Why and how does the University process your data?

Friedolin is the campus management system of Friedrich Schiller University. Friedolin covers the entire 'Student Life Cycle' and the data processing required for this. Specifically, personal data is processed for the following purposes:

• Application
• Admission
• Enrolment
• Student management
• Event management
• Examination management

The legal basis for processing is Art. 6 para. 1 lit. e) GDPR in conjunction with §§ 5, 11 ThürHG, § 6 ThürHDatVO. Accordingly, the processing is lawful if it is necessary for the fulfilment of the tasks of the universities described in the ThürHG. According to the Thuringian Higher Education Act, Friedrich Schiller University has the task of carrying out application procedures, admissions and enrolment as well as managing student, event and examination data.

Friedolin is used by university administration staff, students and guests. The software is provided by Hochschul Informations System eG (HIS). All personal data remains on the servers of Friedrich Schiller University; personal data is only disclosed to HIS for support purposes.

The storage period for the personal data processed in Friedolin is determined by the relevant statutory appeal periods in the case of legally binding decisions by Friedrich Schiller University. Otherwise, the retention periods are determined by the study and examination regulations and the general regulations on the retention of documents in the Thuringian administration.

The Jira Service Desk is the central ticket system of the Friedrich Schiller University. The Jira Service Desk is used for the processing of IT support by the University Computer Centre as well as for the processing of enquiries to the examination offices and other institutions of the Friedrich Schiller University regarding student matters or for the mapping of administrative processes. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, which you declare by sending the respective enquiry. You can revoke your consent at any time with effect for the future.

The Jira Service Desk is used by members and affiliates of Friedrich Schiller University. The software is provided by the University Computer Centre. All personal data remains on the servers of Friedrich Schiller University.

The storage period for the personal data processed in the Jira Service Desk depends on the content of the respective enquiry: IT support enquiries are stored until the respective ticket has been fully processed, and possibly beyond this period for quality assurance purposes. For enquiries about student or administrative matters, the storage period depends on the business process concerned. The personal data will be anonymised no later than two years after the end of the university relationship or after the self-registration of persons outside the university.

Moodle.Uni-Jena.de is the Friedrich Schiller University's e-learning platform for the digital exchange of and about teaching content. The Friedrich Schiller University uses Moodle.Uni-Jena.de for the purposes of digital teaching. This means in detail:

• Posting teaching content (lectures and supplementary materials)
• Posting and editing assignments
• Checking learning progress
• Registering for courses
• Communicating about teaching content (forum, message function)
• Conducting and analysing votes

The legal basis for processing is Art. 6 para. 1 lit. e) GDPR: According to this, processing is lawful if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. According to the Thuringian Higher Education Act, Friedrich Schiller University has the task of teaching, among other things. This statutory task, which is in the public interest, is in turn concretised by the examination regulations.

Moodle.Uni-Jena.de is used by academic staff, students and guests. All personal data remain in the basic functionalities on the servers of Friedrich Schiller University; the respective system descriptions apply to the plugins used.

Canto is a browser-based solution for managing digital assets. University employees can use the image database to access approved image material from the Friedrich Schiller University Jena. Access via the browser is connected to the LDAP of the URZ - university employees can log in with the URZ login via SSO and view the image database. The legal basis here is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. No personal data is processed when using the image database.

Mahara is an e-portfolio platform and a personal, user-centred learning environment that enables students to document, reflect on and present learning processes in portfolios. Mahara is also a networking platform. The University of Jena uses Mahara for the following purposes:

• Supporting the networking of users and the self-determined formation of learning groups through the visible user and group list and the possibility to create and maintain self-organised groups.
• Promotion of professional and informal exchange, especially between students in groups (forum, message function, joint file management and joint editing of group portfolios).
• Didactic use of e-portfolios in teaching for reflection, documentation and presentation of learning progress by creating artefacts and compiling them in portfolios that can be shared with different people or groups of people in a self-determined way.

Mahara thus complements the course-centred learning platform Moodle with the portfolio and networking function.

The legal basis for processing is Art. 6 para. 1 lit. e) GDPR: According to this, processing is lawful if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. According to the Thuringian Higher Education Act, Friedrich Schiller University has the task of teaching, among other things. This statutory task, which is in the public interest, is in turn concretised by the examination regulations.

Mahara is used by academic staff, students and guests and is linked to a valid URZ account. When logging in for the first time, the name, user name and e-mail address are transferred to Mahara. All personal data remains in the basic functionalities on the servers of the Friedrich Schiller University; the respective system descriptions apply to the plugins used.

Accessing a website works something like this: The browser of a user's end device, e.g. FirefoxExternal link (probably the most data protection-friendly browser currently available) sends the address entered (e.g. www.uni-jena.de) as an "http client" as an "http request" to the provider's computer, e.g. Deutsche Telekom, O2-Telefonica, the so-called "http server" on which the website is stored. In the case of the Friedrich Schiller University network, the http request is not sent to external parties, as the servers are provided by the university computer centre. The http server then sends the website or the individual files that make up the website (e.g. layout, texts, images) to the http client. When an http request is sent, the IP address of an end device is also sent to the http server. The purpose of the data processing is to display the website. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR: This states that processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests of the data subject. The legitimate interest of Friedrich Schiller University is to be able to display the website to individuals. As can be seen from your http request, the person in question is pursuing the same interest.

In addition to the mere display of the web pages, the following further processing operations are carried out on the Friedrich Schiller University website.

On its web pages, the University uses the web analysis tool Matomo (formerly known as Piwik). Matomo is an open-access project meaning that it is not a commercial provider , but an open developer community offering this technology. Matomo is stored on and hosted by the University’s servers. While visiting our web pages, you hence do not call up any external servers. In comparison to the market leader Google Analytics, this already shows that Matomo is considerably user-friendlier in terms of data protection.

How does Matomo work?

When calling up the University’s web pages, your browser stores a “Matomo/Piwik cookie” so that your browser may be identifiable. Matomo’s software is able to track the HTTP requests of each browser. As a result, it is possible to identify which web pages you visited, for how long, and what other actions you might have done on the web pages.

Essentially, your complete IP address is only stored for a while within log files. While scanning these log files, the IP address is shortened by the last two digits so that users may not be identified anymore.

Why do we use Matomo?

Sometimes, online editors need to see which offers are considered good or which web pages our users read. This information help them optimize their offers to increase the number of visitors. At the same time, this is the legitimate interest of the University in accordance with section 6 subsection 1(f) of GDPR.

Another important information: according to the GDPR principle that any interests which may override the interests of the person (hypothetically), the person has the right to object to data processing due to specific personal situation. If you do not want us to track your behaviour while visiting our web pages, you can switch off the tracking option below. By doing so, you exercise your right to object without any additional examination of the specific personal situation.

You will find various options on our website for contacting us electronically by e-mail. When you send us an e-mail, we process not only your e-mail address but also the actual content of the e-mail and the metadata specified by the mail server, such as the time the e-mail was sent. The purpose of this data processing is to be able to contact you and receive information from you.

For students, the legal basis is Art. 6 para. 1 lit. e) GDPR in conjunction with the Thuringian Higher Education Act in conjunction with the respective study regulations (students). For employees, the legal basis is Art. 6 para. 1 lit. b), § 26 para. 1 BDSG. If you are not one of the aforementioned members and members of the FSU, the legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. This is because you yourself decide whether or not to send us an email. You can withdraw your consent at any time. The processing carried out on the basis of your consent until revocation remains lawful.

Videos are integrated on some of our websites to present our activities in a clear and appealing way. As local hosting of videos is not efficient enough, we use the option of external video providers such as YouTube, a Google service. By integrating the videos, the Google servers are called up for technical reasons. For the associated use of data from your browser or end device, we must refer you to Google's privacy policyExternal link.

We integrate YouTube in so-called two-click mode. This means that Google's server is only called up once you have activated the corresponding button by clicking on it. If the video is integrated on the corresponding page in this way, the legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you implicitly declare by clicking on the button. The revocation does not affect the legality of the data processing until the revocation.

On some websites, you will be asked to enter personal data in input or form fields. This gives our editors the opportunity to process registrations for events online, for example. You can be sure that the purpose of data processing is observed in this context because the forms are checked by the data protection officer before they are posted on the websites.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you implicitly declare by clicking the send button. You can revoke your consent at any time, whereby this does not affect the legality of the data processing until your revocation.

Some of our websites contain the function to enter comments on certain contributions and to upload files to our servers. This allows scientific repositories, for example, to benefit from the knowledge of the community and enter into an exchange with it. Please note that you may not enter any comments or material that violates the copyright and/or personal rights of third parties. Friedrich Schiller University accepts no liability for uploaded content unless it has been informed of legal violations.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you declare by uploading the content and which you can revoke at any time without affecting the legality of the processing until revocation.

Some institutes and organisations offer a newsletter subscription service. The newsletter informs you about activities and news from the respective department. The legal basis for data processing here is also your informed consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you can revoke at any time by unsubscribing from the newsletter.

The revocation does not affect the legality of the data processing until the revocation.

Google's ReCAPTCHA is integrated on some pages. ReCAPTCHA prevents so-called bots from automatically navigating websites and possibly carrying out other undesirable activities, such as uploading content. By integrating the service, Google's servers are called up for technical reasons. For the associated use of data from your browser or end device, we must refer you to Google's privacy policyExternal link.

The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in the use of ReCAPTCHA is to increase data security on our websites.

A live chat service is offered on some pages. You can use this to make direct contact with staff from institutions such as the Central Student Advisory Service. This service is hosted and operated by Friedrich Schiller University.

If you use the live chat service, we will process the data you provide for the purpose of responding to your enquiry and providing you with the best possible assistance.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you can revoke at any time by cancelling the live chat. The revocation does not affect the legality of the data processing until the revocation.