Back

Data protection policy

Version of 18.05.2018

Data protection by SRH

Data protection and data security for the customers and partners of our company as well as for interested parties and users of our website have a high priority in our company. Transparency with regard to the processing of personal data and the protection of all data are therefore particularly important to us. With this declaration we provide an overview of how data is collected and processed when using our website.

SRH Higher Education GmbH

Bonhoefferstr. 1                                   
69123 Heidelberg

Telefon: +49 6221 8223-065                            
Telefax: +49 6221 8223-109 
E-Mail: higher-education@srh.de

Contact for data protection

Symbion AG
Herr Jörg Flierenbaum
Robert-Koch-Straße 3
97230 Estenfeld
Email: datenschutzbeauftragter-srh@symbion-ag.de

Information About Data Usage and Protection

The following information will explain to you the usage of your personal data in regard to your application to and within the SRH University of Applied Sciences as in accordance to para. 13 and 14 of the EU General Data Protection Regulation (GDPR). 

Responsible Party
according to Art. 4 Par.7 GDPR
SRH Universities
SRH Higher Education GmbH
Bonhoefferstr. 1, 69123 Heidelberg
CEO: Professor Dr. Dr. h.c. Jörg Winterberg
+49 6221 8223-061
higher-education@srh.de

Data Protection Officer
Contact Details
Symbion AG
External Data Protection Officer
Robert-Koch-Straße 3, 97230 Estenfeld
E-Mail: datenschutzbeauftragter-srh@symbion-ag.de

Data Collection Usage
Here is how we use utilize your personal data

  • For the implementation of the application process
  • For communicating with the applicant
  • For study advisory
  • For assessing the applicants’ eligibility for higher studies in Germany
  • For internal university communication

Usage for Other Purposes

  • For insertion, testing, supporting, and maintaining our IT-systems and other programmes
  • For supervision- and controlling authorities (for example the checking of invoices, internal revisions, data protection authority etc.)
  • For organizational analysis, quality-assurance measures
  • For the fulfilment of lawful documentation requirements

Legal Bases

  • Art. 6 Par.1 lit.b) GDPR
    For the creation and fulfillment of the study contract
  • Art. 6 Par. 1 lit.a) as long as you consent
  • As well as the requirements of other binding laws (for example: HGB, AO, Hochschulstatistikgesetz, Landeshochschulgesetz)

Data Categories
The following types of data shall be processed in regard to the purposes mentioned above

  • Personal information, address and contact data
  • Application data
  • Transcripts and other proofs and documentation ofeligibility
  • Billing information
  • Photos
  • Scholarship information
  • Data for and from your SRH account (such as user ID, password, access protocols)

Where applicable:

  • Information about legal guardians (such as banking information in regard to minors, or emergency contact persons)

Receiving Parties

In regard to which data is disclosed to which parties and for what purpose (by transmission or granting access, and only if not possible without personal reference).

Internal

  • Students‘ Service
  • The University Marketing and Communication Department
  • The Financial Department
  • The Quality Assurance Department
  • Student Representatives (for example the Students’ Union)

External

  • The Corporate Auditing Authority of SRH Holding SdbR
  • Financial Support Authorities (for scholarships) 
  • Service providers regarding fulfilling the purposes mentioned above
  • External IT-support and maintenance companies
  • Internal IT-Support
  • Involved and supporting parties in case of defense of settlement of claims and legal procedures
  • When applicable: benefactors and financial service providers
  • Plagerism auditors

Information Sent to Third-party Countries
(defined as being outside of the European Union, or third countries considered equal in data protection measures outside of the EU).

  • When applicable: personal data may be shared with international financial service providers (for example Flywire)

Data Retention Period

  • Your data shall be retained after your enrollment within your study dossier, and saved in accordance to the legal data retention period
  • - In the case of applications that do not lead to enrollment, we will delete your data 3 months after the start of the studies you originally requested.

Your Legal Rights

  • Disclosure of personal information collected about your person (Art. 15 GDPR)
  • Amendments to your data (Art. 16 GDPR)
  • Deletion of your data (Art.17 GDPR)
    as long as no data retention period requirements are present
  • Restriction of processing (Art. 18 GDPR)
  • The right to transference of data (Art. 20 GDPR)
  • Complaints to the responsible state authority for data protection

Abbreviations

GDPR = EUGeneral Data Protection Regulation
BDSG = Federal Law of Data Protection
LHG = State Law for Higher Education
i.V.m. = in connection to (legislative base is derived from more than one law)