Responsible for data processing is
Studierendenwerk Bonn AöR
Phone: 0228 - 73 70 00
Fax: 0228 - 73 71 04
You can reach our official data protection officer at:
Studierendenwerk Bonn AöR
For the attention of Mr. Nicholas Buset
Telephone contact via our central telephone number: 0228 - 73 7000
When visiting this website and using the various offers, we process your personal data as described in detail below.
In operating the website with its wide range of offers, we cooperate with the following external service providers, which we have carefully selected and obligated to comply with data protection laws based on contract processing agreements per Art. 28 EU GDPR: The agency Faktor E GmbH, Poppelsdorfer Allee 104, 53115 Bonn, supports us in the implementation of the homepage design, the homepage is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp.
1. Server log files and error log files
Every time you visit our website, your browser transmits access data, so-called server log files or access logs, which we process – via the external service provider Mittelwald, which is integrated per data protection regulations – to ensure system security. This data is used to record IP address, directory protection user, date and time of access, accessed pages, logs, status code, data volume, referrer (the page from which you accessed us), user agent and hostname. The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. Accesses via FTP are logged with anonymized information regarding user name and IP address. The anonymized IP addresses are stored for 60 days. Details of the utilized directory protection user are anonymized after one day.
This data is needed to ensure system security, e.g. to identify and block attackers in the event of a hacker attack. This is necessary for the performance of our duties and is in our overriding legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG).
Also, we use so-called error logs to record incorrect page views to detect and correct technical errors. These are deleted after seven days. In addition to error messages, these logs contain the accessing IP address and, depending on the error, the accessed website. This data is required to detect and correct errors on our website. This is necessary for the performance of our duties and is in our overriding legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG).
3. Matomo (formerly Piwik)
This website uses the service Matomo (formerly Piwik) if you agree to it. With the help of this web analysis service, it is possible to evaluate the collected usage data for statistical purposes to optimize the design of the website. The IP address assigned to you is also stored but is immediately anonymized afterward using the "AnonymizeIP" extension.
Matomo uses session cookies and tracking cookies, i.e. text files that are stored on your computer and that enable an analysis of your use of the website. We set these cookies as soon as you open our website and click on "Ok" on the cookie banner. If you click on "Deny" on the cookie banner or make no selection at all, no cookies are set by Matomo. The session cookies are automatically deleted when closing all browser windows ("MATOMO_SESSID") and after 30 minutes ("_pk_ses"), the tracking cookie ("_pk.id") is automatically deleted after 13 months. The information generated by the cookies about your use of this website is transmitted to our servers and stored there.
We only use Matomo after your explicit consent by confirming ("Ok") in the cookie banner (Art. 6 I 1 a EU GDPR). The submission of consent is voluntary. You can revoke your consent at any time and prevent the use of Matomo by activating the checkbox included below. We use Matomo to analyze and regularly improve the use of our website. We use the statistics obtained to improve our offer and make it more interesting for you as a user. We can thus fulfill the tasks incumbent upon us, which is also in our predominantly legitimate interest (Art. 6 I 1 e EU-DS-GVO, § 3 DSG NRW, § 2 StWG).
4. Contact us
You have the opportunity to send us your concerns via a contact form, via e-mail or in portals operated by us, etc. Further information on how we process your data can be found in the separate information for those affected, which can be accessed below at the end of this page (under "Handling of your data and your rights"). This information is tailored to the individual topics, for example, you can contact us by e-mail (HERE), use the contact form on this website (HERE), be part of a customer satisfaction survey (HERE), contact us regarding BAföG (HERE) or apply for a place in a dormitory (HERE), etc.
5. Job fair
If you are looking for a student job, you can use our linked job fair. It is operated by our cooperation partner Deutsche Hochschulwerbung Athanasios Roussidis e. K., Düsseldorf, who independently processes your data within the job fair. We are not responsible for the processing of your data when using the job fair. Information on data protection law regarding the processing of your data when using the job fair can be found at https://jobben.studierendenwerk-bonn.de/footer/datenschutz/
6. Social Media: Facebook – Instagram – Twitter
We use third-party offerings in several places on our website and maintain our offers on social media platforms Facebook, Instagram, and Twitter.
This allows us to offer our visitors further access to information about our services and also various options for social interaction. The links to social media presence also enable you to share our offer with others. If you click on the respective icons on our website, you can log in to the respective providers with your account and then share our offer with others. In some cases, the information about our offer is already pre-registered. We always work with a 2-click solution. This means: Information is only transmitted to these third-party providers when you click on one of the links or call up our offer directly from third-party providers.
If you click on the icons, a new browser window will open and your data will be transmitted to the respective provider, in particular, the page from which you came. This also applies if you do not have an account with the respective provider or are not logged in.
We use usage reports transmitted by Facebook to continuously improve our Facebook page. This data is only collected by Facebook and transmitted to us if you have a Facebook account and visit our site there. We and Facebook are responsible for this data processing. We have concluded an agreement with Facebook that regulates the distribution of duties transparently (Art. 26 EU GDPR; available at www.facebook.com/legal/terms/page_controller_addendum). The main content of this agreement is that Facebook is primarily responsible for visitor data processing and fulfills all relevant obligations of the EU GDPR with regard to the processing of visitor data (including, but not limited to, the fulfillment of the rights of the data subject). Further below, we show you where you can obtain further information on data processing on Facebook.
Apart from that, we have no influence on what personal data these third-party providers collect and how they deal with them. We are not aware of this either. Please note that some of these providers are based outside the EU and your data will therefore probably be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. You can obtain further information on the handling of your data from the respective third party providers.
Instagram, in addition:
Through social media links, we enable you to receive even more attractive offers from us on other channels and to communicate directly with these offers and users. In addition, you can easily share our offers with others in numerous ways. This way, we can make our website more attractive and interesting for you. Due to this, the embedding of social media links is necessary for the fulfillment of our tasks and is in our predominant, legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG). By actively clicking on them, you can decide for yourself whether personal data is transferred to the third party providers. The evaluation of the usage analyses sent to us by Facebook also serves to fulfill our task and is in our predominant, legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG). The provision of usage data via Facebook is carried out in an anonymous form.
The parent companies of social media providers are based in the USA. Insofar as personal data is transferred there, an adequate level of data protection is ensured by the EU-US Privacy Shield, to which all of the above-mentioned providers are subject if they are based in the USA (Facebook, Twitter - list available at www.privacyshield.gov/list).
You can also watch videos on our website: These are integrated into our online offer so that you are able to watch these videos directly on our site. We use YouTube for this purpose and integrate the videos using the advanced privacy settings of YouTube. This means that data about you, in particular, your IP address and the page from which you came, is only transmitted to YouTube when and if you actually play the embedded video. When you view the video, information about you is transmitted to YouTube, including your IP address and the site from which you came, including information about which video you are viewing. This applies even if you do not have an account with the respective provider or are not logged in. If you are logged in to YouTube, this information is also associated with your account (you can prevent this by logging out of YouTube before viewing the video).
You can also watch our videos on youtube.com itself. In order to do this, click on the "StwB" button in the video or the YouTube icon. If you use this, data will also be transferred to YouTube. By clicking on the "Share" button, you can also discuss or share our YouTube offers on Facebook and Twitter; the processing of your data is subject to the provisions already explained for these services.
We have no control over what personal information YouTube collects and how YouTube handles it. This is also not known to us. You can find further information on how we handle your data here:
By embedding and linking YouTube videos, we enable you to obtain even better information about our offers and offer you virtual assistance, e.g. in filling out the BAföG application form. Also, you can easily share our services with others and communicate with users in various ways. In this way, we improve the experience of our website and support you in your study planning as well as help you make use of study grants. Because of this, the embedding of videos is necessary for the fulfillment of our tasks and is in our predominant, legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG). By actively clicking, you can decide for yourself whether personal data is transferred to YouTube.
Please note that Google's parent company, which is responsible for providing YouTube, is located in the United States and your information may be transferred there. Insofar as personal data is transferred to the USA, a sufficient level of data protection is ensured via the EU-US Privacy Shield, which Google has also submitted to for YouTube (list available at https://www.privacyshield.gov/list).
8. Google Maps
We use Google Maps to show you the property locations interactively. Google Maps is a service provided by Google Ireland Ltd. We have integrated Google Maps into our website in such a way that we can show you the corresponding maps directly on the website if you wish and click on the map that is initially displayed as inactive. You can also open an external window with one click, in which the offers of Google Maps are available to you (including the route planning function). If you click on the map, personal information - such as your IP address and the information from which page you called up the Google Maps map - can also be transmitted to Google.
Google's parent company is based in the United States so that we cannot exclude the possibility that data may be transferred there. However, even in these cases, an adequate level of data protection is guaranteed by the EU-US Privacy Shield to which Google has submitted (list available at www.privacyshield.gov/list).
The embedding of the map enables us to show you our property locations directly and thus offer more information for you. This is necessary for the fulfillment of our tasks and is in our predominant, legitimate interest (Art. 6 I 1 e EU GDPR, § 3 DSG NRW, § 2 StWG).
9. Data security
To protect your data in the best possible way, we use SSL/TLS encryption (https standard) for technical and organizational security measures, that are also adapted to reflect the current state of technology in terms of risk.
10. Affected rights
Insofar as personal data is used which relates to you as a natural person, you are entitled to various data protection claims against us. According to Art. 15 EU GPDR, you have the right to information about the stored data about you and its origin, the recipients or categories of recipients to whom the data is passed on, and the purpose of the storage.
Also, you may be entitled to correction, deletion or limitation (of the processing) of your data per Art. 16 - 18 EU Data Protection Regulation. Besides, according to Art. 20 EU GPDR, you may request the transfer of the data to another responsible body.
You may also object to the further processing of your data if we process your data based on a legitimate interest (Art. 6 I 1 f EU GPDR) or based on a public task incumbent on us within the meaning of Art. 6 I 1 e EU GPDR. If we do not process your data for advertising purposes, this requires a reason that results from your particular situation. In the event of an objection, we will no longer process your data from the time it is received during the subsequent review and will delete it after completion of the review - if the objection is justified (Art. 21 EU GPDR).
You can revoke your consent to data processing (Art. 6 I 1 a EU GPDR) at any time; we will then not process your data unless there is legal permission for this.
An objection or revocation does not affect the admissibility of data processing in the past.
We will fulfill your rights immediately and free of charge. Please contact us or our data protection officer; you will find our contact details at the beginning of this data protection declaration.
If you believe that any data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (§ 29 DSG NRW, § 19 BDSG, Art. 77 EU GPDR). This also includes the data protection supervisory authority responsible for us, which you can reach with the following contact details:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
Phone: 02 11/384 24-0
Fax: 02 11/384 24-10
Status: 19th July 2019
Handling your data and your rights
Information according to Articles 13 and 14 EU GDPR - valid since May 25, 2018
With the following data protection information, we inform you per the EU Data Protection Basic Regulation (EU GPDR) in force since 25.05.2018 about the processing of personal data by us and about the rights to which you are entitled: [This remains unchanged compared to the current status]