Application overview
Academic Whistleblower System
The Whistleblower Protection Act (HSchG) obliges the university to set up internal reporting channels. The reporting channel is intended to offer whistleblowers the opportunity to report violations in connection with their work activities - also anonymously.
System logging
Purpose
The University of Innsbruck uses the Academic Whistleblower System to process reports in accordance with the Whistleblower Protection Act (HSchG).
Scope of the processing
When using the Academic Whistleblower System, the following personal data is processed
Whistleblower data:
The system enables whistleblowers to communicate with the university's contact persons while remaining completely anonymous. A first and last name and an e-mail address can be provided voluntarily, but these are not checked by the system. It is up to you as the whistleblower to decide what additional information you enter about yourself or third parties in the input fields to describe the grievance or submit as metadata of uploaded documents.
Processor data (portal admins, contact persons, contact persons invited to process individual reports, e.g. lawyers):
- First and last name
- e-mail address
- Your description
- Language
- Scope of rights
- Topic categories assigned to contact persons
- Third parties invited by contact persons to co-edit notices and notices released to them
- Activity log: Date, time, IP addresses, user actions, esp.
- which portal admin added which contact person or added, changed or removed which reporting category or declaration of consent
- which contact person gave feedback to a whistleblower (without specifying the whistleblower and the feedback), changed the processing status of a case (specifying the previous and new status), invited which persons to process, entered which case name or marked which note for deletion (displayed in the form of e.g. e.g. “Anna Abel: Case ‘23.05.2022’ from May 23, 2022, 21:25 in the category Academic Integrity marked for deletion” and after 30 days, if applicable, “Case ‘23.05.2022’ from May 23, 2022, 21:25 in the category Academic Integrity completely deleted”) and
- when notices for which reporting categories have been received in the whistleblower system (displayed in the form of e.g. “Anonymous: New notice in ‘Funding’”).
Please note:
In the Academic Whistleblower System, end-to-end encryption is used so that only the whistleblowers and the responsible contact persons at the Reporting Office at the University of Innsbruck as well as third parties invited by the responsible contact persons to process individual reports can decrypt and read the message and the associated notes and communication.
Legal basis
The basis for data processing is Art. 6 para. 1 lit. c GDPR (legal obligation): The specific legal basis for the processing of personal data is Section 8 HSchG and our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.
In this context, please note the information on the right to object on the main page .
Recipients
No personal data is transferred to third parties.
Storage period
Your personal data will only be stored for as long as is necessary to fulfill the purpose.
Cookies
Purpose
The Academic Whistleblower System uses browser cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. This means that no user tracking takes place. The cookies are necessary for the system to function and for you to be able to use the desired services. The session cookies are used exclusively to ensure that users remain logged in for the duration of the session, to prevent session hijacking, to technically enable the input form, which is distributed across various websites, and for temporary storage when going back and forth in the browser. The cookies are transported in encrypted form other cookies, e.g. cookies from third-party providers, are not used.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of the legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.
In this context, please note the information on the right to object on the main page .
Recipients
No personal data is transmitted to third parties.
Storage duration
The session cookies are automatically deleted at the end of each session. The period during which no input may be made by editors so that their session is automatically terminated (“timeout”) is 3 weeks. Alternatively, sessions can be ended by logging out. When setting up 2-factor authentication, editors can specify that their 2-factor logins remain valid for 30 days regardless of sessions.
Your rights, contact details, data protection officer
You can find more information on the main page .
BigBlueButton
BigBlueButton (an open source software) is a video and web conferencing system that is
used within the University of Innsbruck as an interactive teaching tool. This is operated on the university's own servers. Therefore, no data is transmitted to service providers or third parties.
System Logging
Purpose
BigBlueButton automatically collects and stores information that your browser automatically transmits to us. These are in particular:
- Accessed page and transmitted parameters
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- IP address and host name of the accessing computer
- Connection data, start, duration, participants, organizer, quality information
This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and it allows us to help you if you have questions or problems using the system.
Legal basis
The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which results from the purpose described above. In this context, please note the information on the right to object on the main page .
Recipients
No data is transferred to service providers or third parties.
Storage period
Your personal data will be stored for 30 days.
Cookies
Purpose
The BigBlueButton system uses cookies. The cookies used are so-called "session cookies". They are automatically deleted after the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para 1. f GDPR). The legitimate interest is the technically error-free and optimized provision of services. In this context, please note the information on the right to object on the main page .
Recipients
No data is transmitted to service providers or third parties.
Storage period
The cookies are automatically deleted after the end of the visit to the website.
ConfTool: Software for the organization of conferences
For the organization of events we use the ConfTool system of the software service provider ConfTool GmbH. This is our order processor.
Processed data within ConfTool
Within the initial registration a user account is created. Through the user account you have an overview of the data stored for your registration or of the contributions you have submitted.
In addition, the following further pb data on participants are processed as part of the organizational planning:
- Data for contribution and expert opinion management
- Data in the context of the frontdesk function (participant search (ID), user search, complete list of participants, list of participants who have already arrived, list of participants who have not yet arrived).
If you are registered as a reviewer, we also process personal data that is required for the purposes of review administration, including, for example, your comments on the review, the file creation, upload and download times of the contributions to be evaluated and the current review status.
If you pay by credit card, we also process data for payment processing (in particular surname, first name, credit card data).
Furthermore, we process in particular the following administrative data about the users, which are necessary for the processing of the organization:
- Roles,
- log data,
- Data on the user status
System Logging
Purpose
The ConfTool system automatically collects and stores information that your browser automatically transmits to us in a "server log" and a "ConfTool user log". They are in particular:
- Accessed page and transmitted parameters
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- IP address and host name of the accessing computer
This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and it allows us to help you if you have questions or problems using the system.
Legal basis
The basis for data processing is our legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR), which results from the purpose described above. In this context, please note the information on the right to object on the main page .
Recipient
ConfTool GmbH as order processor.
Storage period
Your pb data will be stored on the web servers of the University of Innsbruck for 4 weeks (concerns the free standard version of ConfTool).
Cookies
Purpose
Cookies used by the ConfTool system are so-called "session cookies". The free standard version offered by the University of Innsbruck sets a technically required "session cookie". They are necessary for the system to work and for you to be able to use the requested services. They are automatically deleted after the end of your visit.
Legal basis
Cookies that are necessary to carry out the electronic communication process or to provide certain functions requested by you are stored on the basis of legitimate interest (Art. 6 para. 1 lit f GDPR). The legitimate interest is the technically error-free and optimized provision of services. In this context, please note the information on the right to object on the main page .
Recipient
ConfTool GmbH as order processor.
Storage period
The cookies are automatically deleted after the end of the visit to the website.
CAS genesisWorld
CAS genesisWorld (CAS for short) is a data, information and communication management system (CRM - Customer Relationship Management) that is used within the University of Innsbruck.
System Logging
Purpose
The University of Innsbruck uses CAS software from CAS Software AG to fulfill its Third Mission
- to set up and manage a uniform, central and up-to-date contact and relationship database (personal contacts, contact data of external organizations),
- for the documentation and professionalization/improvement of activities for ongoing contact and relationship management (written mailings, appointments, telephone calls) and
- for the management of events.
CAS is operated on the university's own servers.
Scope of processing
When using CAS, the following personal data is processed:
User data:
- First name and surname
- password
- User name
- Authorizations
- mail address
- Log data (date, time, IP addresses, user actions)
Legal basis
The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.
In this context, please note the information on the right to object on the main page .
Recipients
No data is transferred to service providers or third parties.
Storage period
Your personal data will only be stored for as long as is necessary to fulfill the purpose.
Cookies
Purpose
The CAS system uses cookies.
The PREVENT_ATOMATIC_WINAUTH and JSESSIONID cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.
The GW-USER, GW-DB, GW-LANGUAGE and GW-AUTOLOGIN cookies are used for the convenience login and are deleted after one month.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.
In this context, please note the information on the right to object on the main page .
Recipients
No data is transferred to service providers or third parties.
Storage duration
Session cookies are automatically deleted at the end of your visit to the website. All others (see above) after one month.
EasyConference
EasyConference is a video chat application that allows you to hold spontaneous meetings in smaller groups. Technically, the system is based on the “Jitsi Meet” software.
System logging
Purpose
EasyConference automatically collects and stores information that your browser automatically transmits to us. These are in particular:
- Accessed page and transmitted parameters
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- IP address and host name of the accessing computer
- Connection data, start, duration, participants, organizers, quality information
This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and allows us to help you if you have questions about or problems using the system.
Legal basis
The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above. In this context, please note the information on the right to object on the main page .
Recipients
No data is transferred to service providers or third parties.
Storage period
Your personal data will be stored for 30 days.
Cookies
Purpose
The EasyConference system uses cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services. In this context, please note the information on the right to object on the main page .
Recipients
No data is transferred to service providers or third parties.
Storage duration
The cookies are automatically deleted at the end of your visit to the website.
Inxmail
Inxmail is a mailing system connected to the CAS system, which is used within the University of Innsbruck to maintain the level of professionalization of contact with graduates of the University of Innsbruck.
System logging
Purpose
Inxmail automatically collects and stores information that your browser automatically transmits to us. These are in particular:
- accessed page and transmitted parameters
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- IP address and host name of the accessing computer
- Connection data, start, duration, participant, organizer, quality information
- Assigned roles in the system
- Assigned spaces in the accounts
Legal basis
The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.
In this context, please note the information on the right to object on the main page .
Recipients
Inxmail GmbH as the processor.
Storage period
Your personal data will be stored in the recycle bin for 30 days after deletion and then permanently deleted. Log files are stored for a maximum of one month.
Cookies
Purpose
No cookies are explicitly set or evaluated in the source code of Inxmail Professional itself. However, the following cookies are set by third-party providers.
web.inxmail.com - JSESSIONID
A special page exists on the Tomcat application server for the web view of mailings. This page can be referenced from mailing to access the web view. On the server side, a session cookie for the domain “web.inxmail.com” with the name “JSESSIONID” is created here. This cookie is automatically deleted at the end of your visit. It is necessary for the system to function and for you to be able to use the desired services.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.
In this context, please note the information on the right to object on the main page .
Recipients
Friendly Captcha GmbH is used by Inxmail as a processor to protect the website and online services from spam and misuse.
Storage duration
The session cookies are automatically deleted after the end of the visit to the website. All others (see above) are deleted after 6 months.
LimeSurvey
LimeSurvey is an online survey tool and is available as a web service at https://umfrage.uibk.ac.at/limesurvey. LimeSurvey allows users to quickly and easily develop questionnaires, efficiently conduct online surveys and manage them.
manage them.
In the following, we will inform you about which personal data is processed by the system when you participate in surveys using LimeSurvey.
There are three levels at which personal data may be processed:
- Responses to the survey (survey data)
- Survey metadata (survey data)
- System data
The different options for each level are described in detail below.
Survey data
Responses
Surveys can request personal data directly. If this is the case, the survey administrator is responsible for providing specific data protection information for the respective survey. The data protection information is intended to inform you as a user of LimeSurvey surveys about the type, scope and purpose of the collection and use of personal data.
Metadata
Survey template
Depending on the configuration, a survey can be linked to the e-mail address of the participants so that it can be seen to which survey they were invited and in which survey they successfully participated.
Survey response
Surveys can be created by the respective administrators in such a way that the participants are linked to the survey response via a token. Tokens can be used to ensure one-time participation and/or to link a person to follow-up surveys or related surveys.
For surveys without tokens, there is no link between participants and the stored data.
If survey tokens are used that are not saved, the association between participants and their responses is discarded after the survey is completed. However, if survey tokens are saved after the survey has been completed, this association is retained.
Linking participants with survey responses via a token
Without link | Temporary Link | Permanet link | |
During/before Completion of the Survey |
No storage | Link between participants and survey participans and answers |
Link between particiapants and survey participants and answers |
After completion of the survey |
No storage | No link between participants and answers |
Link between participants and survey participants and answers |
The survey administrator is responsible for informing participants which of the above cases applies of the above cases applies.
System data
Purpose
LimeSurvey automatically processes the following information in particular at system level:
- Date and time of the server request
- IP address
- Operating system used
- browser identification
- referrer URL
- Survey accessed
- Cookies
The LimeSurvey system uses so-called “session cookies”. These are necessary for the system works and the desired service can be used.
Legal basis
The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which results from the purpose described above.
The use of cookies, which are required to carry out the electronic communication process, are stored on the basis of the legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.
In this context, please note the information on the right to object on the main page .
Recipients
The LimeSurvey system does not transmit any data to service providers or third parties. In the event that the answers contain personal data and these are passed on to third parties, the survey administrator of the respective survey is responsible for indicating this in the survey-specific data protection information.
Storage duration
LimeSurvey uses temporary session cookies that are not stored on the survey participant's computer, but only exist in memory until the browser is closed. The cookie is transferred to the server with every click. The cookie on the server is stored together with the participants' previous answers. As soon as the survey is completed or 3 days of inactivity have elapsed, this server-side cookie memory is removed. At the end of the survey, the answers are saved as described under Survey data.
The remaining data is anonymized after one day.
Mastodon
Purpose
The University of Innsbruck uses the open, non-commercial microblogging service Mastodon as part of its public relations work and operates its own data protection-friendly instance in its decentralized architecture. The University of Innsbruck and individual organizational units of the University maintain accounts on this instance.
Legal basis
The legal basis for this is our legitimate interest (§ 165 para. 3 TKG 2021, Art 6 para. 1 lit. f GDPR), which consists of ensuring the operation of the Mastodon instance and individual profiles on this server, carrying out an error and availability analysis and defending against attacks.
In this context, please note the information on the right to object on the main page .
Processing of data
An encrypted connection to the server on which the instance is operated is established when accessing, registering and using the instance's services. The following data may be processed:
- Date and time of access
- browser type
- Operating system used
- IP address
- Address of the subpage accessed
When registering an account, basic account information is also processed, such as user name, e-mail address and password. Additional profile information such as display name or biography as well as profile or header image can also be stored. User name, display name, biography, profile picture and header picture are displayed publicly.
People who follow the account are displayed publicly. When you send a message, the date and time are also saved together with the information about which application you used to send it. Such messages may contain media attachments such as images and videos.
Direct posts (“direct messages”) are not end-to-end encrypted and can therefore always be viewed by the administrators of our instance and the recipient instance. Sensitive information should therefore not be exchanged via direct messages.
All interactions with the account (sharing, boosting or quoting posts) are displayed publicly.
The Mastodon instance of the University of Innsbruck uses cookies for its functionality. These are small text files that are temporarily stored on your computer. This makes it possible, for example, for registered users to navigate to different subpages of the instance without having to log in again each time. None of the cookies used serve to analyze and/or track the usage behavior of the data subjects. All cookies used are exclusively so-called session cookies that are deleted at the latest when the browser is closed.
Recipients
No personal data is transmitted to other IT service providers.
Storage period
The data is only stored for a maximum of 32 days, unless there is a legal obligation to retain it for longer. At the same time, data may be stored for longer if this is necessary to investigate attacks or technical problems detected on our website.
Transfer to a third country
Data is not transferred to a third country. The Mastodon instance is hosted on the servers of the University of Innsbruck.
OpenOlat
Purpose
The University of Innsbruck operates a web-based learning platform (also known as a learning management system, LMS for short) with OpenOlat. OpenOlat is open source and has been used at the University of Innsbruck since 2010.
OpenOlat is primarily used at the university to supplement and virtually accompany face-to-face courses and is used to provide learning content and organize learning activities. As a rule, there is one course area per course and semester in the LMS, but courses can also be created and offered for projects, working groups or other purposes.
Lecturers can log in with their user ID and create courses themselves in the learning management system or fill out the online form on the eCampus portal.
Staff in the secretariats or student assistants acting on behalf of course instructors can also request courses via the online form.
Students can log in with their user ID and use approved courses, learning resources, groups and other tools.
In addition, OpenOlat automatically collects and stores information to improve the security and usability of the system and to allow us to help you if you have questions about or problems using the system.
In particular, the following personal data is processed for the purposes described:
Core Data |
|
taken from central systems - VIS and UVW, or from Shibboleth IDP of the institution of origin as far as possible:
|
Optional input / correction / approval by the user:
|
Other data generated by the use of the application: |
|
|
|
Legal basis
Art. 6 para. 1 lit. e GDPR, § 53 UG, §§ 60ff UG and §§ 3 and 9 BiDokG serve as the legal basis for the processing of personal data in the context of teaching and examination administration. The processing is necessary for the performance of a task carried out in the public interest and assigned to us by the legislator.
For the processing of personal data in the context of the technical operation of OpenOlat, Art. 6 para. 1 lit. e GDPR also applies. The processing is necessary to improve the security and usability of the system.
In this context, please note the information on the right to object on the main page .
Data from or with external university systems (e.g. via LTI) is merged on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time by contacting the course management. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Neither the non-provision nor the withdrawal of consent has any negative consequences for you.
Recipients
No data will be transmitted to third parties.
Storage period
The storage period of personal data depends on the status of the university user account. In this context, please also note the data protection information for students.
The log files are stored for 180 days.
Cookies
Purpose
The OpenOlat learning management system uses cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.
Legal basis
The use of cookies, which are necessary to carry out the electronic communication process, is stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.
In this context, please nnote the information on the right to object on the main page .
Recipients
No data is transferred to third parties.
Storage duration
The cookies are automatically deleted at the end of your visit to the website.