Privacy Policy
1. Responsible for data processing
AStA der Universität Münster
Schlossplatz 1
48149 Münster
asta.vorsitz@uni-muenster.de
2. Purpose of data processing
We process your personal data solely for the purpose of providing social counselling and handling your application for financial support.
This includes information about your financial situation, personal details and any other information required to assess and process your application.
The University’s Department for University Funding has the right to review your address and bank details as well as the statement prepared by us regarding your financial hardship.
Your personal data are processed by the AStA and stored on systems operated by Hetzner Online GmbH.
A data-processing agreement pursuant to Article 28 GDPR exists with Hetzner.
3. Legal basis for processing
Your personal data are processed on the following legal bases:
Article 6 (1)(b) GDPR – for processing your application for financial support,
Article 6 (1)(e) GDPR – for the performance of a task carried out in the public interest (student social counselling),
Article 6 (1)(a) GDPR – insofar as you voluntarily provide additional information,
Article 9 (2)(a) GDPR – for processing special categories of personal data (e.g. financial data) on the basis of your explicit consent.
You may withdraw your consent at any time with future effect; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
4. Type of data collected
Name, e-mail address, telephone number
University, student ID number, degree programme
Financial details (e.g. income, debts)
Other personal details (e.g. date of birth, marital status)
Voluntarily provided special categories of data (e.g. financial data or information on your social circumstances)
5. Storage Period and Deletion
Personal data collected in connection with the ticket and application process are stored only as long as necessary to handle your case and fulfil the associated legal obligations.
After completion of the procedure and fulfilment of all legal and administrative requirements, the data are generally retained for up to three years.
This period is based on the regular limitation period under Section 195 BGB (German Civil Code) and serves to document the proper handling of applications and to defend possible legal claims.
Deletion currently takes place manually at defined intervals.
In the near future, an automated deletion procedure will be implemented to ensure timely and GDPR-compliant removal without manual intervention.
If statutory retention periods (e.g. under tax or budgetary law) require longer storage, the respective data will be blocked until the end of those periods and then deleted.
6. Recipients & Hosting / Processing on Behalf
Processing is carried out primarily by the teams within the AStA responsible for your case.
Our systems are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (Germany), acting as a processor under Article 28 GDPR.
Hetzner processes data exclusively on the AStA’s instructions and on the basis of documented technical and organisational measures (TOMs), which are regularly audited externally. Data are only disclosed to third parties where required by law or where you have provided consent.
7. Disclosure to third parties
Storage and processing take place in data centres within the EU. No transfers to third countries take place. Should this exceptionally change (e.g. by selecting a non-EU location), this will only occur in compliance with Arts. 44 ff. GDPR (in particular Standard Contractual Clauses/adequacy decisions); you will be informed in advance.
Your data will only be passed on to the team responsible for you within the AStA and will be treated confidentially.
The University Support Office of the University has the right to inspect your address data, account data and the reasons we have given for your emergency situation.
8. Rights of data subjects
Under the GDPR, you have the right to:
Obtain information about the data stored about you (Art. 15 GDPR)
Request rectification of inaccurate or incomplete data (Art. 16 GDPR)
Request deletion of your personal data, unless statutory retention obligations apply (Art. 17 GDPR)
Request restriction of processing (Art. 18 GDPR)
Object to the processing of your data (Art. 21 GDPR)
Withdraw your consent at any time (Art. 7 (3) GDPR)
Lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise your rights, you can contact us informally at the above address.
9. Data Protection Officer
The General Students’ Committee (AStA) of the University of Münster is a legally constituted public body under § 53 of the Higher Education Act of North Rhine-Westphalia (HG NRW).
Due to the AStA’s limited financial and human resources, no formal appointment of a Data Protection Officer has yet been made.
Instead, an internal Data Protection Contact Point has been established to coordinate compliance with data protection requirements.
Data Protection Contact Point
AStA of the University of Münster
Data Protection
Schlossplatz 1
48149 Münster, Germany
E-mail: asta.vorsitz@uni-muenster.de
University of Münster
Data Protection Officer
Schlossplatz 2
48149 Münster, Germany
E-mail: datenschutz@uni-muenster.de
10. Supervisory Authority
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf, Germany
E-mail: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de
11. Contact information
If you have any questions or concerns in connection with your personal data, you can reply to your ticket at any time, stating the ticket number, or contact us directly.
AStA of the University of Münster
AStA Social Counseling
Schlossplatz 1
48149 Münster
asta.soziales@uni-muenster.de
02518322281
12. Voluntary nature of the provision of data
The provision of your personal data is voluntary. However, if you do not provide it, we will not be able to process your application.
13. Automated decision-making
There is no automated decision-making, including profiling.
Each application is personally reviewed and assessed by an employee of the social counseling service.
14. Cookies and tracking
Our ticket system uses only technically necessary cookies that are required for the operation and provision of system functions.
These cookies do not store personal data and are deleted at the end of the browser session.
No consent is required pursuant to Section 25 (2) No. 2 TTDSG.
Use of Matomo (Local Web Analytics)
To analyse the use of our online services anonymously, we operate our own instance of the open-source web-analytics software Matomo on the same server infrastructure hosted by Hetzner Online GmbH.
Matomo is configured in a privacy-friendly way:
No use of cookies (“force tracking without cookies”)
IP-address anonymisation: the last two bytes of the IP address are removed (e.g. 192.168.xxx.xxx)
Pseudonymisation of user IDs; no cross-session profiling
Do-Not-Track signals from browsers are honoured
No data transfer to third parties or third countries
Regular deletion or anonymisation of older data at defined intervals
Consequently, no personal data are stored or analysed.
The evaluation serves exclusively to improve statistics and system security.
Processing is based on Article 6 (1)(e) GDPR in conjunction with Section 3 BDSG, as it serves the performance of a task in the public interest (optimisation and accessible provision of the service).
The information collected is not shared with any third parties.
13. updating the privacy policy
This privacy policy is regularly reviewed and updated as necessary. You will always find the current version on this page.