Privacy Policy for Cisco Webex

General

At Graz University of Technology (TU Graz), protecting your data is a top priority. All of our procedures and processes are compliant with the applicable data protection regulations. If you wish to use "Cisco Webex Meeting" or "Cisco Webex Teams" (IP-based real-time communication systems), processing of your personal data will be necessary for certain purposes.
In accordance with our statutory obligations, we have prepared this statement to inform you about the nature, purpose and legal basis of our data processing activities. Unless otherwise stated in this Privacy Policy, please note the data protection agreement of "Cisco Webex Meetings" (up to page 8) and "Cisco Webex Teams" with regard to data processing when using the services.

Please note that the recording mode is activated when a red dot appears in the top left corner of the virtual meeting room.

Data Controller

The person responsible for data processing is Graz University of Technology, Rechbauerstraße 12, 8010 Graz.

Categories of Persons and Data

Graz University of Technology processes the following personal data when registering and using the services:

People currently employed at Graz University of Technology: Registration information, user-generated information, calendar data from the Exchange server (e. g. Outlook calendar)
Students with an active student profile: Registration information, user-generated information, calendar data from the webmail system (e. g. Outlook calendar)

Purpose and Legal Basis

Registration in the Webex system in order to use the tools of the provider Cisco Ltd.
Use of the services by persons currently employed at Graz University of Technology as well as by students with an active student profile to improve communication and make everyday work and study easier.

The registration in the Webex system and the necessary transmission of data from Graz University of Technology user directory to Cisco Ltd and also the use of their service is done based on voluntarily given consent according to Art. 6 para. 1 (a) GDPR; for students due to the public interest acc. to Art. 6 para. 1 (e) GDPR in conjunction with § 3 Universities Act 2002 and in the case of persons currently employed at Graz University of Technology due to our legitimate interest based on Art. 6 para. 1 (f) GDPR.
Our legitimate interest lies in the provision of tools for the performance of work services and the associated easier communication with and between the employees.

Recipients

In order to be able to use the service, your data will be transmitted to the provider of the tools, Cisco Ltd. This does not apply to calendar data, which are only synchronised locally. As the servers are not only located within the European Union, transmission to a third country cannot be ruled out.
Graz University of Technology has therefore made corresponding contractual arrangements with Cisco Ltd to ensure that appropriate guarantees are in place to ensure compliance with European data protection standards (including Privacy Shield certification, standard data protection clauses of the European Commission). In addition, the ISO/IEC 27001:2013 certification of Cisco Ltd guarantees compliance with data security.

Storage Periods

Registration information, user-generated information and calendar data will be deleted from the TU Graz servers and also from the Cisco Ltd servers when the TU Graz account or student profile is terminated.

If the employment relationship is currently ongoing:
When you have given us your consent to process your data, your personal data will be stored until you withdraw your consent. Only those data will be saved that are needed to document your consent and your withdrawal of consent. From the moment at which you withdraw your consent, these data will be stored for three years.

In the case of a legitimate interest:
We process the data for as long as is necessary to safeguard the legitimate interests or until (justified) objection is raised.

Furthermore, your data is only stored if statutory retention periods or limitation periods regarding potential legal claims apply.

Rights of Data Subjects

You have the right to information, rectification, portability, restriction of processing, objection and erasure of data. Beside these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. Furthermore, exercising these rights cannot lead to the dissolution of contractual or legal obligations.

If you have any questions or concerns on matters of data protection or if you wish to exercise these rights, please contact datenschutz@tugraz.at. All other information on data protection can be found at datenschutz.tugraz.at.

You also have a right to make a complaint to the Austrian Data Protection Authority.