Data Transfer Agreement

List of the responsible data protection officers

Data Protection Officer Carl von Ossietzky University of Oldenburg (UOL):

Ass. iur. Patrick Rüscher
Phone: 0441 798-4196
E-mail: [email protected]

Postal address
Carl von Ossietzky University of Oldenburg
The Data Protection Officer
Ammerländer Heerstraße 114-118
26129 Oldenburg 

Data Protection Officer Universität zu Lübeck (MOVE):  

x-tention Informationstechnologie GmbH
Margot-Becke-Ring 37
69124 Heidelberg
Phone: +49 451 3101 1903
E-mail: [email protected] 

Data Protection Officer ASCORA GmbH:

Rafael Karbowski
Ascora GmbH
Birkenallee 43
27777 Ganderkesee
E-mail: [email protected] 

Data Protection Officer ProLog, Therapie- und Lernmittel GmbH:  

Oliver Schmid
ProLog, Therapie- und Lernmittel GmbH 
Olpener Str. 59
51103 Cologne
Phone: +49 221 66091 1932

Which partner is jointly responsible for which processing operations within the meaning of Art. 26 para. 1 GDPR? 

 Processing Data collection  Processing  RGB-D Videos Processing Audiorecordings voice Processing Clinical parameters and decision support  Processing names, addresses, e-mail addresses 
Description of the processing Data collection of the audio, image and RGB-D video recordings as well as the medical questionnaires and other data on the smartphone using the LAOLA app on a smart device. Data on the smartphone using the LAOLA app on the smart device and data transfer by UOL, MOVE and ASCORA to the LAOLA data servers operated by ASCORA. The collected RGB-D image and video data, image annotations and patient data are transferred from ASCORA’s data server to MOVE’s data server for processing via a state-of-the-art encrypted connection: On the basis of the data, MOVE extracts the physiological movement characteristics according to projects for analysis (e.g. keypoint detection and facemesh calculation) and on this basis determines the correctness of the keypoints to reference annotations, as well as extracts and validates clinically relevant parameters from them. For this purpose, UOL annotates the data in advance on the ASCORA data server or using standalone software and participates in the clinical interpretation of the results. MOVE coordinates the creation of the OpenAccess dataset. The audio voice data collected with the LAOLA app on smart devices and transmitted to the ASCORA data server (of the exercise performance) is transferred from the ASCORA data server to the PROLOG, MOVE and UOL data servers for processing via a state-of-the-art encrypted connection: Based on the data, all three jointly extract methods for analysis (e.g. breathiness, hoarseness, roughness, loudness, etc.) and compare them with reference annotations. Clinically relevant parameters are also extracted from these and validated. For this purpose, UOL annotates the data in advance and participates in the clinical interpretation of the results. Processing of the data sets on MOVE computers to develop and test decision support algorithms for training selection based on the questionnaire data, and the interpreted data resulting from the processing of RGB-D videos and the processing of the audio recordings voice. UOL and PROLOG are involved in the selection of indicators for the suitability of certain trainings and the associated indicators and score calculation. Collection and storage of e-mail addresses and names of LAOLA app users on the ASCORA data server. 
Purpose of the (data) processing Data transfer Data transfer and data analysis in the sense of the research task RGB-D video analysis for facial-body tension and correct exercise execution Creation of an OpenAccess data set Data transfer and data analysis in the sense of the research task of vocal sound analysis Creation of an OpenAccess data set Data transfer and data analysis in terms of the research task of decision support for training selection Creation of an OpenAccess data set Identification of patients by therapists Contacting for further recordings and studies 
Responsible parties: Who are the joint controllers for each of these processing operations? 
UOL   X  X  X  
ASCORA  X   X  X   
Obligations: Which controller is responsible for which of the following obligations for which processing? 
Art. 13 Duty to provide information when collecting personal data. UOL, MOVE UOL, MOVE UOL, MOVE UOL, MOVE  UOL, MOVE 
Art. 14 Duty to provide information if data was not collected from the data subject. UOL, MOVE, ASCORA, PROLOG UOL, MOVE UOL, MOVE, PROLOG UOL, MOVE UOL, ASCORA, PROLOG  
Art. 15 Processing of requests for information. ASCORA ASCORA, UOL, MOVE UOL, MOVE, PROLOG, ASCORA  MOVE ASCORA, PROLOG 
Art. 16 Processing of rectification requests. ASCORA ASCORA, MOVE, UOL PROLOG, ASCORA MOVE ASCORA, PROLOG  
Art. 17 or 18 Processing of requests for erasure or restriction of processing and Art. 19 Notification of the obligation to erase. ASCORA MOVE, UOL,  PROLOG, UOL,  UOL, MOVE, ASCORA,  ASCORA, PROLOG 
Art. 20 Processing of requests for disclosure (data portability). ASCORA ASCORA, MOVE ASCORA, PROLOG MOVE ASCORA, PROLOG 
Art. 21 Processing of objections. ASCORA ASCORA PROLOG , ASCORA,  PROLOG ASCORA, PROLOG 
Art. 24 Abs. 1 i.V. m. Art. 32 Festlegung der techn.-org. Maßnahmen nach Risikoabschätzung und ggf. Datenschutzfolgeabschätzung (Art. 35) und Konsultation einer Aufsichtsbehörde/ Übermittlung der notwendigen Informationen (Art. 36 (3)). ASCORA ASCORA PROLOG PROLOG ASCORA, PROLOG 
Art. 24 para. 1 Documentation of the selection of technical and organizational measures (as proof). measures (as proof). ASCORA, PROLOG ASCORA, MOVE ASCORA, PROLOG ASCORA, MOVE ASCORA, PROLOG  
Art. 24 para. 1 Review and update of measures. ASCORA, PROLOG ASCORA, MOVE ASCORA, PROLOG ASCORA, MOVE ASCORA, PROLOG  
Art. 26 Provision of the essence of the joint controllers’ agreement. ASCORA ASCORA ASCORA ASCORA  ASCORA 
Art. 28 Involvement of processors or sub-processors and their review. ASCORA ASCORA, MOVE ASCORA, PROLOG ASCORA, PROLOG ASCORA, PROLOG 
Art. 30 Maintenance of the record of processing activities. ASCORA MOVE ASCORA MOVE ASCORA, PROLOG 
Art. 33, 34 Process for reportable data breaches. ASCORA ASCORA ASCORA ASCORA, PROLOG ASCORA, PROLOG