Create a record of processing activities:
To create a record entry, please use the SecDoc documentation software. For information and help on how to use it, please refer to the MIZ Wiki here. If you have any questions, please contact the data protection management - we will be happy to advise you.
The sample privacy notices differ in terms of legal instruction and must be selected based on the legal basis on which the data processing is based. The aim should always be to avoid data processing based on consent. You can find out which legal basis is relevant for your data processing from the notices displayed within the record of processing activities.
If several data processing operations, which are based on different legal bases, are combined in one privacy notices, the legal instructions must be compiled with special care to form hybrid privacy notices. We will be happy to support you in this!
CONSENT
Please note that, in principle, effective consent cannot be obtained from students and employees. If you obtain consent via the Internet, you must be able to identify the person. This is regularly only possible via the so-called double opt-in procedure.
PERFORMANCE OF A CONTRACT CONCLUDED WITH THE DATA SUBJECT
Please note that you may only use this legal basis if the contract must be concluded directly with the data subject and not with his or her employer or other institutions.
LEGAL OBLIGATION
Legal obligations requiring data processing may arise, for example, from the HochschulStatG, the UStG or the Corona-VO.
TASKS IN THE PUBLIC INTEREST
The tasks can arise from various laws and ordinances; however, the most important is probably § 17 NHG. According to § 17 NHG, the university is allowed to process the personal data of its members and members of staff that are required for the above-mentioned tasks. This includes in particular the classical university tasks according to § 3 NHG.