Privacy policy for the web app "THWi Contact Tracing“

Privacy policy for the web app "THWi Contact Tracing“

Scope of application

This privacy policy applies to all persons who are on university premises used by more than one person, including teachers, students, employees and guests.

Information on data protection

We process your personal data in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (DSGVO) and the Brandenburg Data Protection Act (BbgDSG).

Purpose of the data processing

The presence of people who are in rooms used by several people at the university is recorded. This is used for contact tracing by the responsible health authorities during the SARS-CoV-2 pandemic.

Where users voluntarily consent to intra-college contact tracing in the event of a confirmed and voluntarily disclosed Covid 19 infection of a member or associate of the college.

Legal basis for the collection/storage/processing of data

Ordinance on temporary containment measures due to the SARS-CoV-2 virus and COVID-19 in the State of Brandenburg (Third SARS-CoV-2 Containment Ordinance of 15 September 2021 (GVBl. II No. 83) amended by Ordinance of 05 October 2021 (GVBl.II No.85) § 25 para. 3 in conjunction with § 5 and Art. 5 and 6 of the DSGVO as well as § 5 and 6 BbgDSG.

The Academic and Non-Academic Staff Councils have given their consent to the use of the contact tracking app in writing, in accordance with the co-determination provisions of Section 65 No. PersVG.

Responsible body for data processing

Technical University Wildau
University Ring 1
15745 Wildau

Represented by:
Wildau University of Applied Sciences is a public corporation. It is represented externally by the President, Prof. Dr. Ulrike Tippe.

Phone: +49 (0) 3375 / 508 - 300
E-mail: praesidentin@th-wildau.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

What data do we use?

For all users, the room as well as the time of entering and the time of leaving the room are stored.

Furthermore, the account ID, surname and first name are stored for employees, students or teachers and the e-mail address or telephone number is stored for guests in addition to the surname and first name.

Who has access to my data?

Access to the stored data will only take place at the request of the responsible public health department(s) or in the case of a confirmed Covid 19 infection of a university member or member of staff that has been voluntarily reported to the university.

This is carried out on a four-eye basis by two trusted persons from the university, who forward the corresponding data to the requesting authority.

Voluntarily consented users are informed about a possible contact.

Where is the data stored?

Without exception, the data is stored on the university's servers.

How long will my data be stored?

All data is automatically deleted after 4 weeks in accordance with SARS-CoV-2-UmgV, § 3 para. 2.

What other data protection rights do I have?

You have the right to information (Art. 15 DSGVO, § 34 BDSG), correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO, § 35 BDSG), restriction of processing (Art. 18 DSGVO) and data portability (Art. 20 DSGVO) under the respective legal conditions.

Should the above-mentioned rights be exercised, the controller shall check whether the legal requirements for this are met.

In addition, you have a right of appeal to the data protection supervisory authority (Art. 77 DSGVO, § 19 BDSG).