We are pleased that you have visited our website www.studentenwerke.de and are taking an interest in us. We are keen to ensure that personal data of yours that we store when you visit our website is protected.
Here is some general information about how we handle your personal data, should we require it when you visit our site. First of all, here is an overview of your rights as stipulated by the laws on data protection.
1. Responsible body
Deutsches Studentenwerk e.V.
Stefan Grob, Stellvertreter des Generalsekretärs
Tel. 030 29 77 27 20
2. Purpose of processing and legal basis
2.1. Automatically processed webserver data
When you visit our website, our webserver will automatically store some protocol information. We only evaluate such data for statistical purposes, for system security reasons (e.g. to protect from abuse) and to analyse errors. The automatically processed data include the:
- name of domain or IP address of the requesting computer
- name of the page called up
- access status (file transmitted, file not found, etc.)
- operating system used
- language used and name of Internet service provider
- time of call-up
- data volume transmitted
- type and version of browser used
- Internet site from which the file was called up
Such data is only stored temporarily, i.e. normally for seven days, and any longer only in special problem situations until the problems have been solved. The legal basis for processing is Article 6 Paragraph 1 lit. f of the European Union’s General Data Protection Regulation (GDPR), for it is in our special interest that this website works.
2.2. The Matomo tool for web analysis (formerly Piwik)
We use the open-source software tool Matomo (formerly PIWIK) to analyse our users’ surfing habits. This software places a cookie in the user’s computer (already see above for cookies ). If individual pages of our website are called up, the following data will be stored:
- a byte of the address of the user’s system that is calling up
- the website that has been called up
- the website from which the user has proceeded to the website called up (referrer)
- the sub-pages called up via the website that has already been called up
- the time spent on the website
- the frequency with which the website has been called up
Here, the software operates solely on our website’s servers. Personal data are only stored there. Data will not be passed on to third parties.
The software has been set to ensure that the IP addresses are not stored as complete addresses, but that 1 byte of the IP address is masked (e.g.: 192.xxx.xxx.xxx). This rules out the abbreviated IP address being assigned to the computer that is calling up.
The legal basis for the processing of personal data of the users is Article 6 Paragraph 1 lit. f GDPR. Processing our users’ personal data enables us to analyse their surfing habits. The evaluation of the data we have gathered gives us the opportunity to compile information on the use of our website’s individual components. This helps us to constantly improve our website and its user friendliness. It is these objectives that justify our interest in processing the data in accordance with Article 6 Paragraph 1 lit. f GDPR. Through making the IP address anonymous, sufficient consideration is given to the users’ interest in the protection of their personal data.
The data will be deleted as soon as they are no longer required for our recording purposes, and after 180 days at the latest.
2.3. Contact via Email
Users of this website can also contact us via Email.
We would like to point out explicitly that the transmission of these data may be carried out unencrypted. We would therefore request you not to send any sensitive data by Email; use safe channels for this.
The legal basis for the processing of data transmitted in the course of sending an Email is Article 6 Paragraph 1 lit. f GDPR. If the Email communication is aimed at finalising a contract, Article 6 Paragraph 1 lit. b GDPR acts as an additional legal basis.
When making contact via Email, this is what also justifies a corresponding interest in the processing of the data.
The data are deleted as soon as they are no longer required for the purpose that they have been gathered for. Regarding personal data sent via Email, this is the case when the respective conversation with the user has ended. The conversation has also ended when circumstances suggest that the issue concerned has been fully settled. If the Emails are to be understood as business letters or could be of tax relevance, legal retention periods of up to 10 years apply.
2.4. Social media components
This website uses Social Plugins of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook” in the following). If you call up sites containing such a plugin, data concerning your user habits can automatically be transmitted to the Facebook servers. The website operator has no influence on the type and volume of the data gathered and transmitted to Facebook. If you have logged into Facebook, it can assign your visit to your Facebook account. You can find further information on Facebook’s data protection policy at www.facebook.com/policy.php
This website uses Social Plugins of Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter” in the following). If you call up sites containing such a plugin, data concerning your user habits can automatically be transmitted to the Twitter servers. The website operator has no influence on the type and volume of the data gathered and transmitted to Twitter. If you have logged into Twitter, it could assign your visit to your Twitter account.
- Recipients of your data
We have commissioned specialist service providers to support us in operating our websites, including web hosters, software distributors, system administrators and operators of data processing centres. They only have access to personal data if this is absolutely necessary for them to perform their services.
Otherwise, we will only pass on your data to third parties if this is legally permitted in the context of fulfilling the respective purpose or if you have given your consent.
- Registering for events
When you register for an event, we will gather personal data of yours that are required for the organisational running of the event. We process such data because we have a legitimate interest (Article 6 Section 1 Letter f GDPR) in the orderly running of the event. The data are only handed on to partners participating in the preparation and running of the event.
Should we wish to process your data for further purposes, we will require your explicit consent (Article 6 Paragraph 1 Letter a). Your consent is voluntary and can be withdrawn at any time.
We will store your data for up to three years after the event, and they will then be deleted.
5. Your rights
You have the right to obtain information about personal data concerning yourself. You can also demand that incorrect data be corrected.
In addition, under certain conditions, you are entitled to the right to have data deleted, the right to restricting data processing and the right to data portability.
Your data will be processed according to legal regulations. Only in exceptional cases will we require your consent. In these cases, you have the right to withdraw your consent for further processing.
You also have the right to lodge a complaint with the responsible data protection supervisory board if believe that your data are not being processed in accordance with the law.
6. Use of DSW cookies
The address of the supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Fax: +49 (0) 30 2155050
E-Mail: [email protected]
Our contact details: Deutsches Studentenwerk e.V.
Stellvertreter des Generalsekretärs
Tel. +49 (0) 30 29 77 27 20