Privacy Policy DFN Services English Version

 

I hereby consent to the transmission of the above personal data (metadata) to the German

Research Network. The transmission is solely for the purpose of providing the services of the DFN (conf, scheduler and surveys) to the consenting party. The metadata is required for secure communication between the participating entities HWR Berlin (identity provider) and DFN (service provider). Without their transmission, DFN services cannot be provided. Consent is given on a voluntary basis and can be revoked at any time with effect for the future. After receipt of the revocation, my data may not be transmitted any further. They are to be deleted immediately. The revocation of my consent does not affect the legality of the transmission that has taken place up to that point. The revocation can be made easily via the link[1] or by checking the deletion box on the Shibboleth registration page.

Data protection information according to GDPR

1   Name and address of the controller

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

HWR Berlin

Badensche Strasse 52

10825 Berlin

Represented by Andreas Zaby

praesident@hwr-berlin.de

2   Name and address of the data protection officer

HWR Berlin

Vitali Dick (HiSolutions)

Badensche Str. 52

10825 Berlin

datenschutz@hwr-berlin.de

3 Data processing Connection of DFN Services via Shibboleth (single sign on)

3.1  Purposes of the processing

The personal data is transferred for the following purposes:

  • Authentication of the user vis-à-vis DFN, as an authorised member of HWR Berlin.

Only members of the HWR Berlin are authorised to use the DFN services.

  • To provide the services of the DFN to the user
  • Ensuring secure communication between the participating entities HWR Berlin

(Identity Provider) and German Research Network DFN (Service Provider)

3.2  Legal basis for the processing

The legal basis for the transmission is the consent of the user according to Art. 6 (1) lit. a GDPR. There is neither a contractual nor a legal obligation to provide the data. The consent is voluntary. Consent to the transfer can be revoked at any time. However, the service can then no longer be used via the HWR, as it is necessary to transmit the metadata. Registration must then be carried out directly via the service.

3.3  Types and categories of personal data

We transmit the following categories and types of data from the user to DFN for the purposes stated in 3.1:

 

Category Metadata
Given Name = Surname
Sn = first name
Mail = HWR email address
eduPersonScopedAffiliation = Type of affiliation to the HWR (student / administration / lecturer / other members of the HWR).
O = Organisation name

 

3.4  Data storage and deletion periods

The data is processed exclusively in Germany or the EU. The metadata is stored in the Active Directory of the HWR. The data is transmitted to DFN each time DFN services are accessed. Data is not stored or deleted beyond this at the HWR Berlin. However, the transmitted data is stored at the DFN. For more information, please refer to the DFN’s data protection conditions.   

 

DFN states: “The logs of the conference servers are deleted after 4 weeks in order to be able to carry out debugging in the event of errors or misuse. For the web conferencing service

(Adobe Connect), the log files are deleted after a maximum of 4 weeks. ”

3.5 Side information

The service provider DFN uses so-called cookies on its own responsibility in order to collect, process and use usage data from the requesting users.

4  General information on data processing

4.1  Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary.

4.2 Recipients or categories of recipients of the personal data

Within the university (internal recipients), the data can be processed by the IT administrators.

4.3 Transfer of data to a third country or int. organisation 

Connection data is not transmitted to a third country or an international organisation.

4.4  Rights of the data subject

According to Art. 13 – 23 DSGVO, the person affected by the processing has rights which can be asserted against the HWR Berlin. An overview of the most important rights is listed below:

  • Duty to provide information when collecting personal data pursuant to Art. 13 DSGVO
  • Right to information about data stored by the data controller (HWR Berlin) according to Art. 15 DSGVO
  • Right to rectification of data stored by the data controller (HWR Berlin) in accordance with Art. 16 DSGVO
  • Right to have data stored by the data controller (HWR Berlin) deleted in accordance with Art. 17 DSGVO
  • Right to restrict processing of data stored by the data controller (HWR Berlin) pursuant to Art. 18 DSGVO
  • Obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing pursuant to Art. 19 DSGVO
  • Right to data portability according to Art. 20 DSGVO
  • Right to object to data processing, provided that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority pursuant to Article 6 (1) e of the GDPR or the processing is necessary for the purposes of safeguarding the legitimate interests of the controller or a third party pursuant to Article 21 of the GDPR.
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  • Right to notification under Article 34 GDPR of the data subject of a personal data breach.

4.5  Exercise of rights

If you wish to exercise your rights, please contact the data protection officer mentioned above or make the request at the link.[2]

4.6  Right of appeal

The data subject also has the right to complain to a supervisory authority about the HWR Berlin. The competent supervisory authority in the state of Berlin is

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219

10969 Berlin

mailbox@datenschutz-berlin.de

4.7  Data security

In order to adequately and comprehensively protect the security of your data during processing and in particular during transmission, we use appropriate technical and organisational measures to ensure the security of your personal data, insofar as this is necessary and oriented to the current state of the art.

5  Status, changes and validity of the privacy policy

This general data protection declaration is valid as of 08/2022. We reserve the right to regularly update this data protection declaration in order to take into account the current legal requirements and technical changes as well as to implement our services and offers in a data protection compliant manner. We will inform you in the event of significant changes to the legal framework. If there are any changes, we will send the user an adapted consent and data protection declaration.

Version  Date Author Change / Remark Classification
1.0 03.07.2020 IT-DUD DSE – Integration dfnconf public
1.1 07.01.2022 IT-DUD Revision public
1.2 30.08.2022 IT-DUD Revision public

 

[1] https://dsgvo2.dsmanager.net/jd8g73mg9/anfrage_meldung.html?key=5oZEoda8bochZmO9   

[2] https://dsgvo2.dsmanager.net/jd8g73mg9/anfrage_meldung.html?key=5oZEoda8bochZmO9   

Diese Webseite verwendet ausschließlich technisch notwendige Cookies. Eine Einwilligung des Nutzers ist demnach nicht erforderlich. This website only uses technically necessary cookies. The consent of the user is therefore not required .