SRH Universites

Data protection policy

Version of 27.04.2023

Data protection by SRH

Data protection and data security for the customers and partners of our company as well as for interested parties and users of our website have a high priority in our company. Transparency with regard to the processing of personal data and the protection of all data are therefore particularly important to us. With this declaration we provide an overview of how data is collected and processed when using our website.

SRH Higher Education GmbH

Bonhoefferstr. 1                                   
69123 Heidelberg

Telefon: +49 6221 8223-065                            
Telefax: +49 6221 8223-109 

Contact for data protection

Symbion AG
Herr Jörg Flierenbaum
Robert-Koch-Straße 3
97230 Estenfeld

Information About Data Usage and Protection

The following information will explain to you the usage of your personal data in regard to your application to and within the SRH University of Applied Sciences as in accordance to para. 13 and 14 of the EU General Data Protection Regulation (GDPR). 

Responsible Party
according to Art. 4 Par.7 GDPR
SRH Universities
SRH Higher Education GmbH
Bonhoefferstr. 1, 69123 Heidelberg
CEO: Professor Dr. Dr. h.c. Jörg Winterberg
+49 6221 8223-061

Data Protection Officer
Contact Details
Symbion AG
External Data Protection Officer
Robert-Koch-Straße 3, 97230 Estenfeld

Data Collection Usage
Here is how we use utilize your personal data

  • For the implementation of the application process
  • For communicating with the applicant
  • For study advisory
  • For assessing the applicants’ eligibility for higher studies in Germany
  • For internal university communication

Usage for Other Purposes

  • For insertion, testing, supporting, and maintaining our IT-systems and other programmes
  • For supervision- and controlling authorities (for example the checking of invoices, internal revisions, data protection authority etc.)
  • For organizational analysis, quality-assurance measures
  • For the fulfilment of lawful documentation requirements

Legal Bases

  • Art. 6 Par.1 lit.b) GDPR
    For the creation and fulfillment of the study contract
  • Art. 6 Par. 1 lit.a) as long as you consent
  • As well as the requirements of other binding laws (for example: HGB, AO, Hochschulstatistikgesetz, Landeshochschulgesetz)

Data Categories
The following types of data shall be processed in regard to the purposes mentioned above

  • Personal information, address and contact data
  • Application data
  • Transcripts and other proofs and documentation ofeligibility
  • Billing information
  • Photos
  • Scholarship information
  • Data for and from your SRH account (such as user ID, password, access protocols)

Where applicable:

  • Information about legal guardians (such as banking information in regard to minors, or emergency contact persons)

Receiving Parties

In regard to which data is disclosed to which parties and for what purpose (by transmission or granting access, and only if not possible without personal reference).


  • Students‘ Service
  • The University Marketing and Communication Department
  • The Financial Department
  • The Quality Assurance Department
  • Student Representatives (for example the Students’ Union)


  • The Corporate Auditing Authority of SRH Holding SdbR
  • Financial Support Authorities (for scholarships) 
  • Service providers regarding fulfilling the purposes mentioned above
  • External IT-support and maintenance companies
  • Internal IT-Support
  • Involved and supporting parties in case of defense of settlement of claims and legal procedures
  • When applicable: benefactors and financial service providers
  • Plagerism auditors

Information Sent to Third-party Countries
(defined as being outside of the European Union, or third countries considered equal in data protection measures outside of the EU).

  • When applicable: personal data may be shared with international financial service providers (for example Flywire)

Data Retention Period

  • Your data shall be retained after your enrollment within your study dossier, and saved in accordance to the legal data retention period
  • - In the case of applications that do not lead to enrollment, we will delete your data 3 months after the start of the studies you originally requested.

Your Legal Rights

  • Disclosure of personal information collected about your person (Art. 15 GDPR)
  • Amendments to your data (Art. 16 GDPR)
  • Deletion of your data (Art.17 GDPR)
    as long as no data retention period requirements are present
  • Restriction of processing (Art. 18 GDPR)
  • The right to transference of data (Art. 20 GDPR)
  • Complaints to the responsible state authority for data protection


GDPR = EUGeneral Data Protection Regulation
BDSG = Federal Law of Data Protection
LHG = State Law for Higher Education
i.V.m. = in connection to (legislative base is derived from more than one law)


With your consent, we use the open-source software Matomo for analyzing and statistically evaluating the use of the website. For this purpose, cookies are used. The information obtained about the use of the website is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the usage of the website. The collected data will not be shared with third parties.

The IP addresses are anonymized (IP masking), so that allocation to individual users is not possible.

The processing of data is based on Article 6(1)(a) of the GDPR. We pursue our legitimate interest in optimizing our website for our external representation.

You can revoke your consent at any time by deleting the cookies in your browser or changing your privacy settings.

Matomo Cookieless Tracking

We utilize the open-source software Matomo for the analysis and statistical evaluation of anonymized usage data on our website. The information obtained regarding website usage is exclusively transmitted to our servers and summarized in anonymized usage profiles. We use this data to assess website usage. The collected data will not be shared with third parties.

IP addresses are anonymized (IP masking), preventing any association with individual users. We have activated the "do-not-track" setting and ensured that personally identifiable information (such as email addresses) is not stored.

Data processing is based on Article 6(1)(f) of the GDPR, representing our legitimate interest in optimizing our online offerings.

You have the option to decide whether this anonymized collection and analysis may take place. If you wish to opt out, please click the following link to place the Matomo deactivation cookie in your browser.