Terms of Use Microsoft 365 for students (GDPR)
Please note:
If the student status is lost or the checkboxes in the self-service are deactivated, access to the content stored in M365 is also lost (e.g. Office, OneDrive, OneNote, SharePoint, etc.).
After a standard period of 30 days, the account is automatically deleted and with it the content in M365.
Declaration of consent in accordance with GDPR section 6 (1) a for the use of the Microsoft 365 cloud service
All students can use the IT infrastructure of RWTH Aachen University. In addition to the university's local infrastructure, you can also use Microsoft 365 on a voluntary basis. Microsoft 365 is a cloud service offered by Microsoft for students at RWTH Aachen University. Various Microsoft products and online services* can be used in the cloud via this service for the purposes of student self-organization and communication.
The services offered are provided on servers that are located in Microsoft cloud data centers and not in the RWTH Aachen University data center. RWTH Aachen University therefore has no physical access to the hardware. However, RWTH Aachen University is responsible for implementing authentication and managing the licenses.
Authentication for Microsoft 365 is realized via the single sign-on account (Shibboleth). By using it, you confirm the following points:
- Acknowledgement of the transmission of personal data to Microsoft. These data are specifically: first and last name and email address and are used exclusively for authentication of the user.
- Since Microsoft 365 is software of US origin, US export control law must be observed in addition to the directly applicable national and supranational law.
- If the student status is lost or the checkbox in the self-service is deactivated, access to the content stored in M365 is also lost (e.g. Office, OneDrive, OneNote, SharePoint, etc.). After a standard period of 30 days, the account is automatically deleted and with it the content in M365. BitLocker recovery keys stored in the cloud are also affected by the deletion. As a result, users will no longer be able to access the data on the encrypted hard disk if a BitLocker query is triggered.
The IT Center accepts no responsibility for failed or incomplete backups of data stored in the cloud. - For students who are also employees of RWTH Aachen University, the following applies: the use of the M365 account in the student tenant is exclusively for the above-mentioned purposes. The use of M365 in a business context is only permitted to a limited extent and with the designated tenant m365.rwth-aachen.de: (https://help.itc.rwth-aachen.de/en/service/468ad37bfd1f4fe19073f4465ea3c685/article/df27d5e5e92e4992b1465f62d0313d18/)
The IT Center has also centrally implemented the following framework conditions:
- As far as technically possible, M365 has been reduced to the following apps: Outlook, Word, Excel, PowerPoint, OneNote, OneDrive, SharePoint online and Teams.
- The following lifecycle is implemented:
- Student accounts are removed from the M365 area after the loss of student status at RWTH Aachen University (i.e. users are no longer visible to others and can no longer log in). The final deletion of the account and the data associated with the account in OneDrive will take place 30 days later.
- Guest accounts are automatically removed from the M365 area after 3 months without login (i.e. the users are no longer visible to others and can no longer log in). The account will be permanently deleted after 30 days.
- For SharePoint sites, notifications are sent to the administrators after 3 months of inactivity. If no activity is detected after three reminders at two-week intervals, the respective site is removed and permanently deleted after 30 days.
- The following memory limits are assigned:
- Personal OneDrive: 10 GB
- SharePoint Site: 50 GB
The following obligations apply to the user. These result directly from Microsoft's license conditions and measures for compliance with data protection and data security:
- Microsoft software and services are used in accordance with the current version of the Product Terms (PTs), the Online Services Terms (OSTs) and the Data Protection Addendum for Online Services (DPA). These can be viewed on the Microsoft website.
- The software and services are to be used exclusively for the purposes of student self-organization and communication.
- The use of the software and services is not permitted for student organizations and associations.
- The respective users are responsible for backing up the data stored in the cloud.
- When using M365, the applicable legal provisions and regulations (license law, data protection law, personnel file law, tax law, copyright law, telemedia law, archive law, US export control law, etc.) must be complied with.
- You are only entitled to use the software and services during the licensed period. All software must be deleted or services may no longer be used if RWTH Aachen University terminates the MS Bundesvertrag or does not submit an accession or renewal order before the end of the licensed period or does not acquire a perpetual license, depending on which event occurs first.
- Storing BitLocker keys in the cloud is not recommended. The use of BitLocker must be checked and, if necessary, deactivated on all devices on which it has been activated via the Microsoft Tenant for students in Windows.
- When using the Office Web Apps, the data processed there is automatically saved in the cloud (in the personal OneDrive area). The same rules apply here as for OneDrive.
- No central backup is created by the IT Center or Microsoft for the data stored online in OneDrive and SharePoint. Documents can be synchronized to specific end devices. The document versions of the last 30 days are stored online in OneDrive.
- OneDrive and SharePoint online are not systems for permanent storage in the sense of archiving.
By using M365, you accept the above regulations.
You can find more information about Microsoft 365 and the data protection information at https://privacy.microsoft.com/de-de/privacy (https://privacy.microsoft.com/de-de/privacy) and (https://privacy.microsoft.com/de-de/privacystatement).
The use of Microsoft 365 is voluntary. In accordance with section 17 GDPR, you can request the correction, deletion and blocking of your personal data from the IT Center (servicedesk@itc.rwth-aachen.de) at any time. You can also amend your declaration of consent with effect for the future at any time without giving reasons or revoke it completely by removing the checkmark in the self-service: www.rwth-aachen.de/selfservice (https://www.rwth-aachen.de/selfservice)
In addition, we recommend the following courses of action:
- Use the option of labeling the stored data and documents with corresponding categories.
- Exclusive use of the WebApps (without alternative local Office solutions) is not recommended due to the lack of local storage options.
- Please note the existing RDM processes and solutions at RWTH Aachen University when processing and storing research data.
- The use of private devices is at the user's own risk. In the event of loss of data on the end device, no guarantee or support can be provided by RWTH.
*Outlook, Word, Excel, PowerPoint, OneNote, OneDrive, SharePoint and Teams