Data Protection


Inquiry, Manipulation, and Use of Personal and Non-Personal Data

RWTH Aachen highly values the protection of personal data. The Data Security Law of North Rhine-Westphalia (DSG NRW) and the resulting rights of those concerned are always considered and guaranteed.

A procedure register has been drawn up. You can request to view it through the RWTH Aachen .

All information gathered for the RWTH BlueCard is solely used for the creation and administration of the RWTH BlueCard. It is only passed on, if it is necessary to fulfill a task, e.g. on to the library or Student Services. Use of the data for a reason other than for which it was collected, is barred.

The legal foundation for the distribution of the student ID as a mulifunctional smart card and for collecting the necessary data is describe in §48 Paragraph 48 of the University Regulations NRW and the respective currently valid Enrollment Regulations (Einschreibunsordnung).

The BlueCard – visually and electronically readable data

The following personal information is printed visually readable on the BlueCard:

  • First name
  • Last name
  • Student ID number
  • Photo
  • Validity Period
  • RWTH card number

The photo on the RWTH BlueCard is necessary for comparison between the ID holder and the smart card. When the RWTH BlueCard is handed out, the information on the card will be compared with the information on a government photo ID. This way the RWTH BlueCard can substitute for a government photo ID within the University (for example during exams).

Just like the other information that is saved on the RWTH BlueCard, the photo is strictly used exclusively for the creation of the BlueCard.

On the BlueCard chip, there are two applications that are currently being used. The following data are saved in both of these applications, in addition to the manufacturer established serial number:

Data saved in both of these applications, in addition to the card serial number
Student Services Payment Function RWTH ID
RWTH card number
CMS card number
User group (students)
Electronic wallet balance
Validity Period
Tokens (necessary for rebates or discounts for example)
RWTH Applications RWTH ID
RWTH card number

Through the various BlueCard applications, it is ensured that individual institutions (currently RWTH and Student Services) only have access to their own application and have the data found there.

Default settings have been made for the further eight applications. However they do not have any uses. These were carefully created due to functional reasons for expanding the BlueCard abilities, but do not have any saved data. (Link zu RWTH BlueCard – what is it?).

Transmission of Data to the Card Management System (CMS)

The following information is transmitted to the RWTH Card Management System by the IT Center for the administration of the RWTH BlueCard:

  • User group (students)
  • Student ID number
  • Gender
  • Last name
  • First name
  • Active (enrolled or re-registered )
  • Card validity (semester)
  • Photo
  • Photo date

In order for the RWTH BlueCard service point to be able to quickly inform students, e.g. on the production status of their RWTH BlueCard, the email address from Identity Management in the IT Center is carried over to the Card Management System and saved there.

After the RWTH BlueCard has been made, the card serial number (UID, only in those BlueCards with smart card technology) and the production data of the card are transferred to the Card Management System.

Two card specific features per person are generated in the Card Management System: the CMS and the RWTH card number. Since these are tied to one card, both these numbers change when a card is reissued, e.g. when the first one has been lost.

The CMS card number is a component of the payment function and necessary to communicate with the Student Services payment system.

The RWTH card number is a 12-place alphanumeric character combination and serves as a substitute for the unencrypted card serial number (UID) on every smart card. It is encrypted onto the card and is used for various processes at RWTH (in the future for the financial clearing of Student Services with the University Library and when applicable, the registration function for vote participation).

Transmission of Data to the Identity Management System (TIM)

After the RWTH card number has been generated, it is transferred to the IT Center's Identity Manangement System, along with the production data.

The RWTH card number is also transferred from TIM to the University Library for the library card function.

Transmission of Data to Student Services

The followign data is transmitted to Student Services for the payment function:

  • CMS card number
  • RWTH card number
  • User groups (students)
  • Cost center
  • Validity period
  • Card status (card in use, card locked, etc.)
  • Date of card manufacture

Transmission of Data on External Card Suppliers

RWTH indirectly uses an external card supplier for the mass production of the RWTH BlueCards. The card supplier is obligated to work in accordance with the data protection conformed processing (particularly earmarking and deletion after the activity ends).

Deletion Deadlines

All data, with the exception of the photo, is saved in the Card Management System for one year past the card end validity date (in case there is a need for postprocessing).

Photos, which were uploaded to TIM for the creation of the RWTH BlueCard or were taken at a service point, are deleted on May 15th (for the summer semester) and November 15th (for the winter semester), if the production and qualified distribution of the RWTH BlueCard has taken place.

Changes to Your Information

You can always update, correct, or supplement your saved personal information. You can change your address yourself in RWTHonline. For all other changes, please contact the .

Individuals with Authorized Access

You can view your personal information in the Identity Management System .

Individuals with authorized access to the Card Management System include administrative staff in the Registrar's Office, in the RWTH BlueCard service point, and in Division 5.3 of the Central University Administration (IT-Basic Services).

Data Security

We feel obligated to protect your information. We have taken the appropriate technical and organizational measures in order to prevent unwarranted access or disclosure to ensure the correctness of the information and to ensure the correct use of the data.


Inquiries to data protection can be made to the RWTH Aachen . Concerns can also be sent to this email address.

If you should have an inquiry according to § 18 DSG NRW, please contact the during business hours. The staff there will provide you with a print out of your data saved in the Card Management System. The is available if you have any additional questions.