astaluna festival logoorganized by AStA RWTH

legal

Privacy Policy

How attendee data is collected, processed, and protected on this website.

Privacy at a glance

This summary explains what happens to personal data when you visit this site.

Personal data is any information that can identify you. Details follow in this policy.

Data collection on this site

Processing is handled by the site operator; see the “Controller” section below.

Data is provided by you (e.g., via forms) or collected automatically (e.g., browser/OS, timestamps).

Data is used for reliable delivery of the site and, where applicable, for offers, orders, or inquiries.

Your rights

You can request information, correction, deletion, or restriction of your personal data at any time.

You may withdraw consent for future processing and object to processing where applicable.

You have the right to lodge a complaint with the competent supervisory authority.

Controller

Studierendenschaft der RWTH Aachen

Allgemeiner Studierendenausschuss der RWTH Aachen (AStA)

Pontwall 3, 52062 Aachen

Phone: +49 241 80 93792

Email: asta@rwth-aachen.de

Storage duration & legal bases

Data is stored only as long as necessary for the stated purpose or legal retention.

Legal bases include consent (Art. 6(1)(a) GDPR), contract performance (Art. 6(1)(b)), legal obligation (Art. 6(1)(c)), and legitimate interests (Art. 6(1)(f)).

Cookies

We may use session and persistent cookies for essential functions and performance.

Necessary cookies rely on legitimate interest (Art. 6(1)(f) GDPR); others are based on consent (Art. 6(1)(a) GDPR).

You can manage cookies in your browser; disabling them may limit functionality.

Server log files

Collected automatically: browser/version, OS, referrer, hostname, time of request, IP address.

No merging with other data sources. Basis: legitimate interest in stability and security (Art. 6(1)(f) GDPR).

Contact (email/phone/forms)

Data you provide is processed to handle your inquiry and follow-up.

Legal bases: contract/steps prior to contract (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f)), or consent (Art. 6(1)(a)).

Data is kept until deletion is requested, consent is withdrawn, or the purpose ends; legal retention prevails.

Spam protection (Google reCAPTCHA)

We use Google reCAPTCHA to protect our contact form.

Technical data (e.g., IP address, browser information, mouse/touch interactions, and timestamp) may be sent to Google to detect automated requests.

The legal basis is our legitimate interest in preventing spam and abuse (Art. 6(1)(f) GDPR).

Social media (Instagram)

Instagram features may set connections to Meta servers; data such as IP and visited pages can be transmitted.

Use is based on consent (Art. 6(1)(a) GDPR); joint controllership with Meta for collection/transfer as per their controller addendum.

Analytics (Matomo)

Self-hosted Matomo measures usage (page views, region, IP, referrer, browser, OS, actions). Data stays on our servers.

Basis: legitimate interest (Art. 6(1)(f) GDPR) in improving the site; if consent is requested, Art. 6(1)(a) GDPR.

Maps (Google Maps)

Embedded Google Maps may transfer IP and usage data to Google servers.

Basis: legitimate interest (Art. 6(1)(f) GDPR) in usable maps; with consent, Art. 6(1)(a) GDPR.

SSL/TLS

We use SSL/TLS to protect data in transit. Encrypted connections show “https://” and a lock icon.