Matrix

Zittau/Görlitz University of Applied Sciences
Theodor-Körner-Allee 16
02763 Zittau

Please send inquiries regarding data processing to datenschutz(at)hszg.de
Your request will be forwarded to the responsible department and processed promptly.

The data protection officer can be contacted at

DID Dresdner Institut für Datenschutz
Hospitalstraße 4
01097 Dresden

Web.: www.dids.de
Phone: +49 (0)351 / 655 772 - 0
E-mail: dsb(at)hszg.de

The HSZG enables its members to use the decentralized communication service Matrix via their personal university login. For the purposes of user login and the provision of instant messaging, voice and video calls, the HSZG processes the personal data of users of the Matrix communication service from the time of their initial registration.

The HSZG processes personal data in the context of the use of Matrix in accordance with Art. 6 para. 1 lit. a GDPR on the basis of an informal and informed consent.

The HSZG processes the following categories of personal data for specific purposes.

Account data

• First name, surname
• Display name
• profile picture
• e-mail address
• Matrix ID

Communication content

• Instant message: content, timestamp, recipient
• Voice call: Sound, timestamp, recipient
• Video call: image, sound, image and sound, timestamp, recipient
• Uploaded files
• Rooms: memberships in private chats, group rooms or spaces

Device identification data

• e.g. type of device used, operating system

Protocol and log data

• IP address, timestamp, connection data, log data, metadata

The HSCG discloses the categories of personal data of matrix users relevant to the provision of the service to the following recipients.

Within the HSZG

• Account data to group and room members and other matrix users of the HSZG
• Communication content to their recipients at the HSZG
• Device identification data, protocol and log data to service administrators of the HRZ

When Matrix is used federatively, e.g. when communicating with members of other universities, account data, communication content, device identification data, protocol and log data are transmitted to or generated and processed by IT systems that are not under the administrative control and data protection responsibility of the HSZG.

The HSZG does not transfer personal data to a third country or an international organization.

Without prejudice to your right to erasure (Art. 17 GDPR), your personal account data will be stored for the duration of your use of the service. The Matrix ID is stored separately from the other account data for an indefinite period of time after the end of your use of the service to prevent it being reassigned.

Communication data can be deleted at any time by Matrix users themselves or by the HSZG no later than 15 months after the end of service use. Device identification data, protocol and log data are deleted after a period of 14 days.

The HSCG has no knowledge of the deletion periods for personal data that is processed in federated use of Matrix on IT systems not under the administrative control of the HSCG.

As a person affected by the processing of your personal data, you have the following rights if the legal requirements are met.

• You have the right to information about the processing of your personal data(Art. 15 GDPR).
• You have the right to rectification of inaccurate personal data concerning you(Art. 16 GDPR)
• You have the right to erasure of your personal data(Art. 17 GDPR).
• You have the right to request the restriction of the processing of your personal data(Art. 18 GDPR)
• You have the right to object to the processing of your personal data(Art. 21 GDPR)
• You have the right to lodge a complaint with the Saxon Data Protection Officer
  (for contact details, see https://www.saechsdsb.de/n-kontakt).

The provision of personal data is not required by law or contract in accordance with Art. 13 (2) lit. e GDPR.

This processing activity does not involve automated decision-making or profiling in accordance with
Art. 22 (1) and 22 (4) GDPR.