Data protection declaration for Baramundi

For what purpose will personal data be processed?

The personal data provided is processed exclusively for the provision and maintenance of central standard workstation PCs (client management) and for the testing and maintenance of automated processes at the Technische Universität Dresden.

Who is responsible for data processing and who can data subjects contact?

Responsible in the sense of Art. 4 No. 7 GDPR is the TUD Dresden University of Technology.

SCD

TUD Dresden University of Technology CIDS - Center for Interdisciplinary Digital Sciences Support Center Digitalisierung (SCD) 01062 Dresden

Tel.: +49 (0)351 463-40000 E-Mail: servicedesk@tu-dresden.de

Data Protection Officer

Mr Jens Syckor Data Protection Officer

Visiting address: 01062 Dresden

Tel: +49 351 463-32839 E-Mail: informationssicherheit@tu-dresden.de

What is the legal basis for the processing of personal data?

The legal basis for the purpose of secure system administration is Art. 6 subpara. 1 lit. e, para. 3 GDPR in conjunction with. § 3 para. 1 Saxon Data Protection Implementation Act (SächsDSDG).

The legal basis for sending system-relevant information is § 11 para 1 SächsDSDG.

What personal data will be processed?

1. Device related inventory data collection: software, hardware, files, registry entries
2. Device-related recording of operating times
3. Users (in bundle-History)
4. Registered User, Last User, Primary IP, Initiator (in current activity; Log), Created by (in comment Static groups)
5. Users (bMS/revision log)
6. Windows account, display name (bMS/Personal settings)
7. user name for proxy settings (bMS/Downloader)
8. users and groups in environment, security management and search (bMS/AD users)
9. user names in bMC, bServer, DBMGR, e-mail addresses from Personal notifications (bMS/baramundi logs)
10. e-mail address in bMC (bMS/Personal notifications)

How will personal data be processed and how long will it be stored?

The personal data according to 5 and 9 will be deleted after 30 days. All other data is deleted when the client is deleted (e.g. at the end of the service) or when the user account is deleted.

What general rights do data subjects have?

Right of access to personal data (Art. 15 GDPR) You have the right to obtain information on the data processed concerning your person, as well as the possible recipients of this data, at any time. You are entitled to a reply within one month after the responsible party receives the request for information.

Right to rectification, erasure and restriction (Art. 16–18 GDPR) You may request that TUD Dresden University of Technology correct or erase your personal data and/or restrict its processing at any time.

Right of appeal (Art. 77 GDPR) You can contact TTUD Dresden University of Technology's Data Protection Officer (see above) at any time and, in the case of a complaint pursuant to Art. 77 GDPR, the responsible supervisory authority for data protection.

Responsible supervisory authority: Saxon Data Protection and Transparency Commissioner
Dr. Juliane Hundert
Maternistraße 17
01067 Dresden
Tel.: +49 351 85471 101
Email: post@sdtb.sachsen.de
Web: www.datenschutz.sachsen.de

Note: To claim your rights, it is sufficient to notify the responsible person in writing (email, letter). However, the rights can only be exercised if the processed data allows for the identification of your person.

Information on the right of objection pursuant to Art. 21 para. 1 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 subpara. 1 lit. e GDPR, at any time. The controller shall no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.