This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.
For more information on the processing of your data, please use the contact details given below.
Contact details of the controller
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:
Hochschule für Musik und Theater München
tel. (switchboard): 089/289-03
The Hochschule für Musik und Theater München is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Dr. Bernd Redmann.
Contact details of the Data Protection Officer
Data Protection Officer of the Hochschule für Musik und Theater München
Mr. Mike Gangkofner
Purpose of and legal basis for the processing of personal data
The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.
The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.
Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.
Recipients of personal data
Technical operation of our data processing systems is conducted by
Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ)
85748 Garching bei München
If necessary, your data is forwarded to the respective authorities responsible for supervision and auditing so that they can fulfil their duties.
To prevent risks to the security of information technology, data may be forwarded to the Landesamt für Sicherheit in der Informationstechnik (Bavarian state office for security in information technology) and processed there on the basis of section 12 of the Bavarian act to promote electronic government (BayEGovG).
Storage period for personal data
Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.
Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:
You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München.
Right to object
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.
Our web server is operated by Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ). The personal data transmitted by you when you visit our website is therefore processed on our behalf by
Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ)
85748 Garching bei München
Creation of log files
By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:
The data in this log file is processed as follows:
The IP addresses contained in the log files are not combined with other data, so that the LRZ cannot draw conclusions about individual users.
We store this data for reasons of technical security, in particular to prevent attempted hacking of our web server. After one your at the latest, data is anonymised by shortening the IP address at domain level so that it is no longer possible to connect the data to individual users.
We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.
Analysis of user behaviour (web tracking systems; audience reach measurement)
For the purpose of optimising our website based on user needs we use the web analysis tool Matomo to analyse user behaviour on the site. Matomo (formerly Piwik) is an open source software application that creates statistical analyses of user access. Matomo software is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zeeland.
Your IP address is first anonymised and then analyse in anonymised form. You can adjust your browser settings to disable this function.
You can choose whether a unique web analysis cookie may be stored in your browser, to enable the operator of the website to record and analyse various statistical data.
If you do not wish your data to be collected and analysed, click on the following link to store the Matomo deactivation cookie in your browser.
On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience.
We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it.
The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (6) of the Bavarian Higher Education Act (BayHSchG), article 3 of the BayHschG, article 4 (1) sentences 1 and 2 of the BayEGovG, section 5 (1) point 2) of the German Broadcast Media Act (TMG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR.
Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations.
If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations.
Additional data protection information on the service providers or services
Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers.
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, owned by: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Facebook, Inc. 1601 Willow Road Menlo Park, California 94025, USA
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
You can subscribe to our newsletter. To subscribe it is generally sufficient to enter your email address. We may, however, ask you to give your name, so that we can address you personally in the newsletter, or to give other information that is necessary for the purposes of the newsletter. Your email address is stored for the purpose of sending the newsletter and processed only for the purpose of sending the newsletter. The newsletter is sent based on your consent.
Your address and your order are sent to the distribution company, rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg for the purpose of processing your order. More information on rapidmail GmbH is available here:
Double-opt-in procedure: Subscription to our newsletter always uses a so-called double-opt-in procedure: This means that you receive an email upon registration; this message asks you to confirm your registration. This confirmation is necessary to prevent people from registering with other people's email addresses. Registrations for the newsletter are logged so that the registration process can be documented in accordance with legal requirements. This includes storing the time of registration and time of confirmation as well as the IP address. Changes to the data stored with the distributor are also logged.
Possibility to object (opt out): You may cancel your subscription to our newsletter, i.e. revoke your consent or object to further receipt, at any time. A link for cancelling the subscription is provided at the end of each newsletter, or you can use any of the above-mentioned ways to contact us, preferably email.
The data you enter is stored for the purpose of communicating with you individually. To do this we need a valid email address and your name. This serves the purpose of assigning and subsequently answering your enquiry. Any further information is optional.
The basis for the processing of the personal data you enter in the obligatory fields is, if nothing else is specified, article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with article 2 of the Bavarian Higher Education Act (BayHSchG) within the scope of the opening clause of article 6 (2)-(3) in combination with article 6 (1) point (1) point (e) of the GDPR. These provisions allow the Hochschule für Musik und Theater München to process the data necessary to complete its tasks as stated in the higher education act. Permission to process data can also be based on a legal duty of the Hochschule für Musik und Theater München pursuant to article 6 (1) point 1 (c) of the GDPR in combination with duties resulting from the BayHSchG.
For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.
We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.
Do you have any questions?
If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly:
Datenschutzbeauftragter der Hochschule für Musik und Theater München