Data Privacy

Content

  1. Legal bases
  2. Personal data
  3. Legal bases for processing
  4. Protection mechanisms
  5. Deleting files
  6. Printing personal data
  7. General information

1. legal bases

The legal bases are

  • the Regulation (EU) 2016/679* of the European Parliament and of the Council of European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation GDPR), which has been in force since 25 May 2018, and

  • the Hessian Data Protection and Freedom of Information Act (HDSIG) in the version dated 3 May 2018, which supplements the to the GDPR for the processing of personal data by the public the public authorities of the state, municipalities and districts applies.

The Federal Data Protection Act (BDSG) essentially applies to federal authorities.

Top of page

2. personal data

The subject of data protection is personal data. Personal data is any information relating to an identified or identified or identifiable natural person (“data subject”) (“data subject”) (Art. 4 No. 1 GDPR). A natural person is regarded as identifiable, directly or indirectly, in particular by reference to an identifier identifier such as a name, an identification number, location data, to an online identifier or to one or more specific special characteristics that express the physical, physiological, genetic, psychological physical, physiological, genetic, mental, economic, cultural or social social identity of that natural person, can be identified.

Top of page

3. legal bases of the processing

Insofar as the processing of personal data requires the the consent of the data subject is required, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

In the processing of personal data necessary for the fulfilment of a contract to which the data subject is a person is a party to, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment is necessary for compliance with a legal obligation to which the Fulda University of Applied Sciences is subject to, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person or another natural person require the processing of personal of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the performance of a task carried out necessary for the performance of a task carried out in the public exercise of official authority vested in Fulda University of Fulda University of Applied Sciences, Art. 6 para. 1 lit. e GDPR in conjunction with a relevant, specialised federal or state law as the legal basis for the processing.

Top of page

4. protection mechanisms

  1. the processing of personal data on publicly accessible accessible workstations is prohibited.

  2. workstations in offices must be specially protected protected if personal data is processed on them. are processed on them.

  • The office must be locked when it is is left.

  • The login to the computer must be protected by a secure password protected be protected.

  • Starting the workstation computer (boot process) must be protected by a password (“BIOS password”, see sections “Functions” and “Security” in the German explanation of the BIOS or better explained in the section “Configuration” in the English explanation for the BIOS). This protection must also be effective if an intruder can access the computer with his own CDROM, DVD, a memory stick or something similar. wants to start the computer. If the computer does not have such password protection, the personal data may not be personal data encrypted on the hard disc. stored on the hard disc.

  • The computer must either be secured against theft against theft or it may only be operated with removable hard drives that are stored in a burglar-proof cabinet at night.

  • On portable data carriers (hard disks in notebooks, removable discs, CDROM, DVD, memory stick, etc., personal data may be stored only encrypted.

  • On network drives of the university, the Hessenbox and similar external storage media sensitive personal research data may be stored in accordance with Art. 9 GDPR, which regulates the processing of which regulates the processing of special categories of personal data only encrypted may be stored. The encryption of the data is the responsibility of the person who stores the data on data on these storage media.

  1. if the computer’s operating system supports the protection of protection of personal data, the appropriate protection mechanisms must be used.

Top of page

5. deletion of files

The normal command for deleting a file only deletes the name of the file from internal system lists (e.g. the file directory), while the file content is not destroyed. Memory areas of deleted files can, under certain circumstances (with some effort and appropriate knowledge) into readable files again. readable files. Destroying the file contents is only possible with special operating system commands (these commands are only provided by provided by some operating systems) or special programmes. programmes.

If a data carrier on which personal data is stored has been is to be released for general operation or deleted, all file contents must first be destroyed.

Top of page

6. printing personal data

Personal data may only be printed out if the printout is personally personally supervised.

Top of page

7. general notes

Any person who works with personal data, should carry out their work particularly responsibly, as all protection mechanisms only fulfil their purpose if they are are taken seriously by those involved.

Finally, a few general tips:

  1. do not leave any written documents lying around from which that reveal your passwords.

  2. do not allow any other person to work under your work under your ID.

  3. collect output lists and data carriers with personal data personal data in person instead of sending them send them.

  4. do not leave portable data carriers (CDROM, DVD, memory stick, etc.) with personal data lying around. lying around, but lock the data carriers in a burglar-proof in a burglar-proof cabinet before you leave the office. leave the office.

  5. store personal data on portable data carriers data carriers only in encrypted form.

**Remember that you personally are primarily responsible responsible for the protection of the data entrusted to you.

Top of page