Information sheet on the declaration of commitment
The Federal Data Protection Act (BDSG) regulates the processing of personal data by public and non-public bodies, regardless of the form in which they are stored and whether they are stored in automated or non-automated processes.
Personal data is individual information about personal or factual circumstances of a certain or determinable person.
Data may only be collected if knowledge of it is necessary in order to be able to fulfil the respective concrete and current business purpose completely and within a reasonable time. A collection “on stock” is not permitted. With a few exceptions, data may only be collected directly from the persons concerned.
Personal data may only be stored, modified, transmitted or used for a specific purpose. They are bound to the lawful purpose for which they were collected. Any use must be permitted by law (cf. § 28 BDSG) or must be permissible on the basis of the corresponding consent of the person concerned.
Third parties to whom the data are permissibly transmitted may only use them for the specific purpose for which they were transmitted.
It must be ensured that employees or volunteers have access only to the data and data carriers they need to carry out their tasks.
Data that has become known in the professional or voluntary sector may not be used for private purposes.
Also, the transfer of data to other bodies within the organisation generally requires permission by law (§ 28 BDSG) or the consent of the persons concerned. Blocked data may not be passed on.
Data and data carriers (e.g. lists of members or lists of those seeking advice, files, recordings, CDs and DVDs described) must be stored in such a way that unauthorized persons cannot access them; if necessary, appropriate security measures must be taken.
Used passwords and passports must be kept secret. Regulations on the use of such passwords (length, frequency of change, avoidance of certain types of words, written deposit, etc.) must be observed.
Data carriers or EDP devices that are no longer required must be destroyed, deleted or disposed of in such a way that any unauthorised access to data is excluded. Until they are destroyed, deleted or disposed of, they must be stored in such a way that they are protected against unauthorised access.
The obligation to maintain data secrecy shall continue to apply after termination of membership or voluntary or full-time work for the Association.
Every person concerned has in principle the right to be informed about his or her data, its origin, the recipients to whom the data has been passed on and the purpose of storage (§ 34 BDSG).§ 5 BDSG – Data secrecy
The persons employed in data processing are prohibited from collecting, processing or using personal data without authorisation (data secrecy). Such persons, insofar as they are employed by non-public bodies, must be bound by data secrecy when they start work. The data secrecy shall continue to exist after termination of their employment.
§ Section 43 (2) BDSG – Fines
It is an administrative offence to deliberately or negligently
- unauthorisedly collects or processes personal data which are not generally accessible
- unauthorisedly holds personal data which are not generally accessible for retrieval by means of automated procedures,
- unauthorisedly accesses personal data which are not generally accessible, or obtains them or any other data from automated processing or non-automated files
- complicates the transmission of personal data which are not generally accessible by providing incorrect information,
- contrary to section 16 subsection (4), first sentence, section 28 subsection (5), first sentence, also in conjunction with section 29 subsection (4), first sentence
Declaration of commitment according to § 5 of the Federal Data Protection Act (BDSG) to maintain data secrecynisses
Due to your membership/assignment, we oblige you to maintain data secrecy in accordance with Section 5 BDSG. According to this regulation, you are prohibited from collecting, processing or using personal data without authorisation.
This obligation continues to apply even after termination of your membership/activity.
We would like to point out that violations of data secrecy can be punished with imprisonment or a fine in accordance with Sections 44, 43 (2) BDSG and other criminal provisions. A breach of data secrecy may also constitute a breach of confidentiality obligations under labour law or corresponding obligations under association law.
I have been informed about the obligation to maintain data secrecy and the resulting behaviour. I have taken note of the information sheet on the declaration of commitment (plus texts of §§ 5, 43 para. 2, 44 BDSG).
