UniBE Mobile

Privacy policy

1. Collection, processing and storage of data

Personal data is only collected in connection with communication with the web servers of the University of Bern. The following access data is collected and stored in a web server log file on servers of the University of Bern:

 

- the IP address of the requesting computer (e.g. 123.456.97.36)

- the address (URL) that was requested from UniBE Mobile.

- the path and the name of the requested service of the UniBE Mobile.

- the date and time of the request (e.g. [12/Apr/2019:00:00:01 +0200])

- the amount of data transferred

- the access status

- the access type

- the description of the operating system used

- the session ID

- the serial number of the requesting computer

This data is processed for the following purposes:

- Securing the network infrastructure and technical administration

- optimizing the service functionality

- Identification and tracking of unauthorized access attempts.

 

The web server log files of the backend service of UniBE Mobile are stored for a period of 6 months from the termination of the access.  After this period, the web server log files are automatically deleted, unless a recognized attack on our network infrastructure leads to civil or criminal prosecution of the intruder and thus requires further storage. For peripheral systems (e.g. CTS), the corresponding privacy policies apply.

On the mobile device itself, the following personal data is stored during a login (for functions that require authentication): e-mail address, ID token, and access token.

Personal data collected during tracking (see chapter 4): Age, gender, interests. This data is not collected within UniBE Mobile, but derived from the general usage profile.

Push token IDs are stored when push notifications are activated (see chapter 8)

 

2. Consent to further use of data

When using the contact and feedback form of UniBE Mobile, a further collection, processing and longer-term storage of your entered data may be necessary, such as name or e-mail address. By entering and sending this data, you consent to its processing.

 

3. Disclosure of personal data

Personal data will only be disclosed to third parties (e.g. to other authorities) if this is required by binding legal provisions (e.g. official requests, court orders) or for the purpose of legal or criminal prosecution (e.g. in the case of attacks on the network infrastructure of the University of Bern). Personal data will not be disclosed to third parties for other purposes.

Nevertheless, the University of Bern may commission service providers to process the data collected via UniBE Mobile for the above-mentioned purposes. The University of Bern and the service providers are obliged to ensure compliance with data protection regulations by means of legal, technical and organizational measures.

 

4. tracking settings

In order to optimize and statistically evaluate the UniBE Mobile and to better adapt its content structures and navigation mechanisms to the needs of users, screen views and clicked elements within a page are logged and analyzed. For this purpose the software Firebase is used. The following is collected: Events, user interactions, system events and errors that occur with respect to UniBE Mobile. The data is collected and stored on a Firebase server. The access statistics are anonymized. It is not possible to assign the analysis results to a specific IP address.

 

5. Log-in

A login in UniBE Mobile is only required for the use of certain content areas. The password is not stored by UniBE Mobile after verification. However, so-called temporarily valid security tokens are used. These are signed hashes that are stored on your device instead of your username and password, both to provide security against unauthorized use of the UniBE Mobile and to enable its optimal and unhindered use. These tokens are stored encrypted in a protected area, the Scure Storage. When you log out, this data is deleted.

 

6. Links to websites and sharing of content

This privacy policy only applies to UniBE Mobile. For the websites of the University of Bern that are linked in this app and can be accessed in a browser, we refer to the privacy policy of the unibe.ch-websites at https://www.unibe.ch/legal_notice/index_eng.html

If you access content of other websites via links or the sharing function, we ask you to observe the privacy statements and security policies of the respective providers. The University of Bern is not responsible for the content or the data protection practices of these providers. In particular, the University of Bern cannot guarantee that the content of other providers is free of malware.

 

7. Location data

The app contains location-based services, which allow us to offer information tailored to your current location. This includes public transport connections and information about the infrastructure in your area, such as the Mensa You can opt to allow the search module to pinpoint your location on a map and to assist you with navigation.

To use these features, you must allow your location data to be queried and used on the device. Your location data are determined by the operating system via GPS data, recognition of WLAN-networks in the area, mobile communications data and Bluetooth. You can enable or disable this feature in your operating system settings at any time. The GPS location data is neither transmitted from your device to a server nor used to create movement profiles beyond your current location.

 

8. Push notifications

Our service includes push notifications to let you know that certain content is available in UniBE Mobile. In order to receive push notifications, you must enable them in the settings of your operating system. You have the option to deactivate or reactivate this function at any time. By entering the activation, you agree that we may store the so-called push token ID generated by your operating system for this purpose on our servers. This ID is used for server communication with your operating system provider. The content of the message is not personal.

When you use the log-out function, the token is deleted on the server.

 

9. Security

The University of Bern applies technical and organizational security measures to ensure that the data collected and further processed as part of the UniBE Mobile,

- remain confidential and are protected against accidental or unlawful access, alteration or disclosure, as well as against loss and destruction,

- is only accessible to those persons who must have access due to their function and task. This means that access to the data takes place exclusively according to the principle of necessity ("need-to-know")

To prevent third parties from viewing temporarily loaded data (e.g., exam results) on your mobile device, we recommend a timed screen lock in combination with a PIN or a biometric method.

 

10. Validity

The University of Bern reserves the right to amend the privacy policy at any time with effect for the future, should the implementation of new technologies or the legal situation make such an adjustment necessary. The University will notify you of any changes in an appropriate manner. In addition, we recommend that you regularly consult the data protection declaration of UniBE Mobile.

 

11. right of information and revocation

If you wish to obtain information about the personal data collected about you, or if you wish to have this data corrected, destroyed or blocked, or if you have any further questions about the use of this data, please contact us in writing, enclosing a copy of your identification document (PDF), at the following address

uni-app@unibe.ch

You can revoke your consent to the use of your data at any time by deleting UniBE Mobile.