General data protection of Studierendenwerk Stuttgart AöR

With the following information, we would like to inform you in general about the processing of your personal data by us. In addition, you will receive an overview of your rights under data protection laws.

In addition to this general privacy policy, you will find here data protection information about our Website.

Data protection information about our dormitories for tenants and applicants.


1. Who is responsible for data processing and who can you contact?

The responsible body is:

Studierendenwerk Stuttgart AöR

Rosenbergstraße 18

D-70174 Stuttgart

Telephone: +49 711 4470-1247


You can reach our data protection officer at:

Studierendenwerk Stuttgart AöR

- Data protection officer -

Rosenbergstraße 18

D-70174 Stuttgart


2. Where do we get personal data from?

In most cases, we receive the personal data directly from you.

For some of the processing, we also receive personal data from other entities:

  • We receive information about student status from universities, for example about exchange students.
  • Our daycare centers receive information about applicants for a daycare place from the municipal administration.
  • From parents and other dependents, we obtain the information required to apply for educational assistance.
  • We may receive data from payment service providers (e.g. banks), for example about rental payments.

3. What do we process personal data for and on what legal 

We process personal data to fulfill our legal duties:

  • for the operation of student housing facilities,
  • for the operation of catering establishments (e.g. canteens),
  • for the promotion of cultural, social and sporting interests of students
  • Conduct educational advancement and other financial aid for students,
  • on the operation of childcare facilities,
  • for health promotion measures and social and legal counselling,
  • For the advancement and support of members and affiliates of institutions of higher education.

We also process personal data for the preparation and execution of contracts with tenants, guests (e.g. in canteens) and other business partners.

We also process data to fulfill legal obligations, for example tax and financial data, registration data and statistical data, and to fulfill legal retention obligations.

In addition, we process personal data to protect our legitimate interests, for example data from communication with universities, authorities, students, parents, business partners, visitors and guests. The legitimate interest results from the respective reason for the process.

With the special consent of the data subjects, we also process personal data for better support of students, guests and employees, such as health data of children or students, as well as for the support of special hardship cases. The consent can be revoked at any time.

In addition, we process personal data for general administrative purposes and to establish, implement and terminate service and employment relationships.


4. To which recipients do we disclose personal data?

We share personal information with the following entities:

  • Banks and other payment service providers (e.g. direct debit data),
  • Insurance companies (e.g. health insurance, pension insurance),
  • Authorities (e.g. local authorities, youth welfare office, registration office, employment agency, state high insurance),
  • Universities, dormitory tutors, student self-help organizations (e.g. Selfnet e.V.),
  • lawyers and debt collection agencies,
  • Supervisory authorities (e.g. statistical data),
  • German Student Union (statistical data)

In addition to the aforementioned recipients, we have commissioned specialized service providers to support us in the operation of our IT applications, including, for example, web hosts, software providers, system administrators and data center operators. In some cases, these entities have access to personal data as part of the performance of their services.

5. How long is personal data stored?

In principle, we only store personal data until the purpose of the storage has been fulfilled. In doing so, we must comply with statutory retention periods, the expiration of which we must wait before deleting data.

  • There is a statutory retention period of ten years for accounting records.
  • Contracts and business letters are kept for six years, and claims for damages for up to 30 years.
  • Data on applicants for a place in a residential complex is deleted after two years.
  • Data on educational funding must be retained for up to six years after the conclusion of the procedure.
  • Pedagogical data from daycare centers are deleted when the child has left the facility.
  • Data on applicants for employment are deleted after six months, wage slips after six years.
  • Employee health data is deleted after five years.
  • Web server log data is deleted after 9 weeks, unless longer retention is required in individual cases.

6. Is the provision of personal data mandatory?

In the area of education subsidies and for all publicly subsidized benefits (e.g., housing facilities, cafeteria meals and daycare places), the provision of data is required by law so that eligibility can be proven. Without this information, we are not allowed to provide the services.

In connection with contracts (e.g. rental agreements), we sometimes ask for data in order to be able to offer our services in the best possible way, for example questions about special requests, disabilities or hardship cases. This information is always voluntary, but we cannot provide our services optimally without it.

For employment relationships, there are legal obligations to provide data, such as tax and insurance information. No employment relationship can be established without this information.


7. Is personal data transferred to a third country?

As a matter of principle, we do not transfer personal data to third countries. Only in the context of communication with foreign students is data transmitted to third countries, for example when applying for a place in a hall of residence.


8. What data protection rights do data subjects have?

Data subjects have the right to obtain information about their data, to have data corrected, to have data deleted, to have data processing restricted and to have the right to data portability.

There is also the right to revoke consent given, to object to processing on the basis of the company's legitimate interests and to automated decisions within the framework prescribed by law. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation.

Data subjects also have the right to complain to a data protection supervisory authority.

Status: 22. Mai 2018