Privacy Policy

 1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data of the users of our homepage only to the extent that this is necessary for the provision of a functional website, our contents and services.

In principle, the collection and use of personal data of our users only after their consent. An exception to this principle applies in cases where processing of the data is permitted by legal regulations or where obtaining prior consent is not possible for actual reasons.

2. Legal basis for the processing personal data

Art. 6 para. 1 p. 1 lit. a GDPR when obtaining the consent of the data subject.

Art. 6 para. 1 sentence 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary for the implementation of pre-contractual measures.

Art. 6 (1) sentence 1 lit. c GDPR for processing operations that are necessary for the fulfillment of a legal obligation.

Art. 6 (1) p. 1 lit. d GDPR if vital interests of the data subject or another natural person make processing of personal data necessary.

Art. 6 para. 1 p. 1 lit. f GDPR, if the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest. In order to be able to base the processing of personal data on a legitimate interest, an assessment is carried out in each case in consultation with the Data Protection Officer for each relevant process, whereby the following three conditions must be met:

1) The controller or a third party has a legitimate interest in the processing of personal data.
2) The processing is necessary to safeguard the legitimate interest.
3) Interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail.

3. Data deletion and storage duration

Users' personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. Storage beyond this may take place if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the responsible party is subject. Blocking or deletion of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information may be collected:

Information about the browser type and version used, The user's operating system, The user's internet service provider, The user's IP address, The date and time of access, Websites from which the user's system accesses our website, Websites accessed by the user's system via our website.

The described data is stored in the log files of our system. No storage of this data takes place together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.

The collection of their personal data for the provision of our website and the storage of the data in log files is mandatory for the operation of the website. Therefore, there is no possibility for the user to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or alienated. An assignment of the calling client is thus no longer possible.

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you access a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are used by us to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

TDDDG:

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TDDDG).

Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR (Art. 6 para. 1 p.1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for the storage of information in the end user's terminal equipment - in particular for the storage of cookies - is your consent, Section 25 (1) sentence 1 TDDDG. The consent is given when visiting our website -which of course does not have to be given- and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TDDDG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary(often also referred to as "technically necessary cookies"),therefore fall under the exemption of Section 25 (2) TDDDG and thus do not require consent.

GDPR:

When you view the FIS website, some information may be stored on your computer. This information will be in the form of a 'cookie' or similar file and will allow the website to tailor the experience to your interests and preferences. With most Internet browsers, cookies can be blocked or erased after visiting a website.

We use cookies to make our homepage more user friendly. Some elements of our website require that the browser be identified even after a page break. The following data is stored and transmitted:

Log-in information (only community members)

The legal basis for processing personal data using cookies is defined in Article 6 Section 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website.

Please note that some functions on our website can only be offered if cookies are enabled. This applies to the following application:

Remembering Keywords

We do not use user data collected by technically required cookies to create user profiles.

Cookies are stored on the user's computer, which transmits them to our page. As a user, you therefore have control over the use of cookies. You can restrict or disable transmission of cookies by making changes to your Internet browser settings. Here you can also delete cookies that have been stored. Please note some aspects of this website may not function properly if your browser is set to block cookies.The legal basis for the processing of personal data using cookies for analysis and advertising purposes is, if the user has given his consent, Art. 6 para. 1 p. 1 lit. a GDPR.

Our website uses the cookie consent technology of Termly to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is the company Termly, Termly Headquarters, 906 W 2nd Ave Ste 100, Spokane, Washington, 99201, USA or (for Europe:) Maetzler Rechtsanwalts GmbH & Co KG, Schellinggasse 3, 1010 Wien, Austria (hereinafter Termly).

When you enter our website, a Termly cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. If consent has been granted, the Termly cookie data will also be logged with Termly. We have concluded a data privacy agreement with termly. Moreover, Termly is listed in list of participating companies under the Data Privacy Framework concluded between Europe and the USA.  

The collected data will be stored until you request us to delete it or delete the Termly cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Cookiebot can be found at https://termly.io/privacy-center/.

The Termly cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

You can view and adjust your cookie settings by pressing the cookie button on the bottom of every page of this website.

1. Right to information

You have the right to receive information from us as the responsible party as to whether and which personal data concerning you are processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.

You could assert your right to information at:

GDPR@fis.edu

2. Right to rectification

If the personal data processed by us and concerning you is incorrect or incomplete, you have a right to rectification and/or completion vis-à-vis us. The rectification will be carried out without delay.

3. Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).

4. Right to deletion

If the reasons outlined in Art. 17 GDPR apply, you may request that the personal data concerning you be deleted without delay.

We would like to point out that the right to erasure does not exist insofar as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 (3).

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Furthermore, you have the right to be informed about these recipients.

6. Right to data portability

According to the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, common and machine-readable format or to request its transfer to another controller.

Right to revoke the declaration of consent under data protection law.

You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

7. Right to objection

Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f GDPR.

8. Automated decision in individual cases, including profiling

According to the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

9. Right to lodge a complaint with a supervisory authority

Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.

10. Data transfer outside the EU

The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard data protection clauses".

Minors under the age of 16 are expressly not addressees of our website and our offers on this website. We point out that legal guardians must accompany the online activities of their children. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect such data and do not pass it on to third parties.

If you wish to contact us, you have the option of contacting us via the e-mail addresses provided. In this case, the user's personal data transmitted with the e-mail will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the establishment of communication.

The legal basis for processing the contact request and its handling is regularly Art. 6 para. 1 p.1 lit. a, lit. b and lit. f GDPR.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

On this website, we display job offers to which interested parties can apply via the online form of our service provider Hirebridge (Hirebridge LLC, 3200 N University Drive - Suite 214, Coral Springs, FL 33065, USA). Standard contractual clauses have been concluded with the service provider. For more information, see https://www.hirebridge.com/corp/privacy.aspx

Unsolicited applications can also be sent to us by e-mail. In the event of an incoming application, we process the data received from the applicant exclusively for the purpose of processing for potential filling of the vacant position.

The primary legal basis for this is Article 88 GDPR in conjunction with Section 26 (1) BDSG or Article 6 (1) p. 1 lit. a, b and f GDPR.

Within our company, only those persons will have access to your personal data who are responsible for processing the application procedure and are the decision-makers regarding the application outcome.

We delete your personal data as soon as they are no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Your personal data will not be passed on to third parties.

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) does not use cookies and only collects your IP address out of technical necessity. The tool takes care of triggering other tags, which in turn may set cookies and collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

If we have obtained consent from you, the legal basis for the use of Google Tag Manager is Art. 6 (1) p. 1 lit a GDPR. Otherwise, the legal basis for the use of the technically necessary cookie results from our legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR.

For more information, please see the provider's terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.html

We integrate the fonts ("Google Web Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our homepage on the basis of our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR. The aim is the optimization and economic operation of our homepage. We host the fonts from our own servers so that no data is transmitted to Google.

The privacy policy of the provider can be found at: https://www.google.com/policies/privacy

We integrate the fonts ("Google Web Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our homepage on the basis of our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR. The aim is the optimization and economic operation of our homepage. We host the fonts from our own servers so that no data is transmitted to Google.

The privacy policy of the provider can be found at: https://www.google.com/policies/privacy

In order to provide you with secure data transmission on our website using SSL encryption and to secure our website against malicious, mass (DDoS) or other access that would disrupt or prevent the operation of the website, we use the service of Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107.

We have concluded a corresponding order processing agreement with Cloudflare based on the GDPR.

As part of the protection of this website, Cloudflare uses a script and possibly a cookie in your browser. This cookie is used to validate access and to detect malicious access attempts. Cloudflare collects statistical data about visits to this website. The access data includes:

Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer. Please also read the privacy policy of Cloudflare which is available here https://www.cloudflare.com/privacypolicy/.

The legal basis for the use of Cloudflare is our legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR, which consists in the purposes described above.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

You can prevent the collection and forwarding as well as the processing of this data by deactivating the execution of script code in your browser, installing a script blocker in your browser (you can find this, for example, at www.noscript.net) or activating the "Do Not Track" setting of your browser.

Until now, it was possible under Section 15 (3) of the German Telemedia Act (TMG) for technically unnecessary cookies to pseudonymize the personal data processed and to inform the user about the use of cookies and his right to object and remove them ("opt-out solution"). However, it is disputed in the legal literature whether this standard continues to apply after the GDPR comes into force. In case of doubt, it must therefore be assumed that the provisions of the GDPR alone now apply. In this case, only Article 6 (1) of the GDPR applies.

Even according to this standard, a continuation of the previous practice is conceivable if a "legitimate interest" of the processor according to Art. 6 (1) sentence 1 lit. f GDPR is taken as a basis. Accordingly, a cookie notice banner and an opt-out option in the privacy policy would be sufficient.

However, in view of the position paper of the Data Protection Conference (we reported), it can currently be assumed that the German supervisory authorities will require the prior consent of the user. The legal basis for the processing of personal data using cookies for analysis purposes would therefore be Art. 6 (1) p. 1 lit. a GDPR if the user has given his consent in this regard.

 1. Social Media Platforms

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads
and http://www.youronlinechoices.com

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy/Opt-Out: http://instagram.com/about/legal/privacy/.

Twitter (X)

Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/settings/account/personalization

YouTube (Google)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

2. Social Media Presence

We maintain fan pages within various social networks and platforms with the aim of communicating with customers, interested parties and users active there and informing them about our services there.

We would like to point out that in doing so, your personal data may be processed outside the European Union, so that risks may arise for you in this regard (for example, when enforcing your rights under European / German law).

User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR. If users are asked by the respective providers to consent to data processing (i.e. declare their consent, e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 p. 1 lit. a. GDPR.

For more information about the processing of your personal data and your objection options, please refer to the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made against the providers, then only they have direct access to the data of the users and have the corresponding information. Of course, we are available for any queries and will support you if you need help.

We have integrated YouTube videos into our online offer, which are stored on http://www.youtube.com and can be played directly from our website. These are all integrated in "extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

The legal basis for the use of YouTube is our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f, which is to provide our users with the most extensive and appealing user experience possible.

For more information on the purpose and scope of data collection and its processing by YouTube, please see the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy

Opt-out: https://support.google.com/ads/answer/10261289?hl=de&ref_topic=7048998