Privacy Policy of the FHPCloud

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.

1. Contact persons

The responsible person in the sense of the general data protection regulation is:
University of Applied Sciences Potsdam
represented by the president
Prof. Dr. Schmitt-Rodermund
Kiepenheuerallee 5, 14469 Potsdam
praesidentin@fh-potsdam.de
President's council

The data protection officer of the University of Applied Sciences Potsdam is:
Sven Hirsch
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
datenschutz@fh-potsdam.de
Data protection officer

Contact of the processing agency
The central IT of the University of Applied Sciences Potsdam will provide information if you have any questions or comments:
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
it-service@fh-potsdam.de
Central IT

2. Purpose and legal basis for processing personal data

The basic personal data (name, login, email address) are required for the provision of the service to the user. For students and lecturers, the basis for this processing is the EU data protection regulation (EU-GDPR Art. 6 Para. 1 lit. e) and the Brandenburg university act (BbgHG §14 Para. 9). For employees, it is the basis EU-GDPR Art. 88 and § 26 BbgDSG. Furthermore, log files are generated by the services, which may contain personal or personal-related data. This processing is carried out on the basis of the EU's general data protection regulation (EU-GDPR Art. 6 Para. 1 lit. f), with the legitimate interest of ensuring IT security, the possibility of error diagnosis and for resource planning. This is regulated in the "User Regulations for the IT Facilities of the Potsdam University of Applied Sciences".

Users themselves are responsible for the processing of personal data that they provide to the system.

What data do we use and from which sources does it originate?

For the use of the Campus.Account, the display name, the e-mail address, the login name, the membership of various access groups and the unique system-internal ID (objectGUID) are obtained. For the data sources of the Campus.Account, please refer to the corresponding privacy policy. In log files, the loginname and the IP address are stored, along with the time of the event.

4. Who gets my data?

The administrators of the system must have access to the basic personal data (name, login, mail address) in order to control access, quotas and for other administrative tasks. Access to the user files is only permitted in exceptional cases; this is regulated in the "Usage Regulations for the IT Facilities of the University of Applied Sciences Potsdam" §6 Para.6.

To enable the sharing of content with other users, there is an automatic completion of the account. To do this, users must enter at least 5 characters of their name or email address. If there are several matches, a maximum of 10 of them will be displayed. When users provide data in the system, initially only the user himself/herself has access and when he/she releases it, the persons to whom he/she releases it have access. The user decides on the release, the recipients can be within the university, in the EU or worldwide. The user is responsible for compliance with the law, in particular data protection and copyright law, for his or her own content.

5. Duration of data storage / Deletion periods

Account
The data will remain in the FHPCloud until the Campus.Account has been deleted. After the deletion of the Campus.Account, the data will be deleted from the FHPCloud within one month. Data in the recycle bin will be deleted after 30 days at the earliest.

Log files
Log files are kept for 7 days and then automatically deleted.

6. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you may request information about and a copy of this/these data from the controller in accordance with Article 15 of the GDPR.
You also have the right to rectification (pursuant to Art. 16 of the GDPR). If incorrect data is stored, you can partly adjust it yourself (profile data collected yourself) or request the data controller to do so. The data controllers will comply with the request, provided that the correction is justified and appropriate.
You have a right to have the personal data concerning you deleted (in accordance with Art. 17 GDPR). You have a right to have data deleted that is actually wrong or has no further purpose for the controller. You do not have the right to have data deleted if the controller is obliged to still retain the data for legal reasons or due to other obligations. The obligation to store data may also exist after exmatriculation. There is also no right to deletion if information was written by you yourself and this is in the context of information from other users (e.g. forum posts).
You have a right to restriction of processing by the data controllers (in accordance with Art. 18 GDPR). The controllers will ensure that, in the event of restriction, data is only accessible to those persons who absolutely need to see the data. For this purpose, they may use the means of pseudonymisation and anonymisation.
You have the right to object to this processing (in accordance with Art. 21 GDPR). You can object to the further use of the data. This can only take effect in the future. The right to object is not an automatic obligation for the data controller to delete the data. If the data controllers have storage obligations for other reasons, they will consider this and inform you.
You have a right to data portability (in accordance with Art. 20 GDPR). You have a right to receive data that you have written yourself in an electronic format that can be used elsewhere. The right is limited to data that may not be transferred to another body or that affect the rights of others, e.g. copyright.
You also have the right to lodge a complaint with a supervisory authority (pursuant to Art. 77 GDPR). In the event of a breach of legal provisions for the protection of data stored about you, you can contact the competent supervisory authority. (State commissioner for data protection and for the right to inspect files, www.lda.brandenburg.de).

Please first contact the processing agency, the person responsible or the official data protection officer at the University of Applied Sciences Potsdam (see point 2). In most cases, this will help to clarify questions and resolve complaints.