General data protection information

Purposes of the processing

Access and use Adobe Creative Cloud Pro as a teaching, research, and administrative tool.

This includes the use of the licensed products and services, static evaluations, provision of updates, ensuring information security, and technical and customer support.

Legal bases of the processing

• For the statistic article 6.1.e GDPR in conjunction with article 4 BayDSG (Art. 10 BayHSchG)
• For teachingarticle 6.1.e GDPR in conjunction with article 4 BayDSG (Art. 55 Abs. 2 BayHSchG)
• For employees and civil servants:
  • article 6.1.b GDPR in conjunction with article 4 BayDSG (§ 106 Gewerbeordnung)
  • article 6 1. c and e GDPR in conjunction with article 4 BayDSG (Art. 33 Abs. 5 GG)
  • article 6.1.c GDPR in conjunction with section 3a Abs. 1 ArbStättV
• For students and other members of the university and guests Art. 6.1.e GDPR in conjunction with article 4 BayDSG (i.a. article 2 BayHSchG)
• For communication partners and persons mentioned in the documents Art. Art. 6.1.e GDPR in conjunction with 4 BayDSG (i.a. article 2 BayHSchG).

Legal bases for disclosure to Adobe (beyond Adobe as data processor) 

• For the licensing and support Art. 6.1.b GDPR
• For product usage statistics and content analysis for machine learning and services based on it). Art. 6.1.e GDPR in conjunction with article 5 Abs. 1 S. 1 Nr. 2 BayDSG

Provision obligation

The provision of master data is required for use. In addition, usage data is generated during use. The cooperation for a quality management results from Art. 10 BayHSchG.

Categories of personal data

1. Account data
2. Documents and images, including their content and metadata
3. Access and log data (traffic data, control data, device information)

Recipients

• Adobe Systems Software Ireland Limited and its further processors
• Microsoft Ireland Operations Limited and its futher processors

International flow of personal data and safeguards

• Adobe weltweit, abgesichert durch die Standarddatenschutzklauseln (Anlange mit Modul 3 der Durchführungsbeschluss (EU) 2021/914 der Kommission vom 4. Juni 2021 über Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer gemäß der Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates)
• Microsoft and its further processors, with the standard contractual clauses as safeguards (Annex with module 3 of the Commission's Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council)

Limits for the deletion of the different categories of data

1.-2. After omission of the necessity
3. Regularly after 90 days, as long as the data is for license assignment, has not been anonymized or a support case exists

Further processing with Adobe as controller

In addition, Adobe Systems Software Ireland Limited processes a controller, 

• Use of Adobe applications,
• Content analysis for machine learning and services based on it,
• Support for products and services,
• Adobe interest-based advertising,
• Provision of Adobe websites,
• Use of Adobe Experience Cloud.

The following information is provided by Adobe:

• Adobe's privacy policy
• Adobe's additional privacy policies
• Cookies
• Adobe's marketing

• Adobe's Terms of Use

Furthermore, Adobe offers some privacy options.

Purposes and legal bases of the processing

Labfolder enables digital management and exchange of research data in an electronic web-based lab book via publicly visible user profiles and groups. Licenses are assigned via the university's WebShop. Other purposes are support and quality management.

The legal basis for license allocation is article 6.1.b GDPR, for master data and for traffic data article 6.1.e GDPR in conjunction with article 4 BayDSG. The legal basis for processing the research data is article 85 (2) GDPR in conjunction with article 25 BayDSG. Support is provided within the scope of the permissible extension of purpose in accordance with article 6.1 BayDSG. The legal basis for quality management is article 6.1.e GDPR in conjunction with article 4 BayDSG (article. 7 BayHO, article 10 BayHSchG).

Provision obligation

The provision of master data is required for use. In addition, usage data is generated during use. The cooperation obligation for a quality management is based on Art. 10 BayHSchG.

Categories of personal data

• Project data, communication and documentation
• Master data, including accounts and settings cookies
• Traffic data (log data and session cookies)

Recipients

Recipients of personal data may be research partners of the University of Würzburg involved in specific projects. The service is maintained by the Information technology center of the University of Würzburg. On occasion for maintenance and support labforward GmbH supports (Elsenstraße 106, 12435 Berlin).

International flow of personal data

International data transfer is not currently planned.

Limits for the deletion of the different categories of data

Project data, communication and documentation will be stored as appropriate until no longer required.

User accounts are usually deleted by the user or after he has left the university as an active member.

User accounts are usually deleted by the user or after he has left the university as an active member.

Purposes of the processing

Shibbloeth serves to provide a SingleSignOn for login and use of services to fulfill university tasks with their help or to provide teaching and working materials.

Legal bases of the processing

Art. 6 para. 1 lit. e GDPR in connection with Art. 2 BayHSchG or Art. 4 para. 1 BayDSG.

Provision obligation

The provision of master data is required for use. In addition, usage data is generated during use.

Source of data

The released attributes come from our central directory service.

In addition, further data is generated within the scope of service performance.

Categories of personal data

Inventory data, from our directory service for transfer to the requested service

• eduPersonAffiliation: student, employee, member. Multiple nominations are possible, member and employee are mutually exclusive. The status is independent of the affiliated institution.
• eduPersonPrimaryAffiliation: contains the affiliation with the highest priority.
• eduPersonTargetedID: a unique characteristic per user that remains the same over time, but does not allow any conclusions to be drawn about the user's personal data.
• eduPersonEntitlement: a unique value that is authorized for certain applications.
• Surname
• call sign
• email address
• username
• group memberships

data generated by the provision of services

• Cookies
• transaction data
• meta data
• log data

Recipients and

International data transfer

In the legal meaning of the term, the data is collected by the service provider directly from the persons using the service, so that there is no transfer within the meaning of Art. 44 et seq. of the GDPR. However, since the service is also offered in the European Economic Area, the providers are directly subject to the provisions of the GDPR.

Limits for the deletion of the different categories of data

Inventory data from our directory service for disclosure to the desired service, are held in Shibboleth only during the processing of the request.

Cookies are deleted after ending the browser session.
Log data from traffic data and control data are stored for a maximum of one year for disclosure monitoring purposes. Log data, that contains error messages, will be kept with the required data until the error has been clarified.

Other

There is no automated decision making including profiling. Our service is not an automated process as defined by law.

Purposes of the processing

Getting the Windows Student Use Benefit

Legal bases of the processing

Article 6.1.a GDPR

Consequences without consent or in case of withdrawal

You will not be able to receive or continue to use Windows Student Use Benefit without your consent or if you revoke it.

Categories of personal data

1.  Profile information (first name, last name, e-mail address, authorization status)
2. Access and log data (traffic data, control data. device information) to the profile from Microsoft 365

Recipients

1. Kivuto (126 York St. Suite 200, Ottawa, ON, K1N 5T5 Canada)
2. Microsoft Ireland Operations Limited and its further processors

International flow of personal data and safeguards 

1. Canada, Commission Decision 2002/2/EC of 20 December 2001
2. Microsoft and its further processors, with the standard contractual clauses as safeguards (Annex with module 3 of the Commission's Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council)

Limits for the deletion of the different categories of data

1. After revocation and expiry of statutory retention periods
2. One month

Purposes of the processing

Replying to messages (questions, problems, etc.) from users via the WhatsApp instant messaging service.

Legal bases of the processing

Article 6.1.a GDPR

Consequences without consent or in case of withdrawal

You will not be able to receive or continue to use WhatsApp as communication tool with us without your consent or if you revoke it.

Categories of personal data

1. Profildata (cell phone number, profile picture, user name)
2. Content data of messages
3. Information on time, delivery, and measurements and analysis
4. data due provisioning of electronic communications service

Recipients

WhatsApp Ireland Limited and futher processors.

International flow of personal data and safeguards 

Protected by the confidentiality of the communications pursuant to § 3 TTDSG and so far the processing is not an electronic communications service theStandard Contractual Clauses.

Limits for the deletion of the different categories of data

Personal data processed by us will be deleted after withdrawal of consent. Irrespective of this, a check is carried out at the end of the year to determine whether storage is still necessary for follow-up inquiries.

The deletion of the remaining personal data is the responsibility of the electronic communications service providers.

Electronic communications service

Since December 1, 2021, the communication solution WhatsApp is a electronic communications service. In this respect, the company WhatsApp is exclusively responsible.

Information on the processing of personal data and information from end devices can be found in the privacy policy of WhatsApp.

Furthermore, the contract summary and the notes on the European Code of Electronic Communications are also authoritative.

Support by WhatsApp

Support is provided by WhatsApp under its own responsibility. Please avoid disclosing personal information unless necessary to resolve the issue.

Website of WhatsApp

For the web pages of WhatsApp, WhatsAppis responsible in terms of data protection.

Summary

• The University of Würzburg manages a comprehensive collaboration and communications solution via https://uni-wuerzburg.zoom.us/.
• The solution is provided Telekom Deutschland GmbH who is reselling the solution by Zoom Video Communications Inc. as a regulated electronic communications service provider.
• If you use Zoom, you can be found by all other users worldwide for the purpose of communication.

Scope

The scope of this information covers

• Managing account information, profile and participant information, contacts and calendar integrations, service settings, registration information, and device information
• Organization of meetings and webinars
• Content and context of meetings, webinars, and messages
• Recordings of meetings or webinars

Purposes of the processing

License and use of the Zoom collaboration and communication solution as a tool for teaching, research and administration, including statistical analysis. This includes the use of the licensed products and services (including worldwide visibility and discoverability within the Zoom solution for communication purposes), provision of updates, ensuring information security, and technical and customer support.

Legal bases of the processing

Provision of the service and statistical analysis

Art. 6.1.e GDPR + Art. 4 BayDSG (e.g. articles 2, 10, 55 BayHSchG)

Provision as working equipment

• Art. 6.1.b GDPR + Art. 4 BayDSG (§ 106 Gewerbeordnung)
• Art. 6.1.c and e GDPR + Art. 4 BayDSG (Art. 33 Abs. 5 GG)
• Art. 6.1.c. GDPR + § 3a Abs. 1 ArbStättV

For event recordings

• Art. 6.1.b GDPR case of contracts with record-keeping obligations
• Art. 6.1.a GDPR in the other cases

Disclosure to Zoom, as far as no data processing

Protected by the confidentiality of the communications pursuant to § 3 TTDSG.

Disclosure to participants or users

Exercise of fundamental rights, in particular freedom of expression, teaching and research.

Categories of personal data

Recipients, international flow of personal data and safeguards 

Limits for the deletion of the different categories of data

Obligation to provide personal data

Without the provision of account information (for the hosting person or in case of closed meetings), the accruing traffic data and the information about your used terminal equipment you cannot use the service.

Electronic Communications Service

As of December 1, 2021, Zoom's meeting and webinar solution are regulated electronic communications services. For those services Zoom Video Communications Inc. is responsible.

In principle, it is possible for all Zoom users to communicate with you.

Information on the processing of personal data and information from end devices can be found in Zoom's privacy policy.

Support by Zoom

Support is provided by Zoom under its own responsibility. Please avoid disclosing personal data unless necessary to resolve the issue.

Website of Zoom

For the websites of Zoom, Zoom is the responsible in terms of data protection and privacy laws.
The University is only responsible for the JMU entry page in terms of data protection, but not for the redirects to provide the electronic communications services and the links "Download Client" or"Zoom Support" .