing with Eveeno and Eventbrite is your prior consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or, if the respective online and hybrid event is part of a contractual agreement with you or is used to initiate such an agreement, Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in making participant management and ticket booking as uncomplicated as possible.

When integrating Eventbrite, data may be transferred to the USA. We base this on the DPF. The company is certified in accordance with the DPF.

We have concluded an agreement with Eveeno and Eventbrite in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Recruitment: Unibuddy

We use the student recruitment platform Unibuddy on our website, which is a service provided by Unibuddy Limited, 5 New Street Square, London, EC4A 3TW, United Kingdom ("Unibuddy").

The purpose of Unibuddy is to provide online chats. The following data is processed:

  • User name
  • e-mail address
  • Chat content
  • Device information
  • IP address
  • Browser settings

The legal basis for the processing is your consent, which can be revoked at any time with effect for the future, Art. 6 para. 1 sentence 1 lit. a GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected and no other legal basis makes storage necessary.

The data is processed in the United Kingdom. The European Commission has issued an adequacy decision for the United Kingdom.

Further information can be found at

https://unibuddy.com/privacy-policy/

Communication and chat: WhatsApp

We use the WhatsApp instant messaging service on our website. The service provider is the American company WhatsApp Inc, a subsidiary of Meta Platforms Inc (until October 2021 Facebook Inc.). WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European region. We also use WhatsApp as part of the CRM tool HubSpot mentioned above.

We use WhatsApp to stay in contact and communicate with you if you wish. We use WhatsApp because of the reliability of the service and because it is the most widely used instant messaging tool in the world. The service is practical and enables uncomplicated and fast communication with you. Whether you use WhatsApp is up to you. You can also communicate with us and receive information by telephone, electronically and/or by post.

By using WhatsApp, various types of data, including personal data, may be processed. This includes:

  • Account information such as your phone number, profile picture, username or other information you provide to WhatsApp in the course of creating and managing the WhatsApp account,
  • the content of your messages (text, photos, videos, voice messages)
  • so-called metadata, such as the date and time a message was sent or received, and
  • telephone numbers of the people involved and technical data such as device type, operating system or location data.

The data is stored by WhatsApp for as long as is necessary for the legitimate purposes and to fulfil legal obligations. It is not possible to give a specific answer here as to exactly how long the data is stored, as this depends heavily on the type of data. As a rule, messages are only stored in encrypted form by WhatsApp during delivery and deleted from the servers as soon as a message has been delivered. Messages are only stored on your own device for longer. When media is sent, WhatsApp stores this data in encrypted form for up to 30 days in order to optimise delivery. Account data is stored for as long as you have an active WhatsApps account. If you delete or deactivate the account, your account data will normally also be deleted. The data stored by WhatsApp is stored on the company's own servers, which are located all over the world. In order to operate the web-based WhatsApp services, data is also collected with the help of cookies.

The legal basis for the processing is your consent, which can be revoked at any time with effect for the future, Art. 6 para. 1 sentence 1 lit. a GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected and no other legal basis makes storage necessary.

WhatsApp also processes your data in the USA, among other places. WhatsApp is certified under the DPF, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

You can find more information about the processing of data by WhatsApp in the privacy policy at https://www.whatsapp.com/privacy.

To whom do we transfer your data?

In the course of our business, data may be passed on to companies affiliated with us. Our affiliated companies ("Affiliated Companies") include, for example

  • EBS Universität für Wirtschaft und Recht gGmbH, Gustav-Stresemann-Ring 3, 65189 Wiesbaden, Germany,
  • SRH Fernhochschule / "Mobile University", Kirchstraße 26, 88499 Riedlingen or
  • SRH Fachschulen GmbH, Bonhoefferstraße 1,69123 Heidelberg

Our affiliated companies also offer study programmes and services that complement our portfolio or that of the SRH companies by providing internal service functions such as IT, legal or other shared services. If we have obtained your consent, we may also share your data with Affiliates for their own marketing purposes.

We may also receive personal data from other parties in connection with your course/programme, including:

  • Our Affiliates, as well as service providers responsible for our customer service in your country of residence, who provide us with data needed to provide you with the best possible service and advice.
  • Business partners, such as local sales agents, who promote the sale of our services in your country of residence (SRH Agent Network)
  • Claims adjusters who receive information about your insurance claims in the event of a claim.

We may also offer the option to pay for SRH products via various payment methods including, but not limited to, Evangelische Bank eG. In order to provide you with Flywire's payment methods, we may share your personal data with Flywire in the form of contact and order details. Your transmitted personal data will be processed in accordance with the privacy policy of Flywire Cooperation Inc, 141 Tremont Street, 10th Floor, Boston, MA 02111 USA.

We also work with financial service providers for payment processing. These include (but are not limited to)

  • Evangelische Bank eG, Ständeplatz 19, 34117 Kassel and
  • Flywire, 141 Tremont Street, 10th Floor, Boston, MA 02111 USA.

You can find the privacy policy of Evangelische Bank eG at: https: //www.eb.de/service/datenschutz.html

You can find Flywire's privacy policy at: Legal | Flywire

As part of our organisation, we may use other service providers to whom we make your data available as part of their respective tasks so that they can provide the services owed to us (e.g. IT service providers). These service providers are obliged under a so-called order processing agreement in accordance with Art. 28 GDPR to process your data only in accordance with our instructions. In addition, we may pass on your data to persons obliged to maintain special confidentiality, such as tax consultants, auditors and lawyers.

International data transfers

In addition to the involvement of external service providers located outside the European Union and the associated transfer of data to third countries under the conditions set out in this Privacy Policy, your data may also be shared with our affiliated companies with whom we do business and who need your data for the purpose of providing the services you have requested or in accordance with this Privacy Policy, in accordance with legal or contractual obligations. Such recipients may be located outside your own country, including countries outside the EU and EEA. Such a third country transfer of data may be based on an adequacy decision if the European Commission has determined an adequate level of protection for personal data for the third country in question (e.g. Switzerland). Unless the European Commission has decided that a country ensures an adequate level of protection for personal data, we will use contracts based on the European Commission's standard contractual clauses for the international transfer of personal data to ensure compliance with applicable law.

How long will your data be stored?

The data will generally be deleted if you no longer need it for the purposes for which we collected it. Data may also be stored until the expiry of statutory warranty periods and similar obligations; furthermore, statutory retention obligations apply (e.g. documents relevant under tax law must generally be stored for up to 10 years).

Data protection for minors

If you are under the age of 16, you should review this Privacy Policy with a parent or guardian to ensure that you both understand the Privacy Policy. We are not responsible for verifying your age. If we learn that you are under the age of 16 and we have obtained data from you without parental and/or guardian consent, we will delete the data as soon as possible, in which case you will no longer be able to use any of our products.

Automated decision making

Automated decision-making, including profiling, does not take place.

Is the provision of data mandatory?

There is no contractual or legal obligation to provide your data. Please note that if you do not provide the data we require, we may not be able to provide all the functions of this website and, insofar as it concerns data that we require in the course of our business activities, we may not be able to guarantee that you will receive the information, goods or services you have requested.

What data subject rights are you entitled to?

You have certain rights under the GDPR:

  • Right to information: You have the right to receive information free of charge at any time about the personal data stored about you, its origin and recipient and the purpose of the data processing;
  • Right to rectification: If your personal data is incorrect or incomplete, you have the right to rectification of your personal data;
  • Right to erasure: this right is also known as "the right to be forgotten" and allows you to request the deletion or removal of your personal data if there is no compelling reason for us to continue using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue to use your personal data where such use is necessary for compliance with our legal obligations or for the establishment, exercise or defence of legal claims;
  • Right to restrict our use of your data: the right to suspend the use of your personal data or restrict the way in which we can use it. Please note that this right is restricted in certain situations: if we process the personal data that we have collected with your consent, you can only request a restriction in the following cases: (a) the accuracy of the personal data is contested by you; (b) if our processing is unlawful and you do not want your personal data to be erased; (c) if you need the data for legal prosecution or (d) if you have objected to the processing and it is not yet clear whether your legitimate grounds override our legitimate interests. If processing is restricted, we can still store the data, but may not continue to use it. We keep lists of individuals who have requested a restriction on the use of their personal data to ensure that the restriction is honoured;
  • Right to data portability: the right to request that we receive your personal data in a structured, commonly used and machine-readable format in order to transmit this data to another controller without hindrance from us;
  • Right to object: the right to object to the use of your personal data by us
  • Right to information: the right to receive clear, transparent and easily understandable information about how we use your personal data
  • Right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time (however, if you do so, this does not mean that anything we have done with your personal data with your consent up to that point is unlawful). The lawfulness of the data processing carried out up to the point of revocation remains unaffected by the revocation. Exercising these rights is free of charge for you, but you are obliged to provide proof of your identity.

To make a request to us or exercise any of your rights set out in this Privacy Policy and/or lodge a complaint, please contact us by email or letter and we will endeavour to respond within 30 days. Contact details can be found at the end of this Privacy Policy.

Right of appeal

You have the right to lodge a complaint with us (see contact details below) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If we receive formal written complaints, we will contact the person who made the complaint to investigate the complaint. We will co-operate with the relevant authorities, including the local data protection authority, to resolve any complaints that we are unable to resolve directly.

The local competent data protection authority is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Königstrasse 10 a

70173 Stuttgart

www.baden-wuerttemberg.datenschutz.de

You can contact us at any time with questions, complaints or to assert your data protection rights.

By post: SRH University, Attn: Data Protection Officer, Ludwig-Guttmann-Straße 6, 69123 Heidelberg.
By email: [email protected]

Changes to the privacy policy
Changes may be made to this privacy policy, which will be announced on this page in good time.

Find out about our wide range of study programmes
Whether full-time or working while studying. Small or big city. Discover our study programmes at 18 modern campuses.