The English version of this text is intended to assist the reader’s understanding, but is not legally binding. The official German version takes precedence in all matters.
Information according to Articles 13 and 14 General Data Protection Regulation (GDPR)
The University of Stuttgart uses the Webex conferencing and collaboration solutions from Cisco Systems (in short: Webex services) to conduct web and video conferences. In the following, we would like to inform you about the processing of personal data in connection with the use of these services.
Webex services are
- the video conferencing platform Webex Meetings (with the special forms Webex Training, Support and Events) and
- the collaboration platform Webex (formerly Teams).
- Responsible in the data protection sense of Article 4 No. 7 GDPR
University of Stuttgart
Keplerstrasse 7
70174 Stuttgart
Tel: +49 711 685-0
E-mail - Data Protection Officer
University of Stuttgart
Data Protection Officer
Breitscheidstr. 2
70174 Stuttgart
Tel: +49 711 685-83687
Fax: +49 711 685-83688
E-mail - Technical contact
University of Stuttgart
IZUS/TIK - Webex Support
Allmandring 30a
70569 Stuttgart
Tel: +49 711 685-88000
E-mail -
Purposes of processing
The University of Stuttgart offers Cisco's Webex services for use by its members, affiliates, and external users to enable meetings, committee meetings, and events in online format for the fulfillment of its duties under the State University Act (LHG) for the purposes of teaching, science, and self-government, among others.Videoconferencing and other forms of online collaboration are prerequisites, especially during the Corona/COVID-19 pandemic, to replace university face-to-face meetings and events. Meetings such as lectures, oral exams, committee meetings, and in-service meetings are essential in the orderly operation of the university to fulfill its university-legal responsibilities. Webex-supported communication serves as a substitute for this purpose
-
Legal bases of the processing
To fulfill the tasks of the university, we process your personal data on the basis of- Art. 6 para. 1 lit. e in conjunction with Art. 6 para. 3 GDPR in conjunction with
-
- § 12 para. 1 LHG in conjunction with § 2 para. 1 LHG or, in the case of employees, § 15 para. 1 State Data Protection Act (LDSG),
- § 12 para. 2 LHG or, in the case of employees, § 15 para. 2 LDSG, insofar as special categories of personal data (as defined in Art. 9 GDPR) are processed,
- § 10 a LHG, insofar as the processing consists of image and sound transmissions of meetings of the organs and bodies of the university,
- § 32 a LHG in conjunction with the respective examination regulations, insofar as the processing takes place in the context of an online examination;
- Art. 6 (1) lit. a GDPR (consent) or, if special categories of personal data are processed, Art. 9 (2) lit. a GDPR (consent) in the case of
- records or
- voluntary disclosures of optional data.
-
- Art. 6 para. 1 lit. e in conjunction with Art. 6 para. 3 GDPR in conjunction with
- Categories of personal data / details of personal data processed
- Participation in video conferences without Webex account
If you use Webex services for video conferencing without using a Webex account, you will be asked for a name and optionally an email address when you log in. Your entries are visible to other participants and the host person during a video conference. However, you can also participate under a pseudonym and leave the e-mail address field blank.In the case of telephone dial-in, other participants can recognize that you are participating by telephone, but will not see your telephone number. - Participate in video conferences or use Webex (formerly Teams) with Webex account
If you participate using a Webex account, the name and email address you provide will be visible to other participants and the hosting person. - Visibility in the search function
A host person can search for people by personal rooms or when scheduling a meeting or creating a group at Webex (formerly Teams). After entering two characters, a list of up to 10 registered or previously invited people will be displayed where this string appears either in the name or in the email address. Your name and email address can become visible this way to people with Webex account. - Audio and video
During a video conference, you can be visible and audible to the other participants if your microphone and camera are activated. You can tell if this is the case by the icons or the labeling of the corresponding buttons. The default settings for the respective video conference may differ. You will also see whether a recording is running. - Reports
For each videoconference, reports are automatically generated that contain information about the participants (name, e-mail address, start and end of participation as well as participation duration; in case of participation via an existing Webex account, the further data stored in the profile; in case of participation by telephone, the dial-in number dialed by the participating person is displayed). These reports are only visible to the host person of the respective video conference. - Other data processed by the system
The following additional data is processed by Cisco when using the Webex services. The English terms used by Cisco in their "Privacy Data Sheets" are given in brackets:
- Webex Meetings (also applies to Webex Training, Support and Events)
- User Information
- Name, e-mail address, browser, unique user ID (UUID)
- optional: phone number, postal address, profile picture
- Host and Usage Information
- Name, e-mail address of all participants
- IP address, user agent identifier, IP addresses along the network path (this refers to the IP addresses of the components through which the videoconference is established, in particular the nodes through which the participants are connected), geographic region, client version, service version
- hardware type, operating system type and version, screen resolution, joining method
- Meeting information (host name, meeting ID number, meeting page URL, date and time, title, frequency, meeting duration and attendance time per participant, number, quality, network activity and network connectivity, actions, method of joining)
- Number of meetings, number of participants, number of screen sharing and non-screen sharing meetings - related to host person
- Performance, troubleshooting and diagnostic information, actions taken
Call information (email address, IP address, username, phone number, room device)
- User-Generated Information
- Meeting recordings
- Uploaded files (only for Webex Events and Training)
- User Information
- Webex (formerly Teams)
- User Information
- Display name, email address, name, unique user identifier (UUID), company name, organization ID.
- optional: profile picture
- Host and Usage Information
- Device name, geolocation, IP address, user agent identifier, operating system type and version, client version, IP addresses along the network path (this refers to the IP addresses of the components through which the videoconference is established, especially the nodes through which the participants are connected), MAC address, time zone, domain name, activity logs.
- User-Generated Information
- Room activity (date, time, person and activity), messages (content, sender, recipient, date, time and read receipts), shared content (files, file names, sizes and types), whiteboard content.
- Meeting and call information (title, invitation content, participants, link, date, time, duration, and quality ratings), attendance (user status)
- Meeting records
- User Information
- Technical support
If the Webex support of IZUS/TIK would like to involve the technical support of Cisco (Technical Assistance Center, TAC) for the clarification and elimination of a malfunction and has to transmit further personal data to Cisco for this purpose, the technical support of IZUS/TIK will inform you individually in advance and ask for your cooperation.
- Webex Meetings (also applies to Webex Training, Support and Events)
- Participation in video conferences without Webex account
- Recipient categories
- The purpose of the Webex services is to share information with other participants. Accordingly, the respective participants can receive the data required for this purpose (e.g. name of the participants and the host person, meeting URL) and the shared content.
- When using the Webex services - if activated - sound and images of you as well as the chat with user name and, if applicable, your shared content are received by the other participants of the respective video conference or collaboration.
- The host person of a video conference can generate reports after its conclusion, which contain information about the participants (name, e-mail address, start and end of participation as well as participation duration; in case of participation via an existing Webex account, the further data stored in the profile; joining from external/internal).
For configuration, support and analysis purposes, the IZUS/TIK Webex admins have access to account information and host and usage information, but not to user-generated information. An IZUS/TIK Webex support person may be granted rights to access User Generated Information ("compliance designee"). This is provided for when there are indications of a compliance breach or a request for information is being processed under Article 15 of the GDPR. - Cisco (see following item) may have read access to account information and host and usage information for support and analysis purposes as requested by the University.
- All data is processed by Cisco Systems, Inc. with registered office at 170 West Tasman Drive, San Jose, California 95134, USA as a processor. The processor uses subcontractors for the processing.
These can be found for Webex Meetings (with the special forms) in the "Privacy Data Sheet" for "Cisco Webex Meetings" under item 8 (https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf). The subcontractors used for the Webex collaboration platform (formerly Teams) can be found in the "Privacy Data Sheet" for "Cisco Webex app & Webex Messaging" under point 8 (https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-app-and-messaging-privacy-data-sheet.pdf).
- Duration of storage and deletion
For information on the duration of storage and deletion of account information, user-generated information, and host and usage information for Webex Meetings (including the special forms), please refer to the "Privacy Data Sheet" for "Cisco Webex Meetings" under section 6 (https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf). Item 8 also contains information about the retention period for subcontractors.
User-generated information in areas of the collaboration platform Webex (formerly Teams) is stored for up to 360 days if the area was created by a person with a Webex account at the University of Stuttgart. Please refer to the "Privacy Data Sheet" for "Cisco Webex app & Webex Messaging" under section 6 (https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-app-and-messaging-privacy-data-sheet.pdf) for details on the duration of storage and deletion of account information, user-generated information, and host and usage information for the Webex (formerly Teams) collaboration platform.
Webex account information will be deleted in any case as soon as the university SIAM account (ac, st, gs account) is deleted, with the exception of name and UUID. Cisco deletes these at the latest 7 years after the end of the order processing. - Rights of the data subjects
In terms of the GDPR, you have the following rights as a data subject:- Right to information (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR), if and to the extent that the processing is based on your consent
If the use of Webex services is based on your consent, you have the right to revoke your consent at any time. However, the revocation will only take effect in the future. The processing based on the consent up to the time of the revocation therefore remains lawful. If you wish to exercise your rights, please contact the data protection officer of the University of Stuttgart or the Webex support of IZUS/TIK. You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR) if you believe that the processing of personal data concerning you violates the law. The supervisory authority in Baden-Württemberg is
Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
https://www.baden-wuerttemberg.datenschutz.de - Validity of this information
We reserve the right to adapt the content of this data protection declaration at any time. This is usually done in the event of further development or adaptation of the services used. You can always view the current privacy policy on our website.
Status of this declaration: 07/20/2021 -
Further Information
This and further data protection information of the University of Stuttgart can be found at
https://www.uni-stuttgart.de/en/privacy-notice/.
Information about your right to object according to Article 21 para. 1 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is carried out on the basis of Article 6 Paragraph 1 Letter e GDPR (data processing in the public interest).