12.6 How does the German Accreditation Council process data from university members contained in accreditation applications?

Data from higher education institutions are generally contained in the self-evaluation reports and/or annexes to these reports, which the higher education institutions must attach to the accreditation application in accordance with Section 23 (1) of the specimen decree (MRVO) or the corresponding state ordinances.

The higher education institution submitting the application is responsible for checking the legality of the transfer of the personal data contained in the application documents and for obtaining the necessary clarifications in accordance with the GDPR, state data protection laws and, if applicable, the Federal Data Protection Act. The Foundation collects the data on the basis of Art. 6 para. 1 e) GDPR in conjunction with Section 3 para. 1 DSG NRW, i.e. the data processing is necessary for the performance of a task carried out in the public interest.

The data is stored in ELIAS. Members of the Accreditation Council and/or members of the Board of the Foundation (this depends on the type of application) can access this data via their account. They have undertaken to do so,

• not to store applications, including all documents or attachments contained therein, on data carriers outside ELIAS for purposes other than application processing;
• not to pass on the applications, including all documents and attachments, to third parties unless it is absolutely necessary to pass them on to their own employees in order to process the application. If the applications are passed on to the company’s own employees, the latter are obliged to treat the documents confidentially and not to pass them on themselves.

The data will not be passed on and will not be published.

The aforementioned data is contained in the application files. As a rule, these are kept for eight years from the expiry of the validity period of the respective accreditation or, as a rule, eight years from the announcement of a negative decision. This serves to ensure the traceability of the actions and decisions of the German Accreditation Council. A longer storage period only takes place if the further storage of the application file is necessary for legal accreditation procedures that have not yet been completed.

Members of the Accreditation Council and/or members of the Board of the Foundation as well as their employees are obliged to delete any downloaded applications including all documents or attachments from data carriers outside of ELIAS as soon as they no longer need them for the evaluation of accreditation applications.

The processor is ProUnix Gesellschaft für Softwareentwicklung mbH, Heinemannstr. 34, 53175 Bonn. ELIAS is operated by ProUnix on the servers of Claranet GmbH, which is used by ProUnix as a subcontractor. You can find more information on order data processing by ProUnix at https://antrag.akkreditierungsrat.de/datenschutz/.