A-Z

Privacy policy for the RUB mobile app

(Version 2.1/2026)

This privacy policy applies to the RUB mobile app:

The basic privacy policy of Ruhr-Universität Bochum can be found at https://www.ruhr-uni-bochum.de/de/datenschutzerklaerung.

Contact details for the person responsible and for the data protection officer, as well as information on your rights can be found there.

The privacy policy specific to data processing in the "RUB mobile" app is listed below.

1.General information on data processing

1.1 Scope of the processing of personal data

We collect and use our users' personal data only insofar as this is necessary to provide a functional app and our content and services. The collection and use of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

1.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

Insofar as the processing of personal data is necessary for the performance of our tasks, which are in the public interest or in the exercise of official authority, Art. 6 para. 1 lit. e GDPR i.V.m. §3 HG NRW as the legal basis.

1.3 Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

1.4 Possibility of objection and deletion

The user has the option to revoke their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

1.5 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller

  • Right of information
  • Right to rectification
  • Right to restriction of processing
  • Right to deletion
  • Notification obligation in the event of correction or deletion
  • Right to data portability
  • Right to objection
  • Right to revoke the declaration of consent under data protection law
  • Automated decision-making in individual cases, including profiling
  • Right to lodge a complaint with a supervisory authority

Details on the rights mentioned can be found in the general privacy policy of Ruhr-Universität Bochum

2 Account Management and Wallet (Digital Student ID)

2.1 Description and Scope of Data Processing

The following general categories of personal data are collected and processed when using the account management and wallet features in the RUBmobile app:

a) Personal data of a user who has a RUB-ID account, which is retrieved during lo-gin via Shibboleth from the IDM system and, in the case of students, from the HIS SOS system of Ruhr University:
• Surname and first name
• Username
• Student ID number (Matrikelnummer)
• Gender
• Role at RUB
• Student status
• Enrollment date
• Deregistration date
• (Date of birth)

This data is temporarily stored locally on the user’s device. The data is transmitted in encrypted form. The data is encrypted using the device’s standard encryption, provided the device is protected by a password/PIN.

b) Data retrieved from other IT systems of Ruhr University, which are visible only to the authorized user with a Uni-ID account.

c) Technical data (protocol and log files).

2.2 Categories of Recipients

The data is disclosed only to the following authorized recipients and only to the extent necessary to fulfill the specific task and process the respective service transaction:

1. Employees of Ruhr University who are responsible for the development and administration of the app or the IT systems of Ruhr University accessible via the app.

2. The respective user, who can view their own personal data.

3. Members and affiliates of Ruhr University who have access to information from RUB systems released for this target group.

4. Other individuals who use the app without a RUB-ID account to access publicly available information from Ruhr University (e.g., news, events, information about a subject area, etc.).


2.3 Transfers to Third Countries or International Organizations

Any possible transfer or use of technical data (protocol data of general app usage) in connection with the use of an Apple or Google account or the operating system is sub-ject to the respective data protection regulations of Google or Apple. Ruhr University has no influence over this. No personal data is transmitted.


2.4 App Permissions

For the technical implementation of the functions provided by the app, certain permissions are required, which are described below.
a) Internet and network status. The app obtains almost all retrievable information from the internet. Access to the internet and the current network status is required to provide and update this information.


2.5 Legal Basis for the Processing of Personal Data

Insofar as the processing of personal data is necessary for the performance of our tasks, which are in the public interest or carried out in the exercise of official authority, Art. 6 para. 1 lit. e GDPR in conjunction with §3 HG NRW serves as the legal basis.


2.6 Data Deletion and Storage Duration

a) The data primarily originates from external systems (IDM and HIS SOS). Their use is initiated upon authentication in the account management of the RUBmobile app. Upon login via account management, the data is stored in the app for a period of 90 days. Af-ter that, the data is deleted from the app. After the 90-day period, re-authentication is required. b) If the processing is based on the consent of the data subject, deletion will take place immediately once the data subject withdraws their consent and there is no other legal basis for the processing (Art. 17 GDPR). c) The data stored in the app on the respective user’s device can be deleted by the user at any time, e.g., by uninstalling the app. d) The technical data (protocol and log files) on the servers of Ruhr University are deleted in accordance with the deadlines set for these services. e) The deletion periods for data stored by Google or Apple are subject to the data protection regulations of the respective provider.


2.7 Possibility of Objection and Removal

The user may withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of making contact will be deleted in this case. The data temporarily stored on the device during use of the app and authentication via account management (see above) will be deleted upon uninstallation of the app.

3. Notifications (push notifications)

3.1 Description and scope of data processing

Within the RUB mobile app, messages from public channels and individually subscribed channels can be displayed. For this purpose, each mobile device can be identified with a unique device ID. The device ID and the IDs of the individually subscribable channels are saved. The device identification data and any login data entered following a push are stored separately from each other, which prevents conclusions being drawn about the user of the end device.

3.2 Purpose of data processing and legal basis

Notifications are used to display current information from public channels or individually subscribed channels within the RUB mobile app in a prominet position. The legal basis for the processing of the data transmitted in the course of sending a message is Art. 6 para. 1 lit. a GDPR.

3.3 Duration of storage

The data required in connection with the notification function is stored for as long as the app is installed on the mobile device.

4. Use of social media plugins

Within the RUB mobile app/website, content from social media is offered via defined interfaces. For the embedding of content from social media, only links are included on the website that link to the corresponding website of the provider. Only by clicking on a link is the user redirected to the services of the respective provider and only then is data sent to the respective provider. If you do not click on the link, no exchange takes place between the user and the providers of the social media services. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers.

The following social media services are integrated with the corresponding link to their privacy policies

5. Websites and services accessed within the app

Within the RUB mobile app, the following websites are accessed with the app's internal web browser or with the default browser of the mobile device. The data protection provisions of the respective website provider apply to this content. Specifically, these are the following websites:

Unless otherwise stated, the privacy policy of the central websites applies to the above-mentioned pages: https://www.ruhr-uni-bochum.de/de/datenschutz.

To top