This data protection notice informs you on the processing of personal data in connection with the use of an IU mobile device (e.g. an iPad, referred to as “device” in the following). IU International University of Applied Sciences (abbreviated as “IU” in the following) uses a so-called Mobile Device Management System to manage their devices (abbreviated as “MDM” in the following). If you are using a device which was given to you by IU, for example an IU iPad, your personal data will be processed through the MDM. The notice on data protection contains important information on the processing of personal data through our MDM.

1. Responsible party and data protection officer

IU, headquartered at Juri-Gagarin-Ring 152, 99084 Erfurt, is responsible for the processing of your personal data. IU has commissioned Ms. Dr. Annette Demmel, SPB DBO Services GmbH, An der Buche 4, 13465 Berlin, annette.demmel@spb-dpo-services.com, as their external data protection officer.

2. Data categories

The data categories listed in the following can be processed as part of the use of the device which uses MDM software. The exact processing of your personal data depends on how you use the device. This may result in fewer data being processed than outlined in the following. The information outlined in the following meets the latest technological standards. Changes or additions due to new versions of iOS or adjustments of the MDM software are excluded from this and we will inform you if there are any changes.

Name Name of the device (can be given by the user), requirement of the system: Device name = serial number.

Town/city The location of the device merely represents an approximation as the GPS data of the device cannot be accessed by Jamf School. It is only possible to determine the approximate location of the device since the last checkin. A location log won’t be produced. The location will be determined via the IP address. This tracking of the “location” is de-activated as per the current rights/roles-concept and can only be activated by a master administrator according to the “four-eye-principle” and only if this is absolutely necessary. The tracking can be activated if requested by the user, for example to find a lost device. However, even in that case it is only possible to determine the approximate location.

Registration method* All devices will be administered centrally and are therefore being registered automatically in the MDM.

Model* Shows the device model.

Serial number* Shows the serial number of the device.

Version of operating system Shows the version of the operating system.

Maintained* Shows if the device is being maintained, that is, administered.

Member of Shows the groups which a device is part of.

Charge (charging status) Shows the battery level.

Available storage Shows the amount of available storage on the device.

Asset-Tag A device may get a label for its internal administration.

Annotations Individual annotations can be added for every device.

Code Shows if a code was defined for a device or not. The code can be reset by IU. Alternatively, the whole device can be reset.

The devices can be protected with a six-digit code to secure the protection of data and encryption of the devices. This code can be defined individually and cannot be viewed by IU.

Code permitted Shows if a code can be set for a device.

Data protection Shows if the hardware encryption is activated for the device (as soon as password was set up).

Safe internet Shows if Safe Internet is set up on a device.

Recovery code Shows the recovery code after the connection of the device with an Apple-ID. Through this code, the device can be unlocked if it is locked.

Activation lock supported Shows if the activation lock is supported or not.

Backup Enabled (backup activated) Is related to the iCloud backup and shows if an iCloud backup was activated or not.

Latest backup Shows the state of the current iCloud backup.

Signed in at iTunes Store Shows if an Apple ID was registered at the iTunes Store.

Last check-in Shows when the device was last connected to the MDM system.

Enrolment date (registration date) Shows when the device was added to the MDM.

Time zone Shows the time zone which was set on the device.

Total bytes saved from source Shows the amount of data that has been retrieved and cached from the internet through content caching since the date specified under "Total Bytes Since".

eSIM identification (only for iOS 14 or newer) Shows the eSIM identification.

Labelling Shows the name of this mobile tariff.

ICCID Shows the ICCID-value.

IMEI Shows the IMEI of the device.

Network operator Shows the name of the network operator.

Version of network operator settings Shows the version of network operator settings.

Preferred voice Shows if this mobile tariff should be preferred for language.

Preferred data Shows if this mobile tariff should be preferred for data.

Roaming Shows if this device is set to roaming mode.

Current country code mobile device Shows the current country code of the mobile device as a numeric character string.

Current network code mobile device Shows the current network code of the mobile device as a numeric character string.

Public IP Shows the public IP address of the device.

Network Tethered (Network connection via personal hotspot) Shows if tethering is being used or not.

Wi-Fi MAC Shows the Wi-Fi MAC address of the device.

Ethernet MAC Shows the Ethernet MAC address of the device.

Bluetooth MAC Shows the Bluetooth MAC address of the device.

Data Roaming enabled Shows if roaming was activated on the device or not.

Personal Hotspot enabled Shows if a personal hotspot was activated on the device or not.

Updates Shows if a device is available for a device or not. An update may be forcefully installed through the MDM from IU. This is advisable if there is a critical security gap. Personal data of the user must be secured by the user in advance.

Owner history Information on the current and previous user of the device, such as their email address, device registration period and time.

Administered profiles Shows the configuration profiles which have been transferred by the MDM.

Other profiles Shows the device profiles which have been installed by the user.

Administered apps All the content which will be distributed to the devices via the MDM will be defined as “administered”. This includes all apps which have been pre-installed by IU, such as the IU Learn App, LMS365.

Apps which have been downloaded by the user Shows apps which have been downloaded by the user but not their contents.

(only macOS) scripts Shows the scripts which have been distributed to the computer.

Internal apps Shows the apps which have been pre-installed by Apple.

Documents Documents which are being managed centrally can be transferred to the devices. They are being listed here. The content of the documents cannot be displayed.

Jamf teacher Shows which profiles are being provided on the devices for the Jamf Teacher App.

Incidents Incidents can be used to report any problems which have occurred in connection with users and devices to other Jamf School administrators or to keep a record of the issues.

Activity history Overview of the commands or actions which have been executed between the device and the MDM (e.g. from an administrator, various changes on the device/MDM), including a time stamp.

3. Purpose and legal basis for processing

The devices which have been provided to you from IU for your studies, e.g. iPads, remain property of IU until the successful completion of the study programme. You only have the right to use the device for the duration of your study programme.

IU uses this MDM to have an overview of their devices and to prevent devices from being sold or unlawfully given to third parties. It is possible to delete data remotely through the MDM in case you lose your device or if it is stolen from you so that third parties won’t be able to see your data.

The legal basis for the management of devices is the user agreement which we have made with you, meaning article 6, paragraph 1, page 1 lit. b) General Data Protection Regulation (“GDPR”).

The IT support might access data on the device which have been made available through the MDM as part of the management of the device. The legal basis for the access is our legitimate interest to ensure the security of the information technology, that is, article 6, paragraph 1, p. 1 lit f) GDPR and to provide you with functional devices for the duration of the user agreement article 6, paragraph 1, p. 1 lit f) GDPR.

We want to inform you that the following apps cannot be accessed by the MDM: email folder/email app, contacts, photos, SMS, iMessage, social media, browser history, FaceTime/call history, personal reminders and notes. Private content which is saved on these apps are not accessible to the IT support.

Besides and what is more, the MDM cannot specify which apps are being used how often and in-app data cannot be read.

However, as is inherent in any device management, there is always a master administrator whose rights go beyond those of IT support. If necessary (e.g. in the event of a theft/loss), the master administrator can view the approximate location of the device (via the IP address, not via GPS) and has full access to the MDM interface, meaning that they can reset the device to iPad-OS factory settings and thus delete all locally saved data from the device. Even in such an event, it is not possible to view any personal content on the device at any point.

However, these special (access) rights can only be exercised in the above-mentioned case of need according to the 4-eye principle and only after merging a shared managed password in exceptional situations and after prior authorisation (e.g. in the event of a device loss, cyber-attack, etc.). This is not the case if you fail to comply with your obligation under the User Agreement to delete the data on your device before returning it; in such a case, IT Support of IU will reset your device and your data will be irretrievably lost.

The legal basis for accessing the device by the master administrator is our legitimate interest in accordance with Art. 6 (1) sentence 1 lit. f) DSGVO to protect our property and our IT infrastructure. If you wish to avoid such management taking place on the device, we recommend using a device owned by you for this purpose.

4. Recipients and transmission

IU uses JAMF Software, LLC (“Jamf”), 100 Washington Ave. S., Suite 1100, Minneapolis, MN 55401-2155 USA as an operator for the MDM. To safeguard your personal data that may be processed in this context, we have concluded an order processing agreement with Jamf. In principle, your personal data is processed on servers located in the Federal Republic of Germany. As it may occur that personal data are also processed outside the EU in the context of MDM, we have included EU standard contractual clauses in the order processing agreement. If you would like to receive a copy of these EU standard contractual clauses, please contact datenschutz@iu.org. Jamf has also signed up to the EU-U.S. Data Privacy Framework. The EU-U.S. Data Privacy Framework is an adequacy decision by the EU regarding data transfers to those companies that have self-certified to the U.S. Department of Commerce to ensure a level of data protection equivalent to the EU.

5. Duration of storage

The data managed within the MDM is stored for the following periods:

The data categories marked with an "*" in section 2 under "Data categories" are processed for the entire duration of the user agreement. All other data categories are dynamic in nature, i.e. they are subject to constant change because they depend, among other things, on usage behaviour (e.g. the battery status of a device used for streaming services changes more quickly than that of a device that is currently unused in flight mode), or on the intervals at which software updates are made available by the manufacturer. These dynamic data categories, which are subject to constant change, are continually overwritten and are irretrievably lost with the overwriting and are not retained.

Please note that you are responsible for saving your data (in the form of documents, photos, etc.) on the device in such a way that it can be recovered even if the device is lost. In addition, it is also your responsibility to delete and save all data on the device elsewhere before returning the device to IU.

If you return your device to IU, it’ll be reset, and all data will be irretrievably deleted. The same applies if the device is lost. In such an event, the device will be deleted remotely.

Otherwise, all data on the device will be completely deleted after the end of the user agreement concluded with you (either because you have completed your study programme at IU or because the user agreement ends sooner — for whatever reason). With regard to the ownership of the device, we refer to the transfer of use agreement concluded with you.

6. Automatised decision-making and profiling

IU does not use personal data for automatised decision-making. IU does not create profiles from personal data either.

7. Why is your personal data being collected?

In order to maintain an overview of the devices owned by IU and to comply with the current requirements of IT security and data protection according to article 32 GDPR (e.g. encryption, data separation, software update management), IU uses MDM. In this context, your personal data will be processed to the extent described above. You are free not to provide any personal data to IU in this regard. However, this also means that you have to refrain from using an IU device. The same applies in the event of an objection to their processing.

8. Your rights

You may contact IU in written form or via email at datenschutz@iu.org to exercise the following rights:

• Information on personal data in order to control and verify it,

• Receipt of a copy of personal data

• Rectification, erasure or restriction of processing, this also includes the right to complete incomplete or incorrect data by supplementary communication,

• Right of objection to processing.

• You may receive data provided in a structured, commonly used and machine-readable format and transfer this data to another controller, provided that you have given your consent to the processing or the processing is based on a contract.

• You have the right to revoke your consent at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority in connection with the processing of personal data. You may exercise this right of complaint by contacting the supervisory authority responsible for your place of residence or the supervisory authority responsible for the registered office of IU in Thuringia:

The Commissioner of Thuringia for data protection, Häßlerstraße 8, 99096 Erfurt.