Privacy policy


We are delighted about the visit of our website. Reutlingen University (hereinafter ‘Reutlingen University’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform about how personal data is processed on our website.

Controller and data protection officer


Reutlingen University

Alteburgstrasse 150

72762 Reutlingen



Tel.: +49 (0) 7121 271 7072

External data protection officer:

Maximilian Musch

Deutsche Datenschutzkanzlei

Richard-Wagner-Strasse 2

88094 Oberteuringen



Telephone: +49 (0) 7542 949 21 02


The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.

Information on data processing

Automated data processing (log files etc.)

Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources. We process and use the data for the following purposes:  to provide the website, to improve our websites and to prevent and identify errors/malfunctions and the abuse of the website.

Legal base: legitimate interests (Art. 6 (1) (f) GDPR

Legitimate interests: ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.

Blog and forum

We have provided a blog or comparable opportunities for publication on our webpage. We want to give visitors to our online offering the option of contacting us or sharing their thoughts and suggestions with us in this manner.

If users of our online offering publish comments and contributions on our website, we are obliged to prevent unlawful content, or the publication of the same, from appearing on our website. We collect the IP addresses of the users in question so that we can adhere to this obligation and protect our interests in being indemnified in the event that we are used for third-party content. This also helps us to identify spam.

Beyond this, users of the function provided are not obliged to make details available that could lead to conclusions being drawn about the identity of the user in question. A contribution can even be published under a pseudonym, meaning that the user can then decide themselves what data and content we process.

Categories of data subjects:   Users of the function in question

Data categories: Master data (e.g. name), contact data (email address), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times),), metadata and communication data (e.g. device information, IP addresses).

Purposes of processing: Networking of users, creation of customer loyalty, services and feedback.

Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR).

Legitimate interests: Indemnification in the event of liability, prevention, security of the webpage, duplication of communication channels with visitors to the online offering, optimisation and further development of online offering.

Tool: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA



Data transfer

We transfer your data internally within the mechatronics degree programme in order to comply with our contractual or statutory obligations. Your data is only transferred or disclosed to the extent necessary, in compliance with the applicable data protection regulations. Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.

Legal basis: Legitimate interests (article 6 (1) (f) GDPR).

Legitimate interests:‘Small-group exemption’, centralised management and administration.

Data is not transferred to a third country.

Storage period

In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).

Automated decision-making

We do not use automated decision-making or profiling.

Legal bases

The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.

Consent: Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.

Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.

Legal obligation:  Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.

Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.

Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.

Rights of the data subject

Right of access: Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.

Right to rectification:    Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.

Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.

Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.

Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.

Right to object: If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.

Withdrawal of consent

Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.

External links

Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.


We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.

This Privacy Policy was drawn up by the DDSK