Constructor University has a legal responsibility to store student data in accordance with Art. 15 (1) DSGVO. Below you will find the student data stored and processed in structured form, as well as further information about the data processing procedures relevant to you. This includes, among other things, the categories and the storage period of the respective personal data.
We process the above-mentioned data to answer and document your request for information as well as provide documentation that your study data is accurate and in accordance with what was issued originally by Constructor University. The data processing is based on Art. 6 para. 1 p. 1 lit. c DSGVO. The legal obligations arise from Art. 12 (3), 15 DSGVO and Art. 5 (2) DSGVO.
In the event of requests by current students or alumni regarding the Constructor University Data Retention policy, we store this correspondence for a period of 3 years from the end of the year after responding to the request for information. This is done on the basis of Art. 6 (1) p. 1 lit. f DSGVO in the legitimate interest of being able to prove to the supervisory authority that we have properly complied with your request for information. After expiry of this three-year period, this correspondence will be deleted.
In addition, we regularly ask for proof of identity as part of requests for information, insofar as this is necessary to establish the student’s identity. If identity cannot be confirmed on site, we will always request a copy of your ID card, which must contain the following information:
- Birth date
- Validity period
We ask the inquiring party to black out all other data on the ID card that is not required for identity verification (i.e., the ID card number, nationality, personal characteristics and photo). Only in individual cases do we also compare the signature on the ID card with the signature we have - but we will then point this out to separately.
We make a record of the result of the identity check. We destroy the copies of the ID cards after successful identity verification.
The data processing described above is based on Art. 6 para. 1 p. 1 lit. c DSGVO (legal obligation). The legal obligations arise from Art. 12 (3), 15 DSGVO and Art. 5 (2) DSGVO.
Your data may also be passed on by us to external service providers (e.g. IT service providers , companies that destroy or archive data, print service providers) who support us in data processing within the framework of order processing strictly in accordance with instructions.
In the event of a review, we will transmit the aforementioned data to the supervisory authority responsible for this.
If the request for information requires consultation with our external company data protection officer, we will also forward the request for information to him for processing, if necessary. Students’ personal data is processed on the basis of Art. 6 (1) sentence 1 lit. f DSGVO in the legitimate interest of ensuring that requests are processed and answered in accordance with data protection law.
Data processing outside the EU or the EEA does not take place.
Students have the right to have inaccurate data corrected in accordance with Art. 16 DSGVO or to have it deleted if one of the reasons stated in Art. 17 DSGVO applies, e.g. if the data is no longer required for the purposes pursued.
Students also have the right to restrict processing if one of the conditions set out in Art. 18 GDPR applies. In addition, you have the right to data portability in the cases of Art. 20 DSGVO.
Student data is processed on the basis of Art. 6 (1) p. 1 lit. f DSGVO (data processing for the protection of legitimate interests). Students have the right to object to the processing at any time for reasons arising from their particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override students’ interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Students have the right to lodge a complaint with a supervisory authority if they are of the opinion that the processing of data concerning you violates data protection provisions. The right to lodge a complaint may in particular be exercised with a supervisory authority in the Member State of the data subject's residence or the place of the alleged infringement.
Our Data Protection Officer:
In fulfilling our obligations under data protection law, we are supported by our data protection officer. The contact details of our data protection officer are:
datenschutz nord GmbH
E-Mail: office [at] datenschutz-nord.de