The Sophos Intercept X Advanced software is used to improve IT security on end devices and to detect their compromise by malicious code/malware.
This measure corresponds to the recommendation of the German Federal Office for Information Security (BSI), see OPS.1.1.4.A5 Operation and configuration of virus protection programs in the BSI's IT-Grundschutz compendium."

The software has a variety of detection mechanisms that require local data collection and evaluation. Only when a threat has been detected is the data transferred to the Sophos Cloud (located exclusively in Germany, Frankfurt) for further analysis. Processing takes place exclusively for the purpose of providing the administrator responsible for the device with overview and control information. This may contain personal data in the form of log information (IP addresses and user account names), which is, however, absolutely necessary for the initiation of countermeasures.

As part of the processing of tickets by Sophos, Sophos employees may be granted access to data. Such tickets are used to troubleshoot the Sophos application and are a rare exception. Access to data (including log information) at RPTU requires explicit authorization from an enterprise administrator at RPTU. Sophos employees may also work in third countries, e.g. in India. Such access is limited in time.

Sophos Home (private use)

Private use of the Sophos Home (Premium) version is possible. When using the software privately, you yourself enter into a contractual relationship with Sophos, which is therefore responsible for the processing of personal data and the contact person for exercising your rights as a data subject within the meaning of the GDPR.

Please note that the RHRZ does not provide support for the Sophos Home (Premium) version. Further information and instructions can be found here: www.sophos.com/en-us/legal/sophos-home-premium-consumer-products