(As at 1 December 2020)
After the students have consented, the service is automatically licensed. Licensing is required for the lawful and full use of the services. For Microsoft Teams in particular, it is necessary to license all services that can be integrated as well. Within the scope of use, the individual users are obliged to comply with data protection law while using the services of a cloud service provider outside Europe.
Therefore, unencrypted contents containing personal data or employment-related data must not be made available in the cloud, must not be uploaded to the cloud and must not be shared via the cloud. The cloud is intended to be used for teaching purposes, mostly for self-organized student learning groups. The use for teaching purposes must not impede the voluntary nature of using the service and a revocation of consent must not obstruct the learning progress or availability of learning contents.
You may invite external participants to join groups in Teams and include them into your team work. Guest access is limited to justified exceptional cases.
User-initiated data storage, including chat histories and documents, is limited to one year in the cloud. After expiration of this term, the data are permanently deleted. There is no automatic back up of the data stored in M365. The user is responsible for backing up the data. The individual users have to make sure to delete chat histories after one year (two semesters) and to back up any relevant data, if required. If users revoke their consent, all user generated data will be permanently deleted after 60 days. If the deletion was not intended, it may be reversed within this time period.
When using Teams as part of M365, personal data are processed. Please observe the Data protection policy.
Comprehensive information about the nature and scope of data processing and further information, including your rights, can be found in the M 365 data protection policy. Please make sure to check the data protection policy regularly for any modifications.
Please report a security incident or a personal data breach as soon as possible to the IT support.
It is considered a data breach if information from a meeting is disclosed to external parties. However, other forms of data breaches may be possible. This may happen if unauthorized persons join a meeting, information on a meeting are published on unauthorized channels or if a meeting has been recorded without having obtained the affected persons’ approval.
Please contact the IT support if you suspect a data breach.