Druckansicht der Internetadresse:

Seite drucken

Zoom - Privacy statement and information on data processing

The University of Bayreuth is not liable for inaccuracies or mistakes in this English translation. In case of doubt, the German originals are to be used in a court of law.

I. Name and address of the party responsible

The party responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of Member States as well as other provisions of data protection law is the:

Universität Bayreuth
Universitätsstraße 30
95440 Bayreuth
Deutschland

Represented by your President

Prof. Dr. Stefan Leible

Universitätsstraße 30
95440 Bayreuth
Tel.: +49 (0)921 / 55-5201
E-Mail: praesident@uni-bayreuth.de


II. Name and address of data protection officer

The data protection officer of the party responsible is:

Thomas Frahnert

ZUV, Raum 1.17
Universitätsstraße 30
95440 Bayreuth
Deutschland
Tel.: +49 (0)921 / 55-5335
E-Mail: datenschutz@uni-bayreuth.de


III. Data subject rights

1. General

With regard to the processing of your personal data, you, as a data subject, have the following rights under Art. 15 e.g. GDPR to:

  • You can request information  about whether we process personal data from you. If this is the case, you have the right to information about these personal data as well as to other information related to the processing (Art. 15 GDPR). Please note that in certain cases this right of access may be limited or excluded (see in particular Art. 10 BayDSG).
  • In the event that personal data about you is no longer (no longer) accurate or incomplete, you may request a correction  and, if necessary,  completion of such data (Art. 16 GDPR).
  • If the legal requirements are met, you can request the deletion of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure under Art. 17 sec. 1 and 2 GDPR does not exist, among other things, if the processing of personal data is necessary for the performance of a task. This is in the public interest or is in the exercise of official authority (Art. 17 sec. 3(3) (b GDPR).
  • If you have consented to the processing or if there is a contract for data processing and the data processing is carried out by means of automated procedures, you may have the right to data portability  (Art. 20 GDPR).
  • You have the right to complain to a supervisory authority within the meaning of Article 51 GDPR about the processing of your personal data. The Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich, is responsible for the supervisory authority for Bavarian public authorities.

2. Withdrawal

Insofar as the processing is carried out on the basis of consent, you have the right to withdraw your consent at any time. The revocation only works for the future; that is, the revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

3. Right to object

For reasons arising from your particular situation, you can also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will no longer process your personal data.

4. Further information

Automated decision-making or profiling in the legal sense does not take place. You will not be able to use the Application without providing your personal information.


IV. Purposes and legal bases of the processing

1. Purposes

Reference and use of the webinar solution as a tool for teaching, research and administration, including static evaluation.

This includes the use of licensed products and services, provision of updates, security assurance, and technical and customer support.

2.  Legal bases

For statistics

  • Art. 6 Abs. 1 lit. e i.V.m. Art. 4 BayDSG

For teaching

  • Art. 6 Abs. 1 lit. e DSGVI i.V.m Art. 4 BayDSG (Art. 55 Abs. 2 BayHSchG)

For employees and staff

  • Art. 6 Abs. 1 lit. b DSGVO i.V.m. Art. 4 BayDSG (§ 106 Gewerbeordnung)
  • Art. 6 Abs. 1 lit. c DSGVO i.V.m. Art. 4 BayDSG (Art. 33 Abs. 5 GG)
  • Art. 6 Abs. 1 lit. c DSGVO i.V.m. § 3a Abs. 1 ArbStättV

For recordings of events

  • Art. 6.1c GDPR (for statutory documentation obligations, e.g. examinations)
  • Art. 6.1b GDPR for contracts with recording obligations
  • Art. 6.1a GDPR in other cases

V. Categories of personal data

Number

Name of data

1

User profile: first name, last name, phone (optional), email, password (if SSO is not used), profile picture (optional), department (optional)

2

Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information

3

Meeting recordings: Mp4 of all video and audio recordings and presentations, mp4 of all audio recordings, text file of everyone in the meeting, chats, audio log file

4

IM chat logs

5

Telephony usage data (optional): caller's phone number, caller's phone number, country name, IP address, 911 address (registered service address), start and end time, host name, host email, MAC address of the device used

6

Invoice and procurement data (available only in the Administrator role)


VI. Categories of data subjects

No. of data categories

Name of data

1-5

Users

3-4

Persons, in communication mentioned

6

Buyer


VII. Categories of recipients

No. of data categories

Recipient

Reason for disclosure

Location

1-6

Zoom Video Communications, Inc.

Processor

United States, Canada, India, Australia, Brazil, Japan, Hong Kong

   

Subprocessor

 

6

People.ai

Vertreib, CRM

United States of America

1-6

Zendesk

Support

United States of America

6

Wootric

Kundenumfragen

United States of America

1-6

Totango

Onboarding, Kundenerfahrung

United States of America

1,6

Answerforce

Customer

United States of America

1

Rocket Science Group, LLC

Mail Notifications

United States of America

1, 6

Five9

Call

United States of America

1-6

EPS Ventures

Support

Malaysia

1-6

WKJ Consultancy

Support

Malaysia

6

Salesforce

Customer management

United States of America

1, 6

CyberSource

Payment and fraud prevention

Europe

1, 6

Adyen

Payment and fraud prevention

United States of America

6

Zuora

Subscription management

United States of America

1-5 Oracle Inc. Infrastruktur (IT) United States of America
1-5 Microsoft Corp. Infrastruktur (IT) United States of America

1-5

Amazon Web Services

Infrastructure (IT)

United States, EU, Canada, Australia

1-5

Bandwidth

Infrastructure (telephony)

United States of America


VIII. Transfers of personal data to a third country or to an international organisation

No. of data categories

Third country or international organisation

Appropriate guarantees in the case of transmission in accordance with the second subparagraph of the second subparagraph of the second subparagraph

1-6

United States, Canada, India, Australia, Brazil, Japan, Hong Kong

Standard data proctection clauses
EU-US-Privacy Shield

1-6

United States, Malaysia, Canada, Australia

The same standard data protection clauses


IX. Time limits for the deletion of the different categories of data

No. of data categories

Retention period

1

30 days after deleting the account or ending the contract

2

30 days after the deletion or the end of the contract

3

7 days after revocation of consents required for the publication and storage of the drawing.
Alternatively: After no need for publication and storage of the recording

4

Locally stored chat messages are deleted if they are older than 30 days. Storage in the cloud has been disabled.

5

30 days after the deletion or the end of the contract

6

Internally in accordance with bugdet and tax law

The archive law remains unaffected by the retention periods.

Verantwortlich für die Redaktion: Oliver Gschwender.