Privacy Policy RWTHmoodle
I. Person Responsible for Data Processing
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
- Rector of RWTH Aachen University
- Templergraben 55
- 52062 Aachen (building address)
- 52056 Aachen (postal address)
- Germany
- Telephone: +49 241 80-1
- Email: rektorat@rwth-aachen.de
- Website: www.rwth-aachen.de/rektorat
II. Data Processing Entity
- Vice-Rector for Teaching and Learning of RWTH Aachen University
- Prof. Dr. ir. Joost-Pieter Katoen
- Templergraben 55
- 52062 Aachen
- Germany
- Telephone: +49 241 80-94002
- Email: katoen@rektorat.rwth-aachen.de
III. Name and address of the Data Protection Officer
Contact data of the officially appointed Data Protection Officer:
- Staff unit for Data Protection at RWTH Aachen University
- Templergraben 83
- 52063 Aachen (building address)
- 52056 Aachen (postal address)
- Germany
- Telephone: +49 241 80-934114
- Email: dsb@rwth-aachen.de
- Website: www.rwth-aachen.de/datenschutz
IV. Provision of the website and generation of log files
A. Description and scope of data processing
Each time that the RWTHmoodle platform is accessed, the following data and information are collected automatically from the system of the device used to access the platform:
- Information about the type of browser and version used
- Operating system of the device
- Internet service provider (ISP) of the user
- IP address of the device
- Name, URL and amount of data transferred of the accessed file
- HTTP status code (the requested file was transferred, not found etc.)
- Date and time of access
- Websites from which the user’s system reaches the website
- Websites which are accessed by the user’s system using the website
B. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e GDPR.
C. Purpose of data processing
The data is used for the purposes of optimizing the website and ensuring the safety of information technology systems. The data is not evaluated for marketing purposes in this context. The data is also used to assess potential malfunctions as part of assessment appeals and similar support cases.
D. Duration of storage
The data is stored for 6 months in order to resolve appeals and other support cases. It is possible for the data to be stored for a longer period. In this case, the user's IP address is deleted or anonymized, so that the client accessing the website can no longer be identified.
E. Possibility of objection and remedy
The collection of data for the purpose of providing the website and the storage of data in log files is absolutely necessary for the operation of the website and resolution of support cases. Consequently, there is no possibility of objection on the part of the user.
V. Teaching and Learning Platform RWTHmoodle
A. Description and scope of data processing
The Teaching and Learning Platform RWTHmoodle is a web based learning management system and part of the blended learning infrastructure of RWTH Aachen University. It is based on the open source software moodle.
RWTHmoodle is offered as a service with the goal of supporting the (independent) learning of users, the provision of module blocks such as exercises or exam-prerequisites, as well as the submission of assessments such as coursework or “Take Home Exams” including exam inspection. The platform also supports the compatibility of studying, further education and training, working and parenting through the provision of the platform and contents saved within it independent of place and time.
The platform's course rooms are used for course-related teaching and learning opportunities, further education for university members to promote knowledge transfer, and for study-orientated and study-preparing offers.
RWTHmoodle processes the following specific categories of personal data for users.
1. Inventory data
All persons that have an RWTH username (members of RWTH and registered guests) also have an account on the RWTHmoodle platform and are thereby authorized to access the platform. For the conclusion of study-orientated and study-preparing offers for external persons (internship week, pre-courses, physics information day etc.), local user accounts are created without a connection to the central identity management service of RWTH, which are governed by their own deletion periods.
The first name and surname, email address, and matriculation number (if available) of a user are saved in the user profile. Additionally, every person with a user account for RWTHmoodle receives an RWTHmoodle user ID that is used within the system.
For the purpose of authenticating persons with an RWTH username via Shibboleth, a so-called lmsid is shared with and saved in RWTHmoodle by the identity management service of RWTH. Local user accounts do not have an Imsid as there is no login via Shibboleth in these cases.
2. Shibboleth data
An authentication is necessary to control access to RWTHmoodle. This occurs via the single sign on authentication service Shibboleth. When logging in, users can choose to be shown which data is passed on to RWTHmoodle from the identity management service of RWTH when accessing the service. This data is only used to assign access authorization.3. Course room data
RWTHmoodle contains data about which course rooms a user is authorized in and with which roles. Users are automatically granted access to a course room as course participants if they are allocated a fixed place on a course in a registration procedure in the RWTH Aachen University campus management system or if they are allocated a place on a further education and training course in the RWTH Aachen University event management system. Users are granted access in the Manager role if they are entered in the campus management system as lecturers or contributors of a course or if they are assigned to a further education and training course as part of the staff and lecturer assignment. Alternatively, an appropriately authorized role can also add users to a course room manually and directly in the learning platform. Data about authorization and roles is absolutely necessary for the operation of the system.
4. Log data
Log data is created by the activity of a user within the system. The actions which they can perform depend on their role. The following data is recorded for every action taken within RWTHmoodle:
- First name, surname and Moodle user ID of the acting person
- Where applicable, first name, surname and Moodle user ID of the person affected
- IP address of the device used
- Date and time
- Action (including description)
- Course room that is affected
Furthermore, RWTHmoodle saves the following data in the user profile of a user:
- Time that the website was first accessed
- Time that the website was last accessed
- Time that a course room was last accessed
- Last IP address used (is deleted nightly)
For course rooms of courses with mandatory attendance that use the “Attendance" plugin, the IP address of the device from which attendance is recorded is saved in the case of self-recording by students. This prevents fraudulent attempts to self-record attendance for multiple people, including those that are not there. This IP address is deleted nightly.
5. Usage and Content Data
Usage and content data is also generated by users and is dependent on their roles. Users can create content such as votes, feedback, hyperlinks, calendars, group management, exercises, tests, interactive content, forums, glossaries or wikis as well as cross-course room content using notifications (messaging). Uploaded files also count as content data.
This category of data also includes education history data such as grades achieved in learning activities that have been assessed. Grading can either be performed automatically by the system, as with electronic quizzes, or manually by the manager and tutor roles, as with assignments. If grades are assigned automatically, managers choose the underlying settings on which these are based and define, for example, the number of points that can be achieved in answer-choice procedures. However, they always retain the option of manually checking and correcting individual quiz attempts.
B. Purpose of Data Processing
The processing of personal data in RWTHmoodle is carried out for a specific purpose and under the principle of data minimization in accordance with article 5 GDPR. Inventory data, course room data, log data, usage and content data are processed for the purpose of preparing, organizing and conducting courses, also in further education and training, communicating course content and monitoring learning outcomes as well as preparing and organizing exams. The log data is also used for the purpose of administration and maintenance of the system, technical controlling, troubleshooting of technical problems or assessment of security incidents.
In accordance with article 6 paragraph 1 clause 1 letter e), paragraph 3, and article 89 paragraph 1 GDPR in conjunction with section 17 paragraph 1 DSG NRW, the data may also be processed for scientific or historical research purposes and for statistical purposes without consent, if the processing is necessary for these purposes and is not outweighed by the protected interests of the data subject. RWTH Aachen University provides for appropriate and specific measures to protect the interests of the data subject in accordance with section 17 paragraph 2 DSG NRW. The data will be anonymized in accordance with section 17 paragraph 3 DSG NRW as soon as this is possible according to the research or statistical purpose. The data will be deleted as soon as the research or statistical purpose permits.
C. Legal Basis for data processing
With the central provision of the web based teaching and learning platform RWTHmoodle, RWTH enables the development of flexible online teaching offers for university teaching, further education of university staff as well as study-orientation and study-preparing offers for prospective students or first-year students.
RWTH Aachen University therefore processes this personal data in RWTHmoodle in accordance with article 6 paragraph 1 clause 1 letter e), paragraph 3 GDPR in conjunction with section 3 paragraph 1 DSG NRW in the performance of its duties according to section 3 paragraphs 1, 3, 5; section 58 paragraph 1 clause 2, and section 58a HG NRW as well as section 2 paragraph 1 Grundordnung RWTH Aachen and section 3 paragraph 1 E-Learning-Ordnung RWTH Aachen.
D. Data access
Six roles exist within RWTHmoodle with ascending scope of rights:
- Student
- Extra Users
- Tutor
- Manager
- Support Admin (system role)
- Administrator (system role)
These roles have varying degrees of access to personal data on RWTHmoodle. Data may only be viewed for the specified purpose, insofar as it is necessary for the fulfilment of a task. The principle of data minimization also applies.
1. Students and Extra Users
The student and extra user roles have identical rights. They are only different in that they receive access to course rooms by different means. Persons who have registered for a course in the RWTH Aachen University campus management system and have been allocated a fixed place as part of the registration process are assigned the role of student. University members who have registered for a further education and training course in the RWTH Aachen University event management system and have been allocated a place to attend are also assigned the role of student. Both groups of people are automatically enrolled in the corresponding course room in RWTHmoodle. Persons with the role extra user are manually authorized by a manager in the course room itself. Alternatively, they can enrol themselves in a course room if the self-enrolment method is activated for the course.
Persons with these roles can see the following data, depending on the teaching scenario:
-
First name, surname, email address: In order to facilitate contacting lecturers responsible for the course room as well as instructors or tutors with supervisory tasks, the first name, surname and email address of persons with the roles of Manager and Tutor are always visible to persons with the roles of student and extra user.
Persons with the role student or extra user will only see the first name, surname, and email address of other persons with these roles if they are working together in the course room in a workgroup of up to a maximum of 10 persons. This serves to facilitate easier communication within the context of group work. The course groups transferred from RWTHonline are excluded from this, as they primarily serve organizational purposes. The visibility of the data can additionally be disabled by managers if, for example, the groups do not explicitly serve collaborative purposes.
If managers enable group messaging in the settings of a group, users will see the names of other group members and can send messages to them. This also serves to facilitate easier communication in groups that are used for group work.
Outside of the aforementioned scenarios, the data is only visible if the data subjects have explicitly allowed this in their profile settings.
-
Usage and content data: This includes contributions from all roles in the offered learning activities, including uploaded files. The visibility of files is partially dependent on the settings of the learning activity that have been chosen by the manager. The settings for the visibility of data for other course room participants are selected, so that as little data as possible is visible by default. Persons with the student and extra user roles can only see their own grades.
2. Tutors
This role is assigned manually by the managers. They are responsible for the delegation of tasks to the tutors and the associated access to personal data, especially that of students.
Persons with these roles can see the following data, depending on the teaching scenario:
- First name, surname and email address: Always for all roles in the course room, to ensure the fulfilment of supervisory tasks. For the same reason, the first name, surname, and email address of tutors are also visible to everyone in the course room. However, managers can hide this data from students.
- Matriculation number: The matriculation numbers of students and extra users are visible to tutors within a course room in the submission overview and the grading view of assignment activities. If names are the same, this enables clear identification. In justified cases, managers can also independently extend the rights of tutors to give them access to the results report of the quiz activity and the grades section of the course room. Here, too, the matriculation numbers are visible for the purpose of unambiguous identification of users with identical names.
- Content data: Contributions from all roles in the offered learning activities, including uploaded files. The visibility of files is partially dependent on the settings of the learning activity that have been chosen by the manager. As both roles are commonly used for the correction and manual evaluation of submissions to assignments, tutors can also see the students' grades depending on the settings chosen by the manager role.
3. Manager
All persons listed as lecturers or contributors of a course in the campus management system as well as persons listed as staff or lecturers in the event management system of RWTH Aachen University for a further education and training course are automatically assigned the role of manager in a course room. In addition, managers can manually authorize other people as managers in the course room itself. They are responsible for delegating tasks to the authorized persons and the related access to personal data, especially that of students and other university members.
Persons in this role can see the following data, depending on the teaching scenario:
- First name, surname, email address: Always for all roles in the course room, to ensure the fulfilment of supervisory tasks. For the same reason, the first name, surname, and email address of managers are also visible to everyone in the course room.
- Matriculation number: The matriculation numbers of students and extra users are visible to managers in the grades section, the submission overview and the grading section of the assignment activity, and in the results report of quizzes. Additionally, managers can export data in some areas, such as participants list, the grades section or the choice activity, as a file. To uniquely identify students and extra users, these exports contain their first name, last name and matriculation number. If no matriculation number exists, the email address is exported instead. The data may only be exported and processed for the purposes of the respective course. The person exporting the data is responsible for ensuring that no third party obtains knowledge of the personal data and that the data is completely deleted as soon as the purpose is fulfilled.
- Usage and content data: Contributions from all roles in the offered learning activities, including uploaded files and grades.
- Lmsid: Managers can export the achieved grades for the students and extra users roles as a CSV file from the grades area. Among other things, the export contains the lmsid, which is used for further processing in other systems such as those of the language center.
4. Support admin
The role of support admin is held exclusively by employees of the IT Service Desk, the departments in the IT Center involved with the development and operation of RWTHmoodle, and the learning platform management department of the Center for Teaching and Learning Services (CLS). Within the scope of their official duties in supporting RWTHmoodle, this group of persons has access to personal data in order to provide technical support for the application and professional didactic consultation and support for the users of RWTHmoodle. Support admins have the same rights as managers, but additionally see all course data of users to be able to check authorizations. Persons assigned this role have a duty of secrecy.
5. Administrator
The administrator role is only assigned to employees of the IT Center of RWTH Aachen University who are entrusted with the system administration of RWTHmoodle. In principle, persons with the role of administrator see all personal data, including moodle log data and web server log data. Access takes place exclusively within the scope of official duties and when necessary. Persons assigned this role have a duty of secrecy.
6. Matrix of rights
The following matrix lists which data is visible for which roles. The matrix assumes that the viewer has the role student or extra user.
For myself in my profile or in my courses |
Fellow students in my courses (role student & extra participant) |
Tutors (role tutor) |
Teachers and Teaching Assistants (role manager) |
Support-admin |
Administrators |
||
---|---|---|---|---|---|---|---|
My inventory data |
|||||||
My frist name and surname[1] |
|||||||
My e-mail address |
|||||||
My matriculation number |
|||||||
My lmsid |
|||||||
My course room data |
|||||||
List of my current and past course rooms |
|||||||
My log data |
|||||||
My usage and content data |
|||||||
My web server log data |
|||||||
My contributions and past course rooms |
|||||||
My uploaded files |
|||||||
My grades |
|||||||
My web server log data |
|||||||
Access protocol |
|||||||
Display categories |
|||||||
Always displayed |
|||||||
Displayed in working groups of up to 10 people, not displayed by default beyond that, can be changed individually in user profile |
|||||||
Only displayed if activated by managers |
|||||||
Not displayed |
E. Duration of storage
Article 5 paragraph 1 letter e) GDPR stipulates that a retention period linked to the fulfilment of the respective purpose must be specified for the processing of personal data, after which the data must be deleted.
1. Inventory data
Inventory data remains stored in RWTHmoodle until it is deleted in the identity management service of RWTH Aachen University. The storage of inventory data of students is governed by section 12 paragraph 1 E-Learning-Ordnung RWTH Aachen. Accordingly, inventory data is saved until exmatriculation. Inventory data of cross-registered students and guest students shall be stored for as long as they are permitted to attend courses at RWTH Aachen University in accordance with sections 11, 12 of the Einschreibungsordnung.
In general, members and affiliates of RWTH Aachen University decide for themselves, after leaving the university, whether their account should remain active in the university's identity management service or be deleted. If the account is deleted in the identity management service, it will be deprovisioned in RWTHmoodle.
Local accounts created for study-orientation and study-preparing courses offered by the university will be deleted after 12 months at the latest. Specific deletion periods are stated in the data protection declarations of the respective offers.
2. Shibboleth data
The data required for authentication is deleted when you log out, your Moodle session is ended after a long period of inactivity, or your browser session ends.
3. Course room data
The authorizations for course rooms are deleted once three years have passed since creation of the course room.
In semester-independent, permanently available course rooms from the course category "Miscellaneous", the managers of the course room are responsible for deleting people who are no longer participating in the course at regular intervals. The review must be carried out at least once a year. If self-enrolment is activated in these course rooms, people who no longer access the course are automatically removed from the course room 365 days after the last access. They can also remove themselves from the course room at any time.
In the case of course rooms that are created via the event management system Antrago for the purpose of providing further education and training for university members, authorizations are deleted no later than three months after the course has been held. In the case of permanently available digital information offerings for further education and training for university members, the course coordinator is responsible for removing participants from the course room at least once a year.
4. Log data
RWTHmoodle log data is kept for 6 months, in order to be able to assess reports of technical malfunctions, such as unsaved content data in e-test attempts or assignment submissions, up until the examination phase at the end of the semester.
Beyond this period, and only in the context of content data, the date and time of creation of the data as well as the first name and last name of the person creating the data are stored for a longer period of time and displayed in the system's web interface. The storage duration of this log data is governed by article 12 paragraph 2 E-Learning-Ordnung RWTH Aachen. They are stored as long as necessary for the delivery of a course on RWTHmoodle or for the completion of a module (exercise or preliminary examination). They will be deleted from RWTHmoodle within the framework of the course room lifecycle, at the latest after the expiration of three years after the creation of the course room.
The IP addresses, which are gathered for protection against fraud when the “Attendance” plugin is used in the mode for self-recorded attendance, are deleted from the database nightly. Likewise, the last IP address automatically stored by RWTHmoodle is deleted nightly.
The data collected about the first and last connection to the website will be deleted in the same way as the inventory data when the account is deleted in the identity management service of RWTH Aachen University.
The data about the last access to a specific course room will be deleted together with this course room within the framework of the course room lifecycle, at the latest after the expiration of three years.
5. Usage and content data
The storage duration for usage and content data in semester-based course rooms is governed by article 12 paragraphs 2 and 3 E-Learning-Ordnung RWTH Aachen. It will be deleted from RWTHmoodle within the framework of the course room lifecycle, at the latest after the expiration of three years after the creation of the course room.
Regarding course rooms for further education and training, a date for their deletion is defined in the event management system Antrago. As soon as this date is reached, the course room is deleted together with the usage and content data it still contains.
In permanently available, semester-independent course rooms, the usage and content data is retained until the user submits a request for the deletion of personal data in accordance with the GDPR.
Messages sent using the messaging system are deleted after one year by default.
F. Data sharing
Personal data from RWTHmoodle will not be transferred to third countries without suitable guarantees.
Third-party applications connected via the RWTHmoodle API secured with OAuth2 cannot obtain any data beyond that which is also available via the web interface. Such applications must be submitted separately to the Data Protection Officer of RWTH Aachen University prior to going live. When using these systems, please note their privacy policy. Before using these systems for the first time via the connection to RWTHmoodle, you will be informed once again about the transfer of data.
The courses of RWTH Aachen University are evaluated within the framework of the student course evaluation with the help of the system EvaSys. To simplify access to the data, the released surveys or survey results are displayed for each user in the RWTHmoodle dashboard in the block "Surveys (RWTH)". In order to ensure that the assigned data is displayed, the e-mail address of the users is transferred to the EvaSys system.
G. Data transfer to third countries
There are no plans to transfer the personal data specified above from RWTHmoodle to third countries.
H. Technical and organizational measures to maintain integrity and confidentiality
In accordance with article 32 GDPR, various technical and organizational measures are taken to ensure the integrity and confidentiality of personal data in RWTHmoodle. Access to personal data within the application occurs via user control (username and password). Access to the server is restricted to specific workstations by both user control and firewall rules. Communications between the application and the servers are encrypted over a secured connection (HTTPS) to prevent unauthorized data processing.
A comprehensive list of measures is described in detail in a separate document. These measures have been implemented in accordance with article 32 GDPR.
VI. Use of cookies
A. Description, scope and purpose of data processing
RWTHmoodle uses cookies. Cookies are text files which are saved in an internet browser or on the computer system of a user by an internet browser. If a user accesses a website, a cookie can be stored on their operating system. This cookie contains a unique identifier, which enables the definitive identification of the browser when the website is accessed again.
The following cookies are used and the following data is saved and transmitted therein:
- MoodleSession identifies the logged in user using an anonymous ID and saves their login for the current RWTHmoodle session. This needs to be authorized, in order for a user’s login and access rights within RWTHmoodle to be preserved during a session. The cookie is automatically deleted as soon as the user logs out from the system or closes their web browser.
- The cookies-confirm cookie stores whether you have confirmed the cookie notice by clicking on “Got it!”.
- The cookie BIGipServer~services~moodle-pool of the firewall system F5 in the IT Center is used for routing. It stores which Moodle web server a user is directed to.
- JSESSIONID is used in the context of the RWTH streaming server for teaching based on the Opencast system. It saves the Opencast login. This is necessary in order to be able to watch videos in course rooms that are provided via the streaming server. These videos are not public and only playable in the context of the course room through which they were uploaded to Opencast.
- The cookies BIGipServer~services~EvaSys_Pool and evasys_session_cookie are set by the EvaSys system, which is used to process the student course surveys. The system is integrated into RWTHmoodle via a block, which facilitates access to the surveys.
B. Legal basis for data processing
The legal basis for the processing of personal data using cookies is article 6 paragraph 1 clause 1 letter E), paragraph 3 GDPR in conjunction with paragraph 1 DSG NRW.
C. Duration of storage, objection and remedy
Cookies are saved on the user’s device and are transmitted to the website from this device. Users therefore have full control over the use of cookies. By changing the settings in the web browser they can deactivate or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can be automated. If cookies are deactivated for RWTHmoodle, there is a possibility that not all functions can be fully used any more.
VII. MATLAB Grader
Some courses in RWTHmoodle may use the software MATLAB Grader, which is connected to RWTHmoodle via LTI. The software is operated by The MathWorks, Inc, Apple Hill Campus, 1 Apple Hill Drive, Natick, MA 01760-2098, USA. It is used to provide and automatically evaluate MATLAB assignments in a course room. For this purpose, an LTI ID is transferred to MATLAB Grader for each user, through which the grades achieved are returned to RWTHmoodle. Names or e-mail addresses are not transferred. The processing of personal data has been regulated in a commissioned data processing agreement between RWTH Aachen University and The MathWorks, Inc. in accordance with article 28 GDPR. Before using the software for the first time, you must agree to the terms of use once. The privacy policy for MATLAB Grader is also linked in the terms of use.
VIII. MUMIE
RWTHmoodle allows managers to add “MUMIE” activities to their course rooms. Users that access these activities will be directed to the “MUMIE” system. The system operator is integral-learning GmbH, Clausewitzstr. 2, 10629 Berlin.
A user’s Moodle User-ID is transferred to the MUMIE server in an encrypted and anonymized form when a user accesses such an activity. An account is then created for the accessing user in MUMIE. This is done for the purpose of returning grades received from MUMIE for mathematical exercises to RWTHmoodle and assigning them to the accessing user.
Further information on the handling of user data on the MUMIE system is provided by MUMIE's privacy policy.
IX. YouTube
RWTHmoodle allows managers to embed and deliver videos from the Google-operated YouTube website using a text editor. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When a page with an embedded YouTube video is accessed using RWTHmoodle, a placeholder is displayed in the space where the video is embedded. This placeholder displays a text stating the source of the video and contains a link to YouTube’s privacy policy. A connection to the YouTube servers is only established after a user clicks on the placeholder, in order to load the thumbnail. This tells the YouTube server which page was visited. After a further click on play, playback of the video will start.
If a user is logged in to their personal YouTube account, they will enable YouTube to attribute their browsing behavior to their personal profile. This can be prevented by logging out from their personal YouTube account.
Further information on the handling of user data is provided by YouTube's privacy policy.
X. Accessibility Toolkit
In accordance with section 1, paragraph 2 BITV 2.0, RWTH Aachen University is obligated to enable and ensure a fundamentally unrestricted barrier-free design of modern information and communication technology. It therefore uses the Accessibility Toolkit from Brickfield Education Labs, Fitzwilliam Business Center, 25 Pembroke Street Upper, Dublin 2, Ireland. With this toolkit, persons with the role of manager can check the accessibility of all course room content created via the Moodle text editor. No personal data is disclosed when using the tool. However, to improve the toolkit, the following statistical data is transferred to Brickfield:
- siteurl
- release version of moodle
- numcourses on site
- numusers on site
- numfiles in total
- numfactivities in total
- mobileservice on/off
- usersmobileregistered
- date
In a second data set the anonymous result information of the check for each content type is transferred:
- Number of instances on site
- Number of instances which passed tests
- Number of instances which failed tests
For each type of accessibility test is transferred:
- which one (name of test)
- which type (groupname of test) and
- number of errors
XI. Anonymous access statistics
Anonymized statistics about the accessing of course rooms is stored in the context of learning analytics. Every time that a course room is accessed the following data is logged without reference to users:
- Type of action (e.g. if a quiz was completed or a PDF was downloaded)
- Time (accurate to the second)
- ID of the course room, within which the action was taken
- The affected context (e.g. the quiz ID)
- The operating system used (e.g. Windows or Linux) coded as a number (specific operating system versions are not saved)
- The browser used (e.g. Firefox or Edge) coded as a number (specific browser versions are not saved)
All data is saved anonymously and cannot be attributed to specific users. All participants in a participating course room can access the statistics, by clicking on a link in the navigation of the course room. Aggregated data is therefore only displayed in statistics if there are at least ten datasets available. Otherwise “<10” is displayed.
The IT Center provides the gathered anonymous log data to the Center for Teaching and Learning Services (CLS) at the end of a semester for research purposes. Data related to the ID of the course room is anonymized for this.
XII. Anonymous access statistics for streaming videos
Anonymized statistics about access to videos on the RWTH streaming server are displayed in addition to the general access statistics for a course room. The web analytics tool Matomo anonymously gathers these. The following are logged in the tool:
- IP address of the user (in anonymized form)
- Date and time of access
- Title of the page accessed (Page title)
- URL of the page accessed (Page URL)
- URL of the previously accessed page (Referrer URL)
- Screen resolution of the user
- Local time in the time zone of the user
- Files that were clicked and downloaded (Download)
- Links to external domains that were clicked (Outlink)
- Time taken to generate the page (Page speed)
- Location of the user: country, region, city, rough latitude and longitude (Geolocation)
- Browser language (Accept-Language header)
- User agent of the browser (User-Agent header)
XIII. Rights of the data subject
You have the right, under the conditions defined in article 15 ff. GDPR, to obtain information from RWTH Aachen University about personal data concerning you, to request the correction of incorrect data, the deletion of data or the restriction of data processing, to object to data processing and to request data portability.
You also have the right to lodge a complaint with a data protection supervisory authority ((https://www.ldi.nrw.de) pursuant to article 77 GDPR if you believe that the processing of personal data concerning you violates this regulation.
If the processing is based on your consent (see article 6 paragraph 1 clause 1 letter a), article 9 paragraph 2 letter a) GDPR), you also have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.
[1] If a person has the role of manager or turor in a course, then the first name, surname, and email address are always visible to all other people in the course room, regardless of the profile settings.
changed on November 14th, 2024