Data protection policy for the BSCW

BSCW-Terms of Use for Teaching and Research

1. Name and contact details of the person responsible as well as the Data Protection Officer

This Data Protection Policy applies to data processing by

Frankfurt University of Applied Sciences
President
Nibelungenplatz 1
60318 Frankfurt am Main
Phone: +49 69 1533-0
Fax:     +49 69 1533-2400
www.frankfurt-university.de

The Data Protection Officer can be contacted at the same postal address, or also directly via the following number and e-mail address:

Tel.: +49 69 1533-3020
dsb(at)hsl.fra-uas.remove-this.de

2. Collection and storage of personal data as well as the nature and purpose of use

When Visiting the BSCW Service Website

When the BSCW service website is visited, information is automatically sent to the BSCW server by the browser on your device. This information is stored temporarily. The following information is collected and stored until automated deletion:

  • IP address of the requesting computer.
  • Date and time of access.
  • Name and URL of the downloaded file.
  • Transferred amount of data.
  • Indication whether the download was successful.
  • Data identifying the browser software and operating system.
  • Website from which the access is made.
  • Name of your Internet access provider.

The data mentioned is processed by us for the following purposes:

  • ensuring a smooth connection to the website,
  • ensuring comfortable use of our website,
  • monitoring the security and stability of the BSCW service,
  • safeguarding the regulations according to this privacy policy and
  • for further administrative purposes.

The legal basis for this data processing is Article 6 (1) (1) (f) GDPR. Our legitimate interest in data collection follows the stated purposes. In no case do we use the collected data to draw conclusions about your person.

In addition, we use cookies when visiting our website. Further details can be found in Article 4 of this privacy policy.

When registering with the BSCW service

When making use of a user account of the BSCW service, the information referred to in Article 2 (a) of this Declaration shall be stored. In addition, at least one user ID, one password, and one e-mail address are required to register with the BSCW service.

The BSCW service stores user-performed actions in the form of events. Events potentially contain personal data (e.g., user identification) and are provided to authorized users in a common data space for purposes of traceability in cooperation history. In addition, events can be aggregated automatically upon user request and sent as a notification to authorized users via e-mail.

Registration with the BSCW service can only take place if the registration is confirmed via an e-mail sent by the BSCW service and the link contained therein and if the users, to the extent it is necessary for the use of the BSCW service, are included in the above-mentioned use of the BSCW service personal data according to this privacy policy. The personal details required for registration with the BSCW, that is, first name, name, organization, and e-mail address (see BSCW profile) may also contain pseudonyms without any restriction of functionality. For further anonymization, several users can use the same user ID. Subsequent and self-determined pseudonymization or modification is possible at any time.

In principle, the BSCW service is not subject to review in respect of content by the Frankfurt University of Applied Sciences. Nevertheless, we reserve the right to delete entries and to exclude users from further use if entries contain criminally relevant facts or are incompatible with the goals of the Frankfurt University of Applied Sciences.

Users can resign from the BSCW service at any time by sending an e-mail to bscw-admin(at)fra-uas.remove-this.de.

The legal basis for data processing shall be based on the consent of users in accordance with Article 6 (1) (a) in conjunction with Article 7 (f) GDPR or a legal basis under Article 6 (1) (b) of the GDPR.

3. Disclosure of data

We only disclose your personal information to third parties if

  • you have given your explicit consent in accordance with the first sentence of Article 6 (1) (a) of the GDPR;
  • a disclosure pursuant to Article 6 (1) sentence 1 letter (f) of the GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to disclose in accordance with Article 6 paragraph 1 sentence 1 letter c GDPR, as well as
  • this is legally permissible and required under Article 6 (1) (1) (b) of the GDPR for the purpose of entering into contractual relationships with you.

A transfer of your personal data to third parties for purposes other than those listed does not take place.

4. Cookies

The BSCW service uses cookies. These are small files that your browser saves on your device (laptop, tablet, smartphone, etc.) when you visit the BSCW website. As a result of the connection with the specific device used information is stored in the cookie.

The deployment of cookies enables the use of our service. We use so-called session cookies to recognize that you have already visited individual pages of the BSCW service, as well as what inputs and settings you have made, so you do not have to enter them again. In addition, temporary cookies are used to authenticate users that are logged in to the BSCW service. All cookies will be automatically deleted after logging off the BSCW service after a defined time or when you terminate the browser on your device.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or a message appears before a new cookie is created. If cookies are completely disabled, the BSCW service can not be used.

5. User rights

You have the right:

  • to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, all in accordance with a right to rectification, deletion, limitation of processing or opposition to it, and the right to complain about the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details of these processes;
  • to demand, in accordance with Article 16 of the GDPR, immediate correction of incorrect or completed personal data stored by us;
  • to request, in accordance with Article 17 of the GDPR, the deletion of your personal data stored by us, except where the processing is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for assertion, exercise or defense of legal claims;
  • to demand, in accordance with Article 18 of the GDPR, the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you, or the processing is unlawful, or you reject its deletion when we no longer need the data, because you need it to assert, exercise or defend legal claims or you have objected to processing under Article 21 GDPR;
  • to receive, in accordance with Article 20 of the GDPR, your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person in charge;
  • to revoke, in accordance with Article 7 (3) GDPR, your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future and
  • to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace, the Hessian Commissioner for Data Protection and Freedom of Information or our postal address.

6. Terms of use

The following special provisions apply to the use of the BSCW service:

  • The BSCW may only be used for teaching and research purposes. Use for commercial purposes is excluded.
  • Use of the BSCW is voluntary. In order to achieve this, teachers and research group leaders have to offer alternative and equivalent work and communication opportunities.
  • BSCW may not be used for the purposes of individual work and performance assessment.
  • Invitations to participate in the BSCW can only be given by selected users (i.e. teachers, research group leaders).
  • Every user of the BSCW is unrestrictedly liable that its use does not infringe any copyrights or other rights of third parties. In particular, it is not permitted to file or use files containing inciting, violent or pornographic content or files whose use or disclosure violates existing rights of third parties (such as copyrights, personal rights) in the BSCW. This also applies to information in the BSCW user profile, such as first name, last name and organization. Furthermore, the BSCW may not be used to provide information on the health status of other persons (for example, in connection with breakdowns), unless the subjects of this data have expressly permitted this information. Any contravention will result in immediate exclusion from the use of the BSCW and the deletion of all data.
  • Users of BSCW are obliged to immediately report detected violations of this privacy policy.
  • Persons responsible for the work area are additionally obliged to discharge users from a work space or to delete the documents contained therein after the purpose pursued by the invitation or the storage has been fulfilled.
  • Every use of materials from the BSCW must be identified by a source note and the author must be cited correctly.
  • The maximum disk space per user is limited, extensions are possible on request to bscw-admin(at)fra-uas.remove-this.de.
  • Users are themselves responsible for their individual protection against viruses and data loss.
  • User IDs that have not been used for more than 12 months will be deleted. The affected users will be informed in advance by e-mail. If there is no reaction to this announcement, the user ID and the data contained therein will be deleted.
  • There is no legal claim to the use of the BSCW.

The University as the operator of the BSCW service reserves the right to unilaterally change these conditions at any time, in particular to adapt them to changed legal, organizational and technical conditions.

7. Deletion of data

If users have terminated their user account or have not objected to its deletion, then their data will be deleted with respect to the user account in accordance with Articles 17 and 18 GDPR. It is up to users to back up their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. That means that the data is blocked and not processed for other purposes.

8. Right to objection

If your personal data are processed on the basis of legitimate interests in accordance with Article 6 paragraph 1 sentence 1 letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, as far as there are reasons for this pertaining to your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.

Please direct your objection to:

The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden
Phone: +49 611 1408 - 0
post(at)datenschutz.hessen.remove-this.de
https://datenschutz.hessen.de/

9. Data security

The BSCW service uses the TLS (Transport Layer Security) method for the encrypted transmission of data in conjunction with the highest encryption level supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit encryption. Whether a single page of the BSCW service is encrypted is indicated by the enclosed representation of the key or lock icon in the status bar of your browser.

Within the BSCW service, only authorized users have access to individual workspaces.

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against the unauthorized access of third parties. Our security measures are constantly adapted to technological developments.

10. Updates and changes to this privacy policy

This privacy policy is effective from May 2018. Due to the further development of the BSCW software or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be viewed and printed by you at https://bscw.frankfurt-university.de/EduRes/bscw/bscw.cgi.

Prof. Dr. Christian RichID: 7844
last updated on: 02.07.2020