Privacy policy

The protection of personal data is a top priority for the University of Graz. Your personal data will be processed confidentially and in accordance with the statutory data protection regulations. In fulfilment of the obligations arising from the GDPR, in particular Articles 12, 13 and 14 GDPR, we may inform you which personal data of students of the University of Graz are processed when using the youni app and for what purposes they are used.

 

CONTACT DATA

Person responsible: University of Graz | Universitätsplatz 3, 8010 Graz

Data Protection Officer: University of Graz | Attn: Data Protection Officer p.A. Legal Department | Universitätsplatz 3, 8010 Graz | dsba(at)uni-graz.at

For data protection concerns, please contact datenschutz(at)uni-graz.at

 

WHAT PERSONAL DATA DO WE PROCESS?

I. Data processed as part of the authentication process.

In order to use the app, authentication is required, which takes place via the university network.
Your authentication data (username, password), which is required to log into the university network, is only sent directly from your device to the university network. The access token (or access key) sent back to your end device is stored locally on the end device in a secure area (a so-called secure enclave). You can delete this stored access key by logging out of the university in the app or uninstalling the app. The access key is automatically deleted if you do not use the app for 30 days. In this case, you must log in again.
Logging in enables the app to retrieve data already available at your university, which is then visualised in the app for the purpose of mobile viewing.
Information on the processing of your authentication data by your university can be found in the privacy policy "User authentication and authorisation using the SSO service 'uniLOGIN'" for students of the University of Graz.


II. Data required for the use of individual functions of the app


Lit a)


Functions of the app

Notifications

  • UGO ID
  • Delivery date
  • Delivery time
  • Read time
  • Message ID

My dates

  • Dates of registered courses (display only, no saving)
  • Dates of registered exams (display only, no saving)
  • Moodle activities for registered courses (display only, no saving)

My studies

  • Information on the study programme (display only, no storage)

My exams

  • Exams and grades (display only, no storage)

My courses

  • Courses (display only, no storage)

My Moodle courses

  • Enrolled Moodle courses (display only, no storage)

My ECTS

  • Total ECTS completed per semester (display only, no storage)
  • Student card (display only, no storage of data)
  • Surname, first name, title or academic degrees
  • Date of birth
  • Matriculation number
  • Account status, validity date
  • Photo UGO
  • Information on the study programme

Digital key

  • Digital BLE access key
  • Validity date
  • UGO access authorisations (stored for 7 days)

Print and copy

  • Print & copy (display only, no storage)
  • Print credit
  • UGO ID

Library card

  • UGO user name

QR check-in

  • UGO ID
  • Exam ID of the registered exam

In the course of using the app and with the help of the access key, the following user data can be retrieved from the university network in individual cases, provided that they are stored in the university network:

  • Surname, first name, title or academic degrees
  • Date of birth
  • Matriculation number
  • Validity date, account status
  • Subject information
  • Courses attended
  • Examinations and grades
  • Print credit
  • Photo UGO
  • Digital BLE access key


Retrieving this data from the university network is necessary in order to visualise the information in the app and provide the functions. No further processing of this data takes place outside of your own university network.

III Data processed for technical reasons when using the app (bug report).

As a rule, the app does not collect any system data. However, as soon as an unexpected system error occurs within the app, the app collects relevant system data and transmits it to the backend system (bug report). The following data is transmitted:

  • Date and time of access
  • Information about the app version used
  • Operating system and operating system version of the user (e.g. iOS 11 or Android 8.0)
  • Additional information relevant to the circumstances of the error (e.g. error code)

The bug report is used to ensure the functionality of the app and to optimise the app.
The data is deleted as soon as it is no longer required to fulfil the purpose.

IV. App usage analysis tool "Matomo"

The app has integrated anchor points by default, which allow data to be collected on user behaviour within the app. The anonymised usage data can be evaluated using the Matomo analysis tool. Matomo is open source software hosted by the University of Graz, which we use to analyse the app's anonymous usage data. The data collected using Matomo technology (including your masked IP address) is processed on our servers.

The following data is collected for usage statistics:
Basic data:

  • IP address, anonymised by shortening
  • Cookie, to distinguish between different visitors
  • Previously visited screens in the app (screen URL, screen title) - (referrer)
  • Name and version of the operating system
  • Localisation of the user: country, region, city, approximate longitude and latitude (geolocation)
  • Main language (default language setting) of the smartphone

Additionally:

  • Screens visited in the app (screen URLs, screen titles)
  • Times at which the individual screens were accessed

The data on user behaviour is collected in order to identify any problems within the app. Matomo generates reports that we use to optimise the app. Processing the data helps us to find out what works in the app and what does not. For example, we use it to find out whether the content can be accessed correctly or how we can improve the structure of the app.

 

ON WHAT LEGAL BASIS DO WE PROCESS THE DATA?

- Art. 6 para. 1 lit. a GDPR - consent
Consent can be withdrawn at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing of your data based on your consent before its withdrawal.
- Art. 6 para. 1 lit. c GDPR - For the fulfilment of a legal obligation to which the University of Graz is subject

IS THERE AUTOMATED DECISION-MAKING (INCLUDING PROFILING)?

No.

ARE YOU OBLIGED TO PROVIDE THE DATA?

No, there is no obligation to provide personal data. However, the use of the app is only possible with your consent to the processing of the personal data listed above.

WHO DO WE SHARE YOUR DATA WITH?

No data is passed on to third parties.

HOW LONG DO WE STORE YOUR DATA?

I. Data required for interaction with the student account.

The access token with uniLOGIN is automatically deleted from your device if the app has not been used for 30 days. When the app is called up again (app start), the user is automatically logged out; when logging out, the deletion takes place on the end device. As described above, you can delete the token yourself at any time. (by logging out, clearing the cache)

II. data required for the use of individual functions of the app.

The data is deleted as soon as it is no longer required for the processing purposes. In any case, when the app or the cache is deleted.

III. data that is generated for technical reasons during the use of the app itself (bug report).

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In this case, when the error has been processed or rectified accordingly.

IV. App usage analysis tool "Matomo"

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was processed.

WHAT RIGHTS DO YOU HAVE AS A DATA SUBJECT?

As the data subject of this data processing, you have the right of access, rectification, erasure, restriction of processing, data portability and objection vis-à-vis the University of Graz as the controller. In addition, as a data subject you have the right to lodge any complaints with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at. You can find more information about your rights as a data subject on our website at

https://datenschutz.uni-graz.at/de/betroffenenrechte/.

 

Version 1.0 from 04.12.2023