Privacy Policy for the BigBlueButton Web Conferencing Service

Name and address of the person responsible

Responsible for the processing of personal data on this website is the

Ostbayerische Technische Hochschule (OTH) Amberg-Weiden

Represented by the President
Prof. Dr. Andrea Klug
Kaiser-Wilhelm-Ring 23, 92224 Amberg
Tel.:+49 (9621) 482-0, Fax: +49 (9621) 482-4991
Internet: https://www.oth-aw.de
E-Mail: amberg@oth-aw.de

Data processing

This privacy policy applies to the web application of the BigBlueButton web conferencing service of the Ostbayerische Technische Hochschule Amberg-Weiden at "https://bbb.oth-aw.de" and to the personal and non-personal data collected therein.

The purpose of the BigBlueButton web conferencing service of the OTH Amberg-Weiden is digital collaboration within the scope of official activities at the OTH Amberg-Weiden, in particular ensuring cross-spatial teaching, research and administration, in the sense of the legal task of cultivating and developing the sciences and arts (Art. 2 BayHSchG), the compatibility of family with studies, science and career Art. 2 Para. 3 BayHSchG) and the promotion of international and European cooperation in higher education Art. 2 Para. 4 BayHSchG) in accordance with the applicable Bavarian Higher Education Act.

The processing of personal data in the context of the use of the BigBlueButton web conferencing service is based on the following legal bases:

Consent according to Art. 6 Para. 1 a) DSGVO
For the fulfilment of the teaching assignment according to Art. 6 Para. 1 e DSGVO i.V.m. Art. 55 BayHSchG
For the fulfilment of official duties pursuant to Art. 6 Para. 1 e) DSGVO in connection with Art. 4 BayDSG. Art. 4 BayDSG in conjunction with. Art 2 BayHSchG
For data processing in the context of contractual relationships Art. 6 para. 1 b) DSGVO

Personal data

According to Article 4 GDPR, "personal data means any information relating to an identified or identifiable natural person [...]; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

Data for the technical delivery of the website

For the delivery of the website by the web application to the user's computer or web browser, a temporary processing of the complete IP address by the web server and the downstream web applications is necessary for technical reasons.

Non-authenticated use of the web application

In the case of non-authenticated users, the following personal data are generally processed in accordance with the purpose of the web application:

  • Your self-chosen name
  • Your room affiliations
  • your video image, if you provide it in the meeting
  • Your statements via audio, if you make them available in the meeting
  • Your shared documents (e.g. presentations, spreadsheets, graphics, text, audio, video), if you make them available in the meeting.
  • your shared messages, if you make them available in the meeting
  • your shared notes, if you make them available in the meeting
  • Your shared drawings, if you make them available in the meeting
  • Your shared surveys and survey responses, if you make them available in the meeting.
  • Your other shared information, if you provide it in the meeting
  • IP address
  • Access date/time
  • Access method
  • Resource accessed from
  • Resource accessed
  • Session and authorisation cookies
  • Tracking cookies

The collection, processing and transfer of personal data of users of OTH Amberg-Weiden is based on the legal regulations applicable to OTH Amberg-Weiden and its users (including BayHSchG, collective bargaining law, civil service law, personnel law, DSGVO) or, if required, on the express consent of the users.

The collection, processing and transfer of personal data of users from the public is carried out on the basis of this data protection declaration and, if required, with the express consent of the users.

Authenticated use of the web application by means of personal accounts

In the case of authenticated users, the following personal data are generally processed in accordance with the purpose of the web application:

  • Your name
  • Name of home organisation, if applicable
  • If applicable, name of department (e.g. name of faculty, institute or working group)
  • If applicable, type of affiliation to the home organisation (e.g. member, faculty, staff, student)
  • Official and student address and contact information (e.g. official e-mail address)
  • User ID, depending on the authentication method used, password and/or session cookies
  • Your affiliations to roles, rights, groups, rooms and recordings in the web application
  • your video image, if you provide it in the meeting
  • Your audio statements, if you provide them in the meeting
  • Your shared documents (e.g. presentations, spreadsheets, graphics, text, audio, video), if you make them available in the meeting.
  • your shared messages, if you make them available in the meeting
  • your shared notes, if you make them available in the meeting
  • Your shared drawings, if you make them available in the meeting
  • Your shared surveys and survey responses, if you make them available in the meeting.
  • Your other shared information, if you provide it in the meeting
  • IP address
  • Access date/time
  • Access method
  • Resource accessed from
  • Resource accessed
  • Session and authorisation cookies
  • Tracking cookies

The transmission of personal data within the framework of the federated Shibboleth authentication service of the DFN-Verein to the web application and the subsequent processing of personal data is carried out on the basis of the respective legal regulations applicable to the home organisation and its users or with the express consent of the users.

The collection, processing and transmission of personal data of users of the OTH Amberg-Weiden is based on the legal regulations applicable to the OTH Amberg-Weiden and its users (including BayHSchG, BayDSG, DSGVO) or, if required, on the express consent of the users.

Place of processing and storage

The data processed in the web application are not processed and stored outside the scope of the GDPR.

Cookies

A so-called cookie is a text fragment that the website places on the computer of the requesting party via the web browser and whose content is transmitted to the website again each time the web browser accesses the website.

For purposes limited purely to the functionality of the web application, temporary session and authorisation cookies are set that do not allow cross-application identification of the user. This includes the following purposes in particular:

  •     Authentication of the user's current web session against the web application
  •     Authentication of the current web session of the user's central identity provider against the web application. 
  •    Storage for application-specific settings, e.g. language selected by the user, session runtime.

Tracking cookies are set for purposes beyond the pure functionality of the application. This includes in particular the following purposes:

  • Creation of anonymised website access statistics via the central website statistics service of the OTH Amberg-Weiden to improve the web application and the web content offered. Further information can be found in the section "Evaluations".

The storage of cookies can be deactivated in the web browser used by the user. In this case, no cookies are stored. As a result, however, no personal functions of the website can be executed.

Evaluations

In order to improve the web application and the web content offered, anonymised website access statistics are created via the central website statistics service of the OTH Amberg-Weiden.

You have the option of completely deactivating the evaluations carried out via the central website statistics service of the OTH Amberg-Weiden (opt-out). This can be done by one of the following measures:

  • By deactivating tracking in the tracking settings of the OTH Amberg-Weiden.
  • By activating the so-called "Do Not Track signalling" in the settings of the web browser (applies to all websites)
  • By deactivating cookies in the web browser settings (not recommended, as this makes the web application no longer usable in a meaningful way).

Logged data in the web server

When you access the website, the following personal data is stored in the form of access logs of the web server:

  • IP address
  • Access date/time
  • Access method
  • Access success
  • accessed resource
  • Volume of data transferred
  • Web browser designation

In the access logs created by the web server, the IP address of the user is processed and stored for a period of 7 full days to defend against attacks, prevent misuse, analyse errors and improve the web application.

Logged data in the web application

When you access the website, the following data is stored in the form of web application access logs:

  • IP address
  • access date/time
  • Action performed and resource accessed
  • Session or authorisation ID
  • User ID
  • Your name
  • Your email address
  • Room

In the access logs created by the web application, the IP address of the users is processed and stored for a period of 7 full days to defend against attacks, prevent misuse, analyse errors and improve the web application.

Links to websites of other providers

The websites may contain links to websites of other providers. The OTH Amberg-Weiden has no influence on whether these providers also comply with the legal data protection regulations. Please always check the data protection declarations of the other providers.

Recipients of your data in case of legal or judicial obligation

Apart from being passed on to authorised service providers, the data stored when you access the website will only be passed on to third parties if we are obliged to do so by law or by a court decision or if this is necessary for legal or criminal prosecution in the event of an attack on the website.

Your rights

As a user of the website, you have various rights in accordance with Articles 15 to 18, 21 DSGVO and the BayDSG: right to information, right to rectification, right to deletion, right to restriction of processing, right to object and right to lodge a complaint.

If the processing of your data is based on consent, you have the right to revoke this consent at any time with effect for the future.

Right of access

According to Article 15 of the GDPR, you can request information about your personal data that we process. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information is restricted by Section 34 of the BDSG or Article 10 of the BayDSG.

Right of deletion

In accordance with Article 17 DSGVO and Section 35 BDSG, you can request the deletion of your personal data. Your right to erasure depends on a number of conditions, such as whether we still need your data to fulfil our legal duties.

Right of objection

Under Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of data concerning you. However, we cannot always comply with your objection, for example if a legal provision obliges us to process in accordance with Section 36 BDSG. Please also note that it is mandatory for us to process the IP address of your client so that you can use the website.

Right of complaint

If you are of the opinion that OTH Amberg-Weiden has not complied with data protection regulations when processing your data, you can lodge a complaint with the official data protection officer of OTH Amberg-Weiden or with the supervisory authority for public bodies processing data in the Free State of Bavaria in order to have it examined.

Data Protection Officer

OTH Amberg-Weiden - Data Protection Officer
Dipl. Ing. (FH) Martin Hofmann
Hetzenrichter Weg 15, 92637 Weiden
Tel. +49 961 382-1709, Fax: +49 961 382-2709
Internet: www.oth-aw.de
E-Mail: datenschutzbeauftragter@oth-aw.de

Supervisory authority

Bavarian State Commissioner for Data Protection
Prof. Dr. Thomas Petri
Wagmüllerstraße 18
80538 München
Tel.: +49 89 212672-0, Fax: +49 89 212672-50
Internet: www.datenschutz-bayern.de
E-Mail: poststelle@datenschutz-bayern.de

Validity

The privacy policy is currently valid and was last amended on 22 July 2020.