The data stored on the chip card and the data generated by using the card are subject to the regulations of the Bavarian Data Protection Act. Applications required for full functionality and the data stored for that purpose and used by the respective background systems are kept separate from one another and are defined using separate keys. Individual applications only store data required for that given application, e.g. for the electronic purse. This ensures that no links between background systems can be created by the ServiceCard. More precisely, this means that personalised user profiles cannot be created. Furthermore, read and write authorisations in the background systems are usually limited to the required functionalities of individual applications.
Data stored to the Mifare-DESfire EV1 Chip: card serial number, system key, student registration number, library account number, profile keys (PKZ; students, staff, visitors), university ID as well as the electronic purse balance (in cents) and the card's validity period.
Data that is saved in card management / background systems: card serial number, card sequence number, student registration number, validity period, lock flag and the date of issue. Only the university administration has access to this data. Personal data stored and processed for specific purposes must be reviewed and approved by the data security officer.
It should be noted that, since card holders are directly affected, they are entitled to notification, at no charge, about all personal data stored, and that they can, under certain circumstances, request that such data be corrected, deleted, or locked in accordance with the Bavarian Data Protection Act (BayDSG). If they so desire, each student may use a separate reader device at the Z/IS department during staff hours to see all data that has been stored on the card and in the card management system.
For all other questions, the university's data security officer (DSB), Mr Thomas Loskarn, can be reached at this telephone number: 0951/863-1030. Furthermore, students may also contact the state data security officer.