Privacy - FuxamONE
.avif)
Data Protection Notice – FuxamONE
When using the software "FuxamONE," personal data is collected and stored. In this data protection notice, we explain how we process your personal data in accordance with the European General Data Protection Regulation (hereinafter "GDPR") and applicable national regulations.
Fuxam provides comprehensive software for digital teaching, continuing education, and similar educational purposes to all educational institutions and other commercial, non-profit, and public teaching providers. The software is often referred to as a cloud-based solution or "Software as a Service" (SaaS), accessible by users from various devices via an active internet connection. Users do not need to install any software but cannot use the software offline. The software is accessible via the domains fuxam.app. This allows instructors and learners of the clients to efficiently manage their courses and documents, track their individual learning progress, participate in courses through chat functions, and complete exams easily online.
1. Who is responsible for processing your personal data?
FuxamONE supports educational institutions, particularly universities, academies, and other commercial, non-profit, and public teaching providers, in enabling their instructors and learners to engage in digital teaching and administration and to offer online exams. The respective institutions are legally responsible for these data processing activities (e.g., study administration and respective learning content) as they alone determine the purposes and means of processing your related personal data. For more information on the data protection practices of these institutions, please refer to the data protection notices of the respective institution.
2. Who can you contact with questions?
If you have questions or comments regarding our processing of your personal data, you can contact our customer service:
Fuxam GmbH
Französische Straße 20
10117 Berlin
Email: datenschutz@fuxam.de
For technical issues or other questions related to FuxamONE, you can find further assistance and contact information on the websites of the respective institution.
3. Whose personal data do we process?
Fuxam processes personal data of individuals to whom the responsible party provides access to the software. This typically includes the following categories of affected persons:
* Administrators and staff responsible for digital teaching (e.g., management personnel of the institution, staff from data centers or IT departments).
* Staff responsible for the content of teaching in studies or within faculties (i.e., faculty staff, holders, and staff of chairs).
* Instructors who conduct the respective courses and interact with learners (e.g., lecturers, guest lecturers).
* Students, learners, and other users of the educational offerings (e.g., full-time enrolled students, course participants).
4. What categories of personal data does Fuxam process on behalf of the responsible party?
Fuxam processes the following categories of personal data on behalf of the responsible party:
1. Technical Usage Data
Content and usage data include information automatically generated or collected during the use of the software. This includes, for example:
* Connection and log data to ensure the technical security of the software;
* Identification and access data to enable access to the software;
* Information about the devices used, such as the type and version of the device and the version of the operating system, to ensure proper display.
2. Content Data
Content data includes information that users create or upload via the software or that arises during use. This includes, for example:
* Text contributions, images, and media content (e.g., teaching materials, contributions in courses);
* Other documents uploaded by the user;
* Input data during prompt creation or in forms.
3. Student Data
Student data includes information required for student administration. This includes, for example:
* Name data, contact details, matriculation number, and other identification numbers;
* Assignment to study programs, faculties, and academic years/semesters;
* Participation in events, courses, and groups;
* Learning progress statistics;
* Information on sickness notifications and compensatory measures.
4. Communication Data
Communication data includes information necessary for student administration. This includes, for example:
* Chat messages via the messaging function;
* Interactive content (e.g., surveys, polls);
* Camera and microphone data during video chat participation in courses.
5. Exam and Assessment Data
Exam and assessment data are processed as part of exam management. The exams are created by administrators or instructors and completed by learners. This data includes, for example:
* Framework information for the exam (e.g., type of exam, exam course, instructor, evaluation criteria, matriculation number);
* Exam questions and content (e.g., questions, answers);
* Participation in exams (e.g., time of completion or submission);
* Exam results and evaluations (e.g., grades, points, comments);
* Log data related to exams (e.g., access to exam questions).
6. Data of Teaching Staff
Data of teaching staff are processed for organizing teaching events. This data includes, for example:
* Name data;
* Contact details;
* Title and qualifications as well as status group;
* Information on course and room assignments;
* Information on teaching events.
7. Payment and Billing Data
Payment and billing data are processed as part of the handling of paid events and educational products through access passes. This data includes, for example:
* Payment data required for processing any payments for such functions;
* Billing data according to § 14 UStG;
* Information about booked offerings.
Sensitive Data
Fuxam processes special categories of personal data only if these data are uploaded or entered by users via functions, e.g., in the form of a file (e.g., term paper), text contributions, or chat messages. Users can delete files and contributions at any time. If the functions are used by the responsible party, health data may be processed in exam management and student administration to organize sickness notifications or compensatory measures. The responsible party will only process particularly sensitive data within the meaning of Art. 9 para. 1 GDPR if the conditions of Art. 9 para. 2 GDPR are met.
5. For what purposes is your personal data processed?
Fuxam processes the data on behalf of the responsible party to enable comprehensive digital teaching within the framework of higher education. The purposes are determined by the responsible party and regularly include:
* Organization of teaching events and content (e.g., courses and supplementary materials);
* Preparation of teaching events (e.g., scripts and supplementary materials);
* Conducting teaching events (e.g., video and audio transmissions);
* Communication about teaching content (e.g., text contributions, messaging function);
* Conducting and evaluating polls (e.g., surveys);
* Evaluation of teaching events (e.g., number of participants, exam statistics).
6. On what legal basis do we process your personal data?
The responsible party decides solely on the purposes of the processing and the legal bases underlying the processing. If the processing of personal data serves the purposes of digital teaching, continuing education, or similar educational forms for conducting teaching events and exams, the following legal bases generally apply depending on the circumstances:
* Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures or for the fulfillment of a study contract (e.g., implementation or performance of the contractually agreed teaching).
* Art. 6 para. 1 lit. f GDPR for the protection of legitimate interests (e.g., ensuring system security, creating necessary statistics for reports).
* Art. 6 para. 1 lit. e GDPR in conjunction with the relevant provisions of the applicable state higher education law and state data protection law (if applicable to the client).
7. On what legal basis do we process your personal data?
FuxamONE is operated on servers in Germany. You can use some functions in FuxamONE without being connected to an institution. However, once your user account is linked to an institution, we will transfer your data to the respective institution. To provide the software and ensure its security, we use certain service providers known as processors. These include:
* Hosting providers that offer servers, data centers, and databases through which the software is accessible.
* IT service providers who ensure the security of the infrastructure (e.g., when accessing the software), conduct regular security tests, or are involved in software development.
A list of processors can be obtained by requesting it from us at datenschutz@fuxam.de. Some of these processors are located in third countries, i.e., countries that are neither members of the European Union (EU) nor the European Economic Area (EEA), such as the United States of America (USA). We will only transfer data to these countries if this is legally permissible under Art. 44 - 49 GDPR, meaning we have taken appropriate guarantees and measures to ensure the level of data protection (e.g., through standard data protection clauses and additional protective measures) and/or you have consented to such transfer in individual cases. You can obtain a copy of such regulations and agreements by contacting datenschutz@fuxam.de.
8. How long do we store your personal data?
The duration of data processing corresponds to the term of the main contract with the responsible party. User accounts are to be deleted by the responsible party when the purpose of processing ceases (e.g., termination, dismissal, exmatriculation). We store your identification and access data until the user account is deleted. If you voluntarily created your user account and it is not linked to an institution, you can delete it at any time. The date and time of the creation of the user account and the last login will only be deleted with the user account. Certain log data (e.g., accesses to exam or assessment questions) will also be deleted only with the respective course or exam. Some data are stored for the duration of legal retention or documentation periods, which arise from the Commercial Code (HGB), the Tax Code (AO), or the Money Laundering Act (GwG). These periods can last up to ten years. In some cases, the storage duration may also be based on the statutory limitation period, which according to §§ 195 ff. of the Civil Code (BGB) is usually three years from the end of the year in which the claim arose and the claimant became aware or should have become aware of it.
9. What rights do you have?
As an affected person, you have the right to object to the processing of your data:
* Objection: You have the right under Art. 21 GDPR to object to the processing of your personal data for personal reasons, provided that this processing is based on public or legitimate interests.
* Additionally, you have further rights under Arts. 15 - 22, 77 GDPR. These include:
* Access: You have the right to request information about the personal data we hold about you and its processing at any time. You can also request a copy of this data.
* Rectification: You have the right to have inaccurate or incomplete personal data corrected without delay.
* Deletion: You have the right to request the immediate deletion of your personal data stored by us if the reasons stated in Art. 17 para. 1 GDPR apply. This is the case, for example, when your data is no longer needed for the purposes for which it was collected, and there is no legal obligation to retain it.
* Restriction of processing: You have the right to request the restriction of processing under the conditions stated in Art. 18 para. 1 GDPR. This means we can only process certain personal data—with the exception of storage—with your consent or in other legally specified cases. This applies, for example, if you dispute the accuracy of your data and we need time to verify it.
* Data portability: You have the right to have your personal data provided to you in a machine-readable format or to have it transferred to another responsible party, where technically feasible.
* Withdrawal of consent: You have the right to withdraw any consent you have given for processing at any time. Please note that the withdrawal only applies to future processing and does not affect the lawfulness of processing carried out prior to the withdrawal.
* Complaint: You have the right to lodge a complaint with a data protection authority, e.g., the authority responsible for us. This is:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
reachable at: www.datenschutz-berlin.de