If you already use private IT devices for official purposes or official IT devices for private purposes, or intend to do so in the future, please discuss this first with your supervisor.
The mixed use of IT devices must be approved jointly (by both the supervisor and the employee) through signing the appropriate supplementary agreement: "Application and Approval Form for the Use of Private Devices for Official Purposes" or "Application and Approval Form for the Use of Official Devices for Private Purposes."
Yes. The use of private IT devices for official purposes or official IT devices for private purposes is only effective with the mutual agreement and the accompanying supplementary agreement.
No, this policy does not apply to all students in general.
However, it does apply to students who, in addition to their studies at TU Braunschweig, are in an official employment relationship—such as student assistants—and who wish to or need to use private devices for the performance of official duties.
Lecturers fulfil the teaching tasks assigned to them independently within the framework of a legal relationship under public law. This legal relationship is an independent employment relationship. Lecturers carry out their work without being subject to instructions. They are therefore not employees of TU Braunschweig.
However: Lecturers are members of TU Braunschweig. Members have the right to use TU Braunschweig facilities insofar as this is necessary in particular for the fulfilment of their tasks at TU Braunschweig and they are listed as authorised users in the respective user regulations or other regulations.
For legal questions including labour law, please contact the legal department of the TU (Dept. 11 / Labour Law: Dept. 12).
For questions regarding data protection, please contact the Data Protection Officer by e-mail at datenschutz(at)tu-braunschweig.de, and / or the Data Protection Management by e-mail at dsmgmt(at)tu-braunschweig.de or in Dept. 11 (Legal Department).
In addition to the mutual agreement on the official use of private IT devices through the corresponding supplementary agreement, you must document the devices being used. The documentation must clearly identify the specific IT devices involved, for example, by using asset numbers, serial numbers, or labels. You are responsible for organizing this documentation independently; there are no standardized requirements applicable to all cases.
It depends on the individual case and cannot be answered in a general way.
However, in general, if on-site inspection of the device takes place, it will only occur under the four-eyes principle, with your presence, that of the works council, and that of a member of the CISO Unit. (See Directive DV 54, §4 (4) c.)
No, you are not required to use your private device for official purposes. You can carry out all your work tasks without using private devices for official duties. The use of private IT devices for official purposes requires mutual agreement through the corresponding supplementary agreement.
If a mobile phone or smartphone is urgently required for official reasons and the employee does not wish to use a private device for this purpose, the department must provide a device.
It must be carefully assessed whether there is indeed a compelling official need. Furthermore, it must be checked whether a smartphone is truly necessary, or whether a basic mobile phone without smartphone functionality (capable only of phone calls and SMS) would suffice in this case (e.g., for shift work). In many situations—such as on-call duty—simple mobile phones are often adequate. In such cases, basic mobile phones should be preferred.
For on-call duties, for example, it may be sufficient to purchase just one device, which is issued to the person on call for the duration of their on-call period.
Yes, forwarding official calls to your private phone, mobile phone, or smartphone is not restricted by this policy, and you do not need to sign a supplementary agreement for this.
However, please note that if you call someone or return a call from your private device, your personal mobile number may be displayed (depending on your smartphone’s settings).
Yes, provided you use a web browser and access emails via your OWA login (https://mail.tu-braunschweig.de/). This does not constitute an application case under the policy.
However, if you use an app that stores your emails on the smartphone, this is considered an application case under the policy and requires mutual agreement through the supplementary agreement.
Yes, in principle, it is possible for you to work on your private smartphone using a web browser and access TU Braunschweig's web applications, such as OWA webmail or cloud.TU Braunschweig.
However, if official data are permanently stored on your private smartphone -such as by downloading a document - this constitutes an application case under the policy and requires mutual agreement through the supplementary agreement.
Yes, in principle, it is possible for you to use the Element chat on your private device. However, please note that using the desktop client or app constitutes an application case under the policy, and the supplementary agreement must be signed for this.
Alternatively, you can use the Element chat in a web browser (https://chat.tu-bs.de/), which does not fall under the policy and does not require signing the supplementary agreement.
If the origin is known and trustworthy, connecting additional hardware such as monitors, mice, or keyboards does not present a problem.
Trustworthy sources may include the GITZ, institutional IT or its DVKs, or a relevant dealer. Caution should nevertheless be exercised with foreign or second-hand devices purchased by you.
Yes, establishing remote desktop connections (e.g., via the RDP protocol) does not constitute the use of a private device for official purposes, as no data are stored on the private device in this case.
Of course, the requirement is that the connection is secured through the use of the VPN tunnel.
This is indeed an unresolved data protection question.
As long as you do not permanently store data on your privately used official device, but instead limit yourself to working in the browser, there are no data that could cause problems during cloud backup.
It should be noted that mail apps must not be used that store access credentials in the provider's cloud (unfortunately, the Outlook apps do this on both Android and iOS). Using the built-in browser to access https://mail.tu-braunschweig.de/ is not problematic.
Suitable mail apps include Apple Mail on iOS and Nine Folders Mail or FairMail on Android.
No, you don't have to. Alternatively, authentication can be performed using a corresponding token.
When two-factor or multi-factor authentication is introduced at TU Braunschweig, there will be the option to use an authenticator app on a private device. No official data will be permanently stored on your private device in this case, and therefore it does not constitute an application case under the policy. You do not need to sign the supplementary agreement for this.
