Privacy Notice for the "Digital Statement of Comparability" web portal

The protection of your personal data is important to the Secretariat of the Standing Conference of Ministers of Education and Cultural Affairs of the Länder in the Federal Republic of Germany (KMK Secretariat).
This privacy notice contains information about the data collected in relation with the "Digital Statement of Comparability" web portal, why this data is collected, the laws the data collection is based on, how you can contact the responsible entity and data protection officer, and the rights you have in regard to the processing of personal data.


I    Responsible entity and data protection officer

Responsible for the processing of personal data pursuant to Article 4 Number 7 DS-GVO is the

Secretariat of the Standing Conference of Ministers of Education and Cultural Affairs of the Länder in the Federal Republic of Germany (KMK)
Graurheindorfer Str. 157
53117 Bonn
Germany
Phone: +49 228 501 664
Fax: + 49 228 501 229
Email: zabservice@kmk.org


If you have specific questions regarding the protection of your data, please contact the official data protection officer: 

Secretariat of the Standing Conference of Ministers of Education and Cultural Affairs of the Länder in the Federal Republic of Germany
- Data Protection Officer -
Graurheindorfer Str. 157
53117 Bonn
Germany
Phone: +49 228 501 664
Fax: + 49 228 501 229
Email: zabdatenschutz@kmk.org

The following statement provides an overview of how the Central Office for Foreign Education (Zentralstelle für ausländisches Bildungswesen – hereinafter "ZAB"), a department of the KMK Secretariat, ensures the protection of your data, what kind of data is collected, which laws the data collection is based on, and the purpose of the data collection.


II    Processing of personal data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly – in particular by being matched with an identifier such as a name, an identification number, location data, or an online identifier.
The exact process, in particular regarding visiting the website (1), submitting an application including identification and registration (2), as well as the processing of an application and the preparation of a Statement of Comparability (3), is stipulated as follows:


1    Visiting the information website https://zab.kmk.org 

(a)     Session cookies

When you visit the information website, we collect data during an ongoing connection via your internet browser and with the help of essential session cookies. This data refers only to your IP address (see bullet points below). Session cookies enable the functionality of these applications. By using cookies, the body that sets the cookie (ZAB) receives the following information: 

  • date and time of the website visit; 
  • web browser and operating system used; 
  • complete IP address of the requesting computer; 

Access to information already stored in users’ terminals is based on §25, Paragraph (2), Number (2) TTDSG. The subsequent processing of personal data is based on Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §11, Paragraphs 1 and 2 EGovG Bln within the framework of public relations work. Data processing is necessary for the demand-oriented provision of information. The session cookies that are used will be deleted by your devices upon termination of the session. The above data will be deleted at the latest after seven days.


(b)    Log files

Every time this website is accessed or every time a file is retrieved, data about these actions is temporarily processed in a log file. The following data is stored: 

  • date and time of the website visit; 
  • web browser and operating system used; 
  • full IP address of the requesting computer; 
  • name and URL of the retrieved file; 
  • if necessary the previous website (the "referrer") from which this website is accessed. 

On the basis of Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG, the ZAB is entitled to collect and store this data in order to protect against attacks on the ZAB’s internet infrastructure and its communication technology even after the user is no longer visiting the website. The data is analyzed and, in the event of attacks on the communication technology, required to initiate legal and criminal prosecution. 
Data that has been logged while the ZAB website was accessed will only be shared with third parties if the ZAB is legally obliged to do so or if sharing this data is necessary for legal purposes or prosecution in the event of an attack on the communication technology. The data will not be shared with third parties in any other circumstance. The ZAB will not merge this data with other data sources.


(c)     Web analytics

The ZAB analyzes data regarding the use of this website with the software "Matomo" by using cookies. The following data is collected to perform web analytics: 

  • two bytes of the IP address of the user’s calling system; 
  • information about the operating system and browser used; 
  • location information; 
  • requested URL; 
  • website used to access the site (referrer site); 
  • subpages accessed from the visited website; 
  • duration of stay on the website; 
  • downloaded PDF files. 

During this process, the IP address is immediately anonymized and cannot be used to identify an individual user. Subsequently, an anonymized evaluation of the data is carried out for statistical purposes. The software "Matomo" runs exclusively on the servers of the website https://zab.kmk.org. The above data is stored exclusively on said servers. Neither the information generated regarding the use of the website nor the underlying personal data will be shared with third parties. The legal basis for the use of cookies to access information in your terminals is your consent according to §25, Paragraph 1 TTDSG. The processing of the above-mentioned personal data, which we may collect by using cookies, is also carried out on the basis of your voluntary and informed consent, but in accordance with Article 6, Paragraph 1, Letter a DS-GVO. You can revoke your consent at any time by clicking on the following link. The lawfulness of the data processing up to the time of the revocation remains unaffected.


2     Application support

(a)     Registration to create a portal-specific user account ("My Account")

You have to register in order to submit an application via the "Digital Statement of Comparability" web portal.


(aa)     Confirming your identity via a BundID account

You can register on the "Digital Statement of Comparability" web portal with your BundID account ("BundID"). You will be automatically redirected to the BundID website when you click the button; their privacy policy applies. They offer different ways to confirm your identity.


(bb)     Storage of registration data

Once you have given your consent in the BundID account, you will automatically be redirected to the "Digital Statement of Comparability" web portal. If it has been provided, we will use the following information from BundID:

  • first name(s); 
  • last name(s); 
  • birth name(s); 
  • date of birth; 
  • email address; 
  • phone number. 

In addition, the IP address is saved. This data is saved to enable the user to apply for a Statement of Comparability, in particular to confirm the identity of the applying person. The use and storage of data within the portal-specific user account ("My Account") is based on Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG in conjunction with §4, Paragraph 3, Number 2 KMKSekrG.


(b) Registration

After registering, you can log into the "Digital Statement of Comparability" web portal by re-authenticating yourself via BundID. For security reasons, each new login requires an authentication via BundID. It is processed on the basis of Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG in conjunction with §4, Paragrap 2, Number 2 KMKSekrG.


(c) Completion of an application

After registering, you can apply for your Statement of Comparability. We need the following information that has to be entered manually unless we can use your BundID information: 

  • title; 
  • first name(s); 
  • last name(s); 
  • email address; 
  • postal address; 
  • date of birth; 
  • place of birth; 
  • country of birth; 
  • nationality. 

Optional information: 

  • previous last name(s) (e.g. birth name(s));  
  • phone number.

Depending on the purpose of an application, the following personal data from the application form will be processed as well: 

  • information regarding previous Statements of Comparability; 
  • information regarding the highest university degree (e.g. country, degree type, name of the degree, degree program, specialization (optional), name of the university, location of the university, period of study, date the diploma was issued, certificate number of the diploma (optional), mode of study, duration of study, completion of a final thesis); 
  • information regarding any preceding degree(s) (country, degree type, name of the degree, degree program, specialization (optional), name of the university, location of the university, period of study, date the diploma was issued, certificate number of the diploma (optional), mode of study, duration of study, completion of a final thesis);
  • information regarding any additional degrees; 
  • information regarding a Statement of Comparability required for an application for an "EU Blue Card" (if applicable: employment contract or letter of intent); 
  • personal information included in any documents (ID document [passport or identity card], proof of name change [e.g. marriage certificate, EU Blue Card], diplomas [e.g. certificates, certificate from the university stating the mode of study, transcript of records or diploma supplement, documents regarding transferred credit], miscellaneous and additional documents supporting the application, if applicable: refugee ID or asylum notice).

The personal data – either data from the BundID used or data entered by you – is processed on the basis of the statutory authorization requirement Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG in conjunction with §4, Paragraph 3, Number 2 KMKSekrG. It is necessary to process this data to ensure that only eligible natural persons can apply for a Statement of Comparability and that the degree to be evaluated can be matched with the correct person. In order to comply with this requirement, we have to be able to identify you as the applying person. Finally, processing this data is necessary to fully record the degree to be evaluated. 
If you provide additional optional information beyond the information required for an application, your data is processed on the basis of your voluntary and informed consent on the basis of Article, Paragraph 1, Letter a DS-GVO. You give this consent implicitly by filling out the optional fields. You can revoke your consent to any further data processing by sending an email to zabservice@kmk.org. The lawfulness of the data processing until the time of revocation remains unaffected.


(d) Payment of fees

After your application has been received and before we begin evaluating the degree, the statutory fee has to be paid. For this purpose, we issue a notification of fees you can access via "My Account" as well as your BundID inbox. 
In order for you to be able to make your payment via the online payment service "ePayBL" and to generate the necessary ePayBL link, we will transmit pseudonymized information about your payment (in particular the transaction number and the amount and deadline of the payment) to the operator of ePayBL. We will receive a payment link from ePayBL that we will provide to you in the notification of fees. 
You can pay the fee via ePayBL (their privacy notice applies) or by bank transfer. Once we have received the fee, we will process your application.  
The payment is processed on the basis of Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG. In order to be able to fulfil its tasks, the ZAB has to match a payment to the appropriate application, determine an error in the process if necessary, and notify you accordingly. This is the only way to ensure the proper execution of the respective evaluation process.


3    Processing an application and issuing a Statement of Comparability

We process the personal data you entered when completing the application (see section 2c) in order to be able to evaluate your degree as requested. Once the Statement of Comparability has been completed by one of our officers, your Statement of Comparability will receive a digital seal and will be issued to you via "My Account" and your BundID inbox. If necessary, application-related communication – e.g. questions regarding your application – takes place via "My Account." 
Data associated with this is processed on the basis of Article 6, Paragraph 1, Letter e DS-GVO in conjunction with §3, Sentence 1, Number 1 BlnDSG. The data has to be processed in order to fulfil the ZAB’s tasks pursuant to §4, Paragraph 2, Number 2 KMKSekrG, in particular to review the submitted documents regarding the degree to be evaluated, to complete a corresponding Statement of Comparability, and to issue it to you.


4    Disclosure of personal data to third parties

(a) Disclosure to IT service providers in accordance with Article 28, Paragraphs 1, 3 DS-GVO

Personal data is processed in accordance with the security requirements within the processing of an order pursuant to Article 28, Paragraph 3 DS-GVO by ]init[ AG, Köpenicker Str. 9, 10997 Berlin, Germany. ]init[ AG acts as the hosting service provider for the IT system operating the "Digital Statement of Comparability" web portal.
The ZAB remains responsible for the processing of data.

(b) Other parties

In order to prepare a notification of fees, we transfer certain personal data (see section 2d) to the operator of ePayBL, a payment processing component of the ePayBL developer community: the state-owned company Sächsische Informatikdienste (SID), Dresdner Str. 78 A, 01445 Radebeul, Germany.


5    Deletion of data

We delete log data and log files at the latest within seven days, unless an IT-related security incident requires the data to be stored for a longer period of time. Session cookies are deleted automatically upon termination of the session. 
We will delete your data as soon as it is no longer required for the above-mentioned purposes and if particular legal retention obligations do not prevent the deletion.

 
III     Your rights

In accordance with DS-GVO, you have the following rights with regard to your personal data:

  • right to information; 
  • right to correction; 
  • right to deletion; 
  • right to the restriction of processing; 
  • right to object to the processing on the basis of Article 6, Paragraph 1, Letter e DS-GVO; 
  • right to withdraw your consent; 
  • right to data portability. 


The lawfulness of the data processing up to the time of the revocation of consent remains unaffected. 
You also have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 DS-GVO.  
You can also contact the data protection officer at the ZAB (see I) with any questions or complaints regarding data protection.


The exclusive official and binding version of this Privacy Notice shall be the German version. The English translation is provided for convenience only and is neither valid nor legally binding.