As a part of the certification in the respective certification profile, we, as the institution responsible for the Data processing, will store Personal Data for the duration that is necessary to reach the defined purposes and to comply with legal obligations. Hereinafter we are going to inform you about which Personal Data is being processed and in which way this will happen. We will furthermore inform you about your rights in regards to this matter.
Personal Data, as defined in to Art. 4 No. 1 General Data Protection Regulation (GDPR), means any information relating to an identified or identifiable natural person.
1. Name and Contact Information of the Data Processor as well as Fraunhofer’s Data Protection Officer
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
Fraunhofer Personnel Certification Body
Fraunhofer Institute for Applied Information Technology FIT
53754 Sankt Augustin
Phone: +49 2241 14-3773
Fax: +49 2241 14-3702
Fraunhofer’s Data Protection Officer can be reached at the address above, at the attention of the Data Protection Officer as well as at email@example.com.
You can contact our Data Protection Officer at any time with your questions regarding our Data Protection or your rights regarding your Personal Data.
Alternatively, you can directly address the Fraunhofer Personnel Certification Authority.
2. Processing of Personal Data and Purposes of the Processing
a. Registration for the certification examination
When you fill out the registration form for the certification examination, we collect various Personal Data of the participating person. We hereby mean name, surname, information regarding the contracting party/your employer and the invoice address (e.g. company, contact person, department, contact information). The latter can differ from the participant’s information but is linked to the personal information of the participant. These statements are mandatory to pass a certification.
The collection of this Personal Data takes place
- to identify our contracting party;
- for the justification and execution of the contractual relationship concerning the certification;
- to control the credibility of the provided Data;
- to contact you or the affiliate in case of queries and the organization of the certification process or in case of amendments to the certification process.
- to ensure that the person participating in the examination is the person she/he claims to be.
If a Participant, who becomes an affiliate, fills out the form, the data processing is based on Art. 6 I 1 b GDPR and is necessary for the fulfilment of the contract as well as for pre-contractual arrangements (e. g.to edit the application).
If a Participant does not act as the contracting party itself, the data processing is based on Art. 6 I 1 f GDPR and is necessary to protect our legitimate interests. The purposes mentioned are legitimate interests in terms of the provision mentioned above.
In general, the Personal Data that is collected during the application, will be stored and deleted after the regular limitation period of three years starting at the end of the year in which the contract and the concerned certification was concluded.
Furthermore, we are obliged by Art. 6 I 1 c GDPR to store Personal Data for 6 to 10 years because of legal duty to preserve records (especially according to § 147 AO). The period of preservation starts at the end of the year the invoice is dated. In this case, the storage is only for legal matters and only to the extent necessary to comply with legal duties.
There will be no storage beyond the already mentioned one, unless you agree to it according to Art. 6 I 1 a GDPR.
b. Voluntary disclosure and verification of admission requirements
We collect additional Personal Data of the disclosing Participant in addition to his/her name (Address and birth date) on a voluntary basis. However, the disclosure of such information is mandatory if you intend to apply for a certification.
The collection of this Data is needed
- to identify the Participant;
- to secure the identity of the Participant in the future, if necessary;
- to contact the Participant in case of queries, amendments to the certification process or to remind the Participant of the term of the certification; and
- to enable us to pass a transparent and lawful certification.
In order to get the certification, the Participant needs to prove that he/she fulfills all admission requirements. For this purpose, the Participant has to submit copies of corresponding credentials and qualifications (e.g.: diploma and employment reference).
With the request of a person interested in participating, the data processing is started based on Art. 6 I 1 b GDPR and is necessary to conduct pre-contractual arrangements (verification of admission requirements), provided the person acts as the contracting party. Otherwise data processing is based on our and the participant’s interest to assure the transparency of a lawful certification, according to Art. 6 I 1 f GDPR. In addition, data processing is necessary to allow a certification in order with DIN EN ISO/IEC 17024.
Furthermore, the Participant can voluntary disclose, how he/she came to know of Fraunhofer’s certification activities. We use this information to evaluate and enhance our marketing measures. This Data Processing is based on Art. 6 I 1 f GDPR and is necessary to protect our legitimate interests. The purposes mentioned are legitimate interests in terms of the above-mentioned provision.
In case a person does not fulfill all admission requirements, we will delete the Personal Data collected from the voluntary disclosure and from further records, as soon as we have determined that the participant has failed to pass the certification process.
In case of a temporary valid certification (which will be usually be granted for a 3 year period), we will store the data from the voluntary disclosure for up to one year after the termination, from further records that prove the fulfillment of all admission requirements and examination materials. During the validity period the storage takes place in both our interests to prove the lawfulness of the certification. After the validity period the storage takes place to make a recertification possible for the participating person.
In addition to a certificate, every Participant receives an unlimited valid attestation that proves he/she successfully participated in a certification examination. We store the attestation as well as its content longer than the validity period of the certificate in order to be able to confirm the content of the attestation after the termination of the certificate.
In case of an unlimited valid certificate, we store the certificate as well as the attestation up to 30 years.
c. Online proctored Examination
Participation in face-to-face and/or online proctored exams is the voluntary decision of the participants.
In the case of an online proctored examination, the collection of additional Personal Data may be necessary. In this case, the data is processed on the basis of Art. 6 (1) sentence 1 lit. a DSGVO. The procedure for online-proctored examinations and the handling of the personal data collected in this context are described below.
In order to participate in an online-proctored examination, participants must give their consent to this procedure and the collection of personal data by signing the registration form. Only then may the Fraunhofer Personnel Certification Authority make audio, video and screen recordings as part of the online-proctored examinations. Participants have the option of withdrawing their consent at any time. In principle, participants also have the option of taking part in a face-to-face examination instead of an online-proctored examination. This usually takes place on the premises of the Fraunhofer Personnel Certification Authority at the Fraunhofer Institute Center in Birlinghoven.
In the case of online proctored written exams, Data is collected via a learning management tool as well as an online proctoring tool. The collected data is used exclusively for the evaluation of the exam.
The exam questions and tasks are made available via the Moodle learning management system. The answers entered as part of the exam are also stored in Moodle. The learning management software runs on a server of the Fraunhofer Personnel Certification Authority. The collected data can only be viewed by the Fraunhofer Personnel Certification Authority, as well as the examination officers who are sworn to secrecy.
In the context of conducting written online proctored examinations, the Fraunhofer Personnel Certification Authority cooperates with the online proctoring provider Proctorio GmbH, Bahnhofstr. 18, 85774 Unterföhring. The purpose of the cooperation is to ensure equal treatment of all participants by preventing cheating attempts in online proctored exams. The online proctoring software collects audio, video and screen data prior to the exam in the form of a room scan and personal identification using the ID card. Further audio, video and screen data are stored during the exam for the purpose of recording the examinees. The participants receive information about the rules of conduct during the examination at least one week before the examination begins. The data recorded during the examination will be evaluated by the Fraunhofer Personnel Certification Authority after the examination to detect any attempts at cheating. Violations of the rules of conduct will result in failure of the examination.
The camera data, audio data and screen data are stored on Proctorio's servers in Europe and deleted after 30 days at the latest. The Fraunhofer Personnel Certification Authority has concluded a commissioned processing contract with Proctorio. Through this contract, Proctorio assures to process the data on behalf of the Fraunhofer Personnel Certification Authority in accordance with the General Data Protection Regulation and to ensure the protection of the rights of the data subjects. The online proctoring provider does not have access to participant data such as name, address, answers, and exam results of the participants.
Online proctored oral exams are conducted online via video conferencing in Microsoft Teams. No video, audio, or screen recordings are made before, during, or after the exam. During oral online proctored examinations, participants are also required to adhere to the rules of conduct specified by the Fraunhofer Personnel Certification Authority to avoid attempts at cheating. Possible attempts at cheating will be detected during the examination and will result in the participant failing the examination.
For identity verification, participants will also be asked to hold their photo ID up to the camera once and to perform a room scan with a web cam or the laptop camera at the beginning of the exam.
In line with your right to object, you can request deletion of your recordings at any time. Should you exercise this right, the legal requirements will first be checked. However, the proctorio recordings will be deleted after 30 days in any case. Should you use the right of objection, you will not incur any additional costs.
For more information on online proctored exams, see here.
d. Approach in order to recertify
We use email-addresses we received from voluntary disclose, to contact a person whose certificate is about to expire. The approach takes place to inform this person about the expiration as well as the possibility of a recertification.
This Data Processing is based on Art. 6 I 1 f GDPR. It is justified by our interest to provide a recertification and because of your interest to use the possibility of a simplified recertification.
If the person is not interested in a recertification, we will delete the Personal Data at the latest one year after termination of the certificate.
3. Application of Information concerning the lawfulness of a certificate
It is possible to obtain information concerning the entitlement of a person that has passed the certification successfully, if the number of the certificate is given (e.g. from potential employer of the mentioned person). To identify the mentioned person, it is necessary to ask for the name, birthday and place of birth. We will compare this information with the Personal Data stored of this person (name, birthday, place of birth). Afterwards we confirm the lawfulness positively or negatively, without passing any Personal Data.
The comparison is based on Art. 6 I 1 f GDPR. It is used to prevent the misuse of our certificates, so it is necessary to protect our legitimate interest according to the above-mentioned provision.
4. No Transfer of Personal Data
A principle of Fraunhofer’s handling of Personal Data is that your Personal Data will not be transferred to third parties. However, a transfer is possible, in case
- you granted us your consent according to Art. 6 I 1 a GDPR; or
- we have a legal duty to transfer the Data according to Art. 6 I 1 c GDPR; or
- of a confirmation of lawfulness according to Section 3.
A transfer of Personal Data to a third state (outside of EU) or to an international organization is excluded.
5. Rights of affected Persons
You have the right to
- revoke your consent at any time according to Art. 7 III GDPR. As a consequence, we are no longer entitled to process Data, that was based on your consent;
- request information about the processing of your Personal Data according to Art. 15 GDPR. You can request information about the purposes of processing, category of Personal Data, category of recipients, who receive your Personal Data or will receive it in the future, proposed time of storage, the existence of a right to correct, delete or limit the processing or to revoke, the existence of a right of appeal, the origin of your Personal Data, in case they were not collected from us, as well as the existence of automatic decision making, including profiling and as appropriate expressive information concerning the details;
- request immediate correction of incorrect or incomplete Personal Data according to Art. 16 GDPR;
- request deletion of all of your Personal Data according to Art. 17 GDPR, as long as the processing is not necessary to exercise the right of free speech and information, to fulfill a legal duty, because of reasons of public interest or to plead, exercise or to defend legal claims;
- request restriction of the processing of your Personal Data according to Art. 18 GDPR, as far as you deny the correctness of your Personal Data. You also have the right to request restriction of the processing of your Personal Data, in case the processing is unlawful, provided that you do not want your Personal Data deleted and we do not need your Personal Data anymore, but you need them to plead, exercise or defend legal claims or you entered an objection against the processing according to Art. 21 GDPR;
- to receive your Personal Data, that you provided, in a structured, usual and machine-readable format or to request the transmission to another authority according to Art. 20 GDPR;
- to complain to regulators according to Art. 77 GDPR. Usually you can turn to the regulator of your place of residence, your place of work or place of business of our contracting party.
Information concerning your right of objection according to Art. 21 GDPR
You have the right to revoke your agreement to the processing of your Personal Data based on Art. 6 I e GDPR (Data Processing based on public interest) and Art 6 I f GDPR (Data Processing based on weighing of interest) at any time; this includes a profiling according to Art. 4 IV GDPR.
If you revoke your agreement, we will no longer process your Personal Data, except we can provide compulsory legitimate reasons for the processing. This reasons need to outweigh your interests, rights and freedoms or the processing serves the possibility to plead, exercise or defend legal claims.
If you revoke your agreement to the processing of Personal Data for direct advertising, we will immediately such processing. In this case you do not have to give a special reason. The same applies to profiling, as long as it is connected to such direct advertising.
To make use of your right of objection, you can send an email to firstname.lastname@example.org.
6. Data safety
We use suitable technical and organizational safeguard measures to protect your Personal Data against random or willful manipulation, partial or complete loss, destruction or unauthorized access of third parties. Our safeguard measures will be improved according to technological process.
The following Personal Data is collected and stored by the Fraunhofer Personnel Certification Authority during the certification process:
- Address of the Participant,
- E-Mail address and
- Invoice address
In the event of a registration for a further training at the Fraunhofer-Gesellschaft that is related to the certification examination, the above-mentioned Personal Data will also be stored at the department providing the further training. The Fraunhofer Personnel Certification Authority and the department providing the further training are entitled to compare the data stored about the Participants. This serves to keep the Personal Data up-to-date in each case. The Personal Data is not passed on to other departments of Fraunhofer. Any additional Personal Data collected and processed as part of the certification process is only stored at the Fraunhofer Personnel Certification Authority and is not passed on to other departments.
7. Currency of this data protection information
This data protection information dates from October 2022.