Skype for Business (S4B) is used for video and telephone conferences. Log files are created while the software is used and these are analyzed by authorized personnel in order to monitor the quality of service and in the event of a security incident. The log files contain information on when content has been accessed, which S4B client was used, how much data was transferred at this point, and whether access was successful. As a rule, this data will not be passed on to third parties except when required by law or for the prosecution of a criminal offense.
1. Controller (data protection)
Johannes Gutenberg University Mainz phone: +49 6131 39-0
Represented by the president e-mail: praesident@uni-mainz.de
Univ.-Prof. Dr. Georg Krausch
Saarstr. 21
55122 Mainz
2. Contact person data protection
Data protection officer phone: +49 6131 39-22109
Johannes Gutenberg University Mainz e-mail: datenschutz@uni-mainz.de
Saarstr. 21
55122 Mainz
3. Security
3.1. Location of storage and data transmission
The data is saved to servers in data centers on the JGU campus, which are located at several sites with high availability and a fail-safe design. Access is only possible for authorized persons, who are employees of JGU’s Data Center.
All transmissions (including audio and video) between S4B clients and JGU servers take place over encrypted connections.
3.2 Recording Conferences
Only clients of the organizers or participants can record conferences. All participants will be notified by the client if someone begins a recording.
Recordings are stored unencrypted on the terminal device of the person responsible for making them. They are only saved to JGU servers indirectly if the responsible person transfers them to the servers.
4. Purpose and legal basis of data processing
The data is needed to carry out video and telephone calls. The legality for this is based on the performance of tasks carried out in the public interest according to Art. 6 para. 1 lit. e) GDPR in conjunction with Section 2 of the HochSchG.
When conducting video and telephone conferences, the following data is collected:
- beginning and end of each person’s participation
- account or telephone number of the organizer
- accounts and telephone numbers of the participants
- client type and version
- operating system and performance data of the terminal device (OS version, CPU type, frequency)
- network (IP address, Mac address, type of connection (Wi-Fi/ Ethernet), VPN active, statistical data about quality of network connectivity during the conference)
- audio/ video (type of device and quality of the input signals)
5. Duration of storage
All log files will be automatically deleted after 90 days.
6. Rights
Every person affected by data processing has the following rights:
- Right of access regarding the personal information stored relevant to them and its processing according to Art. 15 GDPR
- Right to rectification, if data concerning them is wrong or incomplete, according to Art. 16 GDPR
- Right to erasure, if one of the requirements according to Art. 17 GDPR is met
- Right to restriction of processing, if one of the requirements according to Art. 18 GDPR is met
- Right to object to future processing of their personal data, according to Art. 21 GDPR
- Right to lodge a complaint with a supervisory authority according to Art, 13 subsection 2 lit. 1 GDPR, if the affected person is convinced their personal data was processed unlawfully.
State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
Hintere Bleiche 34
55116 Mainz
Phone: +49 6131 8920 0
Fax: +49 6131 8920 299
E-Mail: poststelle@datenschutz.rlp.de