Data Protection
Inquiry, Manipulation, and Use of Personal and Non-Personal Data
RWTH Aachen highly values the protection of personal data. The Data Security Law of North Rhine-Westphalia (DSG NRW) and the resulting rights of those concerned are always considered and guaranteed.
A procedure register has been drawn up. You can request to view it through the RWTH Aachen Data Protection Officer.
All information gathered for the RWTH BlueCard is solely used for the creation and administration of the RWTH BlueCard. It is only passed on, if it is necessary to fulfill a task, e.g. on to the library or Student Services. Use of the data for a reason other than for which it was collected, is barred.
The legal foundation for the distribution of the student ID as a mulifunctional smart card and for collecting the necessary data is describe in §48 Paragraph 48 of the University Regulations NRW and the respective currently valid Enrollment Regulations (Einschreibunsordnung).
The BlueCard – visually and electronically readable data
The following personal information is printed visually readable on the BlueCard:
- First name
- Last name
- Student ID number
- Photo
- Validity Period
- RWTH ID
- RWTH card number
The photo on the RWTH BlueCard is necessary for comparison between the ID holder and the smart card. When the RWTH BlueCard is handed out, the information on the card will be compared with the information on a government photo ID. This way the RWTH BlueCard can substitute for a government photo ID within the University (for example during exams).
Just like the other information that is saved on the RWTH BlueCard, the photo is strictly used exclusively for the creation of the BlueCard.
On the BlueCard chip, there are two applications that are currently being used. The following data are saved in both of these applications, in addition to the manufacturer established serial number:
| Data saved in both of these applications, in addition to the card serial number | |
|---|---|
| Student Services Payment Function | RWTH ID |
| RWTH card number | |
| CMS card number | |
| User group (students) | |
| Electronic wallet balance | |
| Validity Period | |
| Tokens (necessary for rebates or discounts for example) | |
| RWTH Applications | RWTH ID |
| RWTH card number | |
Through the various BlueCard applications, it is ensured that individual institutions (currently RWTH and Student Services) only have access to their own application and have the data found there.
Default settings have been made for the further eight applications. However they do not have any uses. These were carefully created due to functional reasons for expanding the BlueCard abilities, but do not have any saved data. (Link zu RWTH BlueCard – what is it?).
Transmission of Data to the Card Management System (CMS)
The following information is transmitted to the RWTH Card Management System by the IT Center for the administration of the RWTH BlueCard:
- User group (students)
- RWTH ID
- Student ID number
- Gender
- Last name
- First name
- Active (enrolled or re-registered )
- Card validity (semester)
- Photo
- Photo date
In order for the RWTH BlueCard service point to be able to quickly inform students, e.g. on the production status of their RWTH BlueCard, the email address from Identity Management in the IT Center is carried over to the Card Management System and saved there.
After the RWTH BlueCard has been made, the card serial number (UID, only in those BlueCards with smart card technology) and the production data of the card are transferred to the Card Management System.
Two card specific features per person are generated in the Card Management System: the CMS and the RWTH card number. Since these are tied to one card, both these numbers change when a card is reissued, e.g. when the first one has been lost.
The CMS card number is a component of the payment function and necessary to communicate with the Student Services payment system.
The RWTH card number is a 12-place alphanumeric character combination and serves as a substitute for the unencrypted card serial number (UID) on every smart card. It is encrypted onto the card and is used for various processes at RWTH (in the future for the financial clearing of Student Services with the University Library and when applicable, the registration function for vote participation).
Transmission of Data to the Identity Management System (TIM)
After the RWTH card number has been generated, it is transferred to the IT Center's Identity Manangement System, along with the production data.
The RWTH card number is also transferred from TIM to the University Library for the library card function.
Transmission of Data to Student Services
The followign data is transmitted to Student Services for the payment function:
- RWTH ID
- CMS card number
- RWTH card number
- User groups (students)
- Cost center
- Validity period
- Card status (card in use, card locked, etc.)
- Date of card manufacture
Transmission of Data on External Card Suppliers
RWTH indirectly uses an external card supplier for the mass production of the RWTH BlueCards. The card supplier is obligated to work in accordance with the data protection conformed processing (particularly earmarking and deletion after the activity ends).
Deletion Deadlines
All data, with the exception of the photo, is saved in the Card Management System for one year past the card end validity date (in case there is a need for postprocessing).
Photos, which were uploaded to TIM for the creation of the RWTH BlueCard or were taken at a service point, are deleted on May 15th (for the summer semester) and November 15th (for the winter semester), if the production and qualified distribution of the RWTH BlueCard has taken place.
Changes to Your Information
You can always update, correct, or supplement your saved personal information. You can change your address yourself in CAMPUS-Office. For all other changes, please contact the Registrar's Office.
Individuals with Authorized Access
You can view your personal information in the Identity Management System .
Individuals with authorized access to the Card Management System include administrative staff in the Registrar's Office, in the RWTH BlueCard service point, and in Division 5.3 of the Central University Administration (IT-Basic Services).
Data Security
We feel obligated to protect your information. We have taken the appropriate technical and organizational measures in order to prevent unwarranted access or disclosure to ensure the correctness of the information and to ensure the correct use of the data.
Inquiries/Concerns
Inquiries to data protection can be made to the RWTH Aachen Data Protection Officer . Concerns can also be sent to this email address.
If you should have an inquiry according to § 18 DSG NRW, please contact the BlueCard Service Point during business hours. The staff there will provide you with a print out of your data saved in the Card Management System. The Registrar's Office is available if you have any additional questions.