Data Protection Declaration

This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.

For more information on the processing of your data, please use the contact details given below.

A. General information

Contact details of the controller

The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:

University of Music and Performing Arts Munich
Arcisstraße 12
80333 München

tel. (switchboard): 089/289-03
email: verwaltung(at)

The University of Music and Performing Arts Munich is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Dr. Bernd Redmann.

Contact details of the Data Protection Officer

You can contact our official Data Protection Officer at:
Data Protection Officer of the University of Music and Performing Arts, Munich
Mr. Mike Gangkofner

Standort Gasteig
Kellerstraße 6
81667 München

Tel.: 089/48098-4508
Email: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

Purpose of and legal basis for the processing of personal data

The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.

The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.

Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.

Recipients of personal data

Technical operation of our data processing systems is conducted by

Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ)
Boltzmannstraße 1
85748 Garching bei München
tel.: 089/35831-8000
fax: 089/35831-9700
email: lrzpost(at)

Storage period for personal data

Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.

B. Rights of the data subject

General regulations

Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:

  • You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
  • If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
  • If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply, however, if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
  • If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
  • If there is an international transfer of personal data without the basis of an adequacy decision of the EU Commission, you have the right to obtain a copy of the contractual safeguards from us upon request.
  • You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München. In addition to the right of appeal, you can also seek a judicial remedy.

Right of revocation

Insofar as processing is based on consent, you have the right to revoke your consent at any time.
The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the
processing carried out on the basis of the consent until the revocation.

Right to object

You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data. 

C. Information about the website

Technical implementation

Our web server is operated by Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ). The personal data transmitted by you when you visit our website is therefore processed on our behalf by

Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ)
Boltzmannstraße 1
85748 Garching bei München
Tel.: 089/35831-8000
Fax: 089/35831-9700
Email: lrzpost(at)

Creation of log files

By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the accessed file and data volume transmitted
  • Access status (file transmitted, not found etc.)
  • Identifying data of browser and operating system used (if transmitted by the browser accessing the site)
  • The website from which our website is accessed (if transmitted by the browser accessing the site)

The data in this log file is processed as follows:

  • Log entries are continually and automatically analysed, with the purpose of recognising attacks on the server and being able to react accordingly.
  • In some instances, for example if an error or security breach is reported, a manual analysis is performed.
  • Log entries that are older than seven days are anonymised by shortening the IP address.
  • The anonymised logs are used for creating statistics on site access. The software used for this is operated locally by the LRZ.

The IP addresses contained in the log files are not combined with other data, so that the LRZ cannot draw conclusions about individual users.

We store this data for reasons of technical security, in particular to prevent attempted hacking of our web server. After one your at the latest, data is anonymised by shortening the IP address at domain level so that it is no longer possible to connect the data to individual users. 

SSL encryption

We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.

Active Components

We use active components such as JavaScript, Java-Applets or Active-X-Controls. You can adjust your browser settings to disable this function.


When you access this website, we store cookies (small files) on your device that are valid for the duration of your visit to our website (session cookies). These are only used while you are accessing our website. Most web browsers are set up to allow the use of cookies. You can deactivate this function using your browser settings, either for the current session or permanently. Your browser will delete these cookies automatically when you leave the site.

Analysis of user behaviour (web tracking systems; audience reach measurement)

For the purpose of optimising our website based on user needs we use the web analysis tool Matomo to analyse user behaviour on the site. Matomo (formerly Piwik) is an open source software application that creates statistical analyses of user access. Matomo software is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zeeland.

Your IP address is first anonymised and then analyse in anonymised form. You can adjust your browser settings to disable this function.

You can choose whether a unique web analysis cookie may be stored in your browser, to enable the operator of the website to record and analyse various statistical data.

If you do not wish your data to be collected and analysed, click on the following link to store the Matomo deactivation cookie in your browser.

D. Information on specific instances of data processing

Social Media

On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience.

We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it.

The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (6) of the Bavarian Higher Education Act (BayHSchG), article 3 of the BayHschG, article 4 (1) sentences 1 and 2 of the BayEGovG, section 5 (1) point 2) of the German Broadcast Media Act (TMG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR.

Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations.

If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations.

Additional data protection information on the service providers or services

Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers.

You can limit the scope of data processing to some extent by adjusting your browser setting or installing browser add-ons. Useful information about this is available at (available only in German). The providers also offer individual settings to regulate advertising and tracking, for example. This may only be possible if you have an account with the respective provider. We have listed important information sources as well as terms of use for the most important ones here.


Facebook (including Instagram)

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Facebook, Inc. 1601 Willow Road Menlo Park, California 94025, USA


Google YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland


LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland


New Work SE (Dammtorstraße 29-32, 20354 Hamburg)


Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland


You can subscribe to our newsletter. To subscribe it is generally sufficient to enter your email address. We may, however, ask you to give your name, so that we can address you personally in the newsletter, or to give other information that is necessary for the purposes of the newsletter. Your email address is stored for the purpose of sending the newsletter and processed only for the purpose of sending the newsletter. The newsletter is sent based on your consent.

Your address and your order are sent to the distribution company, rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg for the purpose of processing your order. More information on rapidmail GmbH is available here:

Double-opt-in procedure: Subscription to our newsletter always uses a so-called double-opt-in procedure: This means that you receive an email upon registration; this message asks you to confirm your registration. This confirmation is necessary to prevent people from registering with other people's email addresses. Registrations for the newsletter are logged so that the registration process can be documented in accordance with legal requirements. This includes storing the time of registration and time of confirmation as well as the IP address. Changes to the data stored with the distributor are also logged.

Possibility to object (opt out): You may cancel your subscription to our newsletter, i.e. revoke your consent or object to further receipt, at any time. A link for cancelling the subscription is provided at the end of each newsletter, or you can use any of the above-mentioned ways to contact us, preferably email.

Contact form

The data you enter is stored for the purpose of communicating with you individually. To do this we need a valid email address and your name. This serves the purpose of assigning and subsequently answering your enquiry. Any further information is optional.

The basis for the processing of the personal data you enter in the obligatory fields is, if nothing else is specified, article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with article 2 of the Bavarian Higher Education Act (BayHSchG) within the scope of the opening clause of article 6 (2)-(3) in combination with article 6 (1) point (1) point (e) of the GDPR. These provisions allow the Hochschule für Musik und Theater München to process the data necessary to complete its tasks as stated in the higher education act. Permission to process data can also be based on a legal duty of the Hochschule für Musik und Theater München pursuant to article 6 (1) point 1 (c) of the GDPR in combination with duties resulting from the BayHSchG.

Google reCAPTCHA

To ensure a sufficient level of data security when transmitting forms, we sometimes use Google’s reCAPTCHA service. This mainly serves the purpose of differentiating between information entered by a natural person or misuse by machine or automated processing. The service includes transmitting the IP address and possibly other data required by Google for the reCAPTCHA service to Google. In these cases, Google Inc.’s data protection policy, which may differ from ours, applies. Further information on the Google Inc. privacy policy is available at


For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.

E. Amendments to our data protection declaration

We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.

Do you have any questions?

If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly:

Data protection office of the University of Music and Performing Arts, Munich
Tel.: 089/48098-4508
Email: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!