General data protection declaration

You can download the general data protection statement of the Studierendenwerk Karlsruhe here.

Privacy policy for the website

We are pleased that you are visiting our website and that you are interested in us. The protection of your personal data, which we store on the occasion of your visit to our website, is important to us. With the following information, we would like to inform you in general about the processing of your personal data by us, insofar as it occurs when you visit our site. In addition, you will receive an overview of your rights under the data protection laws.

1. Responsible body
Studierendenwerk Karlsruhe
Anstalt des öffentlichen Rechts
Adenauerring 7
76131 Karlsruhe

You can reach our company data protection officer
by email: datenschutz@sw-ka.de
or by mail: at the above address, "for the attention of the data protection officer".

2. Purpose of the processing and legal bases
2.1 Automatically processed web server data.
When you visit our website, our web server automatically stores a number of log information. We evaluate this data only for statistical purposes, for reasons of system security (e.g. to protect against misuse) and for error diagnosis. The automatically processed data include:
• Domain name or IP address of the requesting computer,
• Name of the accessed page,
• Access status (file transferred, file not found, etc.),
• Operating system used,
• language used and the name of the Internet service provider,
• Time of the access,
• amount of data transferred,
• Type and version of the browser used,
• Internet page from which the file was accessed
• when booking a vaccination appointment (see 2.9), health data are sent to Impfomax/Infomaxx.

This data is only stored temporarily, i.e. normally for 7 days and only longer in special problem situations until the problems are solved. The legal basis for the processing is Article 6 Paragraph 1 lit. f DSGVO , because the functionality of the website is in the special interest of our company.

2.2 Cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The legal basis for the processing of cookie data is Article 6 (1) lit. f DSGVO, insofar as the technical functionality of the website depends on these cookies, because this is in the special interest of our company. For cookie data that is processed without a technically compelling necessity, we ask for your consent in advance in accordance with Article 6 (1) a DSGVO.

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

2.3. web analysis tool Matomo (formerly Piwik)
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the user's calling system.
(2) The website called up
(3) The website from which the user accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed

The software runs exclusively on the servers of our website. Personal data of the users is only stored there. The data is not passed on to third parties. The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

The data is deleted as soon as it is no longer required for our recording purposes, namely after 180 days at the latest. Please also note that you also have the option to object to Matomo web analysis at the bottom of this page.

2.4 Contact form
Our website contains contact forms (e.g. for the evaluation of meals), which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. The data to be processed can be found in the contact form.

For the processing of the data, the user's consent is obtained during the sending process and reference is made to this data protection declaration. We expressly point out that some of this data is sent to us unencrypted. We therefore ask you not to send us any special categories of personal data (e.g. health data) via the contact form; use secure channels such as the postal service for this purpose.

The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. If the user's consent is not obtained, Art. 6 para. 1 lit. f DSGVO is the legal basis, whereby the legitimate interest of the company lies in the proper processing of communication data sent to it.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration

The collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company. The processing of the personal data from the input mask serves us solely to process the request for contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

2.5 Google ReCaptcha
We integrate the function for the recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

2.6. contact by e-mail
You are welcome to contact us by e-mail. We expressly point out that this data is sent to us unencrypted. Therefore, we ask that you do not send us any special categories of personal data (e.g. health data) by e-mail; use secure channels such as the postal service for this purpose.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Insofar as e-mails are to be regarded as business letters or these could be relevant for tax purposes, legal retention periods of up to 10 years apply.

2.7 Newsletter
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. This includes the e-mail address as well as other data visible in the input mask.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter is consent.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration
The collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active, and thereafter for 3 years for verification purposes. The other personal data collected during the registration process is usually deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

2.8 Registration
Where possible, our website can be used without registration. Registration is required to use certain areas. This is clearly marked. Entries in interactive areas of our website (e.g. Job Exchange, Marketplace, Tandem, etc.) are visible on the internet without login to anyone visiting our site.

3. recipients of your data
In addition to the recipients mentioned above, we have commissioned specialised service providers to support us in the operation of our IT applications, including, for example, web hosts, software providers, system administrators and data centre operators. These have access to personal data only to the extent absolutely necessary for the provision of the services.

4. deletion of data
Insofar as this has not already been described before, we generally delete data when the purpose of the processing has been fulfilled. If legal retention periods exist, we may only delete data after these periods have expired. Otherwise, we keep data stored insofar as there is an overriding operational interest.

5. your rights
You have the right to obtain information about the personal data concerning you. You may also request the correction of incorrect data. In addition, under certain conditions, you have the right to have data deleted, the right to restrict data processing and the right to data portability. The processing of your data is based on legal regulations. Only in exceptional cases do we require your consent. In these cases, you have the right to revoke your consent for future processing.
You also have the right to complain to a data protection supervisory authority.

Jotform
We have integrated Jotform on our website. Provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, Kalifornien 94111, USA (subsequently Jotform).

Jotform allows us to create online forms to collect messages, requests and other input from our website visitors. The input you provide is processed on Jotform's servers.

Jotform is used for performing our tasks (Art. 6 para. 1 lit. e DSGVO) or on the basis of our legitimate interest in optimal digital processing of your request (Art. 6 para. 1 lit. f DSGVO). In connection with a contractual relationship, we process data on the basis of Art. 6 para. 1 lit. b DSGVO. If a corresponding consent was requested, the processing is based on Art. 6 para. 1 lit. a DSGVO, and on § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies on your terminal device. The consent can be revoked at any time.

The transfer of your data to the Jotform servers and our retrieval of this data are encrypted.
The data transfer to the USA is secured by EU standard contractual clauses that we have concluded with Jotform.
Details can be found here:
Logo
Du verlässt nun die Webseite des Studierendenwerks Karlsruhe (sw-ka.de)

Bitte beachte, dass du auf die externe Webseite https://www.jotform.com/gdpr-compliance/dpa/ weitergeleitet wirst, auf der deine personenbezogenen Daten anders verarbeitet werden als bei uns.

Ehe du mit „Ja, weiter“ dieser Verarbeitung zustimmst, solltest du hier nachlesen, was bei der externen Webseite zum Datenschutz zu beachten ist.

We have concluded a contract on order processing (AVV) with Jotform for use. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Surveys and competitions
Occasionally, we organize surveys on individual topics and offer prizes in the process. In order to carry this out, we also use personal data of the participants due to the performance of our duties and legal obligations, and also because of our legitimate interest in positive communication. We also ask for your revocable consent if we use your data in any other way, for example to contact you or to publish your photo or name. Only the persons and service providers involved in the process have access to your data. We must keep proof documents for up to 10 years; we store photos indefinitely or until you object.

Photos and videos at events
At our events, we or a commissioned photographer take photos and videos, which may also show visitors and employees and guests. These recordings are used to document our activities and for public relations purposes. The legal basis for events for students is our fulfilment of tasks according to Art. 6 Para. 1 Letter e DSGVO, otherwise our legitimate interest in positive communication of our services based on Art. 6 Para. 1 Letter f DSGVO. In individual cases, we ask for the consent of those pictured.
Possible recipients of the information are visitors to our website and recipients of print media with which we publish the photographs, as well as press media, social media and our umbrella organisation to which we pass on the photographs. Other recipients may include designers, printers, web designers and hosters whose services we use.
We keep the recordings permanently unless a shorter retention period is specified in an individual case. If deletion is requested, we will comply as soon as possible, but we must retain specimen copies of publications for some time. In the case of publications on the Internet and forwarding to the press, we cannot guarantee complete deletion.

Piwik Analytics Service

This website uses Piwik, an open source software for statistical analysis of visitor access. Piwik uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is stored on the provider's server in accordance with German data protection regulations. The IP address is anonymised immediately after processing and before it is stored. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. If you do not agree with the statistical evaluation of user access, you can object to the storage and use here:

Stand August 2023