Welcome to the website of the Data Protection Office of ASH Berlin

Data protection at ASH Berlin

The "Alice-Salomon" - Hochschule für Sozialarbeit und Sozialpädagogik Berlin (ASH Berlin) is a public corporation and at the same time a state institution. The main purpose of data collection, processing or use is the study and further education in the fields of social work, health and education as well as the realization of research projects. The collection, processing and use of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and in accordance with the country-specific data protection regulations applicable to ASH Berlin.

Personal data about members of the university, applicants and third parties are collected and processed at ASH Berlin exclusively for the purpose of its social mission in accordance with §§ 6, 6a of the Berlin Higher Education Act (BerlHG) and deleted after expiry of the legally prescribed retention obligations and periods.

What is data protection?

Data protection is the protection of all information that is not freely available to the general public. The focus is on information that is directly related to a specific person: personal and private information as well as contact details. However, data about objects or certain circumstances/relationships can also be worthy of protection. Data protection law examines and assesses the handling of data. In principle, it is necessary to examine which data is worthy of protection and how this protection is guaranteed and complied with.

Data protection law and the German Basic Law - right to informational self-determination

The right to informational self-determination is understood as the right of the individual to decide for themselves on the disclosure and use of their personal data. The right to informational self-determination is not explicitly regulated in the Basic Law. The right to informational self-determination is a manifestation of the general right of personality and was recognized as a fundamental right by the Federal Constitutional Court in the so-called census ruling 1983. This is derived from Article 2 of the Basic Law - the right to free development of the personality.

As a manifestation of the general right of personality, it protects the right of each individual to determine their own personal data and its use.

Data protection today

Due to the progressive development of information technology and digital technology, the importance of data protection has changed and increased. Modern IT, such as the Internet, e-mail, mobile telephony, video surveillance and electronic payment methods, make it increasingly easy to collect, analyze and store more and more data. The data collected can be used to analyze personal data and derive behavioral patterns that can be used for various purposes.

In order to create a uniform approach to data protection and data security throughout Europe, the European Union's General Data Protection Regulation (GDPR) was adopted. It came into force in 2018 and ensures the protection of personal data on the one hand and the free movement of data within Europe on the other.

Data protection and science

Scientific data collections are also subject to data protection. A conflict can arise here between freedom of research and data protection. From a data protection perspective, the use of pseudonymized or anonymized data is unproblematic. In many cases, however, personal data is also used in science. In these cases, consistent application of data protection regulations would sometimes result in a ban on scientific research. To avoid this, there are special regulations for scientific research.

Contact

If you have any questions, please contact the data protection officer at ASH Berlin: datenschutz@ avoid-unrequested-mailsash-berlin.eu

For data protection complaints, you can contact the responsible supervisory authority:Berliner Beauftragte für Datenschutz und InformationsfreiheitFriedrichstr. 21910969 Berlin

To the privacy policy of ASH Berlin

Back to top

Lawfulness of the data processing (Art. 6 GDPR)

The GDPR establishes the prohibition with reservation of consent as the basic principle for data processing. This means that the processing of personal data is only permitted if a legal provision allows it or if the data subject has consented to the data processing

List of the permissions in accordance with Art. 6 para. 1 GDPR:

Processing is only lawful if at least one of the following conditions is met

a. The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;b. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;c. Processing is necessary for compliance with a legal obligation to which the controller is subject;d. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (this does not apply to processing carried out by public authorities in the performance of their duties);f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Principles of the processing of personal data (Art. 5 GDPR)

Personal data must

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject; ... ("lawfulness, fairness and transparency");
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes ("purpose limitation");
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization")
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy")
  5. stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; ... ("storage limitation");
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures ("integrity and confidentiality");

Duty to provide information (Art. 13 GDPR)

The duty to provide information when collecting and processing data is an integral part of data protection law. The data subjects must be informed by the data controller about the data processing operations relating to their specified data at the time of collection. The information must be provided to the data subjects in a precise, transparent, comprehensible and easily accessible form. It may be provided to the data subject in writing or in electronic form.

The notification must contain the following information:

  1. Name and contact details of the controller
  2. Contact details of the data protection officer
  3. Purpose of processing and legal basis
  4. Obligation to provide personal data:The controller must inform the data subject whether the provision of their personal data is required by law or contract, is necessary for the conclusion of a contract or is otherwise required and what the consequences would be if the data were not provided.
  5. In case of data transfer - indication of the recipients
  6. Duration of storage
  7. Rights of the data subjects
  8. (rights of access, rectification, erasure, restriction of processing, objection to processing and data portability)
  9. Revocability of consent, insofar as the processing is based on the consent of the data subject(s)
  10. Right to lodge a complaint with the supervisory authority
  11. If personal data is not collected from the data subject, the controller has almost the same information obligations as if it were collected directly from the data subject: the controller must inform the data subject about the source of the personal data and whether it is a publicly accessible source.

Rights of data subjects

Data subjects have the following rights under the GDPR:

  • Information about the data stored about the person (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure of data that is no longer required (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability, unless they are protected for other reasons (Art. 20 GDPR)
  • Right to object to the future processing of the data (Art. 21 GDPR)

Glossary

Personal data is considered anonymized if the data has been changed in such a way that the personal reference can no longer be restored or only under extremely difficult conditions.