Data protection information

Date: 24.04.2024

Information on the Collection of Personal Data According to Article 13 of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of April 27, 2016)

I. Names and contact details of the person responsible for processing personal data

Rector of RWTH Aachen University
Templergraben 55
52062 Aachen (physical address)
52056 Aachen (mailing address)
Phone: +49 241 80 1
Fax: +49 241 80 92312
Email: rektorat@rwth-aachen.de
Website: www.rwth-aachen.de/rektorat

For data processing:
RWTH Aachen University
Language Center
Eilfschornsteinstrasse 15
52062 Aachen
Phone: +49 241 80 96139
Email: sekretariat@sz.rwth-aachen.de

II. Contact details of the data protection officer

Data Protection Office of RWTH Aachen University
Templergraben 83
52062 Aachen (physical address)
52056 Aachen (mailing address)
Germany
Phone: +49 241 80 94114
Email: dsb@rwth-aachen.de

III. Purpose and legal basis of processing personal data

Purpose of processing

The data are collected for the purpose of registering students and staff for courses offered by the Language Center, allocating course places, creating participant lists, documenting course results, issuing certificates of attendance and course certificates, transferring grades to the Central Examination Office of RWTH, as well as for future planning, preparation, and follow-up on offerings of the Language Center.

Categories of personal data

Firstly, participants’ personal data such as their name, student ID number, RWTH username, gender, and email address are saved. Additionally, study-related data about programs studied, participants’ affiliation with a faculty, and modules registered are collected. Furthermore, all data necessary for registration in language courses are stored, such as placement test results, affiliation with specific faculties or study programs, current language proficiency levels in the languages studied by participants as well as language proficiency certificates that have already been issued. Registration data from each registration process are also stored. Course certificates including detailed examination results and notifications sent to the examination office are retained. When students pay for a course place, their bank account details and payment information for this individual payment are stored.

The personal data of staff members of the Language Center are stored in a similar manner. These data include academic titles, names, gender, usernames as well as email addresses. Information regarding individuals' professional roles at the Language Center and their access rights to the admin system are listed. Staff can adjust the user settings of the admin system so as to monitor the content and frequency of notification emails, which must be saved accordingly. Data from the last user session are stored to ensure the seamless resumption of work done within the system. Additionally, it will be recorded which course was held by which instructor as well as the teaching units taught and the dates on which the courses took place.

In general, a history log of changes made to data in the admin system is created. Moreover, IP addresses of all users accessing the admin system are saved on servers.

Legal Basis

The legal basis for processing the data of participants in non-fee-based courses and staff members at the Language Center is grounded in the necessity to process data for the purpose of task- fulfilment according to Art. 6 para. 1 sentence 1 lit. e), para. 3 GDPR in conjunction with §2 para. 1 HG NRW in conjunction with §2 para. 2 lit. a) - h) of the statutes governing the Language Center. The legal basis for processing data before participation in fee-based courses is grounded in the necessity for contract fulfilment according to Art. 6 para. 1 sentence 1 lit. b) GDPR.

IV. Duration of storage and criteria for storage duration

• 10 years (after issuance of last course certificate): Based on the mandatory storage period for examination data, clear identification of individuals, and verification of the accuracy of data used for certification purposes.
• 10 years after last activity of participants: Ensuring the availability of data during participants’ current studies (Bachelor's and Master's).
• 3 years after end of employment: Data required for contacting instructors regarding inquiries.
• Immediately after end of employment: Maintenance of confidentiality.

After these periods have elapsed, it can be assumed that this data no longer has any relevance for the issuing of course certificates or the planning or preparation of courses.

V. Recipients of personal data

RWTH Aachen shares datasets with:

• The management team of the Language Center
• Instructors working at Language Center
• Administrative staff of the Language Center
• The Central Examination Office at RWTH

VI. Provisioning of website and creation of log files

Description & scope of data processing

Every time this web app is accessed, the following information and data are collected from the device being used:

• Information about browser type/version used
• Operating system oft he device used
• IP address of the device used
• Name/URL & amount of data transferred from the retrieved page or file
• HTTP status code (requested file transmitted/not found etc.)
• Date and time of access
• Websites through which the user’s system accessed this website

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 S. 1 Lit. e), Para. 3 GDPR i.V.m §3 Para. 1 DSG NRW.

Purpose of data processing

This data contributes to the optimization of the website & ensures the security of the IT systems. The data stored is not used for marketing purposes. Furthermore, the data will be utilized for clarifying possible malfunctions complaints or for comparable support cases.

Duration of storage

The data will be stored for seven days.

Right To Object And Erasure

The collection of data in order to provide the website and the storage of data in log files are essential for the operation of the website and the provision of support. For this reason, users cannot object to the collection and storage of their data.

VII. Use of cookies

Description, scope and purpose of data processing

This web app utilizes cookies. Cookies are text files saved via internet browsers on users’ computer systems. When they access websites, cookies may be placed on their computer systems. The following cookies are utilized with the following data being stored and transmitted :

• vas_*_sid : This cookie is technically necessary and required to enable your user session. It contains a character string by means of which you user session can be identified. It is deleted upon your logging out or closing your browser.
• vas_*_lang : This cookie is technically necessary and required to save the language of your choice for the user interface. It contains a code for the language selected. It is deleted upon your closing your browser .

Legal basis for the use of cookies

The legal foundation for the processing of personal information when utilizing cookies is based upon Art. 6 Para. 1 S. 1 Lit. e), Abs. 3 GDPR i.V.m Abs. 1 DSG NRW.

Storage duration, right to object and erasure

Cookies are saved on the user's computer and transmitted to the website. Thus, users have full control over cookie usage. By altering the settings of their internet browser users can deactivate or restrict the transmission of cookies. Cookies already saved can be deleted anytime. This can also take place automatically. If cookies are disabled for the web app, some functions might no longer be fully available.

VIII. Your Rights

Due to the processing of your personal data, you are entitled to the following rights:

Right of access by the data subject (Art15 DS-GVO)

You have the right to access the personal information processed by RWTH Aachen University.

Right to rectification (Art16 DS-GVO)

Should your personal data not or no longer be accurate, you have the right to have them rectified without undue delay.

Right to erasure (Art17 DS-GVO)

As a basic principle, you have the right to have your personal data erased. You have an immediate right to erasure if your data were processed based on your personal consent exclusively or if they were unlawfully processed. If your data were collected for other reasons, however, your right to erasure depends on whether the data are still required for the fulfilment of tasks (s.a. duration of storage).

Right to restriction of processing (Art18 DS-GVO)

You have the right to require the restriction of the processing of your data as long as there is no significant public interest that would contradict this request (e.g. the economical use of budget funds).

Right to data portability (Art20 DS-GVO)

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this data transmitted to you or to another controller without the hindrance of the current controller of your data.

Right to object to the processing of data (Art21 DS-GVO)

Where personal data has been collected for the performance of tasks carried out for reasons of public interest, the data subject, on grounds relating to their personal situation, has the right to object to the processing of their personal data, unless there are compelling legitimate grounds or legal provisions which override the interests, rights and freedoms of the data subject.

IX. Right of complaint with the data protection authority

If you are of the opinion that the processing of your personal data is in violation of the DS-GVO, you are entitled to reach out to the supervisory authority in charge. The data protection authority in Northrhine-Westfalia overseeing RWTH Aachen is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestrasse 2–4
40213 Düsseldorf
Phone: 0211-384240
Email: poststelle@ldi.nrw.de
Website: www.ldinrw.de/kontakt