General data protection declarationYou can download the general data protection statement of the Studierendenwerk Karlsruhe
Anstalt des öffentlichen Rechts
76131 KarlsruheYou can reach our company data protection officer
by email: firstname.lastname@example.org
or by mail: at the above address, "for the attention of the data protection officer".2. Purpose of the processing and legal bases
2.1 Automatically processed web server data.
When you visit our website, our web server automatically stores a number of log information. We evaluate this data only for statistical purposes, for reasons of system security (e.g. to protect against misuse) and for error diagnosis. The automatically processed data include:
• Domain name or IP address of the requesting computer,
• Name of the accessed page,
• Access status (file transferred, file not found, etc.),
• Operating system used,
• language used and the name of the Internet service provider,
• Time of the access,
• amount of data transferred,
• Type and version of the browser used,
• Internet page from which the file was accessed
• when booking a vaccination appointment (see 2.9), health data are sent to Impfomax/Infomaxx.This data is only stored temporarily, i.e. normally for 7 days and only longer in special problem situations until the problems are solved. The legal basis for the processing is Article 6 Paragraph 1 lit. f DSGVO , because the functionality of the website is in the special interest of our company.2.2 Cookies
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the user's calling system.
(2) The website called up
(3) The website from which the user accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessedThe software runs exclusively on the servers of our website. Personal data of the users is only stored there. The data is not passed on to third parties. The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.The data is deleted as soon as it is no longer required for our recording purposes, namely after 180 days at the latest. Please also note that you also have the option to object to Matomo web analysis at the bottom of this page.2.4 Contact form
Our website contains contact forms (e.g. for the evaluation of meals), which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. The data to be processed can be found in the contact form.For the processing of the data, the user's consent is obtained during the sending process and reference is made to this data protection declaration. We expressly point out that some of this data is sent to us unencrypted. We therefore ask you not to send us any special categories of personal data (e.g. health data) via the contact form; use secure channels such as the postal service for this purpose.The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. If the user's consent is not obtained, Art. 6 para. 1 lit. f DSGVO is the legal basis, whereby the legitimate interest of the company lies in the proper processing of communication data sent to it.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registrationThe collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company. The processing of the personal data from the input mask serves us solely to process the request for contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. 2.5 Google ReCaptcha
You are welcome to contact us by e-mail. We expressly point out that this data is sent to us unencrypted. Therefore, we ask that you do not send us any special categories of personal data (e.g. health data) by e-mail; use secure channels such as the postal service for this purpose.The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Insofar as e-mails are to be regarded as business letters or these could be relevant for tax purposes, legal retention periods of up to 10 years apply.2.7 Newsletter
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. This includes the e-mail address as well as other data visible in the input mask.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter is consent.
In addition, the following further data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration
The collection of this data during the registration process serves to prevent misuse of the services or the e-mail address used. This is a legitimate interest of the company.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active, and thereafter for 3 years for verification purposes. The other personal data collected during the registration process is usually deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter. 2.8 Registration
Where possible, our website can be used without registration. Registration is required to use certain areas. This is clearly marked. Entries in interactive areas of our website (e.g. Job Exchange, Marketplace, Tandem, etc.) are visible on the internet without login to anyone visiting our site.2.9 Booking of vaccination appointments:
Vaccination appointments take place on the premises of the Studierendenwerk. The vaccinations are carried out by Dr. Thumulka (Karlsruhe). The Studierendenwerk only organises the appointments and provides the doctor with the registration data and the premises. The data processing and the mailing of the verification code is done for the purpose of securely organising the registration appointments. The storage in cookies and in the local memory serves the purpose of not having to re-enter the entered data when changing pages. The legal basis for this is your consent. Your details are necessary to be able to organise vaccination appointments reliably. Only a few people in the Studierendenwerk who are involved in the organisation of vaccination appointments have access to the registration data. As far as necessary for the technical provision of the website, the external developers and hosters may also have access, but only within the narrow scope of fulfilling the order. The medical history data is only held by the doctor. After the vaccination appointments have been carried out, all registration data is deleted at the Studierendenwerk.[3. recipients of your data[/F]
In addition to the recipients mentioned above, we have commissioned specialised service providers to support us in the operation of our IT applications, including, for example, web hosts, software providers, system administrators and data centre operators. These have access to personal data only to the extent absolutely necessary for the provision of the services.4. deletion of data
Insofar as this has not already been described before, we generally delete data when the purpose of the processing has been fulfilled. If legal retention periods exist, we may only delete data after these periods have expired. Otherwise, we keep data stored insofar as there is an overriding operational interest.5. your rights
You have the right to obtain information about the personal data concerning you. You may also request the correction of incorrect data. In addition, under certain conditions, you have the right to have data deleted, the right to restrict data processing and the right to data portability. The processing of your data is based on legal regulations. Only in exceptional cases do we require your consent. In these cases, you have the right to revoke your consent for future processing.
You also have the right to complain to a data protection supervisory authority.Jotform
We have integrated Jotform on our website. Provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, Kalifornien 94111, USA (subsequently Jotform). Jotform allows us to create online forms to collect messages, requests and other input from our website visitors. The input you provide is processed on Jotform's servers. Jotform is used for performing our tasks (Art. 6 para. 1 lit. e DSGVO) or on the basis of our legitimate interest in optimal digital processing of your request (Art. 6 para. 1 lit. f DSGVO). In connection with a contractual relationship, we process data on the basis of Art. 6 para. 1 lit. b DSGVO. If a corresponding consent was requested, the processing is based on Art. 6 para. 1 lit. a DSGVO, and on § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies on your terminal device. The consent can be revoked at any time.The transfer of your data to the Jotform servers and our retrieval of this data are encrypted.
The data transfer to the USA is secured by EU standard contractual clauses that we have concluded with Jotform.
Details can be found here:
Bitte beachte, dass du auf die externe Webseite https://www.jotform.com/gdpr-compliance/dpa/ weitergeleitet wirst, auf der deine personenbezogenen Daten anders verarbeitet werden als bei uns.
Ehe du mit „Ja, weiter“ dieser Verarbeitung zustimmst, solltest du hier nachlesen, was bei der externen Webseite zum Datenschutz zu beachten ist.
We process your personal data in order to be able to plan the pretzel tasting and carry it out with selected participants. This also includes the absolutely necessary cookies g_state, guest, JOTFORM_SESSION, language, theme and userReferrer. The legal basis is our task fulfilment and our legitimate interest in optimising our services. For contacting you and because of possible sensitive data, the processing is based on your consent, which can be revoked at any time. Internal recipients are the employees responsible for the tasting. Additional external recipients are Cloudflare and Sentry, who contribute to the technical security of our forms. Your data will be deleted three months after the tasting project is completed.