WHU – Otto Beisheim School of Management
56179 Vallendar ("WHU")
General information about the processing of personal data
Below we inform you about the processing of your personal data when using our app.
Responsible according to Art. 4 para. 7 GDPR is WHU - Otto Beisheim School of Management, Burgplatz 2, 56179 Vallendar (see our imprint, e-mail: datenschutz(at)whu.edu).
When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you provided it, your name and telephone number, to answer your questions. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest"). We delete this data, which arises in this context, after storage is no longer necessary or - in the case of legal storage obligations - we restrict processing.
If we use contracted service providers for specific offerings or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we also name the specified criteria for the storage duration.
Personal data is any information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, that expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, can be identified.
This includes, for example, information such as your name, address, telephone number, language, location, e-mail address, bank details and date of birth.
Processing of personal data
When processing data, we handle your personal data responsibly and confidentially. Therefore, your personal data will of course be processed in compliance with the applicable national (in particular BDSG) and European data protection regulations (in particular GDPR), as described below.
Such processing of personal data applies to any operation performed with or without the aid of automated procedures or in any series of procedures related to personal data. In particular, data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
If we use a processor for the processing of your personal data, we conclude a data processing contract with them, which fulfills all the requirements of Art. 28 GDPR.
Automated decision-making in individual cases including profiling according to Art. 22 GDPR does not take place.
Purpose of collection personal data when downloading our mobile app
When downloading the mobile app, the required information is transferred to the App Store (Google Play or Apple App Store), i.e. in particular the user name, e-mail address and customer number of your account, time of download, payment information and the individual device ID. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device. Otherwise we cannot enter into a contractual relationship with you regarding the use of the WHU app.
Purpose of collection personal data when using our mobile app
If you log in to our WHU App with your existing WHU account as a student or employee and use it, we will collect and process your personal data.
Such processing will only take place if it is necessary to fulfill the contract concluded with you regarding the use of the app. Otherwise we cannot enter into a contractual relationship with you regarding the use of the WHU App. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR ("fulfillment of the contract").
In particular, we use your WHU access data (email address and password) to grant you access to your existing user account and to manage it.
We use this information to authenticate you when you log in and to respond to requests to reset your password. The information you enter during registration or login will be processed and used by us to verify your authorization to manage the user account; enforce the terms and conditions of use of the app and all rights and obligations associated therewith; and contact you to send you technical or legal notices, updates, security messages, or other communications regarding, for example, the management of the user account.
This data processing is justified by the fact that the processing is necessary for the fulfillment of the contract between you as a data subject and us in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the use of the App, or we have a legitimate interest in ensuring the functionality and error-free operation of the App that outweighs your rights and interests in the protection of your personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
In particular, our app is divided into the following areas:
Courses, Grades, Lunch, Tasks, People Search, Campus Map, Calendar, Email, Emergency Contact, Videos, Printing, Payments, News, Library
Regarding the areas
Campus Map, Emergency Contact, Printing, Payments, News
no personal data is collected or processed by us, but only information is displayed to you. The Lunch area is linked to the external app "Valler Lunch" (www.vallerlunch.de), which also means that no personal data is collected or processed by us, but possibly by the external provider.
The following areas, however, are accessed, in particular via your Office 365 Mailbox and Learning Management System ("LMS") Moodle, which involves data processing:
- Courses is linked to the LMS (Moodle)
- Grades is linked to the Campus Management System
- Tasks is linked to your own outlook mailbox and to LMS (Moodle)
- People Search displays a global address book containing personal data.
- Email is linked to your own outlook mailbox
- Calendar is linked to your own outlook mailbox and to the LMS (Moodle) calendar.
- Videos is linked to the WHU Video Portal.
- Library is linked to the WHU Library System.
Your data is automatically transmitted to us in order to provide you with the service and related functions; to improve the functions and features of the app; and to prevent and correct misuse and malfunctions. This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you as the data subject and us in accordance with Art. 6 para. 1 sentence1 lit. b GDPR for the use of the app, or we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with your interests, which in this case outweighs your rights and interests in the protection of your personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
We do not collect or process cookies when you use the app.
Permissions of the app
Within the app, you can enter, manage, and edit various information, tasks and activities. This information includes in particular data on processing in the above-mentioned areas of the WHU App.
The app also requires the following authorizations:
- Internet access: This is required to complete your registration and to be able to access all the above mentioned areas.
- Camera access: Camera access is not necessary.
The processing and use of usage data is done to provide the service. This data processing is justified by the fact that the processing is necessary for the fulfillment of the contract between you as a data subject and us in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the use of the App. Otherwise we cannot enter into a contractual relationship with you regarding the use of the WHU App.
Duration of the data processing
The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends on the period for which the processing is necessary to fulfil the purpose or to comply with legal obligations. The legal storage obligations according to Sec. 257 HGB and Sec. 147 AO (6 or 10 years) as well as other legal storage obligations remain unaffected.
Recipient of personal data
Your personal data will be transmitted to and processed by Panopto, Unit 603, Highgate Studios, 53-79 Highgate Road, London, NW5 1TL, Great Britain, as part of the WHU Video Portal.
If we use a processor for the processing of your personal data, we conclude a contract processing contract with the processor, which fulfills all the requirements of Art. 28 GDPR. We concluded such a contract with our service provider Collabco, 131 Mount Pleasant, Liverpool, L3 5TF, Great Britain.
Place of data processing
The processing of your personal data by us takes place in Germany or in member states of the European Union. If we transfer your personal data to countries outside the member states of the European Union (so-called third countries) or other international organizations, the necessary requirements of Art. 44 et seq. GDPR are complied with.
Safety / Technical and organizational measures
We take all necessary technical and organizational measures in accordance with the provisions of Articles 24, 25 and 32 GDPR in order to protect your personal data from misuse and loss, destruction, access, modification or disclosure by unauthorized persons.
In this way, we comply with the legal requirements for pseudonymizing and encrypting personal data, the confidentiality, integrity, availability and resilience of systems and services related to processing, the availability of personal data and the ability to rapidly restore them in the event of a physical or technical incident as well as the establishment of procedures for periodic tests, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.
Furthermore, we also follow the requirements of Art. 25 GDPR with regard to the principles of "privacy by design" (data protection by means of technical design) and "privacy by default" (data protection by means of privacy-friendly default settings).
You have a right to receive information about your personal data free of charge and, if the respective legal requirements are met, a right to correction, blocking and deletion of your data, to restriction of processing, to data transferability and a right to object to the use of your data if we refer to a legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, or even only in relation to direct advertising.
Insofar as we base the processing of your personal data on the balancing of interests (Art. 6 para. 1 sentence1 lit. f GDPR), you can lodge an objection to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which was described by us in each case in the above description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You also have the opportunity to complain to a competent supervisory authority (e.g. State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Prof. Dr. Kugelmann, Hintere Bleiche 34, 55116 Mainz, Germany).
If you have any questions regarding the processing of your personal data or questions related to the aforementioned rights as well as suggestions, please contact our external data protection officer:
Dr. Dornbach Consulting GmbH
Phone: +49 (0) 261 9431-441
Fax: +49 (0) 261 9431-445
Version: June 2020