Security at Untis

We protect your data

Your data processed in WebUntis and/or Untis Mobile are safe with us (Untis GmbH)! We are obliged to protect your personal data processed in the course of our mutual business relationship, and we take this very seriously.

You can read our complete privacy statement here.

Server in Germany and Austria No money with advertising Reliable partners GDPR
Our high-performance servers are located in Austria and Germany, guaranteeing you the highest level of security when using our timetable software. We do not earn money with marketing. Your data will not be used for marketing or sold to third parties under any circumstances. We exclusively cooperate with partners who also comply with the strict EU regulations. Untis complies 100% with GDPR and therefore stands for absolute safety regarding sensitive personal data.

Certificates

All Untis products are ISO 27001:2013 certified

This certificate confirms that Untis GmbH fulfils all requirements of this world-renowned standard for information security. This is confirmed by TÜV Rheinland.

The validity of the certificate and fulfilling the requirements is verified anew every year. This guarantees that we always are and always will be up to date regarding data and information security.

Data protection

1. General 

Your data which are processed in WebUntis and/or Untis Mobile are safe with us (Untis GmbH)! We are obliged to protect your personal data processed in the course of our mutual business relation, and we take this very seriously. We would like to ask you to please take your time to thoroughly read this data protection information so that you can understand why we collect your data and how we are processing them. 

  • We process personal data for the operation of the systems we provide our products with. Therefore, we are (depending on the specific functionality and the service we owe to our contract partner) responsible and data processor within the meaning of GDPR. 
    See item 3 
  • We process personal data in WebUntis and in the free-of-charge version of Untis Mobile (STANDARD version) on behalf of and on the instruction of our contract partners (data processor within the meaning of GDPR).  
    For the optionally available PREMIUM version of Untis Mobile, we provide additional functionalities going in part beyond the ones provided by WebUntis. 
    See item 4

2. What is personal data? 

Personal data is information relating to natural persons (students, students’ parents or teachers) whose identity has been identified or is identifiable (e.g.: name, contact details, billing data, IP address). 

3. Operation of systems we provide our products with 

The following information, which in general is related to the specific user, is processed in order to be able to offer our products: 

  • User name
  • User ID
  • Date and time of access 
  • URL accessed
  • Referrer URL 
  • Educational institution 
  • IP address 
  • Browser used 
  • Operating system used 
  • requestId 
  • traceId 

Data is transmitted by TLS encryption. 

 

The aforementioned data is processed for the reliable and safe availability of our products, and are deleted after six months from the data collection date. Saving the data for six months is necessary in order to be able to identify, attribute and resolve any technical problems which might occur. Additionally, it can be used to support investigating authorities in detecting crimes. 

4. Data processing in WebUntis and Untis Mobile 

Both WebUntis and Untis Mobile are platforms for the same database, and contain the same data sets. The functionalities available are mostly the same. Additional features are available in the PREMIUM version of Untis Mobile. 

When you use WebUntis or Untis Mobile in the STANDARD version, processing of personal data is based on the order processing agreement according to Article 28 of the GDPR concluded with the respective responsible party (this is the educational institution you or your child attends or at which you teach).   

Regardless of the respective user role and the rights that go with it, the school defines which data are necessary and who will have access to them. We provide the platform to realise the requirements of the specific institution. The platforms comprise the following features depending on the respective user rights: 

  • Room bookings 
  • Timetable and substitution planning 
  • Electronic class register 
  • Parent-teacher day planning 
  • Course registering 
  • Messenger 

In addition to the features available in the STANDARD version, you have additional features in the Untis Mobile PREMIUM version, depending on the user rights. For example: 

  • Private saving of homework 
  • Design change 
  • Lists of exams and homework with reminder function 
  • Widgets 

Click here for a comprehensive description of currently available features.  

Personal data in relation to the respective features of the PREMIUM version are processed regardless of our contractual agreement with educational institutions, but rather based upon our user agreement concluded with the individual user (according to Article 6 para 1 lit b of the GDPR).  
When using the PREMIUM version, no additional information is transmitted to Untis. All data generated by PREMIUM features going beyond WebUntis features are exclusively saved on the user’s device; NO synchronisation of this data with any Untis systems takes place. 

As part of our contractual relationship with you, we will in general save your data for seven years (starting with the end of the respective fiscal year) due to our corporate and fiscal documentation requirement according to para. 212 UGB (Austrian Commercial Code) and para. 132 BAO (Austrian Federal Fiscal Code). In justified individual cases, e.g. in the assertion of or defence against specific rights, we can save your data for up to 30 years after terminating our business relationship. In the scope of Untis Mobile PREMIUM version, no personal data are disclosed to any recipient.    

Regarding all the processing operations for which we are not data processor within the meaning of GDPR but rather a commissioned data processor, we refer to the privacy policies of the responsible educational institute. 

Untis Mobile uses services provided by Firebase (a Google product); this includes the analysis of automatically created error messages (e.g. in the event of a computer crash). 

When installing the app, the following rights are requested: 

Right 

Specific information on rights

Important for  

Camera 

Access to the camera is necessary in order to be able to recognise and process QR codes. QR codes are used to assist you when you register. The rights can be deleted afterwards in the application settings.  

iOS, Android  

Push notifications  

The user gets relevant information via push notifications, e.g. on changes in the timetable. This right can be deleted afterwards in the application settings.

iOS  

  

If you do not grant the aforementioned rights or if you deactivate them after installation, you can only use Untis Mobile to a limited extent.  

Furthermore, we would like to point out that Untis Mobile does not contain any advertisements (the note about this from the Google Play Store is made due to Untis Mobile being linked to Untis Messenger).  


5. Automation-supported decision taking 

We will not carry out processing of your data that results in a decision based solely on automated processing (including profiling) which results in legal effects for you or significantly disadvantages you in a similar way (Article 22 GDPR). Any decision having the respective effect is taken by a natural person. 


6. Collecting data from other sources (information according to Art. 14 GDPR) 

The PREMIUM version does not collect any data from other sources. We exclusively use information that you entered or provided us with when using it (e.g.: saved homework or absence reports). 

Depending on the respective feature, data collected and processed in the STANDARD version are processed further (e.g. registration for office hours according to information assigned to students or teachers).   

When using the PREMIUM version, no additional information is transmitted to Untis. All data generated by PREMIUM features going beyond WebUntis features are exclusively saved on the user’s device; NO synchronisation of this data with any Untis systems takes place.   

7. Which rights do you have regarding data processing? 

We would like to inform you that you have the right to  

  • request information about which of your data we process. The right of access also includes the right to obtain a copy of the data as long as this does not adversely affect the rights and freedoms of others (see in detail Article 15 GDPR); 
  • obtain the rectification of inaccurate personal data (see in detail Article 16 GDPR); 
  • obtain erasure of personal data (see in detail Article 17 GDPR). The right to erasure does not apply to the extent that processing is necessary, e.g. for compliance with legal or contractual obligations; 
  • obtain restriction of the processing of your data under certain circumstances (see in detail Article 18 GDPR); 
  • object to the processing of personal data which are necessary to respect our rights or the rights of a third party. In the case of objection, we will not process your data any longer, unless processing your data serves the establishment, exercise or defence of legal claims or we demonstrate compelling legitimate grounds which override your interests. When objecting to the processing for direct marketing purposes, we shall not process your personal data for this purpose any more (see in detail Article 21 GDPR);
  • receive the personal data that you have provided in a structured, commonly used and machine-readable format. However, the right of data portability is only given if it is based on your consent or on a contract (see in detail Article 20 GDPR). 

To exercise the aforementioned rights, please contact the respective educational institution. 
If your request concerns data processing beyond the extent provided by your educational institution, please send an e-mail to datenschutz(at)untis.at or send a letter to Untis GmbH, Belvederegasse 11, A2000 Stockerau referring to your educational institution. We would like to inform you that processing your request can only be done in cooperation with your educational institution.   

If, however, your right to the lawful processing of your data is – against expectation - violated despite our obligation to process your data lawfully, please contact us via mail or e-mail (see contact details below), informing us about your concerns so that we can address them. However, you also have the right to lodge a complaint at the Austrian Data Protection Authority or at another EU data protection supervisory authority, in particular at your place of residence or work.  

We hope we have made clear in which form and for which purpose your data are processed. If, however, you still have any questions regarding the processing of your personal data, do not hesitate to contact us.   

 

Untis GmbH 
A-2000 Stockerau, Belvederegasse 11 
VAT No (UID): ATU69811938, Commercial Register No (FNr) 437283p, Regional Court of Korneuburg 

phone: +43 (0)2266/62241/0 
fax: +43 (0)2266/62241/6 
e-mail: datenschutz@untis.at 
web: www.untis.at