Full policy

1 Name and Address of the Person Responsible

The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States, and other data protection provisions is:

2 Name and address of the Data-Protection Officer

The Data Protection Officer of the controller is:

Kirstin Vedder
Technische Hochschule Lübeck Mönkhofer Weg 239
23562 Lübeck

E-Mail: datenschutz(at)th-luebeck.de

3 Legal Basis for Data Processing

Data processing is carried out in compliance with the European Union General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Schleswig-Holstein State Data Protection Act (LDSG), and the Schleswig-Holstein Higher Education Act (HSG).

The processing of personal data serves the preparation, administration, conduct, and evaluation of examinations. Your mandatory personal data are processed exclusively in connection with your participation in examinations on the basis of the following legal provisions:

• Article 6(1)(e) GDPR in conjunction with Sections 45 and 52 of the Schleswig-Holstein Higher Education Act (HSG)
• Sections 10 and 19 of the Schleswig-Holstein Ordinance on the Collection and Processing of Personal Data for Administrative Purposes of Universities and the Cooperative State Academy (StudDatenVO)
• Section 16 of the Examination Procedure Regulations (PVO) of Lübeck University of Applied Sciences in conjunction with Sections 3 and 5 of the Supplementary Regulations on Electronic Examinations (PVO Supplementary Statute for Electronic Examinations)

4 Purposes and Scope of the Processing of Personal Data

Personal data are processed for the purpose of organizing, preparing, conducting, and evaluating examinations.

When using the Examination Moodle platform, personal data of users are processed in the following categories:

Master Data

Access to the Examination Moodle platform requires a user account (THL IT account) issued by Lübeck University of Applied Sciences and inclusion in the university's central user management system (LDAP).

During the login process, information from the LDAP account is automatically transferred to the Moodle database or updated upon subsequent logins. The following information is processed:

• Username
• University e-mail address
• First name
• Last name
• Degree program abbreviation (not applicable to university employees)

Content and Examination Data

Content and examination data are generated when users enter information into the Examination Moodle platform. This includes, for example, activities within assignments and quizzes. Uploaded files also form part of the content and examination data.

Only the Moodle administrators of the Center for Digital Teaching (Zentrum Digitale Lehre – ZDL) have global access to content and examination data. Persons responsible for individual examinations have access to aggregated activity reports solely for the purpose of conducting and evaluating examinations within the respective course.

Course coordinators (examiners) supplement content and examination data with information relating to academic performance (assessment of examination results). These data are visible only to the persons responsible for the respective examination and to the Moodle administrators of the ZDL.

Data processing is carried out exclusively for examination purposes and in accordance with the principle of data minimization.

Log Data

When using the Examination Moodle platform, so-called log data are collected in the background. In particular, information is recorded regarding the time, IP address, and Moodle components accessed.

Only the Moodle administrators of the ZDL have access to these data.n.

5 Duration of Data Storage 

Data resulting from participation in examination courses (master data, content and examination data, and log data) are stored until the respective examination course is deleted. The examination course is deleted four years after the last student who participated in that course has been exmatriculated.

Other server log data are deleted after seven days.

6 Recipients of the Data

Recipients of the data include examiners and invigilators. Examination submissions are also processed by all offices and organizational units involved in the administration, assessment, and processing of examination results.

7 Transfer of Data to Third Countries or International Organizations

Moodle data processing takes place exclusively on servers operated by Lübeck University of Applied Sciences. No transfer of personal data to an international organization or a third country takes place.

8 Automated Decision-Making

No automated decision-making within the meaning of Article 22 GDPR takes place.

9 Use of Cookies

Moodle uses cookies. Cookies are text files that are stored in your internet browser or by your internet browser on your computer system. When accessing the website, a cookie may be stored on your system. This cookie contains a unique identifier that enables your browser to be recognized when the website is accessed again.

The following cookie is used:

The MoodleSession cookie identifies logged-in users through an anonymous ID and maintains their login status for the current session. This cookie is required for the operation of Moodle, ensuring that login information and access permissions remain valid throughout the session. The cookie is automatically deleted when you log out of the system or close your web browser.

10 Your Rights as a Data Subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and have the following rights in relation to the controller:

10.1 Right of Access (Article 15 GDPR)

You have the right to obtain information from the controller about the personal data stored concerning you (Article 15 GDPR).

10.2 Right to Rectification (Article 16 GDPR)

If inaccurate personal data concerning you are processed, you have the right to obtain rectification under the conditions set out in Article 16 GDPR. Please contact the responsible offices to exercise this right.

10.3 Right to Erasure (Article 17 GDPR) and Restriction of Processing (Article 18 GDPR)

Under the conditions set out in Article 17 GDPR, you have the right to obtain the erasure of your personal data (for example, where the data are inaccurate or there is no legal basis for further processing). The right to erasure does not apply where the controller is authorized or legally obliged to continue processing the data, or where processing is necessary due to a legitimate interest.

Under the conditions of Article 18 GDPR, you may request the restriction of processing of personal data concerning you (for example, where the accuracy of the data is contested).

10.4 Right to Data Portability (Article 20 GDPR)

Under the conditions of Article 20 GDPR, you have the right to receive personal data that you have provided in a structured, commonly used, and machine-readable format.

10.5 Right to Object (Article 21 GDPR)

Where processing is based on Article 6(1)(e) GDPR or Article 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you (Article 21 GDPR, Section 36 BDSG). If you object, your personal data will no longer be processed unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

The objection may be submitted informally. For evidentiary purposes, we recommend that you submit your objection by post or e-mail using the subject line "Objection". For objections relating to examinations, please contact the Examination Board.

11 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. If you believe that the processing of your personal data violates applicable data protection legislation, you may contact the competent supervisory authority:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein Postfach 71 16
24171 Kiel
Holstenstraße 98
24103 Kiel

Telefon: 04 31/988-12 00
Telefax: 04 31/988-12 23
E-Mail: mail@datenschutzzentrum.de
http://www.datenschutzzentrum.de/

12 The Data Protection Officer of Lübeck University of Applied Sciences

You may also contact the Data Protection Officer of Lübeck University of Applied Sciences at any time, including confidentially, regarding any questions related to data protection.

Full policy

The “Zentrum Digitale Lehre” (ZDL) and the IT-Service of Technische Hochschule Lübeck (THL) operate the Learning Management System (LMS) Moodle. These Terms of Use apply to the LMS website located at https://exam.th-luebeck.de and all associated sites.

§1 Scope

The general terms of use for the LMS apply to every authorized user of the LMS as defined by § 2 of the Terms of Use.

§2 Rights of Use

All those who are studying, teaching and conducting research at Technische Hochschule Lübeck are entitled to use this software. This implies also all of those who are engaged in a teaching or research relationship with the University.

§3 Registration

(1) The use of the service requires you to open an account. University members can use their THL-IT account to log on to the learning platform.

(2) Members of the university use the password of their THL-IT account. External users will receive their own password, which must be kept strictly confidential and cannot be disclosed to third parties.

§4 Obligations of the Users

(1) The use of the LMS is exclusively for university purposes. Any other use, in particular for business, commercial or private purposes, is not permitted.

(2) All users are obligated to treat the data of other users as strictly confidential and are not to pass them on without the written consent the person concerned. This applies especially to the names and e-mail addresses of other users.

(3) The contact between operator and user is handled exclusively via the user's e-mail account registered with the system. Users have to make sure that they can be contacted via this account.

(4) It is not permitted to use the statistical data of the LMS for performance and behavior checks and assessments.

(5) Every user is obliged to comply with all legal provisions, in particular the copyright law and data protection.

(6) Every user is responsible for ensuring that the content they post does not violate the rights of third parties and does not violate any other legal regulations, in particular copyright, competition or data protection regulations. It is not permitted to exchange, use or distribute copyright-protected material via the LMS if the legal requirements for this are not met. Copyrightable material or part of such material, e.g. course material, templates, excerpts from other works, images etc., which are used in the LMS and/or which are explicitly created for the LMS, may not be used outside the LMS and/or passed on to third parties. Prior to setting links, the linked contents must be checked for infringements. Links to unlawful sites, especially those with extremist, inciting or insulting content, are not permitted.

(7) The rules specified by paragraph 6 also apply to all other forms of communication within the LMS.

§5 Unauthorized use

(1) The user must refrain from any type of unauthorized use of the LMS in accordance with § 5 paragraph 2 of these Terms of Use. The user is obliged to work exclusively with user IDs that he/she has been authorized to use. Passing on user IDs and passwords is prohibited. The user must take precautions to prevent third parties from gaining access to the LMS.

(2) Unauthorized use of the LMS occurs if

(a) data is modified, deleted, suppressed or rendered unusable without authorization,

b) material from unconstitutional organizations or unconstitutional ideology or ideas is disseminated, especially racist and xenophobic ideas,

c) pornography is distributed,

(d) offences against personal dignity, in particular insults or defamation occur,

e) or violates any other legal regulations (e.g. Criminal Code, Youth Protection Act, Data Protection Act, Copyright Act, Trademark Act) or internal regulations of TH Lübeck, particularly these Terms of Use,

f) the image/ reputation of Technische Hochschule Lübeck is damaged or the use is in conflict with its vested interests.

(3) Technische Hochschule Lübeck reserves itself the right to carry out random checks on the content of the course materials provided. Contents that violate applicable law can be removed by the provider without prior notice.

§6 Exclusion from Use

(1) Users who violate these Terms of Use may be excluded from using the LMS temporarily or permanently. The exclusion is generally preceded by a request to refrain from the objectionable behavior and a written or oral hearing of the user, in which the potential exclusion is pointed out.

(2) Excluded users can be re-admitted if it is ensured that they will not engage in any further misconduct.

(3) Paragraphs 1 and 2 also apply if the provider of the LMS has reasonable cause to suspect that internal security measures have been undermined (e.g. e-mail misuse, the use of harmful components such as viruses, worms, or Trojans).

(4) In the interest of an efficient system management, Technische Hochschule Lübeck reserves itself the right to delete authorizations of users (without further notice) whose THL-IT account is no longer valid.

§7 Compliance with other Regulations

(1) The framework regulations for the use of the communication and data processing infrastructure of Technische Hochschule Lübeck have to be observed as far as the user is bound by them. https://dokumente.th-luebeck.de/index.php/f/10592 

(2) The rules and regulations concerning teaching and examinations have to be observed.

§8 Liability

(1) In the event of a violation of legal regulations or the obligations laid out in these Terms of Use, the user will be held liable in accordance with the statutory provisions.

(2) The provider cannot guarantee the permanent availability of the online service. The provider strives to avoid temporary operational disruptions due to maintenance and/or internal disruptions of the system but cannot guarantee either.

(3) Technische Hochschule Lübeck is only liable for grossly negligent and intentional breaches of its obligations. This also applies to damages to the technical devices of the user caused by activities such as the download of software or material.

§9 Rights of Use

(1) Upon registration, the user is granted a simple, non-transferable right to use the LMS.

(2) Technische Hochschule Lübeck remains the owner of all other property rights, copyrights, exploitation and other rights. This also applies if the user legally modifies data or connects it to his / her own programs or databases. In this happens or when program copies are made, the user has to attach a copyright notice that refers to TH Lübeck.

(3) Copyrights held by the user remain with the user.

(4) Storage capacity made available to the user may only be used to store the content created.

§10 Change of the Terms of Use

(1) Technische Hochschule Lübeck reserves the right, at its sole discretion, to change, modify, add or remove portions of these Terms of Use, at any time.

(2) Technische Hochschule Lübeck has the right to concretize or expand on these Terms of Use in specific cases.

(3) Changes have to be communicated in written form in the LMS with a reference to the internet page where the current Terms of Use can be viewed.

Confirmation
I have read the Terms of Use and will abide by them