Sample text for responsible parties:
Privacy notice and consent to use the Sdui app
*Please note: This document has been translated into English. In case of conflicting expressions, the German version is legally valid.
Name and contact details of the controller
Name of the school, address, phone and e-mail address
Contact of the data protection officer
Contact details of the data protection officer of the school / daycare centre
We may process the following data from you:
First and last name
Role (e.g. student, parent)
Abbreviation or identifier
Content data (text messages, voice messages, videos, photos, office documents)
Special categories of data (Art. 9 GDPR) are only processed in exceptional cases in the context of free text fields filled in by you, if you enter such data there (for example in the context of an absence message).
We pursue different purposes with the use of the app. In the “News” section, you can find important information about current news at the school, while in the “Timetable” section, you can find out about the current schedule. The core function of the app is the “Messenger”. This enables fast and secure communication between all those involved in school life. Text and voice messages can be exchanged there in groups or in individual conversations. Surveys can be conducted and there is a file repository. Teachers can be notified when a student is absent from class via the “absence notification” feature. There is also the possibility to conduct video conferences with two or more participants. We also use data about malfunctions and crashes of the app to troubleshoot and ensure the app’s functionality. Statistics on usage behavior are compiled exclusively on the basis of anonymous data. In order to be able to use the app conveniently, it saves the settings and authentication data you have made on your local end device.
Legal basis of processing
Your consent according to Art. 6 para. 1 lit. a GDPR
Recipients or categories of recipients
The app is operated by Sdui GmbH, Universitätsstr. 3, 56070 Koblenz, Germany, as a processor on our behalf, with whom we have concluded a processing agreement pursuant to Art. 28 DSGVO.
Third country transfer
When using push notifications, there is a transfer of data to the providers of the operating system used by your terminal device (in the case of iOS to Apple or in the case of Android to Google), so that this data is processed outside the scope of the GDPR, in particular in the USA.
When using the translation function, there is a transfer of data to Microsoft, where it also cannot be ruled out that this data will be processed outside the scope of the GDPR, in particular in the USA.
We would like to point out that in the USA in particular there is no level of data protection comparable to the GDPR and it cannot be ruled out that US authorities and secret services may access the data. In addition, there are no or only very limited legal protection options against these accesses and other data protection violations in the USA.
There is no EU Commission adequacy decision for the USA. Standard data protection clauses have been agreed with the providers from the USA, which you can view here.
We have drawn up a detailed deletion concept for the individual data so that it is ensured that the data is deleted as soon as it is no longer required. We base this on the statutory retention periods and the purpose of processing. As soon as the processing purpose has been fulfilled, the data is deleted if there are no legal retention periods.
According to the GDPR, you can request information, correction and deletion of your data. You also have the right to restrict processing and to object to the processing of your data. In addition, you can request the transfer of your data and complain to a supervisory authority. You can revoke any consent you have given us at any time.