The following explains the processing of personal data when using the Matrix service. “Matrix” is an open, decentralized service for real-time communication. In compliance with legal regulations for data protection and IT security, it enables KIT members and affiliates to communicate with each other, members of other universities and all other Matrix users (e.g. academic partners) via chat and audio/video telephony.
Data processing includes the following categories of data:
In addition, all data that you enter into the system will be processed. End-to-end encryption is possible.
The data is processed as part of the Matrix service operated on servers run at KIT. When communicating with users that are registered with external providers, personal data (in particular Matrix ID, display name and profile picture) will be transmitted to the external providers.
Your personal data that is processed for the purpose of managing your Matrix account will remain stored as long as the account exists. After initiating the deletion of the account, the personal data will be deleted after 30 days. The retention period for usage-related data is based on the necessity for the services. Once the personal data is no longer necessary in relation to the purposes for which it was collected, it will be deleted after 30 days. System-generated log data is deleted after 7 days.
The controller of data processing within the meaning of the GDPR and other data protection legislation:
Karlsruhe Institute of Technology
Kaiserstraße 12
76131 Karlsruhe
Germany
Phone: +49 721 608-0
Fax: +49 721 608-44290
E-mail: info∂kit.edu
KIT is a corporation governed by public law. It is represented by the President of KIT.
Our Data Protection Officer can be contacted at dsb∂kit.edu or by ordinary mail with “Die/Der Datenschutzbeauftragte” (the data protection officer) being indicated on the envelope.
When used in the employment context, the legal basis is Article 88(1) GDPR in conjunction with Section 15(1) Landesdatenschutzgesetz Baden-Württemberg (LDSG, State data protection act of the state Baden-Württemberg), as the data processing is necessary for the performance of the employment relationship.
When using Microsoft Teams for tasks of higher education, the legal basis is Article 6(1)(e), (3)(b) GDPR in conjunction with Section 12 Landeshochschulgesetz (LHG, Higher Education Act of the state Baden-Württemberg) in conjunction with Sections 2, 20 KIT-Gesetz.
When Microsoft Teams is used to fulfill the other tasks of KIT, the legal basis is Article 6(1)(e), (3)(b) GDPR in conjunction with Section 4 LDSG in conjunction with Section 2 KIT-Gesetz.
You have the following rights regarding your personal data:
You also have the right to lodge a complaint with a supervisory authority about the processing of the personal data concerning you by Karlsruhe Institute of Technology (KIT) (Article 77 GDPR).
Supervisory authority of KIT in the sense of Article 51(1) GDPR is according to Section 25(1) LDSG: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg); reachable under: https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/