Privacy Policy
Audatis privacy management software
Controller:
Berlin University of Economics and Law
Badensche Str. 52
10825 Berlin (Germany)
praesident@hwr-berlin.de
Legal representatives:
Prof. Dr. Andrew Zaby
Data Protection Officer:
Vitali Dick (HiSolutions AG)
Badensche Str. 52
10825 Berlin (Germany)
datenschutz@hwr-berlin.de
Information on the processing activity:
Purposes of the processing activity:
Software for data protection documentation purposes
- Documentation and management of requests from data subjects (Articles 15 – 20 GDPR)
- Documentation and management of processers (Article 28 GDPR)
- Conducting a data protection impact assessment (Article 35 GDPR)
- Creation of privacy policies(Article 13/14 GDPR)
- Documentation and management of data protection incidents (Article 33 GDPR)
- Consent management (Article 6 (1) b GDPR)
- Implementation and documentation of training measures on data protection
- Documentation and management of joint controllers (Article 26 GDPR)
- IT inventory
- Documentation and management of technical and organizational measures for data security (Article 32 GDPR)
- Documentation and management of the directory of Processing activities (Article 30 GDPR)
Legal basis of the processing activity:
Processing is required to fulfill a legal obligation pursuant to Article 6 (1) (c) GDPR and to fulfill accountability and documentation obligations under Article 5 GDPR
Categories of processed personal data:
- Authorization data / authentication data on the system (user name / password)
- Cookie data (session cookie)
- Log data – web server (esp. IP address)
- Log data (history of user inputs and changes)
- Master data (surname, first name, business e-mail)
Categories of recipients:
Processor (processor within the meaning of Art. 4 in conjunction with Art. 28 GDPR)
Contractor (processor):
Auditis Services GmbH (Herford)
Data transfer to a third country:
There are no planned transfers to third countries.
Additional information obligations:
Duration of storage of personal data:
Authorization data: After the account has been deleted by the data protection manager or no later than 30 days after the account holder has left the HWR Berlin
Cookie data: The cookie is deleted after the end of the respective browser session.
- to 8 days
- to If the user account is deleted by the user, the history
- to After the account has been deleted by the data protection manager or no later than 30 days after the account holder has left the HWR Berlin
Rights of the data subject
The person affected by the processing has rights in accordance with Art. 13 – 23 GDPR, which can be asserted against the HWR Berlin. An overview of the most important rights is listed below:
- Information obligation when collecting personal data according to Art. 13 DSGVO
- Information obligation if the personal data was not collected from the person concerned according to Art. 14 DSGVO
- Right to information about data stored by the person responsible (HWR Berlin) according to Art. 15 DSGVO
- Right to correction of data stored by the person responsible (HWR Berlin) according to Art. 16 DSGVO
- Right to erasure of data stored by the person responsible (HWR Berlin) in accordance with Art. 17 GDPR
- Right to restriction of processing of data stored by the person responsible (HWR Berlin) in accordance with Article 18 GDPR
- Notification obligation in connection with the correction or deletion of personal data or the restriction of processing according to Art. 19 GDPR
- Right to data portability according to Art. 20 GDPR
- Right to object to data processing if processing is required under Art. 6 (1) e GDPR to perform a task that is in the public interest or in the exercise of official authority or processing under Art. 6 (1) f GDPR is necessary to protect the legitimate interests of the person responsible or a third party according to Art. 21 DSGVO.
- Right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
- Right to notification according to Art. 34 GDPR of the person affected by a breach of the protection of personal data.
Exercise of rights
If you would like to exercise your rights, please contact the data protection officer named above or submit the request using the link . [1]
Right of appeal
The person concerned also has the right to complain to a supervisory authority about the HWR Berlin. The competent supervisory authority in the state of Berlin is
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
mailbox@datenschutz-berlin.de
Obligation to provide personal data:
The data subject is not obliged to provide the personal data.
Consequences of non-provision:
Functions of the software cannot be used.
Automated Decision Making:
There is no automated decision-making or profiling.
[1] https://dsgvo2.ds – manager.net/jd8g73mg9/frage_meldung.html?key