Universität Bonn

University IT and Data Center

DATA PROTECTION
© HRZ

Data protection information for users of the Uni Bonn app

The basic data protection information of the University of Bonn can be found at: https://www.uni-bonn.de/en/data-protection-policy?set_language=en

The data protection information specific to data processing within the Uni Bonn App is listed below.

Name and Address of the Data Controller

The data controller (hereinafter: 'Controller') as mandated by the General Data Protection Regulation and other national data protection laws from member states as well as other regulations relevant to data protection is: 

University of Bonn
Regina-Pacis-Weg 3
Germany
Phone: +49 228 73 0
E-mail: kommunikation@uni-bonn.de
Website: https://www.uni-bonn.de

Name and Address of the Data Protection Officer 

The data protection officer of the Controller is:

N.N.
Genscherallee 3
53113 Bonn

Phone: + 49 (0)228 -73 – 6758
E-mail: datenschutz@uni-bonn.de
https://www.datenschutz.uni-bonn.de

Vertreter:

Eckhard Wesemann
Department 1, Section 1.0
Regina-Pacis-Weg 3
53113 Bonn

E-mail: wesemann@verwaltung.uni-bonn.de

Purpose and legal basis of processing

The “Uni Bonn App” provides members and affiliates of the University of Bonn, in particular students, with convenient access to target group-specific information and IT services of the University of Bonn with the primary purpose of supporting teaching and studies. The app can be installed and used on mobile devices under the Android or iOS operating systems. The use of the app is OPTIONAL and not mandatory for studying or fulfilling official duties. However, the app makes everyday university life easier. The app was developed in a consortium as part of the Campus-App.NRW project (https://www.campus-app.nrw).

By downloading and installing the app on the user's personal device, legitimization to the respective AppStore takes place via the personal Apple ID or the personal Google account.

The optional use of the app under the Android or iOS operating systems therefore requires corresponding consent to the data protection provisions and terms of use of Apple (https://support.apple.com/de-li/HT210584) or Google (https://policies.google.com/?hl=de). The user is responsible for setting the data protection options offered by Apple or Google accordingly.

The categories of personal data that are processed

  1. The following general categories of personal data are collected and processed in the Uni Bonn app: Personal data of a user who has a Uni-ID account, which is read from the LDAP directory of the University of Bonn when logging in (surname and first name, user name, matriculation number, gender). This data is stored locally on the user's device. The data is transmitted in encrypted form. The data is encrypted using the device's standard encryption, provided the device is protected with a password/pin. The data is not stored in a backup.
  2. Personal data of the user (student), which is read from the corresponding IT systems of the University of Bonn after registration and is only visible to the user himself (e.g. grades, courses attended, etc.). This data is stored locally on the user's end device. The data is transmitted in encrypted form. The data is encrypted using the device's standard encryption, provided the device is protected with a password/pin. The data is not stored in the backup.
  3. Data that is read from other IT systems of the University of Bonn and is only visible to authorized users with a Uni-ID account.
  4. Data that has been entered into the app by the user (e.g. own appointment entries in the calendar).
  5. Technical data (protocol and log files).

Categories of recipients

The data will only be disclosed to the following authorized recipients and only if necessary to fulfill the specific task and process the respective service:

  1. Employees of the University of Bonn who are responsible for the development and administration of the app or the IT systems of the University of Bonn accessible via the app.
  2. The respective user himself, who can read his personal data.
  3. Members and affiliates of the University of Bonn who have access to the information from the University of Bonn's systems that has been activated for this target group.
  4. Other people who use the app without a Uni-ID account to access public, open access information from the University of Bonn (e.g. news, events, information about a subject area, etc.).

Transfers to a third country or international organization

Any transfer or use of the personal data of the user in connection with the access to the Apple or Google account or the operating system is regulated by the respective data protection regulations of Google or Apple. The University of Bonn has no influence over these.

Duration of storage

  1. The data will only be stored at the University of Bonn for as long as this is necessary for the purpose of processing, in particular for processing, legal documentation and as evidence of the process, and as long as there is a legal basis for storage. If the purpose of processing or the legal basis ceases to apply, the personal data will be deleted immediately (Art. 17 GDPR).
  2. If the processing is based on the consent of a data subject, the data will be deleted immediately as soon as the data subject withdraws their consent and if there is no other legal basis for the processing (Art. 17 GDPR).
  3. The data stored in the app on the user's device can be deleted by the user at any time, by uninstalling the app.
  4. The technical data (protocol and log files) stored on the servers of the University of Bonn will be deleted in accordance with the deadlines specified for these services.
  5. The deletion periods for data stored by Google or Apple are subject to the data protection regulations of the respective provider.

App authorizations

Some authorizations are required for the technical implementation of the functions provided by the app, the use of which is described below.

  1. Internet and network status: The app obtains almost all available information from the Internet. Access to the Internet and the current network status are required to provide and update this information.
  2. File system: The app stores some of the data requested by the user in the file system to enable offline access. This data is essentially various retrievable student documents, for example the student ID. The data stored and read by the app is located in a folder created by the app specifically for this purpose. Under no circumstances does the app access files outside of this folder.
    The information about the files cached by the app is not transferred to the servers of the University of Bonn or to third parties.

Right of complaint to a supervisory authority

Irrespective of any other available administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, including particularly the authority competent for the member state of your residence, at your place of work or at the place of the alleged violation, if you believe that your personal data are being processed in breach of the EU’s GDPR. 

The supervisory authority receiving the complaint will inform the complainant about the status and results of the complaint, including the option for legal remedy in accordance with Art. 78 GDPR.

The competent supervisory authority for the University of Bonn is the:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
[State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia]
Postfach 20 04 44
40102 Düsseldorf
Phone: +49 211 38424-0
Fax: +49 211 38424-10
E-mail: poststelle@ldi.nrw.de

Further information

For reasons of better readability, the simultaneous use of masculine, feminine and diverse language forms has been avoided in this document. All personal designations nevertheless apply to all genders.