What is the purpose of the data processing?
“Matrix” is an open, decentralized communication service for real-time communication. In compliance with the relevant legal and statutory provisions on data protection and IT security, members and affiliates of the TU Dresden are enabled to communicate with members of this and other universities and other Matrix users (e.g. academic partners) via chat and audio/video telephony using their ZIH login. The aim of using groupware systems is to ensure and simplify organizational measures for the joint work of users, groups of people, teams and committees as well as communication management. Personal data is processed exclusively for the above-mentioned purposes.
Who is responsible for data processing and to whom can turn the affected person?
Responsible in the sense of Art. 4 No. 7 GDPR is the TU Dresden.
Contact person:
Technische Universität Dresden
Center for Information Services and High Performance Computing (ZIH)
01062 Dresden
Tel.: +49 351 463-40000
Fax: +49 351 463-42328
Email: servicedesk@tu-dresden.de
and
The data protection officer of the TU Dresden
Herr Jens Syckor
01062 Dresden
Tel.: +49 (0)351 463 32839
Fax: +49 (0)351 463 39718
E-Mail: informationssicherheit@tu-dresden.de
Which personal data are processed?
The processing includes the following personal data:
access management: first & last name(s), mail address, Matrix-ID (localpart of mail address), display name
authentication: username and password
user content: all data that the user enters into the system (end-to-end encryption possible)
device identification: IP addresses with time stamp and device name; type of device used (mobile / desktop), operating system
server log: IP addresses with timestamp
audio/video telephony: IP addresses, AV data
notifications (mail)
The profile data (display name, email, photo) as well as the Matrix ID are visible to external parties through participation in the global Matrix network via the contact search.
On what legal basis is the processing of personal data carried out?
The legal basis for data processing for the above purposes is Art. 6 Abs. 1 UAbs. 1 lit. a GDPR (consent).
How long will the personal data be stored?
In accordance with § 15 (4) of the IT Regulations of the TU Dresden, personal data relating to the use of the service will be deleted no later than 15 months after the person concerned leaves the service or upon revocation.
The user contents according to 3. can be deleted by the users themselves at any time, an automated deletion is not possible on the part of ZIH.
What rights are the persons concerned basically entitled to?
Right to information (Art. 15 GDPR)
The parties concerned have the right to obtain information at any time about the and the possible recipients of this data. to be able to request data.
Right to correction, deletion and restriction (Art. 16 - 18 GDPR)
The persons concerned can inform the TU Dresden about the Correction, deletion of your personal data or the to demand restriction of the processing.
Right to data transferability (Art. 20 GDPR)
The persons concerned can demand that the person responsible give them their personal data is transmitted in machine-readable format.
Right of appeal (Art. 77 GDPR)
Affected persons can contact the competent supervisory authority at any time for data protection. The competent supervisory authority is:
Sächsische Datenschutzbeauftragte
Frau Dr. Juliane Hundert
Devrientstraße 5
01067 Dresden
Tel.: +49(0)351/85471 101
Fax: + 49(0)351/85471 109
Email: saechsdsb@slt.sachsen.de