I. Person Responsible for Data Processing

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

II. Data Processing Entity

  • Vice-Rector for Teaching and Learning of RWTH Aachen University
  • Prof. Dr. Aloys Krieg
  • Templergraben 55
  • 52062 Aachen
  • Germany
  • Telephone: +49 241 80 94525
  • Email: krieg@rektorat.rwth-aachen.de

III. Data Protection Officer

Contact data of the officially appointed Data Protection Officer:

IV. Provision of the website and generation of log files

A. Description and scope of data processing

Each time that the RWTHmoodle platform is accessed, the following data and information are collected automatically from the system of the device used to access the platform:

  • Information about the type of browser and version used
  • Operating system of the device
  • Internet service provider (ISP) of the user
  • IP address of the device
  • Name, URL and amount of data transferred of the accessed file
  • HTTP status code (the requested file was transferred, not found etc.)
  • Date and time of access
  • Websites from which the user’s system reaches the website
  • Websites which are accessed by the user’s system using the website

B. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e GDPR.

C. Purpose of data processing

The data is used for the purposes of optimizing the website and ensuring the safety of information technology systems. The data is not evaluated for marketing purposes in this context. The data is also used to assess potential malfunctions as part of assessment appeals and similar support cases.

D. Duration of storage

The data is stored for 6 months in order to resolve appeals and other support cases. It is possible for the data to be stored for a longer period. In this case, the user's IP address is deleted or anonymized, so that the client accessing the website can no longer be identified.

E. Possibility of objection and remedy

The collection of data for the purpose of providing the website and the storage of data in log files is absolutely necessary for the operation of the website and resolution of support cases. Consequently, there is no possibility of objection on the part of the user.

V. Teaching and Learning Platform RWTHmoodle

A. Description and scope of data processing

The Teaching and Learning Platform RWTHmoodle is a web based learning management system and part of the blended learning infrastructure of RWTH Aachen University. It is based on the open source software moodle.

RWTHmoodle is offered as a service with the goal of supporting the (independent) learning of users, the provision of module blocks such as exercises or exam-prerequisites, as well as the submission of assessments such as coursework or “Take Home Exams” including exam inspection. The platform also supports the compatibility of studying, working and parenting through the provision of the platform and contents saved within it independent of place and time.

The platform's course rooms are used for course-related teaching and learning opportunities, further education to promote knowledge transfer, and for study-orientated and study-preparing offers.

RWTHmoodle processes the following specific categories of personal data for users.

1. Inventory data

All persons that have an RWTH username (members of RWTH as well as registered guests) also have an account on the RWTHmoodle platform and are thereby authorized to access the platform. For the conclusion of study-orientated and study-preparing offers for external persons (internship week, pre-courses, physics information day etc.), local user accounts are created without a connection to the central identity management service of RWTH, which are governed by their own deletion periods.

The first name and surname, email address and matriculation number (if available) of a user are saved in the user profile. Additionally, every person with a user account for RWTHmoodle receives an RWTHmoodle user ID that is used within the system.

For the purpose of authenticating persons with an RWTH username via Shibboleth, a so-called Imsid is shared with and saved in RWTHmoodle by the identity management service of RWTH. Local user accounts do not have an Imsid as there is no login via Shibboleth in these cases.

2. Shibboleth data

An authentication is necessary to control access to RWTHmoodle. This occurs via the single sign on authentication service Shibboleth. When logging in, users can choose to be shown which data is passed on to RWTHmoodle from the identity management service of RWTH when accessing the service. This data is only used to assign access authorization.

3. Course room data

RWTHmoodle contains data about which course rooms a user is authorized in and with which roles. Users either receive access to course rooms automatically through a registration process in the campus management system of RWTH or through registration as a lecturer or assistant for a course in the same, or through manual booking into a course room by a role with the according permissions. Data about authorization and roles is absolutely necessary for the operation of the system.

4. Usage data

Usage data is created by the activity of a user within the system. The actions which they can perform depend on their role. The following data is recorded for every action taken within RWTHmoodle:

  • First name, surname and Moodle user ID of the acting person
  • Where applicable, first name, surname and Moodle user ID of the person affected
  • IP address of the device used
  • Date and time
  • Action (including description)
  • Course room that is affected

Furthermore, RWTHmoodle saves the following data in the user profile of a user:

  • Time that the website was first accessed
  • Time that the website was last accessed
  • Time that a course room was last accessed
  • Last IP address used (is deleted nightly)

For course rooms of courses with mandatory attendance that use the “Attendance" plugin, the IP address of the device from which attendance is recorded is saved in the case of self-recording by students. This prevents fraudulent attempts to self-record attendance for multiple people, including those that are not there. This IP address is deleted nightly.

5. Content Data

Content data is also generated by users and is dependent on their roles. Users can create content such as votes, feedback, hyperlinks, calendars, group management, exercises, tests, interactive content, forums, glossaries or wikis as well as cross-course room content using notifications (messaging). Uploaded files also count as content data.

This category of data also includes grades given for learning activities that have been assessed. Grading can either be performed automatically by the system, as with electronic self-tests, or manually by the manager and tutor roles, as with assignments. In the case of automatic assignment of grades, managers define the parameters on which they are based and have the option of manually checking and correcting them.

B. Purpose of Data Processing

The processing of personal data in RWTHmoodle is carried out for a specific purpose and under the principle of data minimization in accordance with Art. 5 GDPR. Inventory data, course room data, usage data and content data are processed for the purpose of preparing, organizing and conducting courses, communicating course content and monitoring learning outcomes. The usage data is also used for the purpose of administration and maintenance of the system, technical controlling, troubleshooting of technical problems or assessment of security incidents.

In accordance with Art. 6 para. 1 lit. e GDPR, as well as Art. 89 GDPR in conjunction with § 17 DSG NRW, the data may also be processed for scientific or historical research purposes and for statistical purposes without consent, if the processing is necessary for these purposes and is not outweighed by the protected interests of the data subject. RWTH Aachen University provides for appropriate and specific measures to protect the interests of the data subject in accordance with § 17 para. 2 DSG NRW. The data will be anonymized in accordance with § 17 para. 3 DSG NRW as soon as this is possible according to the research or statistical purpose. The data will be deleted as soon as the research or statistical purpose permits.

C. Legal Basis for data processing

With the central provision of the web based teaching and learning platform RWTHmoodle, RWTH enables the development of flexible online teaching offers for university teaching, further education of university staff as well as study-orientation and study-preparing offers for prospective students or first-year students.

RWTH Aachen University therefore processes this personal data in RWTHmoodle in accordance with Art. 6 para. 1 lit. e GDPR and § 3 para. 1 DSG NRW in the performance of its duties pursuant to § 3 paras. 1, 3 and 5; § 58 para. 1 sentence 2 and § 58a HG NRW as well as § 2 para. 1 Grundordnung RWTH Aachen and §§ 6,7 E-Learning-Ordnung RWTH Aachen.

D. Data access

Seven roles exist within RWTHmoodle with ascending scope of rights:

  1. Student
  2. Extra Users
  3. Tutor
  4. Editing Tutor (no longer assigned since Winter Semester 2020/21)
  5. Manager
  6. Support Admin (system role)
  7. Administrator (system role)

These roles have varying degrees of access to personal data on RWTHmoodle. Data may only be viewed for the specified purpose, insofar as it is necessary for the fulfilment of a task. The principle of data minimization also applies.

1. Students and extra users

The student and extra user roles have identical rights. They are only different in that they receive access to course rooms by different means. Persons who are registered for a course in the Campus Management System of RWTH Aachen University and have received a fixed place within the framework of a registration procedure receive the student role. They are automatically enrolled in the corresponding RWTHmoodle course room. Persons with the role extra user are manually authorized by a manager in the course room itself.

Persons with these roles can see the following data, depending on the teaching scenario:

  • First name, surname, email address: In order to facilitate contacting lecturers responsible for the course room as well as tutors with supervisory tasks, the first name, surname and email address of persons with the roles of Manager and Tutor are always visible to persons with the roles of student and extra user.

    Persons with the role student or extra user will only see the first name, surname, and email address of other persons with these roles if they are working together in the course room in a workgroup of up to a maximum of 10 persons. This serves to facilitate easier communication within the context of group work. The course groups transferred from RWTHonline are excluded from this, as they primarily serve organizational purposes. The visibility of the data can additionally be disabled by managers if, for example, the groups do not explicitly serve collaborative purposes.

    If managers enable group messaging in the settings of a group, users will see the names of other group members and can send messages to them. This also serves to facilitate easier communication in groups that are used for group work.

    Outside of the aforementioned scenarios, the data is only visible if the data subjects have explicitly allowed this in their profile settings.

  • Content data: Contributions from all roles in the offered learning activities, including uploaded files. The visibility of files is partially dependent on the settings of the learning activity that have been chosen by the manager. The settings for the visibility of data for other course room participants are selected, so that as little data as possible is visible by default. Persons with the student and extra user roles can only see their own grades.

2. Tutors and editing tutors

The editing tutor role only has the additional right to upload files to folders compared to the rights of the tutor role. These roles are respectively assigned by the managers. Managers are responsible for the transfer of tasks to the tutors and the associated access to personal data, especially that of students. The role of editing tutor can no longer be assigned as of the Winter Semester 2020/21.

Persons with these roles can see the following data, depending on the teaching scenario:

  • First name, surname and email address: Always for all roles in the course room, to ensure the fulfilment of supervisory tasks. For the same reason, the first name, surname, and email address of tutors are also visible to everyone in the course room.

  • Content data: Contributions from all roles in the offered learning activities, including uploaded files. The visibility of files is partially dependent on the settings of the learning activity that have been chosen by the manager. As both roles are commonly used for the correction and manual evaluation of solutions to assignments, tutors can also see the students' grading data depending on the settings chosen by the manager role.

3. Manager

The role of manager is assigned to all persons listed as lecturers or contributors in the corresponding course in the Campus Management System. They are automatically authorized upon course room creation. Furthermore, these managers can authorize further managers. These managers are responsible for delegating tasks to the authorized persons and the related access to personal data, especially that of students.

Persons in this role can see the following data, depending on the teaching scenario:

  • First name, surname, email address: Always for all roles in the course room, to ensure the fulfilment of supervisory tasks. For the same reason, the first name, surname, and email address of managers are also visible to everyone in the course room.

  • Matriculation number: The matriculation numbers of students and extra users are not visible to managers within a course room itself. Managers can however export data from some activities, such as attendance list, assignments or choice, as a file. To uniquely identify students and extra users, these exports contain their first name, last name and matriculation number. If no matriculation number exists, the email address is exported instead. The data may only be exported and processed for the purposes of the respective course. The person exporting the data is responsible for ensuring that no third party obtains knowledge of the personal data and that the data is completely deleted as soon as the purpose is fulfilled.

  • Content data: Contributions from all roles in the offered learning activities, including uploaded files and grades.

  • Lmsid: Managers can export the achieved grades for the students and extra users roles as a CSV file from the grades area. Among other things, the export contains the lmsid, which is used for further processing in other systems such as those of the language center.

4. Support admin

The role of support admin is held exclusively by employees of the IT Service Desk, the departments in the IT Center involved with the development and operation of RWTHmoodle, and the learning platform management department of the Center for Teaching and Learning Services (CLS). Within the scope of their official duties in supporting RWTHmoodle, this group of persons has access to personal data in order to provide technical support for the application and professional didactic consultation and support for the users of RWTHmoodle. Support admins have the same rights as managers, but additionally see all course data of users to be able to check authorizations. Persons assigned this role have a duty of secrecy.

5. Administrator

The administrator role is only assigned to employees of the IT Center of RWTH Aachen University who are entrusted with the system administration of RWTHmoodle. In principle, persons with the role of administrator see all personal data, including usage data and web server log data. Access takes place exclusively within the scope of official duties and when necessary. Persons assigned this role have a duty of secrecy.

6. Matrix of rights

The following matrix lists which data is visible for which roles. The matrix assumes that the viewer has the role student or extra user.

My data…

…is visible for:

Students

Lecturers, tutors, employees

Visible for me in my profile and in my registered courses

Other participants in my course (student and extra user roles)

Tutors

Lecturers and contributors (manager role)

Support-Admin

Administrator

My inventory data

My first name and surname[1]

My email address

My matriculation number

My lmsid

My course room data

List of my current and past courses

My usage data

Activity log, IP address

My content data

My contributions to activities

My uploaded files

My grades

My web server log data

Access log

Visibility categories

Always visible

Visible in course groups of up to a maximum of 10 people, otherwise not visible by default. Can be changed individually via the profile

Only visible when set to be visible by a manager

Never visible

E. Duration of storage

Art. 5 para. 1 lit. e GDPR stipulates that a retention period linked to the fulfilment of the respective purpose must be specified for the processing of personal data, after which the data must be deleted.

1. Inventory data

Inventory data remains stored in RWTHmoodle until it is deleted in the identity management service of RWTH Aachen University. The storage of inventory data of students is governed by § 12 para. 1 E-Learning-Ordnung RWTH Aachen. Accordingly, inventory data is saved until exmatriculation. Inventory data of cross-registered students and guest students shall be stored for as long as they are permitted to attend courses at RWTH Aachen University in accordance with §§ 11, 12 of the Einschreibungsordnung.

In general, members and affiliates of RWTH Aachen University decide for themselves, after leaving the university, whether their account should remain active in the university's identity management service or be deleted. If the account is deleted in the identity management service, it will be deprovisioned in RWTHmoodle.

Local accounts created for study-orientation and study-preparing courses offered by the university will be deleted after 12 months at the latest. Specific deletion periods are stated in the data protection declarations of the respective offers.

2. Shibboleth data

The data required for authentication is deleted when you log out, your Moodle session is ended after a long period of inactivity, or your browser session ends.

3. Course room data

The authorizations for course rooms are deleted once three years have passed since creation of the course room.

In the case of course rooms in RWTHmoodle used for further education, that were created using the course management system "Antrago", authorizations are deleted before the next appointment takes place. If there is no further appointment within a year, the whole course room is deleted.

4. Usage data

RWTHmoodle log data is kept for 6 months, in order to be able to assess reports of technical malfunctions, such as unsaved content data in e-test attempts or assignment submissions, up until the examination phase at the end of the semester.

Beyond this period, and only in the context of content data, the date and time of creation of the data as well as the first name and last name of the person creating the data are stored for a longer period of time and displayed in the system's web interface. The storage duration of this usage data is governed by § 12 para. 2 E-Learning-Ordnung RWTH Aachen. They are stored as long as necessary for the delivery of a course on RWTHmoodle or for the completion of a module (exercise or preliminary examination). They will be deleted from RWTHmoodle within the framework of the course room lifecycle, at the latest after the expiration of three years after the creation of the course room.

The IP addresses, which are gathered for protection against fraud when the “Attendance” plugin is used in the mode for self-recorded attendance, are deleted from the database nightly. Likewise, the last IP address automatically stored by RWTHmoodle is deleted nightly.

The data collected about the first and last connection to the website will be deleted in the same way as the inventory data when the account is deleted in the identity management service of RWTH Aachen University.

The data about the last access to a specific course room will be deleted together with this course room within the framework of the course room lifecycle, at the latest after the expiration of three years.

5. Content data

The storage duration for content data is governed by § 12 para. 3 E-Learning-Ordnung RWTH Aachen. It will be deleted from RWTHmoodle within the framework of the course room lifecycle, at the latest after the expiration of three years after the creation of the course room.

Messages sent using the messaging system are deleted after one year by default.

F. Data sharing

Personal data is not shared with third parties or used for purposes other than those stated here, subject to statutory requirements.

Third-party applications connected via the RWTHmoodle API secured with OAuth2 cannot obtain any data beyond that which is also available via the web interface. Such applications must be submitted separately to the Data Protection Officer of RWTH Aachen University prior to going live. When using these systems, please note their privacy policy. Before using these systems for the first time via the connection to RWTHmoodle, you will be informed once again about the transfer of data.

The courses of RWTH Aachen University are evaluated within the framework of the student course evaluation with the help of the system EvaSys. To simplify access to the data, the released surveys or survey results are displayed for each user in the RWTHmoodle dashboard in the block "Surveys (RWTH)". In order to ensure that the individual data is displayed, the e-mail address of the users is transferred to the EvaSys system.

G. Data transfer to third countries

There are no plans to transfer the personal data specified above from RWTHmoodle to third countries.

H. Technical and organizational measures to maintain integrity and confidentiality

In accordance with Art. 32 GDPR, various technical and organizational measures are taken to ensure the integrity and confidentiality of personal data in RWTHmoodle. Access to personal data within the application occurs via user control (username and password). Access to the server is restricted to specific workstations by both user control and firewall rules. Communications between the application and the servers are encrypted over a secured connection (HTTPS) to prevent unauthorized data processing.

A comprehensive list of measures is described in detail in a separate document. These measures have been implemented in accordance with Art. 32 GDPR.

VI. Use of cookies

A. Description, scope and purpose of data processing

RWTHmoodle uses cookies. Cookies are text files which are saved in an internet browser or on the computer system of a user by an internet browser. If a user accesses a website, a cookie can be stored on their operating system. This cookie contains a unique identifier, which enables the definitive identification of the browser when the website is accessed again.

The following cookies are used and the following data is saved and transmitted therein:

  • MoodleSession identifies the logged in user using an anonymous ID and saves their login for the current RWTHmoodle session. This needs to be authorized, in order for a user’s login and access rights within RWTHmoodle to be preserved during a session. The cookie is automatically deleted as soon as the user logs out from the system or closes their web browser.
  • MoodleID saves the username in the web browser. During the next login, this name is automatically entered in the login interface in order to speed up the login process. Users can optionally activate this cookie while logging in.
  • JSESSIONID is used in the context of the RWTH streaming server for teaching based on the Opencast system. It saves the Opencast login. This is necessary in order to be able to watch videos in course rooms that are provided via the streaming server. These videos are not public and only playable in the context of the course room through which they were uploaded to Opencast.

B. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

C. Duration of storage, objection and remedy

Cookies are saved on the user’s device and are transmitted to the website from this device. Users therefore have full control over the use of cookies. By changing the settings in the web browser they can deactivate or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can be automated. If cookies are deactivated for RWTHmoodle, there is a possibility that not all functions can be fully used any more.

VII. MATLAB Grader

Some courses in RWTHmoodle may use the software MATLAB Grader, which is connected to RWTHmoodle via LTI. The software is operated by The MathWorks, Inc, Apple Hill Campus, 1 Apple Hill Drive, Natick, MA 01760-2098, USA. It is used to provide and automatically evaluate MATLAB assignments in a course room. For this purpose, an LTI ID is transferred to MATLAB Grader for each user, through which the grades achieved are returned to RWTHmoodle. Names or e-mail addresses are not transferred. The processing of personal data has been regulated in a commissioned data processing agreement between RWTH Aachen University and The MathWorks, Inc. in accordance with Art. 28 GDPR. Before using the software for the first time, you must agree to the terms of use once. The privacy policy for MATLAB Grader is also linked in the terms of use.

VIII. MUMIE

RWTHmoodle allows managers to add “MUMIE” activities to their course rooms. Users that access these activities will be directed to the “MUMIE” system. The system operator is integral-learning GmbH, Clausewitzstr. 2, 10629 Berlin.

A user’s Moodle User-ID is transferred to the MUMIE server in an encrypted and anonymized form when a user accesses such an activity. An account is then created for the accessing user in MUMIE. This is done for the purpose of returning grades received from MUMIE for mathematical exercises to RWTHmoodle and assigning them to the accessing user.

Further information on the handling of user data on the MUMIE system is provided by MUMIE's privacy policy, which can be found by MUMIE's privacy policy.

IX. YouTube

RWTHmoodle allows managers to embed and deliver videos from the Google-operated YouTube website using a text editor. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When a page with an embedded YouTube video is accessed using RWTHmoodle, a placeholder is displayed in the space where the video is embedded. This placeholder displays a text stating the source of the video and contains a link to YouTube’s privacy policy. A connection to the YouTube servers is only established after a user clicks on the placeholder, in order to load the thumbnail. This tells the YouTube server which page was visited. After a further click on play, playback of the video will start.

If a user is logged in to their personal YouTube account, they will enable YouTube to attribute their browsing behavior to their personal profile. This can be prevented by logging out from their personal YouTube account.

Further information on the handling of user data is provided by YouTube's privacy policy.

X. Accessibility Toolkit

In accordance with §1, para. 2 BITV 2.0, RWTH Aachen University is obligated to enable and ensure a fundamentally unrestricted barrier-free design of modern information and communication technology. It therefore uses the Accessibility Toolkit from Brickfield Education Labs, Fitzwilliam Business Center, 25 Pembroke Street Upper, Dublin 2, Ireland. With this toolkit, persons with the role of manager can check the accessibility of all course room content created via the Moodle text editor. No personal data is disclosed when using the tool. However, to improve the toolkit, the following statistical data is transferred to Brickfield:

  • siteurl
  • release version of moodle
  • numcourses on site
  • numusers on site
  • numfiles in total
  • numfactivities in total
  • mobileservice on/off
  • usersmobileregistered
  • date

In a second data set the anonymous result information of the check for each content type is transferred:

  • Number of instances on site
  • Number of instances which passed tests
  • Number of instances which failed tests

For each type of accessibility test is transferred:

  • which one (name of test)
  • which type (groupname of test) and
  • number of errors

XI. Anonymous access statistics

Anonymized statistics about the accessing of course rooms is stored in the context of learning analytics. Every time that a course room is accessed the following data is logged without reference to users:

  • Type of action (e.g. if a quiz was completed or a PDF was downloaded)
  • Time (accurate to the second)
  • ID of the course room, within which the action was taken
  • The affected context (e.g. the quiz ID)
  • The operating system used (e.g. Windows or Linux) coded as a number (specific operating system versions are not saved)
  • The browser used (e.g. Firefox or Edge) coded as a number (specific browser versions are not saved)

All data is saved anonymously and cannot be attributed to specific users. All participants in a participating course room can access the statistics, by clicking on a link in the navigation of the course room. Aggregated data is therefore only displayed in statistics if there are at least ten datasets available. Otherwise “<10” is displayed.

The IT Center provides the gathered anonymous log data to the Center for Teaching and Learning Services (CLS) at the end of a semester for research purposes. Data related to the ID of the course room is anonymized for this.

XII. Anonymous access statistics for streaming videos

Anonymized statistics about access to videos on the RWTH streaming server are displayed in addition to the general access statistics for a course room. The web analytics tool Matomo anonymously gathers these. The following are logged in the tool:

  • IP address of the user (in anonymized form)
  • Date and time of access
  • Title of the page accessed (Page title)
  • URL of the page accessed (Page URL)
  • URL of the previously accessed page (Referrer URL)
  • Screen resolution of the user
  • Local time in the time zone of the user
  • Files that were clicked and downloaded (Download)
  • Links to external domains that were clicked (Outlink)
  • Time taken to generate the page (Page speed)
  • Location of the user: country, region, city, rough latitude and longitude (Geolocation)
  • Browser language (Accept-Language header)
  • User agent of the browser (User-Agent header)

XIII. Rights of the data subject

You have the right, under the conditions defined in Art. 15 ff. GDPR, to obtain information from RWTH Aachen University about personal data concerning you, to request the correction of incorrect data, the deletion of data or the restriction of data processing, to object to data processing and to request data portability.

You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of personal data concerning you violates this regulation.

If the processing is based on your consent (see Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR), you also have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.


[1] If a person in a course has the manager or tutor roles, they can always see the first name, surname and email address for all other persons in the course room, independent of the other persons’ profile settings.

changed on 1st September 2022 at 8 am