Universität Bonn

University IT and Data Center

DATA PROTECTION
© HRZ

Data protection information for users of the Uni Bonn app

The general data protection information of the University of Bonn can be found at: https://www.uni-bonn.de/en/datenschutzerklaerung

Below, we provide information about the specific processing of personal data when using the “Uni Bonn App.”

I. Name and Address of the Data Controller

The data controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) is:

University of Bonn
Regina-Pacis-Weg 3
Germany
Phone: +49 228 73 0
E-mail: kommunikation@uni-bonn.de
Website: https://www.uni-bonn.de

II. Contact details of the data protection officer

datenschutz@uni-bonn.de

Rheinische Friedrich-Wilhelms-Universität Bonn
Adenauerallee 72-74 
53115 Bonn

Phone:  +49 228 73 4096

III. Subject of the processing

This privacy policy provides information about the nature, scope, and purpose of the processing of personal data when using the “Uni Bonn App.”

The app provides convenient access to target group-specific information and IT services of the University of Bonn, with the primary purpose of supporting teaching and studying. The app can be installed and used on mobile devices running the Android or iOS operating systems. Use of the app is voluntary and not strictly required for studying or fulfilling official duties.

When the app is installed on the user’s personal device, authentication with the relevant app store is carried out via the user’s Apple ID or Google account.

When you download the app from an app store (Apple App Store or Google Play Store), certain information is processed by the respective platform operator. We have no control over this data processing. Further information on this can be found in the privacy policies of the respective providers: Apple: (https://support.apple.com/de-li/HT210584) and Google (https://policies.google.com/?hl=de). 

IV. Data collection

1. Categories of personal data

Depending on the category of person, the following identification data is collected and processed:

Students, employees, visiting researchers

  • Uni-ID
  • Universe token

Library users

  • ULB-ID
  • Universe token

All users (who have enabled push notifications)

  • FCM token

The Uni-ID or ULB-ID is only collected when linking accounts.

The Universe token (unique digital identifier) is generated on the server side during the account linking process and stored on the backend system and the end device.

The FCM token (unique digital identifier) is generated on the end device when the push notification feature is activated and is stored on the backend system, the end device and in Google Firebase.

2. Data from university IT systems

Most personal data is not collected directly by the app, but is imported from the university’s existing IT systems. This data is collected and maintained by the relevant departments (e.g. the Student Office, Identity Management).

V. Data processing

When using the app, technically necessary connection data is processed. This includes, in particular:

  • IP Address
  • Time of access
  • Technical information about the device
  • Operating system version
  • Functions called by the app

This data is processed to ensure the functionality and security of the systems.

Depending on the group of people, the following data in particular is processed:

Students

  • First name(s), surname
  • Date of birth
  • Student registration number
  • Expiry date of student ID card
  • Expiry date of semester ticket
  • Degree programme(s)
  • Intended degree
  • Semester
  • Personal ID in the campus management system
  • Uni-ID
  • Status and type of Uni-ID
  • QR code of the semester ticket

Employees

  • First name(s), surname
  • Academic title
  • Date of birth
  • Job designation
  • Affiliation
  • Uni-ID
  • Status and type of Uni-ID

Visiting researcher

  • First name(s), surname
  • Academic title
  • Date of birth
  • Host institution
  • Expiry date of the visiting researcher ID
  • Uni-ID
  • Status and type of Uni-ID

Library user

  • First name(s), surname
  • Library card expiry date
  • ULB ID
  • ULB ID status

All users

  • Universe token, if at least one account is linked
  • FCM token, if push notifications are enabled

VI. Purposes of processing

Data is processed for the following purposes:

  • Linking the app to a valid Uni-ID or ULB-ID
  • Authentication with the backend system
  • Validation and renewal of the account link
  • Provision of digital ID cards
  • Generation and display of digital ID cards
  • Provision of the semester ticket (including QR code)
  • Sending of push notifications (if enabled)
  • Ensuring the technical operation of the app

VII. Legal basis

The processing is carried out on the basis of:

  • Article 6(1)(e) of the GDPR in conjunction with the relevant provisions of the Higher Education Act of North Rhine-Westphalia (HG NRW) and Section 18 of the Data Protection Act of North Rhine-Westphalia (DSG NRW), insofar as the processing is necessary for the University of Bonn to perform its tasks in the areas of study, teaching and university services.
  • Article 6(1)(a) of the GDPR (consent), insofar as push notifications are activated. Consent may be withdrawn at any time by deactivating the push function in the app settings.

VIII. Recipients of the data

The data is processed within the university in the relevant IT systems.

When push notifications are enabled, the FCM token is transmitted to Google’s ‘Firebase Cloud Messaging’ service. The processing is carried out by Google as a data processor within the framework of Firebase Cloud Messaging. To this end, we have entered into a data processing agreement with Google in accordance with Article 28 of the GDPR.

A transfer to third countries (e.g. the USA) cannot be ruled out. However, Google guarantees an adequate level of data protection through appropriate safeguards (e.g. EU Standard Contractual Clauses).

IX. Data retention period

Uni-ID
Retention in the backend system:

  • as long as an active account link exists or the Uni-ID is valid
  • deletion generally takes place once the link is removed or the ID becomes invalid

ULB-ID

  • In the app: until the link expires or is removed, or until the app is uninstalled
  • In the backend: for as long as the link exists or the ID is valid

ID details

  • Student, employee, visiting researcher and library cards: for as long as the relevant link remains active
  • Semester ticket: for as long as the app is installed, or until the app is reset

Universe token

  • as long as there is at least one valid account link

FCM token

  • as long as push notifications are enabled

X. Data security

Appropriate technical and organisational measures are taken to protect personal data against loss, tampering and unauthorised access. Communication between the app and the backend is encrypted.

XI. Your rights

1.  You have the following rights in relation to your personal data:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

2. You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia

Kavalleriestr. 2-4
40213 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

XII. Miscellaneous

For the sake of readability, this document does not use gender-specific language; instead, it uses terms that apply to all genders. All references to people are intended to apply to all genders.