Claim Hochschule Weihenstephan-Triesdorf - University of Applied Sciences

Data protection

Data protection basics

Data protection aims to ensure the right to self-determination in respect of information. This right is intended to put individuals in a position to be able to control who accesses and processes their personal data. Here, the principle of "prohibited until authorised" is at play - this means the processing of personal data is initially prohibited and only allowed if this is permitted by a law or if the individual in question has consented to the processing.

Duties of the Data Protection Officer

As a contact person for students and staff, the duty of the Data Protection Officer is to clarify any data protection questions that arise and to support the University Administration in implementing data protection measures.
He works towards data protection, and monitors compliance with data protection rules in accordance with the new EU General Data Protection Regulation (EU GDPR), which will apply from 25/05/2018.

Procedure index/processing operations log

Every state body that stores personal data must document how it handles this data. The term "procedure index" is commonly used to describe this documentation. The EU DSGVO calls it "records of processing activities", but the differences in terms of content are minor.
All members of HSWT who are responsible for procedures in which personal data is processed are urgently requested to document this procedure and submit this to the Data Protection Officer for approval. We have created the DAMAS system for this purpose. The form previously used is no longer accepted (as of 02/2020). The documentation obligation applies to automated and non-automated procedures. The old procedures approved by the Data Protection Officer will remain available to view at the following path until the documentation in DAMAS is complete:


Instructions ("manual") relating to the issue of process description can be found here. The EU DSGVO no longer intends to publish the list of processing activities, the list of processing activities is primarily intended to provide evidence to the supervisory authority.

Rights of the person concerned

You have the following rights according to the General Data Protection Regulation:

    • If your personal data is processed, you have the right to access the personal data about you that has been stored (Art. 15 of the GDPR).

    • If incorrect personal data is processed, you have the right to the rectification of such data (Art. 16 of the GDPR).

    • If the statutory requirements are met, you have the right to request the erasure or restriction of processing, and you have the right to object to such processing (Art. 17, 18 and 21 of the GDPR).

    • If you have given your consent to data processing or if a contract exists pertaining to data processing and if such data processing is carried out via automated processes, you have a right to data portability where applicable (Art. 20 of the GDPR).

    Should you exercise your above-mentioned rights, the public body will review whether the statutory requirements are met.

    For requests for information as per Art. 15 of the EU GDPR, please use this form (in German) and send it to us by post. The address is specified on the form. Your enquiry will then be distributed to the organisational units concerned as per the list of processing activities. The data protection officer will receive a copy of the request.

    If you believe that your data is not being treated properly, you can contact the commisary data protection officer at Weihenstephan-Triesdorf University of Applied Sciences, Dr Matthias Kopp, at any time. However, you also have the right to complain to the Bavarian Regional Officer for Data Protection (Bayerischen Landesbeauftragten für den Datenschutz), Prof. Dr. Thomas Petri. The Bavarian Regional Officer for Data Protection is the supervisory authority responsible for Weihenstephan-Triesdorf University of Applied Sciences.

    Data breach

    Art. 33 of the EU GDPR stipulates that in the case of a personal data breach, the data controller shall notify it to the supervisory authority no later than 72 hours after having become aware of it. In the case of Weihenstephan-Triesdorf University of Applied Sciences, the data controller is the President. The obligation to inform is exercised by the chancellor in consultation with the data protection officer. Weihenstephan-Triesdorf University of Applied Sciences employees are therefore asked to report any breaches to the chancellor or the data protection officer, who will then introduce the necessary measures.

    Special topics

    Data privacy statement

    To read this website’s privacy statement, please see the privacy notice.