Privacy Policy

This is an informal translation. Only the German original is legally binding.


1. Project/Occasion:

Privacy policy for the University of Münster offering on Microsoft 365.

2. Name and Address of the Responsible Controller

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Universität Münster,
represented by the Rector, Prof. Dr. Johannes Wessels,
Schlossplatz 2, 48149 Münster
Phone: + 49 251 83-0
E-mail: verwaltung@uni-muenster.de

3. Name and Address of the Data Protection Officer

The data protection officer of the data controller is:
Nina Meyer-Pachur
Schlossplatz 2, 48149 Münster
Phone: + 49 251 83-22446
E-mail: Datenschutz@uni-muenster.de

4.General Information on Data Processing


a) Scope of Data Processing

The data to be processed are divided into three categories:

  • Functional data
  • Content data
  • Diagnostic data


Functional Data:

Functional data is required to provide the services. First name, last name, status (student or employee), Entra account (kennung@on.wwu.de) with the associated Entra password are transferred to Microsoft Entra. The Entra account can be used to log in to Microsoft websites.

Content Data:

Content data is the actual content of documents, presentations, etc. If you wish to use data storage in the Microsoft Cloud oneDrive, please refer to the Münster University Cloud Policy.

Diagnostic Data:

Office products collect user statistics, which Microsoft says are used to improve the products. Diagnostic data is, for example, user ID, the duration of use of individual services.

The Processing is divided into three Categories:

  • Office Apps (workstation and laptops)
  • Mobile Office Apps (smartphone and tablet)
  • Online Office (web pages)

Office Apps:

For Office Apps, the functional data is used to download and license the product on the computer. Content data can be stored locally on the computer or in the Microsoft Cloud, if applicable.

Mobile Office Apps:

Software delivery is done through the platform's app stores. The feature data is used for licensing and logging in to the Microsoft Cloud. Content data can be stored in the Microsoft Cloud or on the mobile device.

Online Office:

The Office application is presented as a web page. No software installation is performed. The function data is used for logging in. The content data is stored in the Microsoft Cloud.

b) Purpose of the Data Processing

The purpose of processing your personal data mentioned above is to provide you with workplace environments with Microsoft Office products.


c) Legal Basis for the Processing of Personal Data

Insofar as we obtain your consent for processing operations of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis for the processing of personal data.
Insofar as processing is necessary for the performance of a contract to which you are a party, or is necessary for the implementation of pre-contractual measures that are carried out at your request, Art. 6 (1) lit. b DSGVO (if applicable in conjunction with § 18 (1) DSG NRW) serves as the legal basis for the processing of personal data.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which the University of Münster is subject, Art. 6 para. 1 lit. c DSGVO in conjunction with. § Section 3 (1) DSG NRW as the legal basis.
If the processing is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority vested in University of Münster, Art. 6 (1) lit. e DSGVO in conjunction with. § Section 3 (1) DSG NRW, Section 3 (1) HG NRW as the legal basis for the processing.

d) Other Recipients of your Personal Data

Your collected personal data will be shared with the following recipients outside of University of Münster:

  • Microsoft Ireland Operations Limited

e) Duration of storage of personal data

According to Microsoft's guidelines, your personal data will be automatically deleted after the termination and expiration of the grace period. According to Microsoft, this is currently after 180 days at the latest.
If the processing is based on your consent, the data will only be stored until you withdraw your consent, unless there is another legal basis for the processing.

5. Your rights as a Data Subject

If the respective legal requirements are met, you have a right of access to your personal data processed by University of Münster (Art. 15 GDPR), a right to rectification of your personal data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR) and a right to object to processing (Art. 21 GDPR).


6. Right to complain to the supervisory Authority

You also have the right to lodge a complaint with a supervisory authority, e.g. the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Tel.: 0211/38424-0, e-mail: poststelle@ldi.nrw.de.

Further Information

Microsoft's privacy policy can be found at:
https://privacy.microsoft.com/de-de/privacystatement

Information on diagnostic data:
https://docs.microsoft.com/de-de/deployoffice/privacy/required-diagnostic-data

Microsoft Support:
https://support.microsoft.com/de-de/office