General data protection declaration

You can download the general data protection statement of the Studierendenwerk Karlsruhe
here.


Privacy policy for the homepage

We are pleased that you are visiting our website and that you are interested in us. The protection of your personal data, which we store on the occasion of your visit to our homepage, is important to us. With the following information, we would like to inform you in general about the processing of your personal data by us, insofar as it occurs when you visit our site. In addition, you will receive an overview of your rights under the data protection laws.

1. Responsible body
Studierendenwerk Karlsruhe
Anstalt des öffentlichen Rechts
Adenauerring 7
76131 Karlsruhe

You can reach our company data protection officer
by email: datenschutz@sw-ka.de
or by mail: at the above address, "for the attention of the data protection officer".

2. Purpose of the processing and legal bases
2.1 Automatically processed web server data.
When you visit our website, our web server automatically stores a number of log information. We evaluate this data only for statistical purposes, for reasons of system security (e.g. to protect against misuse) and for error diagnosis. The automatically processed data include:
• Domain name or IP address of the requesting computer,
• Name of the accessed page,
• Access status (file transferred, file not found, etc.),
• Operating system used,
• language used and the name of the Internet service provider,
• Time of the access,
• amount of data transferred,
• Type and version of the browser used,
• Internet page from which the file was accessed
• when booking a vaccination appointment (see 2.9), health data are sent to Impfomax/Infomaxx.

This data is only stored temporarily, i.e. normally for 7 days and only longer in special problem situations until the problems are solved. The legal basis for the processing is Article 6 Paragraph 1 lit. f DSGVO , because the functionality of the website is in the special interest of our company.

2.2 Cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The legal basis for the processing of cookie data is Article 6 (1) lit. f DSGVO, insofar as the technical functionality of the website depends on these cookies, because this is in the special interest of our company. For cookie data that is processed without a technically compelling necessity, we ask for your consent in advance in accordance with Article 6 (1) a DSGVO.

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

[2.3. web analysis tool Matomo (formerly Piwik)[/K]
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the user's calling system.
(2) The website called up
(3) The website from which the user accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed

The software runs exclusively on the servers of our website. Personal data of the users is only stored there. The data is not passed on to third parties. The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

The data is deleted as soon as it is no longer required for our recording purposes, namely after 180 days at the latest. Please also note that you also have the option to object to Matomo web analysis at the bottom of this page.

2.4 Contact form
Our website contains contact forms (e.g. for the evaluation of meals), which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. The data to be processed can be found in the contact form.

For the processing of the data, the user's consent is obtained during the sending process and reference is made to this data protection declaration. We expressly point out that some of this data is sent to us unencrypted. We therefore ask you not to send us any special categories of personal data (e.g. health data) via the contact form; use secure channels such as the postal service for this purpose.

The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. If the user's consent is not obtained, Art. 6 para. 1 lit. f DSGVO is the legal basis, whereby the legitimate interest of the company lies in the proper processing of communication data sent to it.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration

The collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company. The processing of the personal data from the input mask serves us solely to process the request for contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

2.5 Google ReCaptcha
We integrate the function for the recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

2.6. contact by e-mail
You are welcome to contact us by e-mail. We expressly point out that this data is sent to us unencrypted. Therefore, we ask that you do not send us any special categories of personal data (e.g. health data) by e-mail; use secure channels such as the postal service for this purpose.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Insofar as e-mails are to be regarded as business letters or these could be relevant for tax purposes, legal retention periods of up to 10 years apply.

2.7 Newsletter
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. This includes the e-mail address as well as other data visible in the input mask.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter is consent.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration
The collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active, and thereafter for 3 years for verification purposes. The other personal data collected during the registration process is usually deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

2.8 Registration
Where possible, our website can be used without registration. Registration is required to use certain areas. This is clearly marked. Entries in interactive areas of our website (e.g. Job Exchange, Marketplace, Tandem, etc.) are visible on the internet without login to anyone visiting our site.

2.9 Booking of vaccination appointments:
Vaccination appointments take place on the premises of the Studierendenwerk. The vaccinations are carried out by Dr. Thumulka (Karlsruhe). The Studierendenwerk only organises the appointments and provides the doctor with the registration data and the premises. The data processing and the mailing of the verification code is done for the purpose of securely organising the registration appointments. The storage in cookies and in the local memory serves the purpose of not having to re-enter the entered data when changing pages. The legal basis for this is your consent. Your details are necessary to be able to organise vaccination appointments reliably. Only a few people in the Studierendenwerk who are involved in the organisation of vaccination appointments have access to the registration data. As far as necessary for the technical provision of the website, the external developers and hosters may also have access, but only within the narrow scope of fulfilling the order. The medical history data is only held by the doctor. After the vaccination appointments have been carried out, all registration data is deleted at the Studierendenwerk.

[3. recipients of your data[/F]
In addition to the recipients mentioned above, we have commissioned specialised service providers to support us in the operation of our IT applications, including, for example, web hosts, software providers, system administrators and data centre operators. These have access to personal data only to the extent absolutely necessary for the provision of the services.

4. deletion of data
Insofar as this has not already been described before, we generally delete data when the purpose of the processing has been fulfilled. If legal retention periods exist, we may only delete data after these periods have expired. Otherwise, we keep data stored insofar as there is an overriding operational interest.

5. your rights
You have the right to obtain information about the personal data concerning you. You may also request the correction of incorrect data. In addition, under certain conditions, you have the right to have data deleted, the right to restrict data processing and the right to data portability. The processing of your data is based on legal regulations. Only in exceptional cases do we require your consent. In these cases, you have the right to revoke your consent for future processing.
You also have the right to complain to a data protection supervisory authority.

Piwik Analytics Service

This website uses Piwik, an open source software for statistical analysis of visitor access. Piwik uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is stored on the provider's server in accordance with German data protection regulations. The IP address is anonymised immediately after processing and before it is stored. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. If you do not agree with the statistical evaluation of user access, you can object to the storage and use here: