Data Protection


Regulations regarding data protection on the MBM blog https://blog.hwr-berlin.de/green/ at the Berlin School of Economics and Law on the WordPress server are as follows:

The Berlin School of Economics and Law (HWR Berlin) bases its data protection policy under the EU General Data Protection Regulation (GDPR). The following points explain which personal data are collected when using the blog site https://blog.hwr-berlin.de/green/ and how these data are used.

1 General information
The HWR Berlin, Badensche Strasse 52, 10825 Berlin, Germany is responsible for the data processing on this website.
Process responsible: Prof. Dr. Marianne Egger de Campo.
Contact:
HWR Berlin
Alt-Friedrichsfelde 60
10315 Berlin
E-Mail: marianne.egger[at]hwr-berlin.de
Telephone: +49 30 30877-2675
Contact details of the data protection officer:
HWR Berlin
Datenschutzbeauftragter
Alt-Friedrichsfelde 60
10315 Berlin
E-Mail: datenschutz[at]hwr-berlin.de

2 Reference to the Rights of the Data Subject
According to Article 15 of the EU General Data Protection Regulation (GDPR), the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data are being processed and, where that is the case, which personal data are involved. In principle, a copy of the data can be requested, unless a legal exception or higher interests of third parties prevail. If the data are incomplete or incorrect, there is a right to correction in accordance with Article 16 of the regulation.
Further rights concerned:
• Art. 17 GDPR: erasure of personal data if there is a reason for deletion stated in the data protection regulation and without overriding reasons.
• Art. 18 GDPR: restriction of processing of the personal data if there is a reason stated therein.
• Art. 20 GDPR: transfer of the personal data to a provider if the processing is based on consent or on a contract.
• Art. 21 GDPR: for reasons relating to a specific personal situation, there may be a right to object to the processing of personal data that would otherwise be lawful.
• Art. 22 GDPR: special rights to data subjects are given for automated decisions in individual cases, including profiling.

3 Right to lodge a complaint
There is a right to lodge a complaint with the responsible data protection supervisory authority at the HWR:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichsstraße 219
10969 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de

4 Purpose of the processing of personal data
The website MBM blog https://blog.hwr-berlin.de/ green / serves the publication of the examination task within the group of students of module 1 “Business Environemnts” of the postgraduate Master Programme MBM (Master Business Management) of the Berlin School of Economics and Law. Articles on this blog are published by the users themselves (the students attending the module), so that they are able to demonstrate the achievement of the learning and competence targets of the module.
The website also serves peer-to-peer learning within the group of students and can only be accessed by log-in with username and password.
Personal data are only collected to ensure the reliable operation of the website.
It is currently not intended to use the data for any other purposes than those mentioned. Should the data be used for other purposes in the future, we will inform you in advance.
Processing is based on the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act, the Berlin State Data Protection Act and the Berlin Student Data Regulation.

5 Collection and use of personal data
In order to use our service it is necessary to register or log in by providing personal data.
Editorial / administrative user management:
the registration of a user is only necessary for administration or editorial work on the website. The blog is created by the IT department. The person responsible for the blog receives an administrative account from the IT department. The account enables the registration of further administrative or editorial users. The login data are created and managed by the persons responsible for the blog in the decentralised user management. The required login data will be transmitted and stored by the responsible persons. The data will not be passed on to third parties.
Following data are going to be collected during the registration process:
• username
• encrypted password
• (university related) e-mail address
• first name
• last name
The registration process provides information about the processing of these data. The legal basis for the processing of the data is pursuant to Article 6 (1) (e) GDPR. A registration of the users is necessary to provide the features and functions of WordPress for the content provision.
In case the processing of personal data is necessary for the performance of a delegated task, Article 6 (1) (e) GDPR serves as the legal basis. In case the processing is necessary to safeguard a legitimate interest of the Berlin School of Economics and Law or of a third party and if the interests, fundamental rights and freedoms of data subjects do not outweigh the former interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing. Should we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis.
The following data are collected when using WordPress without plugins:
• connection data (e.g. IP address, date and time of connection)
• access data: user name, password in encrypted form, (university-related) e-mail address, first name, surname
• content data (e.g. uploaded files, entries)
The temporary storage of connection data, in particular the IP address, by the system is necessary to enable WordPress to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The legal basis for the temporary storage of data concerns Article 6 (1) (f) GDPR.
The data (connection/access and types of content data) are also stored in log files. The storage in log files is done to ensure the functionality of WordPress. The Fail2ban function on the server-side will also be used to block IP addresses. Moreover, the data serve to ensure the security of the information technology systems. These purposes also include our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.
The data in the log files are deleted after 14 days. Only administrators have access to the log files. The collection of the data for the allocation of WordPress and the storage of the data in log files is absolutely necessary for the operation. There is therefore no possibility of objection on the part of the users.
Commentary function
Contributions to our MBM blog https://blog.hwr-berlin.de/green/ can and should be commented in the interest of peer-to-peer learning. Data displayed in the comment form are saved. This means the name and e-mail address of the user who writes the comment. In addition, the user’s IP address and the user agent string (which identifies the browser) are collected to help detect spam. The date and time of the comment are saved too.
An anonymised character string (also called hash) can be created from the e-mail address and transferred to the Gravatar service to check whether the user is using it or not. The privacy policy of the Gravatar service can be found here: https://automattic.com/privacy/. After the comment is released, the profile picture is publicly visible in the context of the user’s comment.

6 Duration of data storage/erasure deadlines
Registered users
The personal data of the administrative or editorial users of the WordPress blog MBM blog https://blog.hwr-berlin.de/green/ will be stored until the user is deleted as no administrative or editorial access is required.
This is the case when a person leaves the HWR Berlin, the blog page is deactivated or responsibilities change, and it takes place at the latest at the end of the semester following the submission of the examination paper (i.e. if the module is attended in the winter semester 2020, the data, contributions, and comments are deleted at the end of the summer semester 2021/22 at the latest).

7 Use of Cookies
WordPress uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the computer system of the user. When visiting WordPress, a cookie can be stored on the user’s operating system. This cookie contains a unique string that allows the browser to be uniquely identified when the website is called up again.
During the registration on the blog MBM blog https://blog.hwr-berlin.de/green/ a cookie is temporarily set to determine whether the browser accepts cookies. This cookie contains no personal data and is deleted when the browser is closed.
During the registration on the blog MBM blog https://blog.hwr-berlin.de/green/ some cookies are additionally set up to save the login information and display options. Login cookies expire after two days, cookies concerning the display options after one year. If the option “keep me logged in” is selected during registration, the registration will be maintained for a fortnight. When you log out of WordPress, the registration cookies are deleted.
When an article is edited or published, an additional cookie is stored in the web browser. This cookie does not contain any personal data and only refers to the posting’s ID of the currently edited article. This cookie expires after one day.
When you write a comment on the MBM blog https://blog.hwr-berlin.de/green/, this can be a consent to store your name, e-mail address and website in cookies. This is a convenience function so that you do not need to re-enter all these data when you write another comment. These cookies are stored for one year.
Embedded content from other websites
Contributions on this website may contain embedded content (e.g. videos, images, posts, etc.). Embedded content from other websites acts exactly the way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking services, and record your interaction with this embedded content, including your interaction with this embedded content when you are logged on to the MBM blog https://blog.hwr-berlin.de/green/.

8 Used Plugins
Following plugins are used for the activity of the blog MBM blog https://blog.hwr-berlin.de/green/:
Force Login https://wordpress.org/plugins/wp-force-login/ which hides the WordPress site from public viewing by requiring visitors to log in first. Version 5.5

9 Information
Upon your request, we will immediately inform you which of your personal data are stored in WordPress on the blog MBM blog https://blog.hwr-berlin.de/green/. Please contact the administration of the WordPress website by e-mail:
marianne.egger[at]hwr-berlin.de
or
mirjam.klessen[at]hwr-berlin.de
Information can also be obtained from our official data protection officer Vitali Dick (HiSolutions) / Prof. Dr. Markus Schaal (deputy data protection officer)

10 Legal bases
EU General Data Protection Regulation (GDPR)
Student Data Ordinance (in German: StudDatVO)
Federal Data Protection Act (in German: BDSG)
Berlin Data Protection Act (in German: BlnDSG)
Telemedia Act (in German: TMG)
Data Processing Statue of HWR Berlin (DVS HWR Bln)
For more information on data protection please visit the website of the state commissioner for data protection:
https://www.datenschutz-berlin.de
Last update: 29.09.2020