Privacy Policy BigBlueButton

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.

1. Contact persons

The responsible person in the sense of the general data protection regulation is:
University of Applied Sciences Potsdam
represented by the president
Prof. Dr. Schmitt-Rodermund
Kiepenheuerallee 5
14469 Potsdam
praesidentin@fh-potsdam.de
President's council

The data protection commissioner of the University of Applied Sciences Potsdam is:
Sven Hirsch
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
datenschutz@fh-potsdam.de
Data protection commissioner

Contact of the processing agency
The central IT of the University of Applied Sciences Potsdam will provide information if you have any questions or comments:
University of Applied Sciences Potsdam
Kiepenheuerallee 5, 14469 Potsdam
it-service@fh-potsdam.de
Central IT

2. Purpose and legal basis for processing personal data

The basic personal data (name, login, email address) are required for the provision of the service to users. For students and lecturers, the basis for this processing is the EU data protection regulation (EU-DSGVO, Art. 6 para. 1 lit. e) and the Brandenburg Higher university act (BbgHG § 14 section 9). For employees, it is the basis EU-DSGVO Art. 88 and § 26 BbgDSG. Furthermore, log files are generated by the services, which may contain personal or personal-related data. This processing is carried out on the basis of the EU's general data protection regulation (EU-DSGVO, Art. 6 Para. 1 lit. f), with the legitimate interest of ensuring IT security, the possibility of error diagnosis and for resource planning. This is regulated in the usage regulations for the IT facilities of the University of Applied Sciences Potsdam.

When recording conferences, the organiser/recorder has to obtain and document the consent of the participants in advance.

3. What data do we use and from which sources does it originate?

The display name, the e-mail address and the login name are obtained from the Campus.Account. For the data sources of the Campus.Account, please see the corresponding Campus.Account privacy policy.

When using Greenlight, it is possible to participate in a conference without logging in. In this case, the participant must enter a name under which he/she will be displayed in the video conference. For the transmission of the camera image and the sound, the participant must activate this himself/herself.

The log name and the IP address are stored in log files, along with the time of the event.

4. Who gets my data?

The administrators of the system must have access to the basic personal data (name, login, email address) to control access and for other administrative tasks. Access to the user files is only permitted in exceptional cases. This is regulated in the user regulations for the IT facilities of the University of Applied Sciences Potsdam § 6, section 6.

All participants of a conference can see the names of the other participants. If images or sound are shared, the other participants can also see this. The moderator can also switch this off, in which case only he/she will see the other participants.

5. Duration of data storage / Deletion periods

Account in Greenlight
Account deleted until Campus, then 28 days.

Records
Stored until the organiser/recorder deletes them.

Log files
Log files are kept for 7 days and then automatically deleted.

6. Rights of the data subject

If your personal data are processed, you are a data subject in the sense of the GDPR and you have the following rights vis-à-vis the responsible person:

You may request confirmation from the controller as to whether personal data concerning you are being processed. If there is such processing, you can request information about it from the controller as well as a copy of this data in accordance with Art. 15 DSGVO.
You also have the right to rectification (pursuant to Art. 16 DSGVO). If incorrect data is stored, you can partly adjust it yourself (profile data collected yourself) or request the responsible persons to do so. The responsible persons will comply with the request, provided that the correction is justified and appropriate.
You have a right to have personal data relating to you deleted (in accordance with Art. 17 of the GDPR). You have a right to have data deleted that is actually incorrect or has no further purpose for the controller. You do not have the right to have data deleted if the data controller is obliged to still retain the data for legal reasons or due to other obligations. The obligation to store data may also exist after exmatriculation. There is also no right to deletion if information was written by you yourself and this is in the context of information from other users (e.g. forum posts).
You have a right to restriction of processing by the responsible persons (in accordance with Art. 18 DSGVO). The data controllers will ensure that, in the event of restriction, data is only accessible to those persons who absolutely need to see the data. For this purpose, they may use the means of pseudonymisation and anonymisation.
You have a right to object to this processing (in accordance with Art. 21 DSGVO). You can object to the further use of the data. This can only take effect in the future. The right to object is not an automatic obligation for the data controller to delete the data. If the data controllers have storage obligations for other reasons, they will consider this and inform you.
You have a right to data portability (in accordance with Art. 20 DSGVO). You have a right to receive data that you have written yourself in an electronic format that can be used elsewhere. The right is limited to data which may not be transferred to another body or which concern the rights of others, e.g. copyright.
You also have the right to lodge a complaint with a supervisory authority (pursuant to Art. 77 DSGVO). In the event of a breach of legal provisions for the protection of data stored about you, you can contact the competent supervisory authority. (State commissioner for data protection and for the right to inspect files).

Please first contact the processing agency, the responsible person or the official data protection officer of the University of Applied Sciences Potsdam (see point 2). In most cases, this will help to clarify questions and resolve complaints. 7.

7. Is there an obligation for me to provide data?

No, the use of FHP BigBlueButton is only an offer of the University of Applied Sciences Potsdam. Users can decide whether they want to use the service.

Downloads

No. 340

16/01/2019

Benutzungsordnung für die IT-Einrichtungen der Fachhochschule Potsdam (PDF, 89.29 KB)

Contact: IT service