Data protection

A. An overview of data protection

General

RWTH Aachen Campus GmbH takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy. 

Personal information is any data with which you could be personally identified. 

This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens. 

Notice concerning the party responsible for this website

RWTH Aachen Campus GmbH
Campus-Boulevard 57
52074 Aachen

represented by:
Prof. Dr. Günther Schuh, Dr. Klaus Feuerborn, Dr. Claus Peter Groos
Telephone: +49 241 80-27374
E-Mail: info-campus@rwth-aachen.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Data protection officer

Dr. Mareike Neumann
RWTH Aachen Campus GmbH
Campus-Boulevard 57
52074 Aachen
Telefon: +49 241 80-27374
E-Mail: dsb@rwth-campus.com

Legal basis for data processing

Which kind of your private information will be processed specifically depends on the services ordered by you or agreed with you. We will use personal information exclusively for the purpose, for which it was provided. Personal information may include your name, address and other contact information. They may further include order information (e.g. payment order), data from the fulfillment of our contractual duties (e.g. sales data), marketing and sales information (e.g. photograph, quotations) or other data similar to the above named categories.

Purposes for contractual fulfillment or pre-contractual measures

The processing of personal data is based on necessity for the purpose of contract fulfillment or a pre-contractual measure in which you are or will be a contract party. This includes specifically the following purposes:

  • Execution of contractually agreed activities,
  • provision of services in accordance with your orders,
  • communication with you,
  • implementation of the RWTH Aachen Campus project,
  • invoicing and collection of payments, compensations or fees and the traceability of the relevant transactions,
  • deployment, management and control of service providers contracted by us for you,
  • networking of RWTH Aachen Campus members,
  • content-related, organizational and marketing-related support of Campus participants.

Purposes within the scope of our or third-party legitimate interests

We will furthermore process your personal data as required to protect our or third-party legitimate interests. Third-party requests shall only be answered to the extent that none of your interests meriting protection shall be harmed. This pertains specifically to the following purposes:

  • Further development of our services and processes,
  • expansion of the RWTH Aachen Campus network,
  • forwarding to a contractually bound debt collection agency or an external lawyer in case of fruitless dunning procedures.

Purposes to ensure compliance with legal requirements

Your personal data will furthermore be processes to satisfy legal requirements. These include:

  • Trade and tax laws,
  • penal laws,
  • evidence collection, criminal prosecution or enforcement of claims under civil law (e.g. as requested by public authorities or courts).

Purposes within the scope of your permission

We process your personal data if you have provided us with a permission to do so (e.g. for marketing purposes). The legal basis of this processing is given on the basis of your permission. 

Data sources

The data categories we process were

  • requested from you personally (e.g. within the scope of contracts, personal communication and the exchange of business cards) or
  • from sources in the public domain.

Data recipients

Your personal data is made available to relevant employees or organizational units within our company (e.g. via a shared data base). Any forwarding of your data to external third parties shall be in connection with a specific purpose only, specifically

  • in connection with the execution of contractually agreed measures and tasks,
  • based on our legitimate interest or the legitimate interest of a third party,
  • to ensure compliance with legal requirements,
  • within the scope of your permission,
  • to external service providers, who are contracted by us as contract data processors.

Duration of personal data retention

We process and retain your personal data for as long as is required in compliance with our contractual and legal requirements or on the basis of legitimate interest. Any data no longer required for these purposes will be periodically deleted, unless their fixed-term processes is required for the following purposes:

  • Compliance with commercial and tax retention periods
  • Conservation of evidence within the statutes of limitation

Transmission of personal data to a third country

The processing of your personal data will generally occur in member states of the European Economic Area (EEA). Data transfers to third countries will occur only with your agreement as part of a contract or a pre-contractual measure, or if such transmission is necessary or you have given permission for a transmission of your data.

Rights of affected persons

Information, blocking, deletion

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. 

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

To ensure full compliance with your rights as an affected person, we request that you address your concerns preferably in writing directly to our data protection officer.

B. Data processing within the scope of the website https://www.rwth-campus.com

If you use this website, various pieces of personal data will be collected. 

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice. 

Data sources

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website. 

Data processing

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. 

Analysis tools and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard. 

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Analytics and advertising

Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.

If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.

Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.de/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Plugins and Tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

C. Data Processing by Social Networks

We maintain publicly accessible profiles in social networks. The names of the social networks we utilize are mentioned later on.

Social networks like Facebook, etc. generally have means to comprehensively analyze user behavior whenever their website or a website with integrated social media content (e.g. “Like” buttons or advertising banners) is visited. A visit to one of our social media presences triggers privacy-relevant processing steps. Specifically, these are:

The operator of the social media portal can assign your visit to your user account if you are logged into your social media account while you are visiting our social media presence. Your personal data may also be captured if you are not currently logged in or do not maintain a user account with the relevant social media portal. This type of data capture would in that case occur via so-called ‘cookies’, which are saved on your end device or by way of capture of your IP address.

The data collected can be used by operators of social media portals to create user profiles, where your personal preferences and interests are stored. This will allow operators to display personalized advertising in the relevant social media presence and beyond. The personalized advertisement can be displayed on all devices on which you are or were logged in, provided you maintain an account with the relevant social network.

Your personal information may be used for additional processing steps by the operators of the social media portals. Please read the General Terms of Use and the Privacy Policy of the relevant social media portals for more information.

Legal Basis

Our social media representations are designed to offer the most comprehensive presence possible on the Internet. These efforts are based on legitimate interest pursuant to Art. 6 Sect. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on other legal bases, which must be stated by their operators (e.g. agreement pursuant to Art. 6 Sect. 1 lit. a GDPR).

Processor and Assertion of Rights

We share the responsibility for the data processing steps triggered by your visit to one of our social media presences with the operator of the relevant social media platform. You may generally assert your rights (information, correction, deletion, processing limitation, data portability and complaints) against us or against the operator of the relevant social media portal (e.g. against Facebook).

Please note that although we share responsibility with the operators of the social media portals, we do not have complete control over the data processing steps used by social media portals.

Duration of Data Storage>

Data captured directly by us via our social media presence will be deleted from our systems as soon as the purpose of their storage becomes obsolete, you request their deletion, withdraw your permission for data storage or the purpose for storing the data no longer exists. Stored cookies will remain on your end device until you delete them. Mandatory legal provisions – specifically retention periods – remain unaffected.

We have no influence over the length of time during which the operators of social media networks store your personal data for their own purposes. Please contact the social network operators directly for more information (e.g. read their privacy policies, see below).

List of Social Networks

Facebook

We maintain a Facebook profile. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. Facebook is certified in compliance with the EU-US Privacy Shield (https://www.facebook.com/about/privacyshield).

Please read the Facebook Privacy Policy for more information about data capture and further data processing by Facebook (https://www.facebook.com/about/privacy/).

We have no comprehensive access to the data captured by Facebook or your profile information. Only your public profile information is visible to us. You decide which data specifically to make public via your data settings on Facebook.

We receive anonymized statistics within the scope of the ‘Insights’ page function regarding the visits and types of use of our company profile page. We are unable to make any deductions regarding the identity of individual users from these statistical data (e.g. number of individual followers, number of individuals responding to a post, average age of visitors) and cannot link that information to profile information of our followers.

We receive personal data from you if you provide such data actively via a personal message on Facebook. We will use the information (e.g. First name, last name) to allow our customer service to respond to your inquiry.

LinkedIn

We maintain a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified in compliance with the EU-US Privacy Shield (https://www.linkedin.cn/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en).

Please read the LinkedIn Privacy Policy for more information about data capture and further data processing by LinkedIn (https://www.linkedin.com/legal/privacy-policy).

We have no comprehensive access to the data captured by LinkedIn or your profile information. Only your public profile information is visible to us. You decide which data specifically to make public via your data settings on LinkedIn.

We receive anonymized statistics from LinkedIn regarding the types of uses of our company page based on our legitimate interest. We are unable to make any deductions regarding the identity of individual users from these statistical data (e.g. number of individual followers, number of individuals responding to a post) and cannot link that information to profile information of our followers.

XING

We maintain a XING profile. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Please read the XING Privacy Policy for more information about data capture and further data processing by XING (https://privacy.xing.com/en).

We have no comprehensive access to the data captured by XING or your profile information. Only your public profile information is visible to us. You decide which data specifically to make public via your data settings on XING.

We receive anonymized statistics from XING regarding the types of uses of our company page based on our legitimate interest. We are unable to make any deductions regarding the identity of individual users from these statistical data (e.g. number of individual followers, number of individuals responding to a post) and cannot link that information to profile information of our followers.

D. Own Services

Job Applications

We offer the option of submitting a job application – in case of vacancies – via e-mail. In the following, we outline the scope, purpose and use of your personal information captured as part of the application process. We confirm that the capture, processing and use of your personal information occurs in compliance with applicable privacy legislation and all other legal provisions, and that your data is held in strict confidentiality.

Scope and Purpose of Data Capture

We will process your personal information (e.g. contact and communication information, application documents, notes from personal interviews, etc.) to the extent necessary for the decision-making process for entering into an employment relationship. The legal basis here is Art. 6 Sect. 1 lit. b GDPR (general contract initiation). Your personal information will be forwarded only to persons within our organization, who are involved in the processing of your application.

The data submitted by you will be stored in our data processing systems on the basis of Art. 6 Sect. 1 lit. b GDPR for the purpose of an implementation of the employment relationship, should your application be successful.

Data Retention Period

We will store/retain the personal information provided by you, incl. any remaining physical application documentation for max. 6 months after the completion of the application process (retention period) to allow a reconstruction of the details of the application process in case of disagreements (Art. 6 Sect. 1 lit. f GDPR) should we be unable to offer you employment or if you reject an offer of employment, withdraw your application or request the deletion of your data.

The data will be deleted, once the retention period has elapsed, unless statutory retention requirements or any other legal basis exists to continue their storage. Where it is apparent that a storage of your data will be required after the retention period has elapsed (e.g. due to threatened or pending litigation), the data will only be deleted once it becomes obsolete. Other statutory retention duties remain unaffected.