Privacy Policy
Data Protection Policy
As of February 2019
This data protection policy applies to the central website of RWTH Aachen University. It is possible that for some websites of university institutions and departments, other data protection policies apply. In this case, they are available on the website in question.
I. Person Responsible for Data Processing (Data Controller)
Rector of RWTH Aachen University Templergraben 55 52062 Aachen (physical address) 52056 Aachen (mailing address) Phone: +49 241 80-1 Email: rektorat@rwth-aachen.de Website: www.rwth-aachen.de/rectorate
II. Contact Data of the Officially Appointed Data Protection Officer
Data Protection Office of RWTH Aachen University Templergraben 83 52062 Aachen (physical address) 52056 Aachen (mailing address) Germany Phone: +49 241 80-94114 Email: dsb@rwth-aachen.de Website: www.rwth-aachen.de/dataprotection
III. Data Processing – General Information
1. Scope of the Processing of Personal Data
RWTH Aachen University processes personal data of visitors of the site only insofar as necessary to provide a functional website, contents, and services. Data is collected and processed only with user consent, unless exceptions apply.
2. Legal Basis for the Processing of Personal Data
- Art. 6(1)(a) GDPR – Consent
- Art. 6(1)(b) GDPR – Contract performance or pre-contractual measures
- Art. 6(1)(e) GDPR – Public interest or official authority
3. Deletion of Data and Duration of Storage
Data is deleted or blocked when its purpose ceases, or as required by law. Exceptions apply for contractual or legal obligations.
IV. Provision of the Website and Generation of Log Files
1. Description and Scope of Data Processing
The system may collect:
- Browser and version
- Operating system
- Internet service provider
- IP address
- Date and time of access
- Referring website
- Visited pages and files opened
Data is stored in log files, separately from personal data.
2. Legal Basis
- Art. 6(1)(f) GDPR
3. Purpose
- Deliver website to the user's device
- Website optimization and IT security
- Not for marketing use
4. Duration of Storage
- Typically deleted after 7 days
- IP addresses anonymized if retained longer
5. Objection and Remedy
- Not possible, as storage is essential for operation
V. Use of Cookies
1. Description and Scope
Cookies store:
- Anonymized IDs for logged-in editors
- Consent declarations for external services
2. Legal Basis
- Art. 6(1)(e) GDPR
- Art. 6(1)(a) GDPR (for consent)
3. Purpose
- Session recognition and consent tracking
4. Duration and Objection
- Users may disable/delete cookies via browser
- Some functions may become unavailable
VI. Mailing Lists
1. Description and Scope
Upon subscription, the following is collected:
- Email address
- Name (optional)
- Password
- Language preference
Used only for mailing purposes. No third-party sharing.
2. Legal Basis
- Art. 6(1)(a) GDPR
3. Purpose
- Sending emails
4. Duration
- Stored until unsubscribed
5. Objection and Remedy
- Unsubscribe anytime via email link or settings
VII. Contact Form and Email Contact
1. Description and Scope
Collected via feedback/contact forms:
- Salutation
- Name
- Address (optional)
- Phone (optional)
Forms may vary. Alternatively, users can email directly. No third-party sharing.
2. Legal Basis
- Art. 6(1)(a) GDPR (with consent)
- Art. 6(1)(f) GDPR (email contact)
3. Purpose
- Processing user requests and ensuring IT security
4. Duration
- Deleted once the conversation is concluded
5. Objection and Remedy
- Withdraw consent via impressum@rwth-aachen.de
VIII. Google Maps
The Navigator uses Google Maps API (Google Ireland Ltd.). IP address, browser settings, and location (if GPS-enabled) may be transmitted.
Cookies are used. Consent is requested before use.
More info: Google Privacy Policy
IX. YouTube
YouTube plugins (YouTube LLC) are embedded. YouTube receives visited page info. Logged-in users may have behavior linked to their profile.
X. Vimeo
Embedded Vimeo content (Vimeo LLC) transmits page access info to Vimeo. Logged-in users may have behavior linked to their profile.
XI. StepMap
Embedded StepMap maps load browser-based data:
-
IP address
-
Request date/time
-
Browser/system details
XII. Rights of the Data Subject
1. Right to Information
You may request:
- Purpose of processing
- Data categories
- Recipients
- Duration
- Rights to rectification, deletion, objection
- Origin (if not collected from you)
- Existence of profiling or international data transfer
2. Right to Rectification
Request correction of inaccurate/incomplete data.
3. Right to Restriction of Processing
Applies if:
- Accuracy is contested
- Processing is unlawful
- Data no longer needed by controller
- Objection pending under Art. 21(1) GDPR
4. Right to Deletion (Right to be Forgotten)
Can be requested if:
- Data no longer needed
- Consent withdrawn
- Processing was unlawful
- Legal obligation to delete applies
- Data was collected from a child (Art. 8(1) GDPR)
a) Duty to Inform Third Parties
Controller must inform others processing the data to delete copies/links.
b) Exceptions
Right does not apply if processing is needed:
- For freedom of expression
- To fulfill legal obligations
- For public health, archiving, research, or legal claims
5. Right to Notification
If your data is corrected, deleted, or processing restricted, you will be informed, unless this is impossible or disproportionate.
6. Right to Data Portability
You can request your data in a structured, machine-readable format and transmit it to another controller (if technically feasible).
7. Right to Object
You can object to processing based on:
- Art. 6(1)(e) or (f) GDPR
- Direct marketing purposes
- Research/statistical purposes (with limitations)
8. Right to Withdraw Consent
You may withdraw your consent at any time. This does not affect prior lawful processing.
9. Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority, such as:
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW Website: https://www.ldi.nrw.de/