Search

Gesamtanzahl der Seiten: 0
Informationstechnologie > Privacy Policy

Privacy Policy

Privacy Notice for the website it.hwr-berlin.de at the Berlin School of Economics and Law on the WordPress server:
The Berlin School of Economics and Law (HWR Berlin) aligns its data protection practices with the EU-wide General Data Protection Regulation (GDPR). The following notice explains which personal data is collected when using the blog site it.hwr-berlin.de and how this data is used.

1 General Information

The entity responsible for data processing for this web offering is the Berlin School of Economics and Law, Badensche Strasse 52, 10825 Berlin, represented by President Prof. Jens Hermsdorf. The person responsible for procedures is the IT Director – Ms. Ulrike Becker.

The following contact options are available:

HWR Berlin
IT Abteilung
Badensche Strasse 52
10825 Berlin
E-Mail: ulrike.becker@hwr-berlin.de
Telefon: 030-30877-2530

Contact details of the Data Protection Officer:

HWR Berlin
Datenschutzbeauftragter
Alt-Friedrichsfelde 60
10315 Berlin
E-Mail: datenschutz@hwr-berlin.de

2 Notice on Data Subject Rights

According to Article 15 of the EU General Data Protection Regulation (GDPR), there is a right to free information on whether personal data concerning oneself is being processed and, if so, which personal data this involves. Generally, a copy of the data can be requested unless a legal exception or overriding interests of third parties apply. If the data is incomplete or incorrect, there is a right to rectification according to Article 16 of the GDPR. Other rights of data subjects include:

  • Article 17 GDPR: Deletion of personal data if one of the grounds for deletion mentioned there applies and no overriding reasons exist.
  • Article 18 GDPR: Restriction of the processing of personal data if one of the grounds mentioned there applies.
  • Article 20 GDPR: Transfer of personal data to another provider if the processing is based on consent or a contract.
  • Article 21 GDPR: The right to object to otherwise lawful processing of personal data may exist due to a specific personal situation.
  • Article 22 GDPR: Grants special data subject rights in the case of automated individual decision-making, including profiling.

3 Right to Lodge a Complaint

There is the right to lodge a complaint with the supervisory authority responsible for the Berlin School of Economics and Law:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichsstraße 219
10969 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de

4 Purpose of Processing Personal Data

The website of the Information Technology department as a blog serves to inform about the offerings, services, and documentation of the Information Technology department of the Berlin School of Economics and Law. This blog provides extensive information about IT offerings and services, describes IT projects in more detail, and publishes general information about maintenance periods or calls for student assistants. The website is intended to inform all status groups of HWR Berlin and is publicly accessible to external interested parties as well.

Personal data is collected only to ensure the operation of the website. It is not currently intended to use the data for purposes other than those mentioned. If the data is to be used for other purposes in the future, we will inform you in advance.

The basis for processing is the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act, the State Data Protection Act of Berlin, and the Student Data Regulation of Berlin.

5 Collection and Use of Personal Data

For using our service, it is not necessary to register or log in with personal data.

Registration of a user is only required for the administration or editorial work on the website. These login credentials are created and managed centrally by the Information Technology department. These necessary login credentials are transmitted and stored by the department management. There is no transmission of data to third parties.

The following data is collected during the registration process. These data are generally taken from the central user management system (Active Directory) of the Berlin School of Economics and Law.

  • Last Name
  • Username
  • (university-related) Email Address
  • First Name

Authentication occurs via the decentralized user management of the blog. The password is created decentrally and made available to the user through registration. The user is advised to change the password. The password is stored only in the decentralized user management of the WordPress site.

During the registration process, information about the processing of these data is provided. The legal basis for processing the data is Article 6(1)(e) GDPR. Registration of the user is necessary to provide the contents and functions of WordPress for the purpose of content provision.

We collect and use personal data of our users only insofar as it is necessary to provide WordPress and its functions.

If the processing of personal data is necessary for the performance of a task carried out in the public interest, Article 6(1)(e) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of the Berlin School of Economics and Law or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. If we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.

When using WordPress without plugins, the following data are collected:

  • Connection data (e.g., IP address, date and time of access)
  • Access data: username, password in encrypted form, (university-related) email address, first name, last name
  • Content data (e.g., uploaded files, posts)

The temporary storage of connection data, particularly the IP address, by the system is necessary to enable the delivery of WordPress to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The legal basis for temporary storage of the data is Article 6(1)(f) GDPR.

The data (connection/access and types of content data) are also stored in log files. Storage in log files is carried out to ensure the functionality of WordPress. We also use the Fail2ban function on the server side to block IP addresses. Moreover, the data serves to ensure the security of our IT systems. These purposes constitute our legitimate interest in data processing, according to Article 6(1)(f) GDPR.

The data in the log files are deleted after 14 days. Only administrators have access to the log files. The collection of data for the provision of WordPress and the storage of data in log files are absolutely necessary for operation. Therefore, the user has no possibility of objection.

6 Duration of Data Storage/Deletion Periods

Registered Users

The personal data of the administrative or editorial users of the WordPress blog it.hwr-berlin.de are stored until the user is deleted because no further administrative or editorial access is required. This occurs when the person leaves HWR Berlin, the blog page is deactivated, or responsibilities change.

7 Use of Cookies

WordPress uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When WordPress is accessed, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.

During login to the blog it.hwr-berlin.de, a temporary cookie is set to determine if the browser accepts cookies. This cookie contains no personal data and is discarded when the browser is closed. Additionally, when logging in to the blog it.hwr-berlin.de, some cookies are set to save login information and display options. Login cookies expire after two days, and cookies for display options expire after one year. If the “Keep me logged in” option is selected during login, the login is maintained for two weeks. The login cookies are deleted when logging out of WordPress.

When an article is edited or published, an additional cookie is stored in the browser. This cookie contains no personal data and only refers to the post ID of the article being edited. This cookie expires after one day.

8 Used Plugins

The following plugins are used for the operation of the blog it.hwr-berlin.de:

Simple Page Sidebars – A plugin that allows custom, widget-ready sidebars to be added to any page.

Breadcrumb NavXT – This plugin adds breadcrumb navigation, which shows visitors the path to their current page. No personal data is stored or processed through this plugin.

Image Widget – A simple plugin for embedding images via the native WordPress Media Manager. No personal data is stored or processed through this plugin.

Custom Sidebars – A simple plugin to provide custom sidebars on a website. No personal data is stored or processed through this plugin.

Polylang – A plugin that adds multilingual support to the blog. No personal data is stored or processed through this plugin.

Shortcodes Ultimate – A plugin that provides an extensive collection of visual components for WordPress.

9 Information

Upon your request, we will promptly inform you about what personal data concerning you is stored in WordPress on the blog it.hwr-berlin.de. Please contact the administration of the WordPress site via email. The email address is: ulrike.becker[at]hwr-berlin.de.

Our Data Protection Officer, Prof. Dr. Hartmut Aden, is also available for providing information: datenschutz@hwr-berlin.de.

10 Legal Basis

Datenschutz-Grundverordnung (EU-DSGVO)
Studierendendatenverordnung (StudDatVO)
Bundesdatenschutzgesetz (BDSG)
Berliner Datenschutzgesetz (BlnDSG)
Telemediengesetz (TMG)

Datenverarbeitungssatzung der HWR Berlin (DVS HWR Bln)

Further information on data protection can be found on the website of the State Commissioner for Data Protection:
https://www.datenschutz-berlin.de