Privacy Policy

This Data Protection Notice applies to the central website of RWTH Aachen University. Other privacy policies or data protection notices may apply to decentralized or affiliated websites, which are published on those sites.

Effective as of: November 2025

Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable national data protection laws of the EU Member States, as well as other relevant data protection provisions, is:

Rector of RWTH Aachen University
Templergraben 55
52062 Aachen (physical address)
52056 Aachen (mailing address)
Telephone: +49 241 80-1
Telefax: +49 241 80-92312
Email: rektorat@rwth-aachen.de
Email: auskunftsersuchen@zhv.rwth-aachen.de
Website: www.rwth-aachen.de/rektorat

Name and Address of the Data Protection Officer

The officially appointed Data Protection Officer of RWTH Aachen University can be contacted at:

Data Protection Staff Unit of RWTH Aachen University:
Templergraben 83
52062 Aachen (physical address)
52056 Aachen (mailing address)
Germany
Phone: +49 241 80-94114
Email: dsb@rwth-aachen.de

General Information on Data Processing

RWTH Aachen University processes personal data of website users only to the extent necessary to provide a functional website and to deliver the content and services offered on it. If individual websites, web pages, or features process data in ways that differ from this data protection notice, specific data protection notices will be provided there.

Provision of the Website and Creation of Log Files

a) Purpose and Scope of Data Processing

Each time you access this website, data is exchanged between your device (e.g., computer, tablet, smartphone) and the University’s web servers to establish communication and deliver the website. During this process, data is temporarily stored in log files. Specifically, the following information is collected:

  • the user’s IP address
  • date and time of access
  • information about the web pages or files accessed
  • the referring website (if transmitted by your device)
  • the browser type and operating system used on your device (if transmitted by your device)

This log data is processed to ensure the proper functioning of the website, detect and remedy malfunctions, and maintain technical security—particularly for protection against and defense from cyberattacks.

b) Legal Basis for the Processing of Personal Data

The temporary storage of technical communication data and log files is based on Article 6(1)(e) and (3) GDPR in conjunction with Section 3 of the North Rhine-Westphalia Data Protection Act (DSG NRW) and Section 3(1) of the Higher Education Act of North Rhine-Westphalia (HG NRW).

c) Data Deletion and Retention Period

Data is deleted as soon as it is no longer needed for the purpose for which it was collected. This typically occurs after no more than 14 days. Longer storage is possible in exceptional cases; in such instances, IP addresses are anonymized so that the accessing client can no longer be identified.

d) Right to Object and Right to Erasure

The collection of data for the purpose of providing the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of Cookies and Tracking Technologies

a) Purpose and Scope of Data Processing

The RWTH Aachen University website uses cookies. Cookies are small text files stored in your browser that allow your device to be recognized upon revisiting the website. If a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a specific string of characters which makes it possible to identify the browser when the website is accessed again.

These cookies are used exclusively to ensure the functionality of the website. The following data may be stored and transmitted:

  • Anonymous identifiers used to authenticate logged-in website editors

b) Legal Basis for Data Processing

The processing of personal data through technically necessary cookies is based on Article 6(1)(e) and (3) GDPR in conjunction with Section 3(1) DSG NRW and Section 3(1) HG NRW.

c) Data Deletion and Retention Period

Cookies are stored on your device and transmitted from it to our site. You therefore have full control over their use. You can disable or restrict cookies through your browser settings and delete already stored cookies at any time—either manually or automatically. Please note that disabling cookies may limit some website functions.

Forms and Email Contact

a) Purpose and Scope of Data Processing

The RWTH Aachen University website provides a feedback form for electronic communication. When you use this form, the information you enter will be transmitted to us and stored in our systems. We use various additional forms throughout our website for specific purposes, including registrations, inquiries, and applications. Each form collects only the information necessary for its particular purpose. The specific data requested will vary depending on what the form is designed to accomplish.

When submitting a form, you are asked to consent to data processing, and reference is made to this Data Protection Notice.

Alternatively, you can contact us directly via the email addresses provided; in that case, any personal data transmitted with your message will also be stored.

Your data will not be shared with third parties and is used solely for handling your inquiry.

Additional personal data collected during form submission serves to prevent misuse and to safeguard the University’s IT systems.

b) Legal Basis for Data Processing

Unless otherwise stated or specified in a separate data protection notice, the legal basis for processing data collected through our various forms is Article 6(1)(a) GDPR.

This processing is carried out to fulfill the university's official tasks in accordance with Article 6(1)(e) and (3) GDPR, in conjunction with Section 3(1) DSG NRW and Section 3(1) HG NRW).

Where email contact is intended to lead to a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

c) Data Deletion and Retention Period

Data is deleted once it is no longer needed for its intended purpose. For contact forms or email inquiries, this generally occurs when the conversation has been concluded. The conversation is considered concluded once it can be inferred from the circumstances that the matter in question has been fully clarified.

d) Right of Revocation and Objection

You may revoke your consent to the processing of your personal data at any time. If you contact us by email, you may object to the storage of your data at any time; in such cases, the conversation cannot continue. All personal data stored for this purpose will then be deleted unless legal retention obligations apply.

Mailing Lists and Newsletters

a) Purpose and Scope of Data Processing

Some RWTH Aachen University websites allow users to subscribe to mailing lists or newsletters. When registering, the data entered in the registration form is transmitted to the University, and the IP address, date, and time of registration are logged and processed. Certain mailing lists are used to distribute information to defined recipient groups (e.g., RWTH employees).

When you send a message to a mailing list, the message may be visible to and received by all members of the list. Messages sent to a mailing list are stored in the list archive for the duration of the archiving period, provided that archiving has been enabled by the list owner.

b) Legal Basis for Data Processing

Processing is based on Article 6(1)(a) GDPR if the data subject has given consent. The data subject may withdraw their consent to receive the mailing list/newsletter at any time and unsubscribe from the newsletter. For this purpose, an unsubscribe link is provided in each mailing list/newsletter message, or the data subject may send an email to the mailing list at <Listenname>-leave@lists.rwth-aachen.de or <Listenname>-unsubscribe@lists.rwth-aachen.de.

c) Data Deletion and Retention Period

Personal data will be deleted as soon as it is no longer required for the purposes for which it was collected. User data is therefore retained only as long as the mailing list subscription remains active.

AI Chatbot Ritchy

a) Purpose and Scope of Personal Data Processing

Ritchy is an AI-powered chatbot developed by the IT Center at RWTH Aachen University. It uses generative artificial intelligence methods to automatically provide users with information and support regarding the IT Center’s services.

When using the chatbot, the following types of data may be processed:

  • Technically required connection data (e.g., date and time of the request, IP address)
  • Text entered by users in the chat (e.g., questions and messages submitted to the chatbot)

Text inputs (chat messages) are processed using Microsoft’s Azure OpenAI platform. This data is transmitted to Microsoft solely for the purpose of technically processing the request and generating an appropriate response.

In line with the EU Data Boundary for the Microsoft Cloud (EUDB), all processing takes place exclusively on servers located within the European Union. Microsoft does not use transmitted data to train general AI models and deletes it shortly after it is no longer needed for system monitoring or misuse detection.

b) Data Recipients

Technically required connection data and the chat interface are processed and hosted on servers managed by the IT Center in Aachen.

Content from users’ chat interactions is transferred to Microsoft via Azure OpenAI (see Subsection 1). An Order Processing Agreement (OPA) compliant with Article 28 GDPR is in place between RWTH Aachen University’s IT Center and Microsoft.

Chat logs and evaluations of chatbot responses are stored by the IT Center exclusively in anonymized form for system optimization purposes. No personal identification of individual users is possible.

c) Legal Basis for Processing

The chatbot is offered as an additional support service to help fulfill the University’s official duties, in accordance with Article 6 (1) (e) and (3) GDPR, in conjunction with Section 3 (1) DSG NRW and Section 3 (1) HG NRW.

d) Data Retention and Deletion

Personal data is processed by the IT Center only to the extent and for the duration necessary to ensure the technical operation and security of the service. The IT Center does not retain any personal chat histories beyond this.

Chat histories and chatbot response evaluations are stored solely in anonymized form for the purpose of improving system performance.

Google Maps

a) Purpose and Scope of Data Processing

The RWTH Aachen University website includes an interactive campus map (“RWTH Aachen University Navigator”) that displays geographical information for contact and directions. This feature uses the Google Maps API, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you use this service, Google may collect your IP address, language settings, and browser-specific information.

The geographical locations requested are directly transmitted to the service. If your device is GPS-enabled, your location may also be transmitted. No additional personal data is transferred to Google.

Google may use cookies for these purposes. Details regarding Google’s data processing can be found in Google’s Privacy Policy.

When you open the RWTH Aachen University Navigator, you will be asked to consent to Google Maps usage under these terms. You may withdraw your consent at any time.

b) Legal Basis for Data Processing

Once you have given your consent to the processing of your personal data, Article 6(1)(a) GDPR serves as the legal basis for this processing.

c) Data Deletion and Retention Period

Cookies are stored on your device and transmitted to our website. You therefore have full control over their use. You can disable or restrict cookies at any time by adjusting your browser settings. Cookies that have already been stored on your device can be deleted at any time; this can also be done automatically.

Social Media Channels

In addition to providing information on our website, we share selected content through social media platforms on the basis of Article 6(1)(e) and (3) GDPR, in conjunction with Section 3(1) DSG NRW and Sections 3(1) and 8(6) HG NRW, to inform the public about our university, including our academic programs, research activities, and continuing education offerings. This also helps raise the University’s profile and strengthen our networks. The operators of the respective social media platforms are responsible for ensuring the data protection–compliant operation of their services. All information necessary for the University’s official teaching, research, and administrative functions is available on the RWTH website. Accessing our social media profiles is not required to obtain this information.

We do not use social media plug-ins. Instead, we provide social bookmarks, which are integrated as links to the respective services and can be recognized by their logos. When you click one of these links, your browser establishes a direct connection to the servers of the relevant social network. As a result, information about your visit to our website is transmitted to the platform operator—even if you are not logged in. This information (including your IP address) is transmitted directly to the operator and stored at the operator’s location. If you are logged in to the social network, selecting the link may allow the platform to associate your visit with your profile. Please note that clicking such a link enables the respective platform to make this association.

We have no influence over the type or scope of data collected and processed by the social media operators. Information about the purpose and scope of data collection, the further processing and use of data by the platform operators, as well as your rights and settings to protect your privacy, can be found in the respective privacy notices:

Facebook

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland

Meta/Facebook Privacy Policy

Instagram

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland

Meta/Instagram Privacy Policy

Threads

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland

Threads Privacy Policy

Youtube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Irland

Youtube Privacy Policy

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

LinkedIn Privacy Policy

TikTok

TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland.

TikTok Privacy Policy

Bluesky

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland

Bluesky Privacy Policy

Weibo

Weibo Corporation , 8 Sina Plaza Courtyard 10 W Xibeiwang E Rd Haidian Dist Beijing, 100080 China

Weibo Privacy Policy

Twitter/X

X Internet Unlimited Company. Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND

X Privacy Policy

Rights of the Data Subject

Under Article 15 GDPR, you have the right to access your personal data, including information about recipients and the intended storage period. If your personal data is inaccurate, you have the right to have it corrected under Article 16 GDPR. Where legal requirements are met, you may request erasure or restriction of processing under Articles 17 and 18 GDPR.

Based on Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. In such cases, the controller will cease processing unless they can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for establishing, exercising, or defending legal claims. The collection of data for the provision of the website and the temporary storage of data in log files is strictly necessary for the operation of the website.

If your personal data is processed on the basis of your consent (see Article 6(1)(a) GDPR), you may withdraw your consent at any time. This withdrawal does not affect the lawfulness of any processing that occurred prior to the withdrawal.

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent data protection supervisory authority (LDI – Landesbeauftragte für Datenschutz und Informationsfreiheit) in accordance with Art. 77 (1) GDPR.

Privacy Policy for Surveys

1. Name and Contact Details of the Person Responsible for Processing the Personal Data

RWTH Aachen University
Der Rektor
Templergraben 55
52056 Aachen
Email:

For processing:
Tanja Wittpoth-Richter, M. A.
Gruppenleitung Marketing & Eventmanagement
Division: Service & Kommunikation
Phone: +49 241 80 24680
Email:

2. Contact data of the officially appointed Data Protection Officer

Data Protection Office of RWTH Aachen University
Templergraben 83
52062 Aachen (physical address)
52056 Aachen (mailing address)
Germany
Phone: +49 241 80 94114
Email:
Website: www.rwth-aachen.de/dataprotection

3. Description and Scope of Data Processing

The IT Center regularly conducts surveys about the services it offers. The surveys are conducted online using SoSci-Survey.

Participation in these surveys is voluntary and always anonymous. It is not possible to draw conclusions about individual persons.

In some survey, for incentive purposes, vouchers are raffled off to accompany the surveys. In the context of these raffles, e-mail addresses are collected and stored for the purpose of notifying the winners. Participation in the raffles is voluntary. Participation in a survey is also possible without participating in the associated raffle. Participants must agree to the storage of e-mail addresses for the purpose of the raffle at the end of a survey. The e-mail addresses provided as part of the raffle are stored separately from the survey results. Consequently, it is not possible to draw any conclusions about individuals from the survey results, even in the case of participation in the raffle.

4. Purpose and Legal Basis for the Processing of Personal Data

4.1 Purpose of Data Processing

The survey results obtained are evaluated using descriptive and inferential statistical methods and used to further develop the services of the IT Center and the associated support offerings.

The stored e-mail addresses in the context of the raffle are only used for prize notification.

4.2 Legal Basis for Data Processing

The legal basis for the processing of data is Art. 6 Abs. 1 lit. a DSGVO if the user has given his consent.

5. Duration of Storage

The e-mail addresses within the scope of the competition will be deleted after the prize notifications have been sent. This takes place at the latest one month after the end of the survey.

6. Recipients of Personal Data

RWTH Aachen University does not transmit any of the personal data collected from you to third parties.

7. Necessity of the Data Processing

The processing of personal data serves the purpose of prize notification. Your participation in the survey as well as your participation in the raffle are voluntary. Participation in the survey is also possible without participation in the raffle.

There are no negative consequences for not providing your personal data.

8. Your Rights

The processing of your personal data entitles you to the following rights:

Right to information (Art. 15 DSGVO)

You have the right to obtain information about the personal data processed by RWTH.

Right to rectification (Art. 16 DSGVO)

You have the right to have personal data concerning you corrected without delay if it is not (or is no longer) accurate. Incomplete data can be completed.

Right to deletion (Art. 17 DSGVO)

In principle, there is a right to erasure of personal data. The right to erasure exists immediately if the data was processed exclusively on the basis of your consent or unlawfully. However, in the case of data collected for other reasons, the claim depends, among other things, on whether the data is still needed to fulfill the tasks (see also Duration of storage).

Right to restriction of processing (Art. 18 DSGVO)

There is a right to request restriction of the processing of the data subject's data, unless there is an important public interest against this (e.g. economic use of budgetary resources).

Right to data portability (Art. 20 DSGVO)

There is the right to receive the personal data in a structured, common, and machine-readable format and to transfer it to you or to another controller without hindrance from the controller.

Right to object to processing (Art. 21 DSGVO)

In the case of personal data collected for the performance of tasks carried out in the public interest, there is a right to object, on grounds relating to the specific situation of the data subject, to the processing of data concerning him or her, unless there are compelling legitimate grounds or legal requirements to the contrary.

Before the expiration of the one-month period, a participant in the raffle can have his/her stored e-mail address deleted in advance. For this purpose, an objection must be sent in writing to the following address:

9. Right of Appeal to the Data Protection Supervisory Authority

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 211/38424-0
Email:

Any complaints should be addressed to this office if the authority providing the information has not fulfilled its obligations or has not fulfilled them in full.