Data protection - also an important issue for the KIT Card

Tresor_II

All data collected for the KIT-Card is used solely for the creation and administration of the KIT-Card. They are only passed on / access is only granted if this is absolutely necessary for the fulfillment of tasks, usually this includes a transfer to the library, the Studierendenwerk and for the production of the card to CSE and SUM. The group of recipients also depends on the extent to which the card is used (for an overview of the possible uses, see https://www.kitcard.kit.edu/english/80.php). Use of the data for a purpose other than that for which it was collected is excluded unless the cardholder has given their explicit consent to this.

The legal basis for the KIT Card as a student ID card results from §12, para. 1, 3 of the State Higher Education Act BW (LHG BW) in conjunction with § 11 para. 3 of the "Admission and Matriculation Regulations of the Karlsruhe Institute of Technology (KIT)".

When using the KIT Card as an employee ID card, please refer to the relevant service agreements and resolutions of the Executive Board of KIT.

The legal basis for the associated data processing is linked to Art. 6 para. 1 lit. e, para. 3 sentence 1 lit. b GDPR in addition to the above. When using the KITCard as an employee ID card, it is also based on Section 15 of the BW State Data Protection Act (LDSG)

Data stored on and in the chip card

Imprint on the card:

Students:

  • Picture

  • Title

  • First names

  • Surname

  • Matriculation number

  • Fields of study

  • Card validity

  • Card number

A unique URL is applied to the student's KIT card as a QR code. This URL is used to identify the status throughout Europe. It is uniquely assigned to each KIT card for students by the ESCN (European Student Card Number) encoded in the QR code. If this is to be usable for other institutions, the KIT Card must be registered on the central server of the initiative, for which the explicit consent of the cardholder is required. The registration of a KIT Card as a European Student Card can be done at https://www.bwcard.de/english/esc-register.php.

Employees:

  • Picture

  • Title

  • First names

  • Surname

  • Validity

  • ID card number

Data in the chip:

Chip serial number, ID card number, university key, wallet, booking authorizations for time management and access systems

 

Chip serial no : = 4 byte integer
ID card number : = 12-digit sequential number with prefix 1580
European Student Card Number: = number that is also stored in the QR code (only for KIT students)
University key : = "1580" for the KIT
University name: = "kit.edu" for the KIT
Wallet (Mensa) : = group, administrative data, wallet number, secret key
Group : = student, employee, guest
Administrative data : = Company ID, here: Studierendenwerk Karlsruhe
Wallet number :

= 7-digit unique number

All data stored on the KIT-Card can be viewed at any time at https://my.scc.kit.edu/english/shib/accountinformationen.php.

Further information on the technology of the KIT-Card can be found here.

The above-mentioned personal data will be stored on and in the KIT Card for as long as it is required for the above-mentioned purposes, i.e. until it is returned to the KIT and the KIT Card is destroyed.

Rights of the cardholders

As far as your personal data are concerned, you have the following rights:

  • Right to revoke your consent with effect for the future, provided that processing is based on a consent according to Article 6, par. 1, sub-par. 1, a GDPR (Article 7, par. 3 GDPR).
  • Right to confirmation whether data about you are processed and right to information about the data processed and about data processing as well as right to obtain copies of the data (Article 15 GDPR).
  • Right to rectification or completion of incorrect or incomplete data (Article 16 GDPR).
  • Right to immediate erasure of your personal data (Article 17 GDPR).
  • Right to restriction of processing (Article 18 GDPR).
  • Right to data portability in a structured, standard, and machine-readable format, if processing is based on a consent according to Article 6, par. 1, sub-par. 1, a or Article 9, par. 2, a or on an agreement according to Article 6, par. 1, sub-par. 1, b (Article 20 GDPR).
  • Right to object to the future processing of your personal data, if the data are processed according to Article 6, par. 1, e or f GDPR (Article 21 GDPR).

In addition, you have the right to complain about the processing of your personal data by KIT with its supervisory authority (Article 77 GDPR). According to Article 25, par. 1, LDSG (State Data Protection Act), the supervisory authority of KIT according to Article 51, par. 1 GDPR is:

In addition, you have the right to complain about the processing of your personal data by KIT with its supervisory authority (Article 77 GDPR). According to Article 25, par. 1, LDSG (State Data Protection Act), the supervisory authority of KIT according to Article 51, par. 1 GDPR is: Baden-Württemberg State Commissioner for Data Protection and Freedom of Information (https://www.baden-wuerttemberg.datenschutz.de/).