Moodle Internal

Data protection information for e-learning at the Berlin School of Economics and Law on the Moodle learning platform in accordance with the EU General Data Protection Regulation (EU-GDPR) / Privacy Policy

By using the learning platform, personal data about you will be stored. We ensure that internally only those people who absolutely need this access have access to this information. We treat personal data confidentially and do not make it available to the general public.

1.    Controller

Berlin University of Economics and Law

Badensche Strasse 52

10825 Berlin (Germany)

praesident@hwr-berlin.de

 Legal representative:

Prof. Dr. Andrew Zaby

 Data Protection Officer:

Vitali Dick

Badensche Strasse 52

10825 Berlin (Germany)

datenschutz@hwr-berlin.de

The E-Learning Center of the HWR Berlin is responsible for the content of the learning platform.

Berlin University of Economics and Law

Badenstrasse 52

10825 Berlin

E-Learning Center of the HWR Berlin

elearning[at]hwr-berlin.de

The HWR Berlin will be happy to answer your questions about data protection. Send an email to: datenschutz-elearning[at]hwr-berlin.de

2.    Purposes of processing personal data

The system is used for the following purposes:

The learning platform serves to support studies at the Berlin School of Economics and Law by providing teaching materials and activities and communication and collaboration tools, as well as conducting e-examinations (teaching and examination purposes) and as an information platform for study offices and service facilities of the University (organization of research and studies).

Furthermore, the learning platform serves the internal training of members of the HWR Berlin.

Furthermore, the platform is used to carry out projects within the HWR. In particular as a collaborative exchange platform (communication, file exchange, project organization).

The system is also used to carry out committee work.

3.    Collection and Use of Personal Information

In principle, we only collect and use personal data from our users to the extent that this is necessary to provide Moodle and its functions.

When using Moodle, the following categories of data are collected:

§  Master data / access data (e.g. surname, first name, business or student e-mail, user ID, academic degrees).

To use the service it is necessary to have a user account.

§  Activity reports for teaching and exam purposes

Those responsible for the course (in the role of “teacher”) have access to so-called activity overviews for the purposes of teaching, organizing teaching and monitoring the success of the course in question. Personal contributions to activities such as forums, wikis, blogs or tasks are shown there.

§  Examination data including pseudonymised one-time ID (e.g. examination results, answers in the examination)

Examinations, tests or tasks can be evaluated for teaching and examination purposes, for example in the form of points or grades. This can be self-monitoring, study or examination work. In the event of contradictions or other audit-related issues that require detailed clarification, audit and log data can be used to uncover errors and attempts at deception.

§  Content data within the courses (e.g. texts, uploaded files, forum posts, image, audio and video recordings)

Content data is created when you enter data into Moodle yourself. These include e.g. posts in forums and wikis.

§  Cookie Data

Moodle uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If Moodle is accessed, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again. Only technically required cookies are set, which do not require consent according to TTDSG. The cookies are deleted after the end of the browser session.

§  Log data (e.g. log files about usage processes, configuration changes, web server log files)

The data (in particular connection/access and types of content data) are also stored in log files. Storage in log files is done to ensure the functionality of Moodle. In addition, we use the data to optimize Moodle and to ensure the security of our information technology systems.

§  Connection data (e.g. IP address, date and time of access)

The temporary storage of the connection data, in particular the IP address, by the system is necessary to enable Moodle to be delivered to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session.

§  Embedding external content (voluntary access to content)

When using our service, external content (esp. Youtube, Vimeo) is added to Moodle as files, links or in the form of text input. When you click on the external content, personal data is transmitted to the provider of the external content. This can (e.g. in the case of YouTube) lead to transmissions to insecure third countries. The level of data protection in third countries outside the EU does not correspond to that of the European Union. In addition, the contact person for enforcing your rights is not the HWR Berlin, but the respective provider. You can find more information here: https://policies.google.com/privacy   / https://vimeo.com/privacy

§  Profile data (voluntary) / other voluntary data

Photos and other unnecessary data can be entered.

4.    Legal basis of processing

 We process the data on the following legal bases:

§  Data and content for teaching and examination purposes, organization of research and studies: The processing is for examination, including electronic examination, doctorate, documentation of the course of studies, e-learning according to Art. 6 Para. 1 e) DSGVO in conjunction with § 6 Para. 1 No. 1 Berlin Higher Education Act (BerlHG), §1 (F) StudDatVO, and §32 Para. 8 BerlHG required. In addition, the processing is necessary for the organization of the study according to §6 (1) 2 BerlHG.

§  Internal further training of members of the HWR Berlin: The processing is the task of the university and is required in accordance with Section 4, 26 BerlHG in conjunction with Section 3 BlnDSG, Art 88 GDPR in conjunction with Section 26 BDSG.

§  Committee work: The processing is required to carry out tasks of academic self-administration in accordance with §6 (1) 7 BerlHG.

§  Project organization, user management, administration, general use of Moodle as an employee and teacher: Processing is necessary in the employment context to fulfill obligations under labor law. The legal basis is Article 88 GDPR, Article 18 BlnDSG in conjunction with Article 26 of the Federal Data Protection Act and Article 6 (1) b GDPR for the fulfillment of the employment contract.

§  Cookies: Only technically required cookies are set, which do not require consent according to TTDSG. The legal basis for processing is Section 3 BlnDSG in conjunction with Section 4 BerlHG.

§  External content: The legal basis for the provision of external content is the consent of the person concerned to the data processing to the provider in accordance with Article 6 Paragraph 1 lit.

§  Voluntary profile data, other voluntary data: The legal basis for the creation of voluntary profile data and content is the consent of the data subject to data processing in accordance with Article 6 Paragraph 1 lit.

§  Log files, activity logs: The processing is necessary to fulfill a legal obligation. The legal obligation consists of implementing technical security measures and investigating security incidents. The legal basis is Art. 6 (1) e GDPR in conjunction with Art. 32 GDPR and Section 26 (3) BlnDSG.

5.    Duration of storage of data/deletion deadlines

 We delete the data according to the following deletion periods:

§  Examination-relevant results from tests, learning packages and tasks as well as data on the completion and the overall assessment of the students: 4 years after exmatriculation

§  User accounts and associated student content: 150 days after exmatriculation

§  User accounts and associated content of employees, teachers, lecturers: 30 days after leaving the service

§  Manual guest user accounts: 1 year after inactivity

§  Courses and the associated course content: 5 years after the creation of the course

§  Documents of the committees: For the deletion period, see data protection information for committee work

§  Documents of the further training: Deletion period see data protection information internal training

§  Project organization: Deletion period see data protection information of the project

§  Log files:

1. Configuration changes made by admins – 30 days after leaving the HWR
2. Activities and event log – 6 weeks
3. Server logs – 14 days
4. Error logs – 14 days

§  Cookie: The session cookie is deleted after the end of the browser session

§  External content: See data protection information of the external providers.

You can find more information here: https://policies.google.com/privacy   / https://vimeo.com/privacy

§  You can delete profile data that you have entered voluntarily at any time

§  Content data will be deleted when the Moodle course is deleted. Courses are kept on the server for a period of 5 years and then deleted. Prior to deletion, you will be informed of this by e-mail. Lecturers can have their course for previous semesters deleted before this period expires. To do this, it is sufficient to write an informal e-mail to the Moodle helpdesk at the address elearning[at]hwr-berlin.de.

6.    Recipients of the personal data / third country transfers

Examination data or evaluated results will only be passed on to other people within the HWR Berlin if this is necessary for examination administration. The examination results are then passed on to the respective examination offices and examination boards.

If embedded content from third-party providers (Youtube, Vimeo, etc.) is called up with consent, content (videos, scripts, fonts, etc.) from the provider will be reloaded from your browser and cookies (especially tracking and analysis cookies) may be set. This can lead to profiling, marketing and user analysis by the provider. In most cases, your browser information and IP address will be transmitted. This content is only reloaded when you actively click on the corresponding embeds. The third-party providers usually come from the USA, but can be based anywhere in the world. HWR Berlin no longer has any influence on the data transmitted during the browser session or on the subsequent data processing by the provider.

You can find more information here: https://policies.google.com/privacy   / https://vimeo.com/privacy

7.    Rights of the data subject:

The person affected by the processing has rights in accordance with Art. 13 – 23 GDPR, which can be asserted against the HWR Berlin. An overview of the most important rights is listed below:

§  Right to revoke consent according to Art. 7 (3) GDPR

§  Right of access by the data subject (HWR Berlin) according to Art. 15 DSGVO

§  Right to rectification  (HWR Berlin) according to Art. 16 DSGVO

§  Right to erasure (HWR Berlin) according to Art. 17 DSGVO

§  Right to restriction of processing of data stored by the person responsible (HWR Berlin) according to Art. 18 DSGVO

§  Obligation to notify in connection with the correction or deletion of personal data or the restriction of processing according to Art. 19 DSGVO

§  Right to data portability according to Art. 20 GDPR

§  Right to object to the data processing, provided that the processing according to Art. 6 (1) e GDPR is necessary for the performance of a task that is in the public interest or in the exercise of official authority according to Art. 21 GDPR.

§  Right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

§  Right to notification according to Art. 34 GDPR of the person affected by a breach of the protection of personal data.

8.    Obligation to provide personal data

Except for the data that can be provided voluntarily, the personal data must be provided so that the processing purposes specified above by the person responsible can be fulfilled. If the data is not provided, students will not be able to study at the HWR Berlin or employees and teachers will not be able to fulfill their obligations under the employment contract / civil servant relationship.

9.    Exercise of Rights

If you would like to exercise your rights, please contact the data protection officer named above or submit the request using the link . [1]

10.          Right to Complain

The person concerned also has the right to complain to a supervisory authority about the HWR Berlin. The competent supervisory authority in the state of Berlin is

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219
10969 Berlin
mailbox@datenschutz-berlin.de

11.          Automated Decision Making:

There is no automated decision-making or profiling.

 

Diese Webseite verwendet ausschließlich technisch notwendige Cookies. Eine Einwilligung des Nutzers ist demnach nicht erforderlich. This website only uses technically necessary cookies. The consent of the user is therefore not required .