transparency information

Information on the processing of your data according to GDPR

Based on Articles 13 and 14 of the General Data Protection Regulation (GDPR), we would like to inform you about the processing of your personal data. This consists of a generally applicable part as well as further information on the individual processing of the data subject’s data under section 11.

1. Who is Data-Controller for the processing of your personal data, who is the data protection officer?

Depending on your contractual relationship with us, the following data controllers are responsible for processing your personal data: .

1.1 Data-Controller

Hochschulen Fresenius gemeinnützige Trägergesellschaft mbH
Limburger Straße 2
65510 Idstein

Hochschulen Fresenius GmbH
Limburger Straße 2
65510 Idstein

Telefon: + 49 (6126) 93 52 0
Telefax: + 49(6126) 93 52 10

Hochschule Fresenius online plus GmbH
Limburger Straße
265510 Idstein

Telefon: +49 221 29258-600
Fax: +49 221 29258-999

Hochschule Fresenius für Internationales Management Gesellschaft mit beschränkter Haftung
Sickingenstraße 63-65
69126 Heidelberg

Telefon: +49 (62 21) 64 42 0
Telefax: +49 (62 21) 64 42 42

1.2 Contact details of the data protection officer

Data Protection Officer
Im MediaPark 4e
50670 Cologne

Phone: +49 221 921512-782

2. For what purposes and on what legal basis is your data processed?

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g. university laws, etc.).

2.1 Based on your consent (Art. 6 para. 1 lit. a GDPR)

If you have given us consent to process your personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke this consent at any time with effect for the future in accordance with Art. 21 GDPR. The revocation is only effective for future processing.

2.2 For the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR)

We process your data for the fulfilment of our contractual relationship. The purposes of the data processing depends in detail on the specific product and the contract documents.

2.3 To comply with legal obligations (Art. 6 para. 1 lit. c GDPR)

We process your data to comply with a legal obligation to which we are subject as the controller.

2.4 To safeguard vital interests (Art. 6 para. 1 lit. d GDPR)

We process your data to protect vital interests of the data subject or another natural person.

2.5 Within legitimate interests pursued by the controller (Art. 6 para. 1 lit. f GDPR)

Furthermore, processing may also take place based on a balancing of interests to protect the legitimate interests of the controller or third parties. Our interest in the respective processing results from the respective purposes and such as efficient task fulfilment, sales, avoidance of legal risks. As far as the specific purpose allows, we adhere to the principle of data minimization and process your data in pseudonymized or anonymized form.

3. Who gets your data?

Your data will only be transmitted if this is permitted by a legal basis. Within our company, only those persons and departments (e.g. IT, Sales, HR, Marketing…) receive your personal data that require it to fulfil our contractual and legal obligations.

Within our COGNOS Group, your data will be transferred to certain companies if they perform data processing tasks centrally for the companies affiliated in the Group (e.g. disposal of paperfiles).

Furthermore, personal data may be transferred to recipients outside the company, if this is necessary for the fulfilment of contractual and legal obligations as the Data-Controller, such as:

• Processors according to Art. 28 GDPR, in scope of IT services, logistics, transport company, affiliated companies of the COGNOS Group and printing services, who process your data on behalf of the Controller.
• Joined Controller according to Art 26 GDPR as far as it is necessary for the fulfilment of the task
• Public authorities and institutions (e.g., Federal Statistical Office, State Education Authority, etc.)

4. What data protection rights do you have as data subject?

You can exercise the following data subject rights with the Data-Controller for processing of personal data (see above):

• Information (according to Art. 15 GDPR) about your stored personal data
• Correction (according to Art. 16 GDPR) and
• Deletion (according to Art. 17 GDPR) of your data. You may furthermore have a right to
• Restriction of the processing (according to Art. 18 GDPR) of your data, a right to
• Right to data portability (Art. 20 GDPR) get data in a structured, common, and machine-readable format as well as the
• Right to object (Art. 21 GDPR)

5. Where can you complain?

Furthermore, you have the right to lodge a complaint with a supervisory authority (pursuant to Art. 77 GDPR): If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can file a complaint with the supervisory authority in charge:

6. How long will your data be stored?

To the extent necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the Education Laws of the federal states or other legally prescribed periods. The periods specified there for retention or documentation are up to 60 years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), generally amount to three years, but in certain cases can also be up to thirty years.

7. Will your data be transferred to a third country?

If we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection safeguards (e.g. Binding Corporate Data Protection Rules or EU Standard Contractual Clauses (incl. Transfer Impact Assessment)) are in place.

8. Are you obliged to provide your data?

Within the scope of our business relationship, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or which we are legally obliged to process.

Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.

9. To what extent is there automated decision-making in individual cases?

For the establishment and implementation of the business relationship, we generally do not use automated decision-making in accordance with Art. 22 GDPR. If we want to use these procedures in individual cases, we will inform you separately in advance.

10. To what extent will my data be used for profiling?

If we process your data automatically with the aim of evaluating certain personal aspects (such as so-called “profiling” pursuant to Art. 4 No. 4 GDPR), we will inform you separately in advance.

11. Special section for Data Subjects

Below you will find further information according to Art. 13 and 14 GDPR for the individual processing of data subjects’ data. Please click on the applicable link (+) to obtain further information on the processing:

If you have any questions or if you require further, more detailed information on the processing of your personal data, please do not hesitate to contact us at

Status: 01.2023