List of the responsible data protection officers
Data Protection Officer Carl von Ossietzky University of Oldenburg (UOL):
Ass. iur. Patrick Rüscher
Phone: 0441 798-4196
E-mail: [email protected]
Postal address
Carl von Ossietzky University of Oldenburg
The Data Protection Officer
Ammerländer Heerstraße 114-118
26129 Oldenburg
Data Protection Officer Universität zu Lübeck (MOVE):
x-tention Informationstechnologie GmbH
Margot-Becke-Ring 37
69124 Heidelberg
Phone: +49 451 3101 1903
E-mail: [email protected]
Data Protection Officer ASCORA GmbH:
Rafael Karbowski
Ascora GmbH
Birkenallee 43
27777 Ganderkesee
E-mail: [email protected]
Data Protection Officer ProLog, Therapie- und Lernmittel GmbH:
Oliver Schmid
ProLog, Therapie- und Lernmittel GmbH
Olpener Str. 59
51103 Cologne
Phone: +49 221 66091 1932
Which partner is jointly responsible for which processing operations within the meaning of Art. 26 para. 1 GDPR?
| Processing Data collection | Processing RGB-D Videos | Processing Audiorecordings voice | Processing Clinical parameters and decision support | Processing names, addresses, e-mail addresses | |
| Description of the processing | Data collection of the audio, image and RGB-D video recordings as well as the medical questionnaires and other data on the smartphone using the LAOLA app on a smart device. Data on the smartphone using the LAOLA app on the smart device and data transfer by UOL, MOVE and ASCORA to the LAOLA data servers operated by ASCORA. | The collected RGB-D image and video data, image annotations and patient data are transferred from ASCORA’s data server to MOVE’s data server for processing via a state-of-the-art encrypted connection: On the basis of the data, MOVE extracts the physiological movement characteristics according to projects for analysis (e.g. keypoint detection and facemesh calculation) and on this basis determines the correctness of the keypoints to reference annotations, as well as extracts and validates clinically relevant parameters from them. For this purpose, UOL annotates the data in advance on the ASCORA data server or using standalone software and participates in the clinical interpretation of the results. MOVE coordinates the creation of the OpenAccess dataset. | The audio voice data collected with the LAOLA app on smart devices and transmitted to the ASCORA data server (of the exercise performance) is transferred from the ASCORA data server to the PROLOG, MOVE and UOL data servers for processing via a state-of-the-art encrypted connection: Based on the data, all three jointly extract methods for analysis (e.g. breathiness, hoarseness, roughness, loudness, etc.) and compare them with reference annotations. Clinically relevant parameters are also extracted from these and validated. For this purpose, UOL annotates the data in advance and participates in the clinical interpretation of the results. | Processing of the data sets on MOVE computers to develop and test decision support algorithms for training selection based on the questionnaire data, and the interpreted data resulting from the processing of RGB-D videos and the processing of the audio recordings voice. UOL and PROLOG are involved in the selection of indicators for the suitability of certain trainings and the associated indicators and score calculation. | Collection and storage of e-mail addresses and names of LAOLA app users on the ASCORA data server. |
| Purpose of the (data) processing | Data transfer | Data transfer and data analysis in the sense of the research task RGB-D video analysis for facial-body tension and correct exercise execution Creation of an OpenAccess data set | Data transfer and data analysis in the sense of the research task of vocal sound analysis Creation of an OpenAccess data set | Data transfer and data analysis in terms of the research task of decision support for training selection Creation of an OpenAccess data set | Identification of patients by therapists Contacting for further recordings and studies |
| Responsible parties: Who are the joint controllers for each of these processing operations? | |||||
| UOL | X | X | X | X | X |
| MOVE | X | X | X | X | |
| ASCORA | X | X | X | X | X |
| PROLOG | X | X | X | X | |
| Obligations: Which controller is responsible for which of the following obligations for which processing? | |||||
| Art. 13 Duty to provide information when collecting personal data. | UOL, MOVE | UOL, MOVE | UOL, MOVE | UOL, MOVE | UOL, MOVE |
| Art. 14 Duty to provide information if data was not collected from the data subject. | UOL, MOVE, ASCORA, PROLOG | UOL, MOVE | UOL, MOVE, PROLOG | UOL, MOVE | UOL, ASCORA, PROLOG |
| Art. 15 Processing of requests for information. | ASCORA | ASCORA, UOL, MOVE | UOL, MOVE, PROLOG, ASCORA | MOVE | ASCORA, PROLOG |
| Art. 16 Processing of rectification requests. | ASCORA | ASCORA, MOVE, UOL | PROLOG, ASCORA | MOVE | ASCORA, PROLOG |
| Art. 17 or 18 Processing of requests for erasure or restriction of processing and Art. 19 Notification of the obligation to erase. | ASCORA | MOVE, UOL, | PROLOG, UOL, | UOL, MOVE, ASCORA, | ASCORA, PROLOG |
| Art. 20 Processing of requests for disclosure (data portability). | ASCORA | ASCORA, MOVE | ASCORA, PROLOG | MOVE | ASCORA, PROLOG |
| Art. 21 Processing of objections. | ASCORA | ASCORA | PROLOG , ASCORA, | PROLOG | ASCORA, PROLOG |
| Art. 24 Abs. 1 i.V. m. Art. 32 Festlegung der techn.-org. Maßnahmen nach Risikoabschätzung und ggf. Datenschutzfolgeabschätzung (Art. 35) und Konsultation einer Aufsichtsbehörde/ Übermittlung der notwendigen Informationen (Art. 36 (3)). | ASCORA | ASCORA | PROLOG | PROLOG | ASCORA, PROLOG |
| Art. 24 para. 1 Documentation of the selection of technical and organizational measures (as proof). measures (as proof). | ASCORA, PROLOG | ASCORA, MOVE | ASCORA, PROLOG | ASCORA, MOVE | ASCORA, PROLOG |
| Art. 24 para. 1 Review and update of measures. | ASCORA, PROLOG | ASCORA, MOVE | ASCORA, PROLOG | ASCORA, MOVE | ASCORA, PROLOG |
| Art. 26 Provision of the essence of the joint controllers’ agreement. | ASCORA | ASCORA | ASCORA | ASCORA | ASCORA |
| Art. 28 Involvement of processors or sub-processors and their review. | ASCORA | ASCORA, MOVE | ASCORA, PROLOG | ASCORA, PROLOG | ASCORA, PROLOG |
| Art. 30 Maintenance of the record of processing activities. | ASCORA | MOVE | ASCORA | MOVE | ASCORA, PROLOG |
| Art. 33, 34 Process for reportable data breaches. | ASCORA | ASCORA | ASCORA | ASCORA, PROLOG | ASCORA, PROLOG |
| Art. 37 Appointment of a data protection officer. | UOL, MOVE, ASCORA, PROLOG | UOL, MOVE, ASCORA | UOL, MOVE, ASCORA, PROLOG | UOL, MOVE, ASCORA, PROLOG | ASCORA, PROLOG |
