Privacy Policy DATEV English Version

I hereby consent to the transmission of the data (meta data) listed below to DATEV eG. The data will be transmitted exclusively for the purpose of providing the service to the person giving consent. The meta-data are required for secure communication between the participating entities HWR Berlin (Identity Provider) and the below-mentioned service (Service Provider). Without their transmission, no service can be provided. Consent is given voluntarily and can be revoked at any time with effect for the future. After receiving of the declaration of revocation by the HWR, my data may not be transmitted further. The data is to be deleted immediately. Revocation of my consent does not affect the legality of the transmission that has taken place up to that point. The revocation can be done over the Link[1] or by activating the delete box at the registration page.

Data privacy statement in accordance with the GDPR

 

1     Name and address of the controller

The controller as defined by the General Data Protection Regulation, other national data protection legislation of the EU Member States and other data protection provisions is:

 

HWR Berlin

IT-Abteilung

Badensche Straße 52

10825 Berlin

It-hotline@hwr-berlin.de

 

2      Name and address of the data protection officer

HWR Berlin

Vitali Dick (HiSolutions)

Badensche Str. 52 10825 Berlin

datenschutz@hwr-berlin.de

 

3     Information pertaining to data processing for Shibboleth (single sign on)

3.1     The purpose of data processing

Personal data is processed for the following purposes:

 

  • Authentication of the User vis-à-vis the provider of DATEV, as an authorised member of HWR Berlin. Only members of the HWR are authorised to use DATEV.
  • Provision of the DATEV service to the User
  • Ensuring secure communication between the participating entities HWR Berlin (Identity Provider) and DATEV (Service Provider) Rechtsgrundlage für die Verarbeitung

 

3.2     The legal foundation of data processing

Data is processed for the purposes specified in 3.1 on the basis of the consent provided by the user to processing of their personal data (art. 6 section 1 a GDPR). There is no contractual or legal requirement to provide the data. The provision of consent is entirely voluntarily. The consent for the transmission can be revoked at any time. However, the service can then no longer be used via Shibboleth, as a transmission of the meta data is necessary.

 

 

 

 

3.3     Types and categories of personal data

We process the following categories and type of the users data for the purposes named in 3.1:

Category Metadaten
Given Name = Last name
Sn = First Name
Mail = HWR-Emailadress
eduPersonScopedAffiliation = Type of affiliation to the HWR (student / administration / lecturer / other members of the HWR)
O = Organisation Name

3.4     Recipients or categories of recipients of the personal data

The data is being processed exclusively in Germany or the EU by HWR Berlin. The data is transmitted to DATEV each time DATEV is accessed via Shibboleth. More information will be shown in DATEV data protection conditions.

 

DATEV states: “If your personal data is no longer required for the above-mentioned purposes, it will be regularly deleted, unless its – temporary – storage is still necessary to fulfil contractual or statutory obligations. Reasons for this can be, for example:

 

  • The obtaining of evidence for legal disputes within the framework of the legal statute of limitations: Civil law limitation periods can be up to 30 years, whereby the regular limitation period is three years.

 

  • Log data is stored for up to 2 years and your enquiries to our customer service for up to 3 years.

 

After these periods have expired, the data will be deleted after a period of post-processing. This can be up to 4 years for data with a statutory retention period of 10 years.

 

4 General information about data processing at the HWR Berlin

4.1     Scope of application

This data privacy statement applies to the processing of personal data gathered in accordance with GDPR.

4.2     The scope of personal data processing

We only process the personal data of our users if this is required for the provision of a functional service and is required by our contents and services. The regular processing of the personal data of our users is performed only after they have issued us with their consent. An exception is made in cases in which actual reasons mean that it is not possible to obtain previous consent and that the law permits processing of the data.

4.3     Deleting data and the duration of data storage

The personal data of the person affected will be deleted and access to them blocked as soon as the person affected have objected to this. Data can also be saved if this is intended by European or national legislation, EU directives or other regulations to which the controller is subject.

4.4     The rights of the person affected by the processing

The person affected by the data processing has rights which they can assert against the HWR Berlin in accordance with art. 13 – 23 GDPR. The following section provides an overview of the most important rights.

 

  • The right to information following the collection of personal data in accordance with art. 13 GDPR
  • The right to information if the personal data was not collected from the person affected in accordance with art. 14 GDPR
  • The right to information about the data saved by the controller (HWR Berlin) in accordance with art. 15 GDPR
  • The right to rectification of the data saved by the controller (HWR Berlin) in accordance with art. 16 GDPR
  • The right to erasure of the data saved by the controller (HWR Berlin) in accordance with art. 17 GDPR
  • The right to restriction of processing of the data saved by the controller (HWR Berlin) in accordance with art. 18 GDPR
  • The right to notification in conjunction with the correction or deletion of personal data or restriction of its processing in accordance with art. 19 GDPR.
  • The right to data portability in accordance with art. 20 GDPR – the person affected has the right to receive itemization of the personal data held pertaining to them in a structured, conventional and machine-readable format.
  • The right to object to the processing of personal data which has been processed on the basis of article 6 section 1 or in accordance with art. 21 GDPR.
  • The right to information about the infringement of the protection of personal data of the person affected in accordance with art. 34 GDPR

4.5     Right of information

You can require confirmation from the HWR Berlin as to whether we process your personal data.

Should we process your data, you can require the following information from the HWR Berlin: –             The purposes for which the personal data is processed.

  • The categories of personal data which are processed
  • The recipient(s) or the categories of recipient(s) to which your personal data has been or will be disclosed.
  • The planned duration for which your personal data will be saved; or if specifics pertaining to this are not possible, criteria for determining the duration of data storage.
  • The existence of a right to amending or deleting your personal data, the right to restricting the processing of the data by the person responsible for this or the right of objection to this processing.
  • All available information about the origin of the data, if the personal data is not collected from you.
  • The right to be informed whether personal data is transmitted to a third country or an international organization.

4.6     Exercise of rights

If you wish to exercise your rights, please contact the data protection officer named above or submit the request using the link.

4.7     Right to complain

The data subject also has the right to complain to a supervisory authority about the HWR Berlin. The competent supervisory authority in the state of Berlin is

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219 10969 Berlin mailbox@datenschutz-berlin.de

4.8     Data security

We deploy suitable technical and organizational measures to guarantee the comprehensive safety of your personal data during processing and especially during transmission, as far as is required and in accordance with the current state of the technology. As far as a service provider is involved in processing the data, we will select them carefully and check compliance with the provisions of art. 28 GDPR.

 

 

5 The edition of, changes to and validity of the HWR Berlin general data protection statement

This data protection statement was last altered in 01/2022. We reserve the right to update this data privacy statement regularly so as to take into account current legal requirements and technical alterations and in order to perform our services and provisions in a manner compliant with the data protection regulations. We will inform you of any significant changes to the legal framework. Should any changes be made to the points listed under section 4, we will send an updated consent form to you.

 

Version Datum Autor Änderung / Bemerkung Klassifizierung
1.0 03.07.2020 IT-DUD DSE – Einbindung dfnconf öffentlich
1.1 07.01.2022 IT-DUD Überarbeitung öffentlich

 

[1] https://dsgvo2.dsmanager.net/jd8g73mg9/anfrage_meldung.html?key=5oZEoda8bochZmO9  

Diese Webseite verwendet ausschließlich technisch notwendige Cookies. Eine Einwilligung des Nutzers ist demnach nicht erforderlich. This website only uses technically necessary cookies. The consent of the user is therefore not required .