Privacy Policy Campus-Account
In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled in accordance with the data protection regulations.
1. Contact persons
The responsible person in the sense of the general data protection regulation (GDPR) is:
University of Applied Sciences Potsdam
represented by the President Prof. Dr. Eva Schmitt-Rodermund
Kiepenheuerallee 5, 14469 Potsdam, Germany
praesidentin@fh-potsdam.de
President's council
The data protection officer of the University of Applied Sciences Potsdam is:
Sven Hirsch
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
datenschutz@fh-potsdam.de
Data protection officer
Contact of the processing office:
The central IT of the University of Applied Sciences Potsdam will provide information if you have any questions or comments:
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
it-service@fh-potsdam.de
Central IT
2. Purpose and legal basis for processing personal data
The Campus.Account is a central access point to the campus data network and the various electronic services of the University of Applied Sciences Potsdam. It allows you to log on to different systems with only one user ID. For this purpose, it provides a user directory that University of Applied Sciences Potsdam services can access. Furthermore, mail distribution lists and the staff list are generated from it.
For students and lecturers, the basis for this processing is the EU data protection regulation (EU-GDPR Art. 6 Para. 1 lit. e) and the Brandenburg university act (BbgHG §14 Para. 9).
For employees, the basis is EU-GDPR Art. 88 and § 26 BbgDSG.
For participants in further education, processing is carried out in accordance with the EU's general data protection regulation (EU-GDPR Art. 6 Para. 1 lit. b).
In the case of external participants and alumni, processing is carried out in accordance with the EU data protection regulation (EU-GDPR Art. 6 Para. 1 lit. a).
Furthermore, log files are generated by the services, which may contain personal or personal-related data. This processing is carried out on the basis of the EU data protection regulation (EU-GDPR Art. 6 para. 1 lit. f), with the legitimate interest of ensuring IT security, the possibility of error diagnosis and for resource planning. This is regulated in the "Usage Regulations for the IT Facilities of the University of Applied Sciences Potsdam".
What data do we use and from which sources does it originate?
Students
Student accounts are created from the data collected during enrolment and are regularly compared with this data. The following data is used for this purpose:
- Last name
- First name
- Department
- Course of study
- Degree sought
- Matriculation number
In addition, a FHP e-mail address will be generated for everyone.
Employees
In the case of staff members, the data comes from the personnel database and is also regularly compared. In this case, the data is as follows:
- Last name
- First name
- Possible titles
- Department
- Status group
In addition, an FHP e-mail address is generated for each participant and the official telephone number and room are stored.
Further education participants
For participants in further education, the last name, first name and the (external) e-mail address of the organising department are reported.
Lecturers
Lecturers are reported to Central IT by the deaneries. The last name, first name, title and e-mail address are transmitted. In addition, a FHP e-mail address is generated for each person.
For all users
A unique login name is generated for all users and groups and roles are entered in the Campus.account. The system generates further data, such as the time of the last login, the last password change and various internal IDs. Depending on the service, the log name, the mail address, the IP address and/or the MAC address are stored in log files. Always together with the time of the event. The following events, for example, generate log file entries:
- Login to a service
- Logout from a service
- In the case of web services, the retrieval of a web page
- Sending or receiving an e-mail
4. Who receives my data?
Within the University of Applied Sciences Potsdam, data will be passed on to the systems for which your account has been activated in order to provide you with access. Processors we use (Art. 28 GDPR) may also receive data for these purposes. These are companies in the IT services category that provide support services for the operation of various services.
As part of the web single sign on service, you can also log in to external services with your Campus.account. After logging in, but before transmission, you will be shown which data categories and data are transmitted to whom and on what legal basis. In most cases this is done voluntarily according to GDPR(Art. 6 para. 1 lit. A) and requires your consent to the transfer of your data. In the context of eduGAIN, these services may also be located outside the EU. However, as it is not apparent where the eduGAIN services are operated, a corresponding warning is displayed for all of them.
5. Duration of data storage / Deletion periods
Account information
Students
The Campus.Account will be deleted 6 months after exmatriculation.
Employees
The Campus.account will be deleted 6 months after termination of employment at the latest. Unless other agreements exist.
Lecturers
The Campus.account is deleted 8 months after the end of the semester of the teaching assignment.
External users
A term is agreed for the Campus.Account. The account will be deleted at the end of this period if it is not renewed.
Data in connected services will be deleted 1 month later at the latest. This includes mailboxes and Moodle accounts.
Log files
Log files are kept for 7 days and then automatically deleted.
If the user consents to the transfer to an external service when using the web single sign on service, this consent is stored as evidence for 2 years. The time, the service, the login name and the attributes for which consent to transfer was given are logged. The consent itself is valid for 1 year or until revoked.
6. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
- You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you can ask the controller for information about and a copy of this/these data in accordance with Article 15 of the GDPR. If you log in to Moodle, you can view this data yourself, e.g. in your profile.
- You also have the right to rectification (in accordance with Art. 16 GDPR). If incorrect data is stored, you can partly adjust it yourself (profile data you have collected yourself) or request the persons responsible to do so. The data controllers will comply with the request, provided that the correction is justified and appropriate.
- You have a right to have the personal data concerning you deleted (in accordance with Art. 17 GDPR). You have a right to have data deleted that is actually wrong or has no further purpose for the controller. You do not have the right to have data deleted if the controller is obliged to still retain the data for legal reasons or due to other obligations. The obligation to store data may also exist after exmatriculation. There is also no right to deletion if information was written by you yourself and this is in the context of information from other users (e.g. forum posts).
- You have a right to restriction of processing by the data controllers (in accordance with Art. 18 GDPR). The controllers will ensure that, in the event of restriction, data is only accessible to those persons who absolutely need to see the data. For this purpose, they may use the means of pseudonymisation and anonymisation.
- You have the right to object to this processing (in accordance with Art. 21 GDPR). You can object to the further use of the data. This can only take effect in the future. The right to object is not an automatic obligation for the data controller to delete the data. If the data controllers have storage obligations for other reasons, they will consider this and inform you.
- You have a right to data portability (in accordance with Art. 20 GDPR). You have a right to receive data that you have written yourself in an electronic format that can be used elsewhere. The right is limited to data which may not be transferred to another body or which concern the rights of others, e.g. copyright.
- You also have the right to lodge a complaint with a supervisory authority (pursuant to Art. 77 GDPR). In the event of a breach of legal provisions for the protection of data stored about you, you can contact the competent supervisory authority. (State commissioner for data protection and for the right to inspect files, www.lda.brandenburg.de).
Please first contact the processing agency, the person responsible or the official data protection officer at the University of Applied Sciences Potsdam (see point 2). In most cases, this will help to clarify questions and resolve complaints. 7.
7. Is there an obligation for me to provide data?
In the course of your studies/employment, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of your studies/employment and that we are legally authorised to collect.
Without this data, we will usually have to refuse enrolment/an employment contract/the conclusion of a contract or will no longer be able to implement an existing contract and may have to terminate it.
A Campus.Account is required in any case for the use of systems connected to the Campus.Account. Without a Campus.Account, for example, it is not possible to create an FHP mail account, access the MyCampus portal (online examination administration, download of study certificates), or use the e-learning platform Moodle. The University of Applied Sciences Potsdam endeavours to connect all new services to the Campus.Account.
Version from 13.03.2019