Application overview

Application Data processing
Academic Whistleblower System Internal reporting office for legal violations according to HSchG
BigBlueButton Distance Learning
ConfTool: Conference organization software Event and congress management
CAS (CRM - Customer Relationship Management

Relationship Management

Event and congress management

EasyConference Videochat
Inxmail Relationship Management
LimeSurvey Online Survey
Mastodon  
OpenOlat Learning management system

Academic Whistleblower System

The Whistleblower Protection Act (HSchG) obliges the university to set up internal reporting channels. The reporting channel is intended to offer whistleblowers the opportunity to report violations in connection with their work activities - also anonymously.

System logging

Purpose

The University of Innsbruck uses the Academic Whistleblower System to process reports in accordance with the Whistleblower Protection Act (HSchG).

Scope of the processing

When using the Academic Whistleblower System, the following personal data is processed

Whistleblower data:

The system enables whistleblowers to communicate with the university's contact persons while remaining completely anonymous. A first and last name and an e-mail address can be provided voluntarily, but these are not checked by the system. It is up to you as the whistleblower to decide what additional information you enter about yourself or third parties in the input fields to describe the grievance or submit as metadata of uploaded documents.

Processor data (portal admins, contact persons, contact persons invited to process individual reports, e.g. lawyers):

  • First and last name
  • e-mail address
  • Your description
  • Language
  • Scope of rights
  • Topic categories assigned to contact persons
  • Third parties invited by contact persons to co-edit notices and notices released to them
  • Activity log: Date, time, IP addresses, user actions, esp.
  • which portal admin added which contact person or added, changed or removed which reporting category or declaration of consent
  • which contact person gave feedback to a whistleblower (without specifying the whistleblower and the feedback), changed the processing status of a case (specifying the previous and new status), invited which persons to process, entered which case name or marked which note for deletion (displayed in the form of e.g. e.g. “Anna Abel: Case ‘23.05.2022’ from May 23, 2022, 21:25 in the category Academic Integrity marked for deletion” and after 30 days, if applicable, “Case ‘23.05.2022’ from May 23, 2022, 21:25 in the category Academic Integrity completely deleted”) and
  • when notices for which reporting categories have been received in the whistleblower system (displayed in the form of e.g. “Anonymous: New notice in ‘Funding’”).

Please note:

In the Academic Whistleblower System, end-to-end encryption is used so that only the whistleblowers and the responsible contact persons at the Reporting Office at the University of Innsbruck as well as third parties invited by the responsible contact persons to process individual reports can decrypt and read the message and the associated notes and communication.

Legal basis

The basis for data processing is Art. 6 para. 1 lit. c GDPR (legal obligation): The specific legal basis for the processing of personal data is Section 8 HSchG and our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.

In this context, please note the information on the right to object on the main page   .

Recipients

No personal data is transferred to third parties.

Storage period

Your personal data will only be stored for as long as is necessary to fulfill the purpose.

Cookies

Purpose

The Academic Whistleblower System uses browser cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. This means that no user tracking takes place. The cookies are necessary for the system to function and for you to be able to use the desired services. The session cookies are used exclusively to ensure that users remain logged in for the duration of the session, to prevent session hijacking, to technically enable the input form, which is distributed across various websites, and for temporary storage when going back and forth in the browser. The cookies are transported in encrypted form other cookies, e.g. cookies from third-party providers, are not used.

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of the legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.

In this context, please note the information on the right to object on the main page   .

Recipients

No personal data is transmitted to third parties.

Storage duration

The session cookies are automatically deleted at the end of each session. The period during which no input may be made by editors so that their session is automatically terminated (“timeout”) is 3 weeks. Alternatively, sessions can be ended by logging out. When setting up 2-factor authentication, editors can specify that their 2-factor logins remain valid for 30 days regardless of sessions.

Your rights, contact details, data protection officer

You can find more information on the main page   .


BigBlueButton

BigBlueButton (an open source software) is a video and web conferencing system that is

used within the University of Innsbruck as an interactive teaching tool. This is operated on the university's own servers. Therefore, no data is transmitted to service providers or third parties. 

System Logging

Purpose

BigBlueButton automatically collects and stores information that your browser automatically transmits to us. These are in particular:

  • Accessed page and transmitted parameters
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • IP address and host name of the accessing computer
  • Connection data, start, duration, participants, organizer, quality information

This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and it allows us to help you if you have questions or problems using the system. 

Legal basis

The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which results from the purpose described above. In this context, please note the information on the right to object on the main page   .

Recipients

No data is transferred to service providers or third parties.

Storage period

Your personal data will be stored for 30 days.

Cookies

Purpose

The BigBlueButton system uses cookies. The cookies used are so-called "session cookies". They are automatically deleted after the end of your visit. They are necessary for the system to function and for you to be able to use the desired services. 

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para 1. f GDPR). The legitimate interest is the technically error-free and optimized provision of services. In this context, please note the information on the right to object on the main page   .

Recipients

No data is transmitted to service providers or third parties.

Storage period

The cookies are automatically deleted after the end of the visit to the website.


ConfTool: Software for the organization of conferences

For the organization of events we use the ConfTool system of the software service provider ConfTool GmbH. This is our order processor.

Processed data within ConfTool

Within the initial registration a user account is created. Through the user account you have an overview of the data stored for your registration or of the contributions you have submitted.

In addition, the following further pb data on participants are processed as part of the organizational planning:

  • Data for contribution and expert opinion management
  • Data in the context of the frontdesk function (participant search (ID), user search, complete list of participants, list of participants who have already arrived, list of participants who have not yet arrived).

If you are registered as a reviewer, we also process personal data that is required for the purposes of review administration, including, for example, your comments on the review, the file creation, upload and download times of the contributions to be evaluated and the current review status.

If you pay by credit card, we also process data for payment processing (in particular surname, first name, credit card data).

Furthermore, we process in particular the following administrative data about the users, which are necessary for the processing of the organization:

  • Roles,
  • log data,
  • Data on the user status

System Logging

Purpose

The ConfTool system automatically collects and stores information that your browser automatically transmits to us in a "server log" and a "ConfTool user log". They are in particular:

  • Accessed page and transmitted parameters
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • IP address and host name of the accessing computer

This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and it allows us to help you if you have questions or problems using the system.

Legal basis

The basis for data processing is our legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR), which results from the purpose described above. In this context, please note the information on the right to object on the main page   .

Recipient

ConfTool GmbH as order processor.

Storage period

Your pb data will be stored on the web servers of the University of Innsbruck for 4 weeks (concerns the free standard version of ConfTool). 

Cookies

Purpose

Cookies used by the ConfTool system are so-called "session cookies". The free standard version offered by the University of Innsbruck sets a technically required "session cookie". They are necessary for the system to work and for you to be able to use the requested services. They are automatically deleted after the end of your visit. 

Legal basis

Cookies that are necessary to carry out the electronic communication process or to provide certain functions requested by you are stored on the basis of legitimate interest (Art. 6 para. 1 lit f GDPR). The legitimate interest is the technically error-free and optimized provision of services. In this context, please note the information on the right to object on the main page   .

Recipient

ConfTool GmbH as order processor.

Storage period

The cookies are automatically deleted after the end of the visit to the website.


CAS genesisWorld

CAS genesisWorld (CAS for short) is a data, information and communication management system (CRM - Customer Relationship Management) that is used within the University of Innsbruck.

System Logging

Purpose

The University of Innsbruck uses CAS software from CAS Software AG to fulfill its Third Mission

  • to set up and manage a uniform, central and up-to-date contact and relationship database (personal contacts, contact data of external organizations),
  • for the documentation and professionalization/improvement of activities for ongoing contact and relationship management (written mailings, appointments, telephone calls) and
  • for the management of events.

CAS is operated on the university's own servers.

Scope of processing

When using CAS, the following personal data is processed:

User data:

  • First name and surname
  • password
  • User name
  • Authorizations
  • Mail address
  • Log data (date, time, IP addresses, user actions)

Legal basis

The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.

In this context, please note the information on the right to object on the main page   .

Recipients

No data is transferred to service providers or third parties.

Storage period

Your personal data will only be stored for as long as is necessary to fulfill the purpose.

Cookies

Purpose

The CAS system uses cookies.

The PREVENT_ATOMATIC_WINAUTH and JSESSIONID cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.

The GW-USER, GW-DB, GW-LANGUAGE and GW-AUTOLOGIN cookies are used for the convenience login and are deleted after one month.

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.

In this context, please note the information on the right to object on the main page   .

Recipients

No data is transferred to service providers or third parties.

Storage duration

Session cookies are automatically deleted at the end of your visit to the website. All others (see above) after one month.


EasyConference

EasyConference is a video chat application that allows you to hold spontaneous meetings in smaller groups. Technically, the system is based on the “Jitsi Meet” software.

System logging

Purpose

EasyConference automatically collects and stores information that your browser automatically transmits to us. These are in particular:

  • Accessed page and transmitted parameters
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • IP address and host name of the accessing computer
  • Connection data, start, duration, participants, organizers, quality information

This data is not merged with other data sources. The data is mainly used to improve the security and usability of the system and allows us to help you if you have questions about or problems using the system.

Legal basis

The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above. In this context, please note the information on the right to object on the main page   .

Recipients

No data is transferred to service providers or third parties.

Storage period

Your personal data will be stored for 30 days.

Cookies

Purpose

The EasyConference system uses cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services. In this context, please note the information on the right to object on the main page   .

Recipients

No data is transferred to service providers or third parties.

Storage duration

The cookies are automatically deleted at the end of your visit to the website.


Inxmail

Inxmail is a mailing system connected to the CAS system, which is used within the University of Innsbruck to maintain the level of professionalization of contact with graduates of the University of Innsbruck.

System logging

Purpose

Inxmail automatically collects and stores information that your browser automatically transmits to us. These are in particular:

  • accessed page and transmitted parameters
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • IP address and host name of the accessing computer
  • Connection data, start, duration, participant, organizer, quality information
  • Assigned roles in the system
  • Assigned spaces in the accounts

Legal basis

The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which arises from the purpose described above.

In this context, please note the information on the right to object on the main page   .

Recipients

Inxmail GmbH as the processor.

Storage period

Your personal data will be stored in the recycle bin for 30 days after deletion and then permanently deleted. Log files are stored for a maximum of one month.

Cookies

Purpose

No cookies are explicitly set or evaluated in the source code of Inxmail Professional itself. However, the following cookies are set by third-party providers.

web.inxmail.com - JSESSIONID

A special page exists on the Tomcat application server for the web view of mailings. This page can be referenced from Mailing to access the web view. On the server side, a session cookie for the domain “web.inxmail.com” with the name “JSESSIONID” is created here. This cookie is automatically deleted at the end of your visit. It is necessary for the system to function and for you to be able to use the desired services.

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, are stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.

In this context, please note the information on the right to object on the main page   .

Recipients

Friendly Captcha GmbH is used by Inxmail as a processor to protect the website and online services from spam and misuse.

Storage duration

The session cookies are automatically deleted after the end of the visit to the website. All others (see above) are deleted after 6 months.


LimeSurvey

LimeSurvey is an online survey tool and is available as a web service at https://umfrage.uibk.ac.at/limesurvey. LimeSurvey allows users to quickly and easily develop questionnaires, efficiently conduct online surveys and manage them.

manage them.

In the following, we will inform you about which personal data is processed by the system when you participate in surveys using LimeSurvey.

There are three levels at which personal data may be processed:

  • Responses to the survey (survey data)
  • Survey metadata (survey data)
  • System data

The different options for each level are described in detail below.

Survey data

Responses

Surveys can request personal data directly. If this is the case, the survey administrator is responsible for providing specific data protection information for the respective survey. The data protection information is intended to inform you as a user of LimeSurvey surveys about the type, scope and purpose of the collection and use of personal data.

Metadata

Survey template

Depending on the configuration, a survey can be linked to the e-mail address of the participants so that it can be seen to which survey they were invited and in which survey they successfully participated.

Survey response

Surveys can be created by the respective administrators in such a way that the participants are linked to the survey response via a token. Tokens can be used to ensure one-time participation and/or to link a person to follow-up surveys or related surveys.

For surveys without tokens, there is no link between participants and the stored data.

If survey tokens are used that are not saved, the association between participants and their responses is discarded after the survey is completed. However, if survey tokens are saved after the survey has been completed, this association is retained.

Linking participants with survey responses via a token


Without link Temporary Link Permanet link
During/before
Completion of
the Survey
No storage Link between participants
and survey
participans and answers
Link between particiapants
and survey
participants and answers
After completion
of the survey
No storage No link between
participants and answers
Link between participants
and survey
participants and answers

The survey administrator is responsible for informing participants which of the above cases applies of the above cases applies.

System data

Purpose

LimeSurvey automatically processes the following information in particular at system level:

  • Date and time of the server request
  • IP address
  • Operating system used
  • browser identification
  • referrer URL
  • Survey accessed
  • Cookies

The LimeSurvey system uses so-called “session cookies”. These are necessary for the system works and the desired service can be used.

Legal basis

The basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR), which results from the purpose described above.

The use of cookies, which are required to carry out the electronic communication process, are stored on the basis of the legitimate interest (§ 165 para. 3 TKG 2021, Art. 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.

In this context, please note the information on the right to object on the main page   .

Recipients

The LimeSurvey system does not transmit any data to service providers or third parties. In the event that the answers contain personal data and these are passed on to third parties, the survey administrator of the respective survey is responsible for indicating this in the survey-specific data protection information.

Storage duration

LimeSurvey uses temporary session cookies that are not stored on the survey participant's computer, but only exist in memory until the browser is closed. The cookie is transferred to the server with every click. The cookie on the server is stored together with the participants' previous answers. As soon as the survey is completed or 3 days of inactivity have elapsed, this server-side cookie memory is removed. At the end of the survey, the answers are saved as described under Survey data.

The remaining data is anonymized after one day.


Mastodon

Purpose

The University of Innsbruck uses the open, non-commercial microblogging service Mastodon as part of its public relations work and operates its own data protection-friendly instance in its decentralized architecture. The University of Innsbruck and individual organizational units of the University maintain accounts on this instance.

Legal basis

The legal basis for this is our legitimate interest (§ 165 para. 3 TKG 2021, Art 6 para. 1 lit. f GDPR), which consists of ensuring the operation of the Mastodon instance and individual profiles on this server, carrying out an error and availability analysis and defending against attacks.

In this context, please note the information on the right to object on the main page   .

Processing of data

An encrypted connection to the server on which the instance is operated is established when accessing, registering and using the instance's services. The following data may be processed:

  • Date and time of access
  • browser type
  • Operating system used
  • IP address
  • Address of the subpage accessed

When registering an account, basic account information is also processed, such as user name, e-mail address and password. Additional profile information such as display name or biography as well as profile or header image can also be stored. User name, display name, biography, profile picture and header picture are displayed publicly.

People who follow the account are displayed publicly. When you send a message, the date and time are also saved together with the information about which application you used to send it. Such messages may contain media attachments such as images and videos.

Direct posts (“direct messages”) are not end-to-end encrypted and can therefore always be viewed by the administrators of our instance and the recipient instance. Sensitive information should therefore not be exchanged via direct messages.

All interactions with the account (sharing, boosting or quoting posts) are displayed publicly.

The Mastodon instance of the University of Innsbruck uses cookies for its functionality. These are small text files that are temporarily stored on your computer. This makes it possible, for example, for registered users to navigate to different subpages of the instance without having to log in again each time. None of the cookies used serve to analyze and/or track the usage behavior of the data subjects. All cookies used are exclusively so-called session cookies that are deleted at the latest when the browser is closed.

Recipients

No personal data is transmitted to other IT service providers.

Storage period

The data is only stored for a maximum of 32 days, unless there is a legal obligation to retain it for longer. At the same time, data may be stored for longer if this is necessary to investigate attacks or technical problems detected on our website.

Transfer to a third country

Data is not transferred to a third country. The Mastodon instance is hosted on the servers of the University of Innsbruck.


OpenOlat

Purpose

The University of Innsbruck operates a web-based learning platform (also known as a learning management system, LMS for short) with OpenOlat. OpenOlat is open source and has been used at the University of Innsbruck since 2010.

OpenOlat is primarily used at the university to supplement and virtually accompany face-to-face courses and is used to provide learning content and organize learning activities. As a rule, there is one course area per course and semester in the LMS, but courses can also be created and offered for projects, working groups or other purposes.

Lecturers can log in with their user ID and create courses themselves in the learning management system or fill out the online form on the eCampus portal.

Staff in the secretariats or student assistants acting on behalf of course instructors can also request courses via the online form.

Students can log in with their user ID and use approved courses, learning resources, groups and other tools.

In addition, OpenOlat automatically collects and stores information to improve the security and usability of the system and to allow us to help you if you have questions about or problems using the system.

In particular, the following personal data is processed for the purposes described:

Core Data

taken from central systems - VIS and UVW, or from Shibboleth IDP of the institution of origin as far as possible:

  • User name/account
  • First name
  • Surname
  • E-mail address
  • Institution e-mail
  • Matriculation number
  • Institution
  • ">Study subject
  • System role: System administrator,
  • Author, group administrator, user administrator,
  • Learning resource administrator, question pool administrator
  • Account status (active, locked, cannot be deleted, deleted)

Optional input / correction / approval by the user:

  • Gender
  • Street
  • Address suffix
  • P.O. Box
  • Postal code
  • Region / Canton
  • City / Canton
  • Country
  • Organizational unit / study group
  • Language
  • Telephone Private
  • Mobile phone
  • Business phone
  • Skype ID
  • MSN
  • Xing
  • ICQ
  • Homepage
  • Profile picture
  • Business card (yes/no)
  • Personal text

 

Other data generated by the use of the application:
  • User creation date
  • Login method
  • User last logged in (date, time)
  • User has accepted the disclaimer / terms of use (date, time)
  • User has entered a course (date, time of first, last and number of visits) / per course
  • User has received the last notification email (date, time)
  • User has created a learning resource (date, time) / per learning resource
  • User has selected / submitted / returned (group) task (date, time) / per (group) task module
  • User has checked an element in the checklist (date, time of first and last checkmark) / per checklist element
  • User has given consent to data transfer via LTI (date, time) / per LTI module
  • Author has created / edited / published course
  • Log data (date, time, IP addresses, user actions, user agent, referrer)
  • Blocking of objects edited by the user
  • User calendar (internal and import of external calendars)
  • Chat user status (Available, Do not disturb, Not available) and visibility for other users
  • Chat protocols
  • LV registrations and meetings (transfer from VIS Online)
  • Group memberships and invitations
  • Forum entries and comments
  • ePortfolios / blogs
  • Test entries and results / per test start
  • Assessments (points, passes, comments) / per assessable module
  • Number of attempts / per test module
  • Assessment logs (when was which assessment made by whom for which module)
  • Wiki change logs (when was what changed by whom for which Wiki entry)
  • Notes / free text per course and learning resource
  • System role: system administrator, author, group administrator, user administrator, learning resource administrator, question pool administrator
  • User preferences for application-specific display options such as columns to be shown, sort orders, hidden tools, etc.
  • Subscribed notifications from the application sent to/received by users

Legal basis

Art. 6 para. 1 lit. e GDPR, § 53 UG, §§ 60ff UG and §§ 3 and 9 BiDokG serve as the legal basis for the processing of personal data in the context of teaching and examination administration. The processing is necessary for the performance of a task carried out in the public interest and assigned to us by the legislator.

For the processing of personal data in the context of the technical operation of OpenOlat, Art. 6 para. 1 lit. e GDPR also applies. The processing is necessary to improve the security and usability of the system.

In this context, please note the information on the right to object on the main page   .

Data from or with external university systems (e.g. via LTI) is merged on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time by contacting the course management. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Neither the non-provision nor the withdrawal of consent has any negative consequences for you.

Recipients

No data will be transmitted to third parties.

Storage period

The storage period of personal data depends on the status of the university user account. In this context, please also note the data protection information    for students.

The log files are stored for 180 days.

Cookies

Purpose

The OpenOlat learning management system uses cookies. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. They are necessary for the system to function and for you to be able to use the desired services.

Legal basis

The use of cookies, which are necessary to carry out the electronic communication process, is stored on the basis of legitimate interest (§ 165 para. 3 TKG 2021, Art 6 para. 1 lit. f GDPR). The legitimate interest consists in the technically error-free and optimized provision of the services.

In this context, please nnote the information on the right to object on the main page   .

Recipients

No data is transferred to third parties.

Storage duration

The cookies are automatically deleted at the end of your visit to the website.

Nach oben scrollen