SRH Fernhochschule - The Mobile University

Information on data processing and data protection for students

Dear students,
You will find information below on how your data are processed in our company pursuant to Art. 13 and 14 of the EU General Data Protection Regulation (EU GDPR). You can find further information on the Internet at: https://www.srh-distance-learning-university.com/data-protection/. The provision and processing of your data is required under your student contract and for organising your studies at our university.

1. Data Controller

pursuant to Art. 4 (7) EU GDPR
SRH Fernhochschule – The Mobile University
State-approved university of SRH Fernhochschule GmbH
Kirchstrasse 26
88499 Riedlingen, Germany
Managing Director: Christian Gerard
Phone: +49 7371 9315-0

info@srh-dlu.com

2. Data Protection Officer

Symbion GmbH
Jörg Flierenbaum
Robert-Koch-Strasse 3
97230 Estenfeld, Germany
dataprotection@srh-dlu.com

 

3. Purposes

for which your personal data are processed

  • Contract management, billing
  • Issuing and managing a student ID
  • Organising programmes (e.g. courses, lectures, seminars, excursions, work placements)
  • Organisation and implementation of examinations, managing and notification of results
  • Attendance and performance records
  • Information on university events and programmes
  • Internal university communication

4. Use for other purposes

  • Implementation, testing, support and maintenance of IT systems and applications
  • Supervision and monitoring (e.g. audit, internal audit, data protection officer)
  • Organisation analyses, quality assurance measures
  • Compliance with statutory documentation/reporting requirements

5. Legal basis

  • Art. 6 (1) (b) EU GDPR on performance of the student contract
  • Art. 6 (1) (a) provided your consent is obtained as well as obligations arising from laws such as the
    • Higher Education Statistics Act
    • State Higher Education Act

6. Data

Categories of your personal data that will be processed if required for the aforementioned purposes:

  • Identity, address and contact data
  • Accounting data according to the data set
  • Higher Education Statistics Act (description of data set)
  • Data that you make available to us or provide in university applications
  • Photos
  • Scholarship information
  • Data for and from IT use (such as user IDs, passwords, access logs)

7. Categories of recipients

to whom the required data will be disclosed for the respective purpose (by transfer or granting of access and only insofar as this is not possible without disclosing your personal data)
Internal

  • Student service
  • Employees
  • Lecturers of your chosen programmes
  • Examination office
  • University marketing, communications
  • Financial accounting (debitors)
  • Quality management
  • IT department

Exteral

  • Visiting lecturers
  • Ministries and regional authorities responsible for the university
  • Corporate audit of SRH Holding SdbR
  • Sponsors/companies (for granting scholarships)
  • Service providers for the aforementioned purposes
  • External companies providing IT support and maintenance
  • Parties involved and supporting bodies in the defence of claims and legal proceedings

8. Transfer to third countries

outside the EU or countries accepted by the EU with an equal level of data protection

  • Only with your knowledge and consent

9. Retention periods

  • Access to your data will be blocked after you are exmatriculated and statistical and legal obligations have been complied with. Further statistical analyses will be conducted using anonymised data.
  • Your data will then be stored with your consent for up to 40 years after exmatriculation and then erased. If consent is revoked, the data will be erased (2 years after exmatriculation at the earliest).

10. Data origins

if not provided by you

  • Partner universities
  • Agencies
  • Start of university
  • Legal guardians
  • Sponsors

Categories of your data that the university obtains from third parties and processes

  • Nomination data
  • Application data
  • If you have not applied directly
  • If applicable, billing/emergency data for minors
  • For rehabilitees

11. Your rights

  • Information about your personal data (Art. 15 EU GDPR)
  • Rectification of your data (Art. 16 EU GDPR)
  • Erasure of your data (Art.17 EU GDPR) provided there are no obligations to store them
  • Restriction of processing (Art. 18 EU GDPR)
  • Right to data portability (Art. 20 EU GDPR)
  • Complaint to the responsible state data protection officer

Abbreviations

EU GDPR = EU General Data Protection Regulation
BDSG = Bundesdatenschutzgesetz (German Federal Data Protection Act)
LHG = Landeshochschulgesetz (State Higher Education Act)
i.c.w. = in connection with (legal basis derived from more than one law)