Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
Regulation on collecting and processing personal data
of the student applicants, early students, students,
examination candidates, former university members (without employees)
and guest students
of the Georg-August-University Göttingen
(of 20 October 2010 (AM 29/2010 p. 2473)
-PersDatO-
Section 1: General provisions
Article 1 Purpose
(1) The Georg-August-University Göttingen can collect and process the personal information from
applicants for studies or early studies (hereafter: student applicants), students and early students
(hereafter: students), examination candidates, former members of the University (without
employees) as well as guest students which is specified here and is necessary for the purposes of
admission and matriculation, re-registration, granting leave, exmatriculation, participation in
teaching and in examinations, levying fees and charges, study guidance, student support, course of
study monitoring and the student self-evaluation, determining the entrance qualification and
identification, the use of infrastructure facilities, the participation in the self-administration,
maintaining contact with former University members as well as university statistics.
(2) The University Göttingen may also use this information to perform the other functions according
to Articles 3, 5 and 6, para. 2 of the NHG (Lower Saxony Higher Education Act).
Article 2 Scope of validity, data processing systems
(1) This regulation shall apply
to persons:
to all student applicants, students, former University members as well as guest
students of the University Göttingen;
to spaces:
to all buildings, rooms and places which are used by the University Göttingen,
to facts:
to the use of personal data which arises in connection with performing the functions
stated in Article 1.
(2) 1The data according to this regulation can be processed via electronic data processing systems. 2Data according to clause 1 may be automatically analysed in an anonymous form and used for the
purposes according to para. 1. 3Data according to clause 1 may be automatically analysed in a non-
anonymous form and used for the purposes according to para. 1, provided this is explicitly permitted
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
according to this regulation or is necessary for performing functions in accordance with the
regulations, in particular for the use of infrastructure facilities, the participation in self-administration
and the proper implementation of application, matriculation, re-registration, exmatriculation or
examination procedures as well as lectures, study guidance, support programmes (e.g. mentoring
programmes) and monitoring courses of study.
Article 3 Personal reference information
The following reference information and identification numbers can be created for the management
of personal data:
1. Matriculation number,
2. University number,
3. Year under review/semester,
4. Examination number,
5. Registration code,
6. Management code,
7. Re-registration ban,
8. Fees and charges,
9. Health insurance status,
10. Reference data (date, function, amendment).
11. Library number
12. Identification numbers and verification numbers for university admission certificates
13. University account for the use of IT systems
14. University email address
15. IP address.
Article 4 Rendering data anonymous
The data shall be rendered anonymous at the earliest possible time.
Section 2: Membership and affiliate status
Article 5 Admission
The University Göttingen shall process the following personal data and information of the student
applicants for admission:
1. Surname,
2. First name,
3. Additional titles/former name,
4. Place of birth,
5. Date of birth,
6. Sex,
7. Address(es),
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
8. Telephone, email, fax,
9. IP address,
10. Nationality,
11. Information on university admission, in particular the type of university admission, average
grade, date, country, federal state and district of issuance, school or university, other
necessary or study-related training, knowledge and skills,
12. Course of study and subject,
13. Intended degree,
14. Periods and completion of a course of study in a university in the scope of validity of the state
treaty on the awarding of university places,
15. Information on rendered services and comparable obligations according to Article 6 of the
university awarding regulations,
16. Duration of professional training,
17. Time of a vocational qualification,
18. Periods of employment after obtaining the university entrance qualification,
19. Reasons and scope as regards an application for improvement of the average grade or waiting
time,
20. Particularly personal social and family reasons (exceptional hardship),
21. Result of the first studies and reasons for the second studies according to Article 10 of the
university awarding regulations,
22. Significant reasons for choosing the location of studies according to Article 15, para. 2 of the
university awarding regulations,
23. If necessary, the school currently attended,
24. In terms of the person or persons who are entitled to care for a student applicant according to
the regulations of the German Civil Code, the data according to points 1 to 9.
Article 6 Matriculation
The University Göttingen shall process the following personal data and information of the student
applicants for the matriculation:
1. Data according to Article 5, points 1 to 14 and 23 to 24,
2. Student status,
3. Type of studies,
4. Studies abroad,
5. Academic semesters,
6. Subject-related semesters,
7. Intermediate examination/preliminary examinations taken,
8. Affiliation to a faculty,
9. Name, address and type of university/universities previously or simultaneously attended and
the study time spent at it including the semesters on leave of absence and the respective
elected courses of study (evidence of exmatriculation),
10. Professional activity before starting the studies,
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
11. Evidence from the health insurance fund about the provision of compulsory insurance or the
exemption from the compulsory insurance,
12. Evidence of the payment of due student union fees as well as the administrative fee, if
necessary the tuition fees or other fees and charges,
13. The bank account details, provided the fees and charges are paid by direct debit,
14. Circumstances which could oppose matriculation, in particular,
a. disqualification from studies,
b. loss of the right to sit an examination,
c. illnesses which jeopardise the health of other students or seriously affect the study
structure,
15. In the case of student applicants with foreign university entrance qualifications, evidence that
they have sufficient German language skills,
16. In the case of student applicants who are not German in terms of Article 116 of the
constitution, evidence of scholarships if necessary.
Article 7 Re-registration
1The students shall request their re-registration for the coming semester with the payment of the
fees and charges due. 2The Georg-August-University Göttingen shall process the previously saved
data in the scope of the re-registration process. 3In addition, the amount of the fees and charges
paid, the reference semester as well as the bank account data, if necessary, shall be processed.
Article 8 Taking leave
1Students shall be committed to indicating and providing evidence of the reasons for taking leave. 2The Georg-August-University Göttingen shall process the previously saved data in the process for
granting leave. 3In addition, the reason, semester and duration of the leave granted shall be saved.
Article 9 Exmatriculation
The Georg-August-University Göttingen shall process the previously saved data as well as the reason
for and the date of the exmatriculation as well as the time the exmatriculation becomes effective.
Article 10 Evaluation
1The University shall assess the performance of its functions in teaching matters at regular intervals
(internal evaluation). 2A regulation shall govern the further details.
Article 11 Maintaining contact with former members of the University
(not employees)
(1) The Georg-August-University Göttingen shall process the following personal data and information
of former members of the University for the purposes of maintaining contact with these persons:
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
1. Surname,
2. First name,
3. Additional titles/previous name,
4. Former semester address,
5. Former home address,
6. Email,
7. Faculty,
8. Subject or subjects,
9. Matriculation number,
10. Date of matriculation,
11. Date of exmatriculation.
(2) The following personal data and information shall also be collected and processed:
1. Address,
2. Occupation,
3. The employer, with the agreement of the former member of the University.
(3) The aim of maintaining contact is to create and expand a network of students, members and
former members of the University Göttingen.
(4) Based on permanent relations founded on partnerships, the aim is to integrate former members
of the University into the activities of the University Göttingen, in terms of their content, ideas and
financing.
Article 12 Guest students
The Georg-August-University Göttingen shall collect the following personal data and information
from the guest student in order to include them in the guest student register:
1. Surname,
2. First name,
3. Additional titles / previous names,
4. Date of birth,
5. Sex,
6. Address,
7. Nationality,
8. Desired lectures/contact hours, from which the subject or the degree and the faculty can be
derived and processed
9. Student status
10. Matriculation in another university.
Section 3: Smart card
Article 13 Smart card
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(1) 1Smart cards shall be issued to the students as well as the guest students in order to perform the
functions stated in Article 1. 2The smart cards shall remain in the property of the Georg-August-
University Göttingen.
(2) The smart card shall be used by the students as well as the guest students for purposes of access
control, identification, time recording, invoicing or payment.
Article 14 The smart card as a student identification card
(1) 1The student identification card shall be issued in the form of a smart card. 2This shall also be
considered as photo ID.
(2) The student identification card can contain the following personal information:
1. Surname,
2. First name,
3. Additional titles,
4. Date of birth,
5. Matriculation number,
6. First registration,
7. Course of study, semester, status, leave granted
8. Intended degree,
9. Admission indicators,
10. Faculty,
11. Passport photo,
12. Validity period of the identification,
13. Library number or barcode of the SUB (state and university library).
(3) 1All master data for producing the smart card shall already be contained in the data processing
system of the Student Affairs Office. 2In this respect there is no administration of personal data. 3The
photo required for producing the smart card shall only be produced for printing the smart card and
shall be automatically deleted from the corresponding data processing system after the smart card
has been issued.
Article 15 Use of the smart card as photo ID
(1) 1The smart card can be used as photo ID if the participation in University lectures is restricted. 2The use of the smart card as photo ID should facilitate the verification of the entitlement to
participate and should reduce waiting times. 3The smart card can be used as photo ID in the following
cases in particular:
for participating in studies and examinations
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
for participating in university sports.
(2) 1The smart card can be used by students for using particular services in the city of Göttingen for
students with a main place of residence in Göttingen. 2The student shall hand their smart card over
to an employee of the city of Göttingen. 3They shall check the main place of residence status of the
student and read out a unique serial number of the smart card via a smart card reader. 4The city
cannot draw any conclusions about the person holding the card from the serial number alone. 5The
serial number which has been read out shall be saved in a database of the city of Göttingen. 6The
student shall then go to a service point of the University Göttingen and request the imprint for
persons with a main place of residence in Göttingen. 7The serial number of the smart card shall be
read and transferred to an office of the city of Göttingen which enables access to the database with
the serial numbers of the persons with a main place of residence in Göttingen. 8If the transferred
serial number is found in the database, the validity imprint on the smart card shall be renewed with
the imprint for a person with a main place of residence in Göttingen. 9The Georg-August-University
shall not save data on which students use this service.
Article 16 The smart card as access authorisation
(1) 1The access system shall be used to protect the students as well as the guest students, the
personal data, to protect against unauthorised access to workflows and to protect the property of
the Georg-August-University. 2A list of all buildings, parts of buildings and rooms included in the
operation of an access system and the access system used there shall be made available on request.
(2) 1There shall be no efficiency and performance checks. 2Personal data or data which can be related
to persons which is suitable for an efficiency and performance check may not be analysed,
transferred into other systems or used to compare individual characteristics with requirement
profiles. 3The regulation in Article 31, para. 2 of this regulation shall be excluded from this.
(3) The smart cards shall be awarded and the access rights associated with this shall be managed
exclusively according to criteria which can be derived from the work to be completed in the studies.
(4) Knowledge which was obtained from the access system through a violation of this regulation may
not be used.
(5) The range of the reading device of the access system may not exceed 15cm.
Article 17 The smart card as identification for other applications
(1) 1The smart card can be used in connection with other applications which can be used by the
students as well as guest students. 2A unique identification number of the application system can be
electronically placed on smart card so that the corresponding application can identify the
corresponding user. 3These other applications can be loan systems in libraries as well as other
applications where the use of a smart card is practical.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(2) 1The use of the smart card in connection with other applications always requires the approval of
the data protection officer of the Georg-August-University Göttingen. 2Before deciding to expand the
smart card to cover other applications, the data protection officers of the student body as well as the
AStA shall be informed and consulted on the decision-making.
Article 18 The smart card as a payment method
(1) 1The smart card can be used as a method of payment for products and services. 2The use of the
smart card as a payment method should speed up payment processes and thus reduce waiting times. 3The smart card can be topped up with money at designated top-up machines.
(2) 1Payment processes must be implemented anonymously. 2Payment protocols may not disclose
the connection between a person and payment process. 3The payment protocols may, however, be
analysed for statistical and commercial purposes as well as for the purposes of account clearing.
(3) The following payment functions are possible in particular:
paying in the food courts
paying at the photocopiers within the Georg-August-University Göttingen
paying for print jobs within the Georg-August-University Göttingen.
Article 19 System description
(1) The smart cards used shall be designed to be as forgery-proof as possible; the data saved on the
chip card shall be protected against unauthorised access.
(2) 1The reading devices shall be designed in a way that the reading processes can be exclusively
activated by the user. 2This reading process must be recognisable for the user. 3Automatic reading or
other recognition processes which do not allow noticeable monitoring shall be excluded.
(3) 1Following the first installation and to update new users, to change existing user data and to
delete user data which is no longer required, data may be transferred from the student
administration system. 2User data which is no longer required shall be deleted.
(4) 1Data from the access system may not be transferred to other systems in any form. 2The handling
of data which is obtained for purposes other than access purposes in terms of this agreement shall
be governed by corresponding regulations.
Article 20 Authorisation of the student cards in data processing systems
(1) 1No personal data of the users shall be saved or read out on the smart cards used. 2The cards shall
be exclusively authorised in the access system via the unique internal identification number saved on
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
the smart card. 3Other corresponding identification numbers can be placed on the smart card for
other applications. 4Each application may only access the data of the card section it requires.
(2) 1When reading out or analysing the history data, only the respective identification number of the
smart card may be shown. 2The name of the card holder may not be shown.
Article 21 Operating data processing systems in connection with the smart card
(1) 1All system functions which allow access to log files of the access system or which allow event
data of the access system to be read out or analysed shall be secured in such a way that access is
only possible for the persons authorised to access. 2Access to the log files of the access system or the
reading out or analysing of event data of the access system shall only be possible in the presence of
the student data protection officer. 3This shall not apply if this is not achievable with reasonable time
and effort. 4The student data protection officers may not view any personal data.
(2) 1A system administrator and a representative shall be named by the administration department
for the access system. 2The system administrator shall be responsible for the operation and
technology of the system. 3A correspondingly secured remote connection can be set up by the
software supplier for maintenance purposes. 4All access to the system shall be automatically
recorded. 5In the case of justified suspicion of misuse, the data protection officer of the Georg-
August-University Göttingen or the student data protection officers shall have an unrestricted right
to view the data. 6The data shall be illustrated in a readable, understandable form. 7The log files must
clearly show which system data, access authorisation data and event data of which persons was
accessed and which actions were activated and implemented while it was accessed. 8The log files
may not be used for any other purposes.
(3) 1The student data protection officers shall be informed of the persons who are appointed with
the administration of the access system (user administrators), by name. 2Their task is the
administration of the access authorisation data. 3This shall also apply to other data processing
systems in connection with the smart card.
(4) 1If there are log files for the payment function, it must be clear which system data and event data
of which persons was accessed and which actions were activated and implemented while this was
accessed. 2The log files may not be used in any other way. 3In the case of justified suspicion of
misuse, the data protection officer of the Georg-August-University Göttingen or the student data
protection officers shall have an unrestricted right to view the data.
Article 22 Rights and obligations of the students as well as guest students
(1) 1All students shall be informed about the functioning of the system in due time in an appropriate
way (e.g. use of its data and the analysing options). 2Each student shall have the right to have the
data saved on their smart card shown to them by a person assigned with the administration. 3The
data shall be illustrated in a form which is understandable for the students.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(2) 1The students shall be responsible for using their smart card in accordance with the regulations. 2The smart card may not be passed on to other persons. 3It may not be used to create advantages for
unauthorised persons. 4The University must be immediately informed should the smart card be lost. 5The smart card shall be immediately blocked for all systems.
(3) The data obtained in the data processing systems shall only be used in accordance with
regulations.
(4) 1The first card issued and the updating of the smart card is free. 2Should a new card have to be
issued if the card is lost or unusable, the costs which arise through manufacture and administrative
expenses can be demanded. 3The maximum amount for this shall be €15 per new card issued.
(5) The student data protection officers shall be nominated annually by the student body.
(6) The rights and obligations of the students shall apply accordingly to the guest students.
Article 23 Obligation to report
(1) 1The University Göttingen shall produce an annual report on the cases of reading out or analysing
of event data and the access to log files of the access system. 2The report shall state, in particular,
the university area concerned, the reason for reading out or analysing or accessing log files of the
access system, the number of persons concerned and the use of the data. Personal data shall be
made anonymous.
(2) 1The report shall initially be presented to the data protection officer of the Georg-August-
University Göttingen and the student data protection officers, who shall give a statement on it if
necessary. 2The report shall then be presented to the Senate of the Georg-August-University
Göttingen, if necessary together with a statement from the data protection officer of the Georg-
August-University Göttingen or the student data protection officers.
Section 4: University facilities (infrastructure facilities), IT systems for students as well as guest
students
Article 24 Infrastructure facilities
1The University can process data from students, guest students and third parties who do not have a
civil servant or employee status with the University according to Articles 6-9, 12 and 26 for the use of
infrastructure facilities, in accordance with the following provisions. 2The further regulations can be
governed in a statute for the respective infrastructure facility.
Article 25 Central printing system
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(1) The University Göttingen shall operate a central printing system to allow students, guest students
and third parties to print documents against payment via the University account.
(2) 1The use of the printing system requires credit to be on the so-called printing account, which shall
be set up and centrally administered for the person (account holder) named in para. 1. 2The credit
balance shall be created through deposits by means of cash payments or direct debit procedures
(appreciation). 3The fee to be paid for a printing job shall be paid by charging the credit balance
(depreciation) immediately after the documents have been printed. 4The account holder can view
the current credit balance on the printing account, including appreciations and depreciations as well
as the printing jobs, by using their University account.
(3) The following data shall be processed for operating the central printing system:
1. Surname,
2. First name,
3. Additional titles/previous name,
4. Place of birth,
5. Date of birth,
6. Sex,
7. Address(es),
8. Telephone, email,
9. Nationality,
10. Student status,
11. University account,
12. Affiliation to a faculty,
13. Bank account details, provided the appreciation is carried out by means of direct debit,
14. Name and number of printed documents,
15. Name of the computer used,
16. Name of the target printer,
17. Date and time the printing jobs were executed,
18. Changes to the credit balance.
(4) The printing account shall be deleted for the future upon the request of the account holder.
(5) The event data shall be deleted at the end of the semester.
Article 26 University account and University email address
(1) 1Each student shall be allocated a University account and a University email address to use the IT
systems for students. 2These shall be allocated with the issuing of the smart card. 3The University
account and the University email address shall be used for the use of IT systems for students.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(2) 1The University account shall consist of the user name and the appropriate password. 2The
University email address shall consist of the [email protected]. 3The user name can
be changed by the university on specific request. 4The use of a student's private email address as a
University email address is excluded.
(3) 1The University shall exclusively use the students' University email addresses to communicate
with them electronically, provided this is practical. 2The students shall provide access to the
University for this.
(4) 1The University account and the University email address shall be provided to be used for matters
relating to studies and teaching as well as the participation in self-administration. 2The student shall
keep confidential the passwords received for using the systems and shall immediately inform the
University as soon as they become aware that unauthorised third parties know the password. 3The
use may not violate statutory bans, the good morals and rights of third parties, especially trademark
rights, rights to bear a name, copyrights and data protection rights. 4When using the University
account and the University email address, the IP addresses of the student are processed. 5User
guidelines which are passed by the presidential board shall govern the further details.
(5) The University account and the University email address can be used to the necessary extent for
purposes of study guidance, the transfer of study-related information or a support program.
(6) The paragraphs 1 to 5 shall correspondingly apply to guest students.
Article 27 Use of self-service functions
(1) Provided a smart card is issued after personal identification, the student shall receive the
University account necessary for using the self-service function and a number of transaction numbers
(TAN).
(2) The student shall confirm the receipt of the smart card as well as the University account and TAN
in writing.
(3) The following self-service functions can be used with the University account and TAN:
printing of various certificates:
extract from master data, semester fee receipt, certificate of matriculation, period of study
confirmation, pension certificate, BAföG (financial assistance programme for students)
certificate, exmatriculation certificate
Changes to addresses and contact data (telephone, email, fax)
Re-registration for a following subject-related semester
Exmatriculation
Requesting and activating other TANs
Change to the PIN (changed password)
Registration for examinations and studies
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
Entry of and amendment to BAföG data (BAföG office, BAföG number)
Entry of and amendment to scholarship data.
(4) The self-service functions can be used by the students on their own computers (PC) and self-
service terminals of the university, provided these are offered by the university.
(5) Should the password for the University account or TANs be lost or when all TANs have been used,
the student can have their PIN reset and/or request a new TAN list in the main study centre after
personal identification.
(6) Para. 1 to 5 shall apply accordingly to guest students.
Section 5: Teaching and examination system
Article 28 Lecture and examination administration system
(1) 1The University Göttingen shall operate an integrated electronic lecture and examination
administration system with self-service functions on the internet. 2It shall be operated in order to
electronically administer the registration in and withdrawal from lectures, modules and module
examinations, the data on the prerequisites for admission to examinations and examinations as well
as the modification of the evaluation of examination decisions.
(2) 1The students as well as guest students shall be responsible for their use of the online access to
the lecture and examination administration system; an online account shall be set up for them for
this. 2They shall be committed to regularly checking the correctness of their online account in the
scope of their capabilities; transmission errors should be identified immediately. 3The students can
generate the following data in particular for the purposes of self-evaluation, including related to the
progress of studies, in due consideration of the achievements of the corresponding student group,
provided the student group includes at least ten students:
a. size and name of the student group
b. status of the student within the student group
c. status, credits and grades of the three highest placed students of the student group in an
anonymous form. 4The evaluation options according to clause 3 can be restricted; this shall particularly apply to
students in Bachelor courses of study who are in the first or second subject-related semester as well
as to students in courses of study which are coming to an end.
(3) The data of the lecture and examination administration system may be processed to the extent
necessary for the purposes of study guidance, a support program or monitoring of courses of study
as well as to obtain information on student applicants; in the case of the monitoring of the courses of
study as well as the information on student applicants, the data may only be processed in an
anonymous form and for a group size of at least ten students.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(4) 1The University Göttingen shall process the data according to Articles 6 to 9, 12, 26, 27 and 30 to
32 as well as their amendments for the operation of the electronic lecture and examination
administration system. 2Event data shall be deleted one year after the completion of the examination
procedure.
Article 29 E-learning systems
(1) 1The University Göttingen shall operate specialised IT systems (E-learning systems) for the
purpose of helping teachers and students as well as guest students and other persons, provided this
is governed in a cooperation agreement, to organise processes in studies and teaching. 2The E-
learning systems shall include, in particular, components for organising lectures, working groups and
routine studying, for creating and exchanging learning materials as well as components for the
communication between teachers and students as well as guest students and between students and
guest students.
(2) 1In principle, the use of the E-learning system by students and guest students or other persons
requires the identification with the University account. 2The following personal data shall be
processed during the registration and operation of the E-learning system:
1. Matriculation number,
2. University account,
3. IP address,
4. Telephone, email,
5. Surname,
6. First name,
7. Additional titles,
8. Sex,
9. Course of study and subject,
10. Intended degree,
11. Faculty,
12. School attended,
13. Data according to Article 12.
(3) 1The content and services of the E-learning systems can be offered in limited contexts, for
example restricted for a lecture, a working group or facilities to which the access is restricted. 2In the
case of an access restriction which requires a special registration, a list of participants shall be
created, for whom the data shall be processed according to para. 2. 3The following data shall be
processed for each lecture (lecture data):
a. data of the person entitled to access (access data)
b. content of the lecture
c. event data.
(4) 1Event data which requires writing authorisation (e.g. file upload or chat, forum, blog and wiki
entries, participation in lectures or groups) or reading authorisation shall be processed including the
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
name of the author, the login data and the processing data. 2The name of the author as well as the
processing data shall be visible for all readers of the respective E-learning system as follows:
a. in the case of writing authorisations: always
b. in the case of reading authorisations: upon presentation of good cause.
(5) The duration of the availability of the event data according to para. 4 shall be based on the
duration of the corresponding context, e.g. offer of the lecture of the working group; the event data
shall be deleted on 60th day after the specific context has ended at the latest, unless otherwise
governed in the statutory provisions or para. 6.
(6) 1At the end of a lecture, the lecture data shall be archived in the last processed version for a
maximum of five years. 2During the archiving phase, the person authorised to access the lecture shall
be given a reading authorisation for the lecture data. 3Provided this is necessary for the purposes of
implementing and participating in teaching or in the case of written approval of all participants, an
archiving duration which differs from clause 1 can be determined in agreement with the data
protection officers.
(7) The data of the E-learning system can be used to the extent necessary for the purposes of study
guidance or a support programme.
Article 30 Registration for a preliminary, intermediate or final examination
or for an examination during studies
1In the case of registration for a preliminary, intermediate or final examination or an examination
during studies, the following information and documentation shall be presented by the students as
well as guest students, if necessary:
1. Evidence of the fulfilment of the requirements for the authorisation to sit an examination, in
particular, matriculation, academic achievements and days present,
2. Evidence of internships,
3. Number of examination attempts and their results,
4. Type, subject, time and result of module examinations, intermediate examinations, final
examinations,
5. Evidence of deadline extensions for sitting the examination,
6. Evidence of the implementation of obligatory study guidance,
7. Examination subjects,
8. Intended degree,
9. Invigilators,
10. BAföG receipt, grant number. 2The data according to clause 1 can also be collected and processed by the University Göttingen
itself.
Article 31 Processing a preliminary, intermediate or final examination
or an examination during studies
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(1) In addition to the data collected according to Articles 26 to 30, the University shall also process
the following data when processing the examination:
1. Examination results,
2. Evidence of failed examinations or withdrawals,
3. Data on reasons for failure and violations against regulations,
4. Examination and completion data.
(2) Data according to Articles 28 to 30 may be automatically analysed in a non-anonymous form by
student advisors for purposes of study guidance; this type of processing shall be evaluated at regular
intervals of a maximum of two years.
Article 32 Implementation of doctoral examinations
The type and scope of the data collected for the doctoral examination shall be based on the
requirements of the applicable doctoral regulations of the faculties of the Georg-August-University
Göttingen.
Section 6: Participation in self-administration
Article 33 Data processing in the scope of participation in self-administration
(1) The University Göttingen shall process the following personal data should students as well as
guest students participate in the self-administration:
1. Surname
2. First name,
3. Additional titles/previous name,
4. Place of birth,
5. Date of birth,
6. Sex,
7. Address(es),
8. Telephone, email, fax,
9. Nationality,
10. Student status,
11. Type of studies,
12. Academic semester,
13. Subject-related semester,
14. Affiliation to a faculty,
15. Matriculation number,
16. Voluntary information,
17. Organ or committee for which they are a candidate,
18. Student association of list for which they are a candidate.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(2) The participation in the self-administration includes the necessary preceding procedures, in
particular elections and their preparation.
(3) The following data can be published without the consent of the person concerned:
1. Surname,
2. First name,
3. Additional titles/previous name,
4. Date of birth,
5. Sex,
6. Type of studies,
7. Organ or committee for which they are a candidate,
8. Student association or list for which they are a candidate.
(4) 1The organs of the student body can be informed about the data according to para. 1 to the
extent necessary to perform the functions according to Article 20 of the NHG or a statute of the
student body, without the consent of the person concerned. 2The responsible organ shall credibly
show that the data has been deleted once the tasks are complete.
(5) The following data can be passed on to other members or representative members of an organ or
committee without the consent of the person concerned:
1. Surname,
2. Name,
3. Additional titles/previous name,
4. Sex,
5. Address(es),
6. Telephone, email, fax,
7. Student association or list for which they are a candidate.
Section 7: General provisions, rights and obligations
Article 34 Data types
(1) In principle, there are three types of data:
System data:
This includes data such as operating system files, programme files and log files in
accordance with the particular purpose according to Article 10, para. 4 of the
Data Protection Act of Lower Saxony (NDSG).
Personal data including authorisation and identification data:
This includes the data according to Articles 5 to 9, 11 and 12, smart card data,
physical and temporal allocation of access authorisations, University account,
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
the University email address, TAN, identification numbers for other application
systems.
Event data:
This includes data such as the identification number of the smart card, date and
time of the access, terminal number of the reader, number of access attempts,
data on the payment processes and borrowings from the SUB.
(2) 1Event data shall be saved for a maximum of 60 days, unless other statutory provisions or this
regulation state otherwise. 2They shall be deleted afterwards. 3Reading out or analysing event data
(history memory) as well as accessing log files of the access system shall only be authorised in the
case of justified suspicion of serious misuse of the access authorisation or payment function, in the
case of misuse of other application systems or punishable acts or in the event of a statutory
authorisation.
(3) The work stations which are set up for the system monitoring, the user administration or other
information on the access system shall be secured in terms of data protection, data security and the
allocation and administration of authorisation just as in the student administration system.
Article 35 Rights
(1) 1Upon request, the persons concerned shall be informed about:
1. the personal data stored about them,
2. the purpose and legal basis of the storage,
3. the origin of the data and
4. the receivers of data transfers. 2This shall not apply to personal data which is exclusively saved for the purposes of data security or
data protection control. 3For blocked data which is only still saved because it cannot be deleted as a
result of statutory retention regulations, the obligation to exchange information shall apply only if
students show a legitimate interest in being granted the information about this.
(2) 1The application should describe the type of personal data about which information is requested
in more detail. 2The Georg-August-University Göttingen shall determine the procedure, in particular
the form of exchange of information at its sole discretion after due consideration.
(3) Should the data be saved in the files, the persons concerned can request information from files or
request to view the files, provided they provide information which allows the data to be found within
reasonable time and effort.
(4) Applications according to para. 1 or 3 can be refused if
1. fulfilling the request for information or to view data would put the regular execution of the
other functions of the Georg-August-University Göttingen at risk,
2. the information on or viewing of files would put the public security and order (Nds. SOG) at risk
or
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
3. the personal data or the fact that it has been saved are to be kept confidential according to a
legal regulation or due to legitimate interests of third parties.
(5) 1Refusing the information on or viewing of files does not require any justification if the purpose of
the refusal is jeopardised by the justification. 2The reasons for the refusal shall be saved on file.
(6) If the information or access to the files is refused, the persons concerned shall be informed that
they can contact the data protection officer of the Georg-August-University Göttingen or the state
official for data protection.
(7) The persons concerned shall have the right to rectify, delete and block the saved personal data in
accordance with the statutory provisions.
Article 36 Obligation to inform about the change to personal data
1The students, examination candidates and guest students shall be obliged to immediately inform the
Georg-August-University Göttingen of:
1. a change of name, address, telephone number (voluntary) and nationality,
2. illnesses which put the health of other students at risk or seriously affect the study structure. 2The Georg-August-University Göttingen shall be authorised to process this data.
Article 37 Rights and obligations of the two student data protection officers
(1) 1Both student data protection officers and the AStA of the University Göttingen shall be
extensively informed in due time about measures which concern the access system. 2The information
shall be considered to have been provided in due time as long as different solution alternatives can
be taken into consideration in the interests of the students concerned and no operational or
technical constraints have been established yet.
(2) For their information, the student data protection officers and the AStA of the University
Göttingen shall have the right to participate in all meetings which are held as a result of changes or
additions to the functions of the smart card.
(3) 1Both student data protection officers shall have the right to be informed in terms of the
compliance with this regulation in the scope of their general tasks. 2Furthermore, both student data
protection officers shall be extensively informed in due time about significant compromises. 3In the
event of suspicion of misuse or a significant infringement, the student data protection officers shall
inform the data protection officer of the Georg-August-University Göttingen who will carry out the
further investigation and inform the student data protection officers. 4The data protection officer of
the Georg-August-University Göttingen shall have an unrestricted right to view data. 5The access to
the corresponding systems necessary for this and the necessary information shall be granted,
provided the information access to the corresponding data protection system is governed in this
regulation. 6The system administrator shall be obliged to make all information and knowledge which
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
results from operating the system or which is necessary for the operation available to the data
protection officers. 7The data protection officer shall inform the student data protection officers of
the result or intermediate results of their investigations.
(4) The student data protection officers shall be committed to secrecy should they become aware of
personal data in the scope of their work or if the obligation to maintain secrecy is to be observed in
order to avoid a direct serious disadvantage for students, the University or the foundation.
Article 38 Special obligations
(1) If decisions and other measures, in particular registrations, module or examination admissions,
examination deadlines as well as examination results are disclosed to the public, the following
personal data may not be published in text form without the consent of the person concerned:
surname, first name, additional titles/previous name, address(es), telephone, email.
(2) 1Should the university send emails to several persons, in particular via mailing lists, it shall be
ensured that the personal data of one person, in particular their name and email address, are not
passed on to another person. 2This shall not apply if
a. the law, a decree or this regulation states otherwise,
b. the email communication was started by the persons concerned,
c. consent of the persons concerned exists in text form.
(3) 1Personal data and images can be published in publications and on internet sites of the University
with the consent of the persons concerned. 2Consent according to clause 1 shall not be required
should the public be informed about public lectures or lectures public to the University, about the
self-administration, about the administration as well as about the performance of the functions of
the University.
(4) 1The persons concerned shall be appropriately informed about the significance of the consent, in
particular about the purpose of the data and, in the event of intended transfer, also about the
receivers of the data. 2The persons concerned shall be notified that they can refuse the consent or
revoke it with effect as of a future date. 3The declaration and notes must contain the following
information: in the case of a revocation, personal data may no longer be used for the intended
purposes in the future and shall be deleted immediately. 4Should the consent not be revoked, it shall
also apply after the end of the membership in the University, without time limits. 5The consent shall
be voluntary; no disadvantages shall result from refusing the consent or its revocation.
Article 39 Transferring data in the scope of cooperations
(1) 1In order to implement courses of study and programmes with other universities or non-
university institutions (collectively: third parties), the data of the corresponding students and guest
students can be transferred to them in the scope necessary for the implementation. 2A cooperation
agreement shall govern the further details.
Please note: This is an unofficial translation provided for your information only and does not have any
legal binding effects!
The original version was published in: Official Announcements Vol. 29 / 2010, pp. 2473
(2) 1In the scope of funding applications, research agreements, scholarship programmes as well as
funding programmes including the awarding of sponsorship prizes, personal data can be transferred
to the funding organisation or the cooperation partners with the consent of the persons concerned
in the scope necessary. 2The consent of the persons concerned must be present in text form.
(3) The third parties to whom the data is transferred may only process this data for the purpose for
which it was transferred to them.
Article 40 Period required for the retention of documents
Written material can be destroyed after one year if
1. the students were informed that they can collect the written documents submitted by them
within one year, should this no longer be necessary for further processing or provided it is not
determined in a statute that the written material shall remain in the University,
2. the written documents are not originals of public deeds and
3. the written documents are not required for the further processing, in particular for purposes of
evidence.
Section 8: Final provisions
Article 41 Effective date
(1) This regulation shall come into force on the day after it has been disclosed in the Official
Announcements of the Georg-August-University Göttingen.
(2) At the same time, the "Regulation on collecting and processing the personal data of student
applicants, students, examination candidates, former members of the University as well as guest
students" of the Georg-August-University Göttingen in the version of the announcement from
19.05.2004 (Official Announcements 5/2004 p. 301), last amended by resolution of the Senate from
16.07.2008 (Official Announcements 16/2008 p. 1104) shall expire.