Basic principles for processing personal data

The AUAS aims to demonstrate and provide evidence that personal data is handled responsibly and in line with the GDPR.

‘Responsibly’ means that everyone at the AUAS who processes personal data acts in accordance with a number of logical basic principles:

Lawfulness, fairness and transparency

Make sure that there is a lawful reason to collect personal data and take care to process the data properly and responsibly.

A processing purpose is lawful if:
  • The data subject has given explicit consent for the processing.
  • The processing is necessary for the performance of a contract to which the data subject is party.
  • The processing is necessary to fulfil a legal obligation. The AUAS is authorised to process certain personal data in accordance with e.g. tax-related and educational legislation.
  • The processing is necessary in order to protect the vital interests of the data subject or of another natural person. Vital interests are involved if, for example, the data subject is rendered unconscious due to an accident and medical attention is necessary. In that case, the protection of privacy is outweighed by an overriding interest.
  • The processing is necessary in order to properly perform a task carried out in the public interest.
  • The processing is necessary based on legitimate interests of the AUAS. Legitimate interests may be involved if the processing is necessary in order to carry out regular business operations.




Purpose limitation

Be sure to indicate clearly for what purpose you are processing the data in question and stick to that specified purpose. You are not allowed to use data for a different purpose than the one for which it was collected.

Data minimisation

You may not collect more data than is necessary to achieve the relevant purpose. Unnecessary data collection is therefore prohibited. Exceptions are possible in the context of research.

Accuracy

The collected data must be accurate. Ensure that the personal data you collect is and remains correct and up-to-date.

Storage Limitation

Data may not be retained for longer than is necessary. Make sure you know when data is due to be destroyed or archived.

Integrity and confidentiality

Data must be properly secured and kept confidential. Appropriate technical and organisational measures are being taken at the AUAS for this purpose.

Published by  Central Privacy Team 18 December 2024