Information on the Collection of Personal Data
The operators of these websites take the protection of your personal data very seriously.
Personal data are all data that can be related to you personally, such as name, address, email addresses, and user behavior (information referring to an identifiable natural person (Art. 4, No. 1 of the EU General Data Protection Regulation (GDPR))).
Controller according to Art. 4, par. 7 GDPR is the Acting President of KIT, Prof. Dr. Oliver Kraft, Kaiserstrasse 12, 76131 Karlsruhe, Germany, info (see Legals). Our Data Protection Commissioner can be contacted at ∂ kit edudatenschutzbeauftragter or by ordinary mail with “Die Datenschutzbeauftragte” (the data protection commissioner) being indicated on the envelope. ∂ kit edu
When you contact us by electronic mail or via a contact form, the data given by you (your email address and, if applicable, your name and your phone number) will be stored by us to answer your questions. The data arising in this connection will be erased as soon as storage will no longer be required or processing will be restricted, if legal obligations to retain the data exist.
We would like you to note that internet-based data transmission (e.g. when communicating by electronic mail) may have security gaps. Absolute protection of data against access by third parties may not be guaranteed.
Collection of Personal Data
When using the website for information purposes only, i.e. when you do not register or transmit other information, we will only collect the personal data that are transmitted by your browser to our server according to the settings made by you (server log files). For viewing our website, we collect the data required for this purpose and needed for ensuring stability and security according to Art. 6, par. 1, clause 1, (f) GDPR:
- Anonymized IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the access (concrete site)
- Status of access/HTTP status code
- Data volume transmitted
- Website from which an accessing system reaches our website
These data cannot be referred to certain persons. These data will not be combined with other data sources. We reserve the right to check these data later on, if concrete indications of unlawful use become known to us.
In case you complete a form to receive press releases or our newsletter, for instance, your data entered in the form, inclusive of your contact data indicated there, will be stored by us to send you the information required and to answer additional questions, if necessary. We will not transfer these data to third parties without your approval. For registration, we use the so-called double-opt-in method, which means that your registration will be completed only, if you have confirmed it by clicking the link contained in the confirmation email sent to you for this purpose. If you do not confirm your registration within 48 hours, your registration will be deleted automatically from our database.
For reasons of security and for the protection of the transmission of confidential contents, such as inquiries sent to us as website operator, this website uses SSL encryption. In case of an encrypted connection, the address line of the browser changes from http:// to https:// and the lock symbol is indicated in your browser line.
When SSL encryption is activated, third parties cannot read the data you transmit to us as a rule.
As far as your personal data stored by us are concerned, you have the following rights:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to data processing
- Right to data portability
(2) In addition, you have the right to complain about the processing of your personal data by us with a supervisory authority.
(3) In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).
(4) In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).
In addition to the data mentioned above, cookies are stored on your personal computer when using our website. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of our website) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to our website. Session cookies are deleted when you log out or close the browser.
We use session cookies exclusively. We do not use any persistent cookies or flash cookies.
You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of this website may be limited.
I. Processing of personal data and recipients
The processing of personal data is necessary for the operation of BigBlueButton. According to Article 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any data relating to an identified or identifiable natural person.
When participating in a web conference via BigBlueButton, the video and audio data recorded via the camera and microphone of the end device or the chat content together with the IP address and device/hardware information are transmitted to the KIT servers used for BigBlueButton. The video and audio data as well as the chat content and other shared content are forwarded to the end devices of the recipients. All of the aforementioned data transmissions are transport-encrypted via TLS.
Depending on which functions of BigBlueButton are used, the following processing of personal data may occur:
1. User Data
- KIT account (concerns KIT employees)
- Self-selected name (concerns guests)
2. video, audio and text data
- Video data, if you have enabled the camera of your end device.
- Audio data, if you have enabled the microphone of your end device
- Text data, if the chat, note, drawing, or survey function is used
- Data from shared content
3. meeting metadata
- Duration of the meeting
- Start and end (time) of participation of people
- Name and description of the web conference
- Time of the web conference
- Chat status
- IP addresses of the end devices used for participation as well as other device/hardware information (MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection, etc.)
In any case, video and audio data contain your likeness as well as your voice as personal data within the meaning of Article 4 number 1 of the EU General Data Protection Regulation (GDPR), as the data relate to you as an identified or identifiable natural person. In addition, the content of your posts may allow conclusions to be drawn about your person. IP address and device/hardware information also generally allow conclusions to be drawn about your person and are therefore to be treated as personal data.
4. storage duration
The data provided above will be stored for as long as it is required for the performance of the web conferences and related services. The IP address and device information are stored in the log files of the servers used for up to 14 days for the purpose of troubleshooting.
In addition to the participants of the web conference, the employees of the Steinbuch Centre for Computing (SCC) of KIT who are entrusted with the operation of BigBlueButton have access to the data in order to be able to manage the systems.
In addition to the previously mentioned data, cookies are stored on your computer when you use BigBlueButton. Cookies are small text files that are stored by the browser you are using and through which we (the server of our website) receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective, especially faster. A distinction is made between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
We only use session cookies. We do not use persistent cookies or flash cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of the service may be limited.
The person responsible for data processing within the meaning of the DS-GVO and other data protection regulations is:
Karlsruher Institut für Technologie
Tel.: +49 721 608-0
Fax: +49 721 608-44290
The Karlsruhe Institute of Technology is a public corporation. It is represented by the President Prof. Dr. Holger Hanselka. You can reach our data protection officer at datenschutzbeauftragter∂kit.edu or the postal address with the addition "Die Datenschutzbeauftragte".
III. Legal basis
For KIT employees, the legal basis for the processing of personal data arises from Article 88(1) DS-GVO in conjunction with Section 15(1) of the State Data Protection Act (LDSG), as the data processing is necessary for the performance of the employment relationship if BigBlueButton is used for official purposes.
For students, the legal basis arises from Article 6 (1) subparagraph 1 letter e, (3) subparagraph 1 letter b DS-GVO in conjunction with § 4 LDSG in conjunction with §§ 2, 12 State University Act in conjunction with § 2 (1) and (2) KIT Act, as the data processing is necessary for their participation in university operations.
For guests, the legal basis results from Article 6(1) subparagraph 1 letter e, (3) subparagraph 1 letter b DS-GVO in conjunction with Section 4 LDSG, as the data processing is necessary for the KIT to perform its tasks.
In individual cases, the legal basis may arise from consent pursuant to Article 6(1), first subparagraph, letter a DS-GVO, provided that the above-mentioned legal bases are not relevant.
IV. Your Rights
With regard to the personal data concerning you, you have the following rights vis-à-vis us as well as vis-à-vis Microsoft:
- Right to withdraw your consent with effect for the future, where the processing is based on consent pursuant to Article 6(1), first subparagraph, point (a) of the GDPR (Article 7(3) of the GDPR).
- Right to obtain confirmation as to whether data concerning you are being processed and to obtain information about the data processed, further information about the data processing and copies of the data (Article 15 DS-GVO)
- Right to rectification or completion of inaccurate or incomplete data (Article 16 DS-GVO)
- Right to erasure of data concerning you without delay (Article 17 DS-GVO)
- Right to restriction of processing (Article 18 DS-GVO)
- Right to receive the data in a structured, commonly used and machine-readable format, provided that the processing is based on consent pursuant to Article 6(1), first subparagraph, point (a) or Article 9(2)(a) or on a contract pursuant to Article 6(1), first subparagraph, point (b) and no exception applies (Article 20 DS-GVO)
- The right to object to the future processing of data concerning you, where the data are processed pursuant to Article 6(1)(e) or (f) of the GDPR (Article 21 of the GDPR).
- You also have the right to lodge a complaint with the supervisory authority about the processing of personal data concerning you by Karlsruhe Institute of Technology (KIT) (Article 77 DS-GVO). The supervisory authority within the meaning of Article 51 (1) of the DS-GVO regarding KIT is pursuant to Section 25 (1) of the LDSG:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Postfach 10 29 32