The University of Zurich (UZH) welcomes you to the UZH now app. UZH takes data protection very seriously; in this statement, we explain which app-user data are collected, processed and disclosed by UZH, and for what purpose; we further explain how long these data are stored and describe the measures taken to safeguard their security. All measures conform to the prevailing provisions on data protection.
Table of contents
- 1. Object of Data Protection
- 2. Collecting, Processing and Storing Data
- 3. Consent to Further Use of Data
- 4. Disclosure of Personal Data
- 5. Tracking Settings
- 6. Login
- 7. Links to Websites and Sections of Content
- 8. Location Data
- 9. Push Notifications
- 10. UZH Card
- 11. Security
- 12. Validity
- 13. Right to Information and Right of Revocation
1. Object of Data Protection
Data protection serves to protect the privacy of individuals. It requires data processors to act lawfully, and confers enforceable rights to the affected persons with regard to the processing of their personal data. Section 3 of the Canton of Zurich’s Act on Information and Data Protection (Gesetz über die Information und den Datenschutz [IDG ZH]) defines personal data as any information related to an identified or identifiable individual. This includes details such as names, addresses, phone numbers and e-mail or IP addresses.
2. Collecting, Processing and Storing Data
Personal data are exchanged solely to enable communication between the UZH now app and the web servers of UZH. The following access data are collected and stored in a web server log file on UZH’s servers:
- The IP address of the requesting computer (e.g. 123.456.97.36)
- The address (URL) requested by the UZH now app
- The path and name of the requested service of the UZH now app
- The date and time of the request (e.g. [12/Apr/2016:00:00:01 +0200])
- The volume of data transferred
- The access status
- The type of access
- The description of the operating system used
- The session ID
- The serial number of the requesting computer
These data are processed for the following purposes:
- Safeguarding the network infrastructure and facilitating technical administration
- Optimizing service functionality
- Identifying and tracking unauthorized access attempts
Web server log files are stored for six months after access is terminated. Once this period has elapsed, web server log files are automatically deleted, provided there has been no identified attack on the University’s network infrastructure necessitating the civil or criminal prosecution of the intruder and thus requiring that the log file be stored longer.
No personal data are stored on the mobile device itself.
3. Consent to Further Use of Data
If you use the contact and feedback form of the UZH now app, this may require further collection, processing and long-term storage of the data you have provided, such as your name and e-mail address. By entering and sending this data, you give your consent for this information to be processed.
4. Disclosure of Personal Data
Personal data will be disclosed to third parties (e.g. other authorities) only if required by binding legal provisions (e.g. the ruling of an authority, court orders) or for the purposes of legal or criminal prosecution (e.g. in the event of attacks on UZH’s network infrastructure). Personal data will not be disclosed to third parties for other purposes.
Nevertheless, UZH may commission service providers to process data collected via the UZH now app for the purposes described above. Legal, technical, and organizational measures will be put in place requiring UZH and service providers to comply with the relevant provisions of data protection law.
5. Tracking Settings
For the purposes of statistical analysis and optimization of the UZH now app, and to better adapt the app content structure and navigation tools to the needs of users, the screens called up and elements clicked within pages are logged and analyzed using the software Matomo; the data are collected and stored on UZH’s servers. Access statistics are anonymized. It is not possible to trace the results of this analysis back to a specific IP address.
Use of the login function of the UZH now app is optional and restricted to members of the UZH community, who must enter a personal password. The Regulations on the Use of IT Tools at the University of Zurich (RUITT) apply for the protection and security of login details. After verification, the password is not stored by the UZH now app; however, temporary security tokens are used. Security tokens are small files that are stored on your device in place of your user name and password in order to enable optimal and unrestricted use of the UZH now app. These tokens are stored in encrypted form in a protected area in the sandbox. The data are deleted upon logging out.
7. Links to Websites and Sections of Content
This data protection statement applies solely to the UZH now app. For UZH web pages that are linked in this app and can be accessed via a browser, please refer to the data protection statement for UZH websites, which is available at www.uzh.ch/en/privacy. To the extent that access to content (such as contacts, events and news) is provided within the app via links or the sharing function, we ask you to take note of the data protection statements and security provisions of the relevant app providers. UZH is not responsible for either the published content or the data protection policies of these providers. In particular, UZH cannot guarantee that content provided by other providers is free of malware.
8. Location Data
The app includes optional location-based services, which we use to provide specific information that is tailored to your current location. This includes public transport connections and information on available infrastructure in the surrounding area, such as university cafeterias. You can opt to allow the search module to pinpoint your location on a map and to assist you with navigation. If you enable this function of the app, your location data are determined by the operating system via GPS data, recognition of WLAN networks in the area, mobile communications data and Bluetooth. You may enable or disable this function at any time in your operating system settings. Your location data are used solely for determining your current whereabouts. The data are neither protocoled nor stored; your location movements are not profiled.
Consent to use of location data can be revoked at any time by adjusting your settings accordingly.
9. Push Notifications
Our services include push notifications to communicate that certain content (such as news or events) has become available in the UZH now app. If you activate push notifications, you thereby agree that we may store on our server the push token ID generated for this purpose by your operating system. This ID is used for communication between our server and your operating system provider. The content of the message is not person-specific.
The token is deleted when you disable the notifications function in your system settings or use the logout function.
Consent to use can be revoked at any time by adjusting your settings accordingly.
10. UZH Card
Our service covers information for special discounts in the cafeteria as well as a digital access authorization for using the infrastructure of the Academic Sports Association Zurich (ASVZ) for authorized users. The UZH Card includes the following data:
- Name, first name(s)
- Note: S (for special discount)
- Note: ASVZ
This information is the same as on your physical UZH Card and is stored on your device in decrypted form via access to the database of the card management system of UZH. Reviewing, deleting and re-saving the access authorization data takes place dynamically.
Usage data on the special discount as well as ASVZ access authorization through the UZH now app is neither recorded by nor stored in the system.
UZH uses technical and organizational security measures to ensure that data it has collected and further processed in connection with the UZH app
- remains confidential and is protected from accidental and unlawful access, change, disclosure, loss and destruction; and
- access to the data is granted only to those persons who, due to their role and task, have to access the personal data in accordance with the principle of necessity (on a “need-to-know” basis).
The measures that must be taken depend on the type of information, the type and purpose of use, and the technology available.
UZH reserves the right to amend this data protection statement at any time with future effect if the implementation of new technologies or the legal situation so requires. UZH will inform you of any amendments in a suitable form. Moreover, we advise you to peruse the data protection statement on a regular basis.
13. Right to Information and Right of Revocation
If you would like information on data relating to your person that has been collected and processed, if you want such data to be corrected, destroyed or blocked or if you have further questions on the use of such data, please write to the Delegate for Data Protection of UZH and enclose a copy of your identity card.
The Delegate for Data Protection of UZH can be contacted at the following address:
Delegate for Data Protection of UZH
You may revoke your consent to use of your data at any time by deleting the UZH now app.