12.4 Processing of applicants' data in the electronic application processing system ELIAS

As a public body, the German Accreditation Council is subject to the provisions of the GDPR and the NRW Data Protection Act.
It requires the data of applicants for the following purposes:

• for creating and managing the user account in ELIAS,
• for the identification of the user when logging into the system,
• for communication with the user within the system and  
• for ensuring the traceability of administrative actions.

As a rule, the applications and attached documents submitted in ELIAS, the messages sent to the German Accreditation Council via the system as well as the date, time, sender and e-mail address of the application or message are stored for eight years from the expiry of the validity period of the respective accreditation or from the notification of a negative decision. This serves to ensure the traceability of the actions and decisions of the German Accreditation Council. The data will only be stored for longer if further storage of the application file is necessary for legal accreditation procedures that have not yet been completed.

Otherwise, user data (surname, first name, title if applicable, e-mail address(es), telephone number(s) and university address) and the current password (in encrypted form) will be stored for as long as the user account exists and deleted immediately if the account is deleted.

This information also applies to Agencies that assume university functions in the system. The legal basis for data processing is Art. 6 para. 1 lit. e GDPR; data processing is therefore necessary for the performance of the public task of the German Accreditation Council.

Further information on the processing of user data can be found at https://antrag.akkreditierungsrat.de/datenschutz/