Data Protection Declaration for the Docata Web Portal

The following explanations contain information on the processing of your personal data in accordance with Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).

1. Personal Information

In order to fulfil the purposes listed under 3 below, it is necessary for KIT to process personal data concerning you. According to Art. 4, No. 1 GDPR, personal data is “any information relating to an identified or identifiable natural person”.

2. Controller and Data Protection Commissioner

Responsible for data processing within the framework of the GDPR and other data protection regulations is

Karlsruhe Institute of Technology (KIT)

Kaiserstraße 12
76131 Karlsruhe

Phone: +49 721 608-0
Fax:     +49 721 608-44290
E-mail:  ▶ info∂

Karlsruhe Institute of Technology (KIT) is a corporation governed by public law. It is represented by the President Prof. Dr. Oliver Kraft (Acting President of KIT).

You can contact the Data Protection Commissioner of Karlsruhe Institute of Technology (KIT) by e-mail at ▶ datenschutzbeauftragter∂, via mail at the above address with the addition "Die Datenschutzbeauftragte" (the data protection commissioner), or by phone under +49 721/608-41057.

3. Purpose of Data Processing

We collect and process your personal data only for specified, explicit, and legitimate purposes. The purposes of the processing of your personal data in Docata are as follows

  • the fulfilment of KIT's legal obligations, in particular pursuant to Art. 13, par. 9 in conjunction with par. 8 of the State Higher Education Act (Landeshochschulgesetz; LHG) and Art. 38, par. 5, clause 4 LHG,
  • the processing for administrative purposes, in particular in accordance with Art. 9a para 1 of the Higher Education Data Protection Ordinance (HSchulDSV),
  • the fulfilment of the following reporting obligations:
    • Legal and statutory reporting obligations, in particular pursuant to Art. 10, par. 1 in conjunction with Art. 3, par. 5; Art. 4 and Art. 5, par. 2; Art. 10, par. 1, point (3) in conjunction with Art. 9, par. 1, point (3) Higher Education Statistics Act (Hochschulstatistikgesetz; HStatG); Art. 5, par. 5 KIT Act (KIT-Gesetz); Art. 13 par. 9 LHG; Art. 9, par. 3, point (d) statues of the Helmholtz Association of German Research Centres and
    • further reporting obligations through the use and transmission of data which, due to the aggregation carried out, contain no references to persons, including the provision of data for the purpose of serving national and international rankings,
  • the quality assurance of KIT concerning
    • statutory quality assurance tasks, in particular pursuant to Art. 5 and Art. 13, par. 9 LHG,
    • internal quality assurance through the central provision of standardized evaluations and statistical analyses for internal quality assurance purposes,
  • the fulfilment of the tasks of the KIT Departments and other organizational units within the scope of their responsibilities by the central provision of functionalities and standardized evaluations for the administration, implementation, and support of doctoral projects and procedures, as far as this is necessary for the fulfilment of their tasks,
  • analyses for the implementation of internal planning or organizational measures pursuant to Art. 15, par. 1 of the State Data Protection Act (Landesdatenschutzgesetz; bwLDSG) of 12 June 2018 (hereinafter referred to as LDSG) and
  • the processing of individual enquiries which are admissible under data protection law and objectively justified.
4. Legal Basis for Data Processing

The legal basis for the processing of your personal data is Art. 6, par. 1, subpar. 1, point (e) GDPR and Art. 4 LDSG. Furthermore, the above-mentioned regulations are referred to.

5. Processing of Personal Information

The processing of your personal data will take place exclusively for the fulfilment of the above-mentioned purposes.

In Docata, the principle of data minimization pursuant to Art. 5, par. 1, point (c) GDPR is applied. This means that the processing of each individual personal piece of data has to be necessary to achieve the relevant purpose. We will not process your personal data without this prerequisite.

We will anonymize your personal data as soon and as far as this is possible according to the purpose pursued in each case. We answer non-standardized individual enquiries exclusively by means of anonymized data. The transmission of data to third parties also takes place exclusively in anonymized form.

In order to be able to fully protect your rights in the case of individual enquiries, we have established a procedure in which, among other things, a prior positive assessment of the permissibility of the respective individual enquiry under data protection law by the KIT Data Protection Unit is required before processing the individual enquiry.

6. Recipients

The personal data will only be forwarded within KIT if this is necessary to achieve the above-mentioned purposes.

The Docata web portal is technically operated within KIT by the Scientific Computing Center (SCC).

Your personal data is not passed on to third parties as a matter of principle. Your personal data will only be provided to third parties if KIT is legally obliged to do so. Outside of KIT’s legal obligations, we will only transmit data that does not contain a reference to you as a person. This is achieved, for example, through the aggregation of data.

If, exceptionally, it should be necessary for external service providers to process personal data on our behalf, these service providers will be carefully selected and contractually obligated by us. The relevant service providers work exclusively according to our instructions. We ensure this through strict contractual regulations, technical, and organizational measures and supplementary controls.

Personal data is not transmitted to third countries outside the EU or the EEA or to an international organization. Automated decision-making including profiling does not take place.

7. Storage Duration

The personal data collected by Docata will only be stored for as long as it is necessary to fulfil the above-mentioned purposes or as long as this is provided for by law. As soon as the above-mentioned purposes have been achieved or ceased to exist, the relevant personal data will be erased without undue delay.

8. Rights

You have the following rights regarding personal data concerning you:

  • the right to obtain confirmation as to whether data concerning you is being processed and information on the data processed, further information on data processing, and copies of data (Art. 15 GDPR),
  • the right to rectify or complete inaccurate or incomplete data (Art. 16 GDPR),
  • the right to erasure of data concerning you without undue delay (Art. 17 GDPR),
  • the right to restriction of processing (Art. 18 GDPR),
  • the right to receive the data concerning you and provided by you and to transmit this data to other responsible parties (Art. 20 GDPR),
  • the right to object to the future processing of the data concerning you which is based on Art. 6, par. 1, point (e) or (f) GDPR (Art. 21 GDPR).

You also have the right to lodge a complaint with a supervisory authority about the processing of the personal data concerning you by Karlsruhe Institute of Technology (KIT) (Art. 77 GDPR). Supervisory authority of KIT in the sense of Art. 51, par. 1 GDPR is according to Art. 25, par. 1 LDSG

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg)

Street address:
Lautenschlagerstraße 20
70173 Stuttgart

Postal address:
Post office box 10 29 32
70025 Stuttgart

Phone:             +49 711/615541-0
Fax:                 +49 711/615541-15
E-mail:              ▶ poststelle∂