Data Protection Declaration for the E-Learning Platform of the Chair of Software Engineering at the University of Mannheim

As of: September 27, 2023

I. General information on Data Processing

1. Personal Data

Personal data within the meaning of the General Data Protection Regulation (GDPR) includes all information that relates to an identified or identifiable natural person. This includes, for example, details such as the first and last name, email address, course of study, and salutation.

2. Extent of Processing Personal Data

We process personal data of our users only to the extent necessary for providing our E-Learning platform and our teaching content. The processing of personal data of our users is generally carried out only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons, and the processing of data is permitted by legal regulations.

We recommend that legal guardians monitor the internet activities of their minor children.

3. Legal Basis for Processing of Personal Data

Provided that we have got the users’ consent to process their personal data, Article 6 paragraph 1(a) GDPR is the legal basis for the processing.

For the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Article 6(1)(c) GDPR serves as the legal basis.

Where the processing is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our E-Learning platform or by a third party, and the interests or fundamental rights and freedoms of the data subject do not override the former interests, Article 6(1)(f) GDPR serves as the legal basis for the processing.

Our goal is to implement data protection principles such as data minimization and to limit the processing of personal data during the use of our E-Learning platform to the necessary extent.

II. Deletion of data and storage period

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for teaching and learning purposes.

III. Provision of the E-Learning Platform and Creation of Log Files

1. Description and Extent of Data Processing

When our E-Learning platform is accessed, our system automatically records data and information from the computer system of the accessing user. The following data is collected:

• Information about the browser type and version used
• The user's operating system
• The user's Internet service provider
• The user's IP address
• Date and time of access
• Websites from which the user's system accesses our E-Learning platform
• Websites accessed by the user's system via our E-Learning platform

The log files contain IP addresses or other data that can be used to associate them with a user. This could be the case, for example, if the link to the website from which the user accesses the E-Learning platform contains personal data. The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

2. Legal Basis of Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the use of our E-Learning platform. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of our E-Learning platform. In addition, the data serves us to optimize the platform and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the E-Learning platform, this is the case when the respective session is terminated.

The data stored in log files will be deleted no later than seven days after they have been collected. Further storage is possible. In this case, the IP addresses of the users will be deleted or altered so that an assignment of the accessing client is no longer possible.

5. Objection and Removal Options

The collection of data for the provision of the E-Learning platform and the storage of data in log files is mandatory for the operation of the platform. Therefore, there is no option for the user to object.

IV. Rights of the Data Subject

As a data subject, you have the right:

• To request information about the personal data processed by us in accordance with Article 15 GDPR.
• To promptly request the correction of inaccurate or completion of your personal data stored by us in accordance with Article 16 GDPR.
• To request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
• To request the restriction of the processing of your personal data in accordance with Article 18 GDPR if the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure, and we no longer need the data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
• To receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format in accordance with Article 20 GDPR or to request its transmission to another controller.
• To revoke your consent to the processing of your personal data granted to us in accordance with Article 7(3) GDPR at any time. This will result in us no longer being able to continue the data processing based on this consent in the future.
• To lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work, or at our company headquarters.

V. Data Transmission Security

We use SSL encryption on our E-Learning platform to ensure the security of your data during transmission. Please recognize an encrypted connection by the padlock symbol in the browser's address bar and the use of "https://" instead of "http://" in the web address.

VI. Updating the Data Protection Statement

This data protection statement may change due to amended legal requirements or changes in the functionality of our E-Learning platform. You can always find the current data protection statement on our platform.

If you have further questions or need more information about data protection, please do not hesitate to contact us.