Privacy policy

Whose personal data is processed? (Categories of data subjects)

Anyone who visits the website of the application service for recognition at https://www.berufsanerkennung-antragsservice.de.

What categories of personal data are processed?

• IP address of the device or connection accessing the website
• Date and time the website was viewed
• Name of the Internet service and resource called up and the action used
• Request sent by the client
• Data volume transferred
• Report as to whether the website was accessed successfully
• Client information (among other things, browser, operating system)

Why is the data processed? (Purposes of processing)

To ensure the error-free operation of the website „Application Service Recognition“ online service, including troubleshooting and error rectification and safeguarding the intended functionality of the website, as well as defending against and analysing attacks.

What happens to the personal data?

Personal data is processed using server log files.

What is the legal basis?

The legal basis for the processing of personal data is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8a (1) Sentence 1 of the German Online Access Act (OZG) because the processing is necessary to provide and safeguard the intended functions of the website of „Application Service Recognition“ online service.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

There is no legal obligation to process personal data. However, it is not possible to use the website of „Application Service Recognition“ online service without providing the information.

How long is personal data stored?

After 48 hours, the server log files are restricted for the purpose of processing to the extent that the data can only be restored from encrypted backups in individual cases upon request. After six weeks, the data is erased from the encrypted backups as well.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

• Applicant’s master data
• Applicant’s address details
• Applicant’s contact details
• If necessary, representative’s master data
• If necessary, representative’s address details
• If necessary, representative’s contact details
• If necessary, representative’s authorisation
• Citizenship and residency data
• Data concerning the recognition procedure so far
• Qualification data
• Data concerning professional experience
• Data for further implementation of the recognition procedure
• Health data
• Data on previous professional or criminal sanctions
• Metadata generated while using the application form

Some of the categories of personal data referred to above are not required for every application for recognition of a foreign professional qualification. The relevant categories are marked with the addition “if necessary”. If the processing is not required, the fields used to request personal data will not appear in the application service for recognition. For example, it is not necessary to provide contact details for a representative if the applicant completes the application themself.

In order for the responsible authority to be able to process the application for recognition of a foreign professional qualification, the requested data must be partly substantiated with supporting documents. The supporting documents are uploaded electronically in the application route in the form of a portable document format (PDF). In addition, a certified translation needs to be uploaded for some supporting documents. If a translation is required, this is indicated in the information fields of the application route.

Why is the data processed? (Purposes of processing)

The above-mentioned data is processed for the following purposes:

• Support with the submission of electronic applications in the procedure for the recognition of foreign professional qualifications
• Temporary storage of applications in the Recognition application service
• Disclosure of data from the application to the relevant competent authority
• Transmission of electronic documents on administrative procedures to the applicant and, if applicable, the representative

What happens to the personal data?

Personal data is recorded electronically in the application service for recognition and cached if necessary to enable the applicant and the representative to complete, correct or delete the electronic application later. The information is then processed for the purpose of the decision on the recognition of foreign professional qualifications during the administrative procedure by the competent authority.

What ist he legal basis?

The legal basis for the processing is Article 6 (1) Sentence 1 (e) GDPR, Article 9 (2) (g) GDPR in conjunction with § 8a (1), (2), (3) OZG.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

When applying, it is necessary to provide certain data. The application service distinguishes between mandatory and voluntary information. The application cannot be sent without the mandatory information. The application service makes it clear which information is mandatory and which is voluntary.

The application does not have to be submitted electronically via the application service for recognition. It may also be submitted by other means of communication or in person. The competent body for the recognition procedure may reject the application as long as the information required for the decision is not available.

How long is personal data stored?

Saved applications are deleted from the Recognition application service no later than 24 hours after the last change to the application, unless they are sent before then.

Once the application has been sent via OSCI/XTA2, the personal data collected for the application will be deleted from the Recognition application service immediately, usually within 10 minutes.

If the application is sent via FIT-Connect, the data will be deleted from the IT.NRW systems immediately after successful retrieval by the competent authority. The data is stored in the FITKO system for 7 days after successful retrieval and then deleted. If the retrieval by the competent authority is not successful, the data will be completely deleted from the systems of the technical service providers after a maximum of 21 days.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

• Personal data
• Technical metadata

Why is the data processed? (Purposes of processing)

Media seamless login of the applicant or representative to the personal area to be able to assign applications to a user of the application service recognition and to display previously created draft applications and make them available for processing.

What happens to the personal data?

In case of registration a user account, e.g. BundID, the above personal data is requested and then processed in the Recognition application service if it is stored in the user account. Applicants or their representatives remain free to submit applications by other means to the competent authority.

What is he legal basis?

The legal basis for the processing is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8 (1), (5), (8) OZG.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

The applicants or representatives are not required by law to prove their identity to MAGS NRW by means of a user account. The applicant or representative is still free to submit the application to the body responsible for the recognition procedure by other means.

How long is personal data stored?

The data is erased from the application service for recognition after the session has been ended.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

• Personal data
• Address data
• Contact data
• Technical metadata

Why is the data processed? (Purposes of processing)

Media seamless authentication of the applicant or representative to be able to assign an application to a user of the application service recognition.

What happens to the personal data?

In the case of identification by way of a user account such as the BundID, the aforementioned data, if stored in the user account, will be requested. The data is retrieved from the authority responsible for maintaining the user account (transmission).

What is the legal basis?

The legal basis for the processing is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8 (1), (5), (8) OZG.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

Applicants or representatives are not required by law to prove their identity to MAGS NRW by means of a user account. However, all applications that can be submitted electronically via the Recognition application service technically require legitimization. The electronic application cannot be completed without legitimization. The applicant or representative is still free to submit the application by other means to the office responsible for the recognition procedure.

How long is personal data stored?

The personal data will be deleted with the other application data after the application has been sent to the office responsible for the recognition procedure on the Recognition application service.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

• Personal data
• Address data
• Contact data

Why is the data processed? (Purposes of processing)

To transfer the aforementioned data of the applicants or their representatives without any media discontinuity in order to pre-fill the application form.

What happens to the personal data?

If the applicant or representative authenticates themselves using a user account, e.g. BundID, at the start of the application process, the above personal data can be transferred to the respective application. The data can only be transferred if it is stored in the user account. The data is retrieved from the authority responsible for maintaining the user account (transmission). Applicants or their representatives can amend and overwrite all transferred data.

What is the legal basis?

The legal basis for the processing is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8 (1), (5), (8) OZG.

Is there an obligation to disclose this personal data?

Applicants or their representatives are not required by law to consent to the transfer of data.

How long is personal data stored?

The personal data will be stored in the application and deleted with the other application data after submission.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

• Technical metadata (e.g. inbox ID)

Why is the data processed? (Purposes of processing)

The data is used to enable contact with applicants or their representatives for the purpose of providing information relating to the application and/or communicating the administrative decision by electronic means.

What happens to the personal data?

If the inbox is used, the aforementioned personal data is stored in the application service for recognition. The data is also shared with the authority responsible for the recognition procedure.

What is the legal basis?

The data is processed only with the consent of applicants or the representatives in accordance with Art. 6 (1) Subsection 1 (a) GDPR.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

Applicants or their representatives are not required by law to consent to the use of the inbox function. The authority responsible for the recognition procedure can still contact the applicant or representative by post.

How long is personal data stored?

Once the application has been sent via OSCI/XTA2, the personal data collected for the application will be deleted from the Recognition application service immediately, usually within 10 minutes.

If the application is sent via FIT-Connect, the data will be deleted from the IT.NRW systems immediately after successful retrieval by the competent authority. The data is stored in the FITKO system for 7 days after successful retrieval and then deleted. If the retrieval by the competent authority is not successful, the data will be completely deleted from the systems of the technical service providers after a maximum of 21 days. If the application is not sent, the data is deleted when the Recognition application service is closed.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

The same categories as in the respective application (in accordance with section 4.3).

Why is the data processed? (Purposes of processing)

The documents relating to the electronic application are sent to a user account to support the applicant and, if applicable, the representative when using the electronic administrative services.

What happens to the personal data?

Documents relating to the electronic application are sent to a user account by the Recognition Application Service and can be accessed there by the applicant or representative.

What is the legal basis?

The legal basis for the processing is Article 6 (1) Sentence 1 (e) GDPR, Article 9 (2) (g) GDPR in conjunction with § 8 (6), (9) OZG.

Is there an obligation to disclose this personal data?

There is no legal obligation to process the data. The application does not have to be submitted electronically via the Recognition application service. It can also be submitted via other communication channels or in person.

How long is personal data stored?

Once the application has been sent via OSCI/XTA2, the personal data collected for the application will be deleted from the Recognition application service immediately, usually within 10 minutes.

If the application is sent via FIT-Connect, the data will be deleted from the IT.NRW systems immediately after successful retrieval by the competent authority. The data is stored in the FITKO system for 7 days after successful retrieval and then deleted. If the retrieval by the competent authority is not successful, the data will be completely deleted from the systems of the technical service providers after a maximum of 21 days.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

The same categories as in the respective application (in accordance with section 4.3).

Why is the data processed? (Purposes of processing)

Carrying out the administrative procedure to decide on the respective application. After clicking on the button to send an application, the data will be transmitted by IT.NRW to the authority responsible for data protection (authority responsible for data protection in the administrative procedure in accordance with section 1.2) or, if applicable, to the additionally commissioned technical service provider.

What happens to the personal data?

After clicking on the button to send an application, the data will be transmitted by IT.NRW to the authority responsible for data protection (authority responsible for data protection in the administrative procedure in accordance with section 1.2) or, if applicable, to the additionally commissioned technical service provider.

What is the legal basis?

The legal basis for the processing of the aforementioned data is Article 6 (1) Sentence 1 (e) GDPR, Article 9 (2) (g) GDPR in conjunction with § 8 (6), (9), § 8a (1) OZG.

How long is personal data stored?

Once the application has been sent via OSCI/XTA2, the personal data collected for the application will be deleted from the Recognition application service immediately, usually within 10 minutes.

If the application is sent via FIT-Connect, the data will be deleted from the IT.NRW systems immediately after successful retrieval by the competent authority. The data is stored in the FITKO system for 7 days after successful retrieval and then deleted. If the retrieval by the competent authority is not successful, the data will be completely deleted from the systems of the technical service providers after a maximum of 21 days.

Whose personal data is processed? (Categories of data subjects)

Users of the web browser on which the online application form is completed.

What categories of personal data are processed?

Unique identifier for the purpose of recognizing the user in the form management system.

Why is the data processed? (Purposes of processing)

To clearly attribute the application form to a particular browser session and to identify the communication between the form management system and the browser.

What happens to the personal data?

The unique identifier is stored in a cookie file on the user’s computer.

What is the legal basis?

1. The legal basis for the processing of the data is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8a (1) Sentence 1 OZG

2. If data is retrieved from the user's terminal device or stored on the terminal device, this is done on the legal basis of § 25 (2) No. 2 TTDSG, as the retrieval and storage is necessary for the function of the online application.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

There is no legal obligation to process personal data. However, it is not possible to use the „Recognition application service“ online service without processing the information.

How long is personal data stored?

The session cookie, which contains the unique identifier, is deleted when the web browser is closed.

Whose personal data is processed? (Categories of data subjects)

Users of the web browser on which the online application form is completed.

What categories of personal data are processed?

Unique identifier for the purpose of recognising the user in the application service for recognition.

Why is the data processed? (Purposes of processing)

During identification by way of a user account or at the latest at the beginning of the application procedure, a session cookie is created to identify the current user. This cookie is renewed during the processing of the application form and when the user account page is accessed.

What happens to the personal data?

The unique identifier is stored in a cookie file on the user’s computer.

What is the legal basis?

1. The legal basis for the processing of the data is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8a (1) Sentence 1 OZG.

2. If data is retrieved from the user's terminal device or stored on the terminal device, this is done on the legal basis of § 25 (2) No. 2 TTDSG, as the retrieval and storage is necessary for the function of the online application.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

There is no legal obligation to process personal data. However, it is not possible to use the „Recognition application service“ online service without processing the information.

How long is personal data stored?

The session cookie expires 10 minutes after the processing of the application form has been completed or after the user account page was last accessed.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

Meta data

Why is the data processed? (Purposes of processing)

The data is processed for the purpose of determining the processing status of the respective application and serves to provide proof that the application has been processed by the technical facilities of the processor IT.NRW.

What happens to the personal data?

The personal data is recorded electronically in the transport report on the Recognition application service.

What is the legal basis?

The legal basis for the processing of the data is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8a (1) Sentence 1, (2), (3) OZG.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

There is no legal obligation to process the personal data. However, the processing of the data is necessary to provide proof of whether and how the respective application was processed on the Recognition application service.

How long is personal data stored?

The transport report is created immediately after the application is sent. It will be deleted from the Recognition application service 3 years after it has been created.

Whose personal data is processed? (Categories of data subjects)

Applicants or their representatives

What categories of personal data are processed?

Meta data

Why is the data processed? (Purposes of processing)

The data is processed for the purpose of determining the number of applications processed on the Recognition application service. At the same time, the statistics report serves as proof that an application has been successfully transmitted to the competent authority or received by the follow-up system.

What happens to the personal data?

The personal data is recorded electronically in the statistics report on the Recognition application service.

What is the legal basis?

The legal basis for the processing of the data is Article 6 (1) Sentence 1 (e) GDPR in conjunction with § 8a (1) Sentence 1, (2), (3) OZG.

Is there an obligation to disclose this personal data and what are the consequences of not providing the data?

There is no legal obligation to process data. However, the processing of data is necessary for the correction of errors in the transmission of applications to the responsible authority for the recognition procedure.

How long is personal data stored?

The statistics report is created once a month and will be deleted from the application service recognition after 24 hours.