Data protection information

Data protection information

Thank you for visiting our website. In the following, we would like to inform you about how we handle your data in accordance with Section 15 of the Church Data Protection Act (KDG).

The controller responsible for the processing of personal data collected when you visit this website is

Catholic University of Applied Social Sciences Berlin (KHSB)
Köpenicker Allee 39-57
10318 Berlin

E-mail:

Our data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

datenschutz nord GmbH
Berlin office
Kurfürstendamm 212
10719 Berlin

E-mail:

If you contact our data protection officer, please also indicate the responsible body named in the .

of the East German dioceses and the Catholic Military Bishop
Bathing Park 4
39218 Schönebeck

E-mail:

Usage data

When you visit our website, so-called usage data is temporarily processed on our web server in order to deliver the website. We also use the usage data for statistical purposes in order to improve the quality of our website. The usage data consists of

  • the name and address of the requested content,
  • the date and time of the request
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser and operating system used,
  • the referral link, which indicates from which page you came to our website,
  • the IP address of the requesting computer.

The usage data is only analysed in anonymised form.

The legal basis for processing the usage data is Section 6(1)(g) KDG. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimised display.

Storage of the IP address for security purposes

In addition, we store the full IP address transmitted by your web browser for a period of seven days strictly for the purpose of recognising, limiting and eliminating attacks on our website. After this period has expired, we delete or anonymise the IP address. The legal basis for the processing is § 6 para. 1 lit. g KDG.

Data security

We take technical and organisational measures to protect your data from unauthorised access as comprehensively as possible. We use an encryption process on our website. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Required cookies

We use cookies on our website, which are necessary for the use of our website. Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use necessary cookies for analysis, tracking or advertising purposes. Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site. We use these cookies on the basis of Section 25 (2) No. 2 TDDDG.

You can set your browser to inform you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our website may then not be able to be displayed in full and some functions may no longer be technically available.

Consent banner

On our website, we use the consent management platform (consent or cookie banner) Cookiebot from the provider Usercentrics A/S. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Section 25 (2) No. 2 TDDDG and Section 6 (1) lit. g KDG in the legitimate interest of displaying our content according to your preferences and being able to prove the consent(s) you have given. The settings you have made, the consent you have given and the necessary usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked.

The provider of the consent management platform Usercentrics A/S acts for us as a service provider (processor) strictly bound by instructions. An order processing contract in accordance with § 29 KDG has been agreed.

Visitor measurement

We use the web analysis tool Matomo to customise the design of our website. Matomo creates usage profiles based on fingerprints (including the hash value of the operating system, browser, browser plug-ins, anonymised IP address and browser language). In this way, we are able to recognise returning visitors, count them as such and record usage behaviour on the website. Data processing takes place on the basis of your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

Contact us

You have the option of contacting us by letter, e-mail or telephone. We use the data you provide when you contact us on the basis of Section 6(1)(g) KDG in order to respond to your enquiry. We have a legitimate interest in being in contact with the users of the website and answering questions asked.

Press mailing list

On our website, you have the option of registering for our press mailing list. We use the data collected in this context to regularly send you our press releases, current information and background information on the activities of the KHSB. The legal basis for the processing is your consent. You can revoke your consent at any time with effect for the future. We will delete your data as soon as you unsubscribe from the mailing list.

Assistance software to ensure accessibility

On our website, we use the Eye-Able service from Web Inclusion GmbH to provide all people with low-barrier access to the information on our website. The necessary files such as JavaScript, stylesheets and images are loaded from an external server. When functions are activated, Eye-Able uses the browser's local storage to save the settings. All settings are only stored locally and are not transmitted further. Processing is carried out on the basis of Section 25(1) TDDDG and Section 6(1)(b) KDG (consent).

Access-protected area

If you wish to use our access-protected area, prior registration is required. We only collect the data required for registration and provision of the desired service. Processing is carried out on the basis of Section 6 (1) (c) KDG (fulfilment of the user contract).
If we also collect data labelled as voluntary, we process this on the basis of your consent. You can revoke your consent at any time with effect for the future. To do so, please use the corresponding functions in the access-protected area or contact the e-mail address stated in the .

If you would like to permanently unsubscribe from our access-protected area, please use the unsubscribe option in the access-protected area or contact the office named in the .

CAPTCHA

To protect our web forms from automated enquiries, we use CAPTCHA from the provider Friendly Captcha GmbH. As part of the CAPTCHA function, you may be asked to complete tasks or click on checkboxes. The user entries made in this context and, if applicable, the mouse movements are used to assess whether the entries were made by a human or an automated programme. Data processing is carried out on the basis of Section 6(1)(g) KDG in the legitimate interest of protecting us from spam and misuse and ensuring the security of our systems. If you do not wish this data processing to take place, please refrain from using our web forms.
We are supported in the provision and evaluation of the CAPTCHA by a processor bound by instructions, Friendly Captcha GmbH. An order processing contract has been agreed.

Application

You have the option of applying for the positions we advertise or sending us an unsolicited application. You yourself determine the scope of the data you wish to send us as part of your e-mail application. In order to be able to consider your application, however, the following information is required as a minimum: name, address, e-mail address, letter of motivation, CV, certificates and qualifications. We process this information for the purpose of selecting applicants on the basis of Section 53 (1) KDG. For more information on the processing of your data for application purposes, please refer to the for applicants.

Storage duration

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (statutory) retention obligations prevent deletion.

Further processors

We pass on your data to service providers who support us in the operation of our website and the associated processes as part of order processing in accordance with Section 29 KDG. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and are contractually bound accordingly.

In the following, we will name the processors with whom we work if we have not already done so in the above text of the data protection information. If data may be processed outside the EU or the EEA in this context, we will inform you of this in the following list:

Processor

punkt.de GmbH

Purpose

Web hosting and support

Adequate level of data protection

Processing within the EU/EEA

Your rights as a data subject

When processing your personal data, the KDG grants you certain rights as a data subject:

Right to information (§ 17 KDG)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Section 17 KDG.

Right to rectification (Section 18 KDG)

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right to erasure (Section 19 KDG)

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Section 19 KDG applies.

Right to restriction of processing (Section 20 KDG)

You have the right to request the restriction of processing if one of the conditions listed in Section 20 KDG applies, e.g. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (§ 22 KDG)

In certain cases, which are listed in detail in Section 22 KDG, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right of cancellation (§ 8 para. 6 KDG)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Section 8 (6) KDG. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Right to object

If data is collected on the basis of Section 6 para. 1 lit. g KDG (data processing to safeguard legitimate interests) or on the basis of Section 6 para. 1 lit. f KDG (data processing to safeguard church interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to lodge a complaint with the data protection supervisory authority (Section 48 KDG)

Pursuant to Section 48 KDG, you have the right to lodge a complaint with the data protection supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless otherwise described above, please contact the office named in the to assert your rights as a data subject.

In the following, we would like to inform you about the handling of your data in accordance with Section 15 of the Church Data Protection Act (KDG).

Responsible party

We, the Catholic University of Applied Social Sciences Berlin, operate the following social media pages:

You can find our contact details in our .

In addition to us, there is also the operator of the social media platform. This is another controller who carries out data processing over which we have only limited influence. At the points where we can exert influence and parameterise data processing, we work within the scope of the possibilities available to us to ensure that the operator of the social media platform handles data in accordance with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process.

Data processing by us

The data you enter on our social media pages, such as comments, videos, images, likes and public messages, are published by the social media platform and are not processed by us for any other purpose at any time. We only reserve the right to delete content should this be necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis for this processing is § 6 para. 1 lit. g KDG. The data processing is carried out in the interest of our public relations and communication.

If you wish to object to certain data processing over which we have influence, please use the contact details provided in the legal notice. If you wish to exercise your right to object against the platform, please contact the platform directly.

If you make an enquiry on the social media platform, we may refer you to other communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential enquiries to the address given in our legal notice.

As already mentioned, where the provider of the social media platform gives us the opportunity, we make sure that our social media pages are as data protection compliant as possible. With regard to the statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

We occasionally use our social media platforms to display adverts.

To do this, we use target group definitions provided to us by the social media provider. We only use anonymous target group definitions, i.e. we define characteristics based on general demographic information, behaviour, interests and connections. The operator of the social media platform uses these to display adverts to its members. The legal basis for this is the consent that the operator of the social media platform has obtained from its members. If you wish to withdraw this consent, please use the cancellation options provided by the provider of the social media platform.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As shown, we cannot influence the web tracking of the social media platform. We cannot switch it off.

Please be aware that it cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on the processing of your data. We have no influence on the processing of your data by the provider of the social media platform.

Further information on data processing by the provider of the social media platform, further objection options and, if available and concluded, the agreement pursuant to Section 28 KDG can be found in the provider's data protection information:

and

Your rights as a user

When processing your personal data, the KDG grants you as the data subject certain rights that you can exercise both against us and against the provider of the social media platform.

Right to information

You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and to the information listed in detail in Section 17 KDG.

Right to rectification

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right to erasure

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Section 19 KDG applies.

Right to restriction of processing

You have the right to request the restriction of processing if one of the conditions listed in Section 20 KDG applies, e.g. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability

In certain cases, which are listed in detail in Section 22 KDG, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right to object

If data is processed on the basis of Section 6(1)(f) or (g) KDG, you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to lodge a complaint with the data protection supervisory authority

In accordance with Section 48 KDG, you have the right to lodge a complaint with the data protection supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations.

For what purposes should personal data be processed?

"Matrix" is an open, decentralised communication service for real-time communication. In compliance with the relevant statutory and legal provisions on data protection and IT security, members and affiliates of the KHSB are able to use their KHSB login to communicate with members of the KHSB via chat and audio/video telephony. The aim of using groupware systems is in particular to ensure and simplify work organisation measures for the collaborative work of users, groups of people, teams and committees as well as communication management. Personal data is processed exclusively for the aforementioned purposes.


Who is responsible for data processing?

The KHSB is responsible within the meaning of Section 4 No. 9 KDG.


What personal data is processed?

The processing includes the following categories of personal data

1. Account information

  • Display name (recommended: first name and surname)
  • Matrix ID (encrypted from the KHSB login)
  • Profile picture
  • Email address (only for identification on the KHSB login page)

2. Usage and content data

  • Rooms: Memberships in private chats, group rooms or spaces
  • Content data: Data such as chat content, video calls and phone calls. The content is usually encrypted so that no one - not even the IT administration - can access the data without authorisation. If encryption is switched off for a room, this is displayed to the user.
  • Uploaded files: If a file, such as an image, is added to a chat room, it is processed by the Matrix server. This is also encrypted.
  • Device identification: e.g. type of device used (e.g. mobile/desktop), operating system

3. Log data

  • IP: Last seen IP address of the client and timestamp
  • Logs for events on Matrix (e.g. time of events such as entering or leaving a room or sending a message)
  • Metadata: Metadata is "data about data" that every system needs in order to assign data to specific persons or resources.

The profile data (display name, e-mail, photo) and the matrix ID are only visible to participants in the KHSB matrix network and not to external parties. When reporting problems, data is passed on in compliance with the Whistleblower Protection Act.

What is the legal basis for processing personal data?

The legal basis for data processing for the purposes mentioned here is § 6 para. 1 lit. f KDG (fulfilment of the university's tasks).

How long is personal data stored?

The user content can be deleted by the users themselves at any time. Otherwise, we only store your data for as long as we need it for the respective processing purposes. If the data is no longer required for the fulfilment of the processing purposes stated in this data protection notice, it will be deleted unless its retention is still necessary for the fulfilment of statutory retention obligations.

Is personal data transferred to third parties?

Within the KHSB, only persons who need your data to fulfil the tasks assigned to them will have access to it. In addition, service providers who support us in the fulfilment of our tasks may have access to your data. These are these service providers:

Service provider MATRIX

fnordkollektiv GmbH
Dillweg 27
57250 Netphen

Service provider Shibboleth IdPs (SSO KHSB)

DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
i si.de

Otherwise, we do not transfer your data to third parties.

What rights do data subjects have?

Right of cancellation

If the use of the services is based on consent, this can be revoked at any time with the consequence that the personal data of the person concerned will no longer be processed. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

Right to information

In accordance with the legal requirements, data subjects have the right to request information about the personal data processed about them and the possible recipients of this data at any time. They are entitled to a response within a period of one month after receipt of the request for information.

Right to rectification, erasure and restriction

Data subjects can request that KHSB rectify or erase their personal data or restrict the processing of their data at any time in accordance with the legal requirements.

Right to data portability

In accordance with the legal requirements, data subjects may request that KHSB transmit their personal data to them in a machine-readable format. Alternatively, you can request the direct transfer of the personal data you have provided to another controller, insofar as this is possible.

Right to object

In accordance with the legal requirements, data subjects may object to the processing of their personal data at any time on grounds relating to their particular situation.

Right to lodge a complaint

Data subjects are entitled to lodge a complaint with the data protection supervisory authority if they do not agree with the processing of their data. The data protection supervisory authority responsible for the KHSB is the Church Data Protection Authority. To exercise these rights, it is sufficient to notify the controller in text form (letter or email).