Data Protection Policy for vc.uni-bamberg.de
This data protection policy applies to all the webpages on vc.uni-bamberg.de.
The University of Bamberg’s Virtual Campus (vc.uni-bamberg.de) provides an online platform for teachers, students and employees as well as for the University’s research partners. The Virtual Campus (VC for short) serves to strengthen teaching, research and administration. It is based on the Moodle course management system.
If other services with their own data protection policies are used on vc.uni-bamberg.de, we will draw your attention to those policies wherever applicable (e.g. filling in application or registration forms).
It is not permissible to use the VC for any purpose other than to support teaching, research or administration. This also applies to the use of other users’ visible data. Depending on severity, violations can lead to a loss of VC user privileges.
Name and contact details of the responsible person
President Prof. Dr. Kai Fischbach
Phone: +49 951 863-1001
FAX: +49 951 863-1012
Registrar Dr. Dagmar Steuer-Flieser
Phone: +49 951 863-0
FAX: +49 951 863-1005
Contact details of the appointed data protection officer
Phone: +49 951 863-1030
FAX: +49 951 863-4030
Purpose and Legal Basis for Data Processing
VC data processing is for educational purposes and has its legal basis in Art. 2 of the Bavarian Higher Education Act (Bayerisches Hochschulgesetz, BayHschG) and well as Art. 6(1e), Art. 6(3) and Art. 6(4) of the General Data Protection Regulation (GDPR).
As a University student or employee, you will need to submit personal data as part of the enrolment and/or hiring process.
If the Virtual Campus is used for the purpose of committee work with external participants, registration and the sharing of personal identity information (such as e-mail address or name) needs to take place independently or on a voluntary basis via the home institution’s identity provider.
For administrative purposes and in order to use the platform, personal user accounts or role-based accounts are set up with individualised access restrictions. Any changes made to these accounts will be documented.
In accordance with the personal data protection guidelines regarding multimedia uses of e-learning services, data is divided into three categories: basic data, usage data and content data. See “E-Learning Guidelines” (in German):
<link fileadmin uni verwaltung justitiariat rechtsgrundlagen interne_regelungen richtlinien_elearning>
The individual personal user accounts in Moodle are considered basic data. The data include information from the user profile:
- Email address,
- User name,
- Given name,
- Other optional fields such as location or time zone.
Basic data is transmitted to the VC either via a central user administration (the university’s identification management system, the DFN’s Authentication and Authorization Infrastructure) or when you complete your registration yourself. In this case, the use of pseudonyms is permissible.
Usage Data and Content Data
VC courses rely on usage data and content data. The data are therefore covered by Para. 2.1 of the “E-Learning Guidelines”. It is not possible to specify general timelines for data storage and erasure regarding the data use described in the “E-Learning Guidelines”.
Documentation and Record-Keeping on the Moodle Learning Platform
The Virtual Campus runs on Moodle software, which records and processes user access and activity within the system. This documentation is in part essential to completing tasks on the learning platform. The documentation also helps to monitor and repair malfunctions or interruptions to service. A typical example might involve problems that occur when trying to submit an assignment before a certain deadline. The documentation is then available upon request in order to check a student’s activity and prove, for example, that a late submission was not due to negligence on their part, but rather to technical problems.
Data collected for documentation purposes are only accessible by Moodle platform administrators. Instructors, course coordinators, students and other users of the site do not have access to this data (content data such as assignments, workshops, forums, etc., notwithstanding).
Personal data collected through this type of record-keeping cannot be accessed without due cause.
Recipients of Personal Data and Categories of Recipients
Visibility of Personal Data by Third-Party Individuals with the Role of Participant
The given name and surname you provided when signing up as a participant in a VC course will be visible in the following places within the course: They appear next to any contributions you make as part of a given activity (for example, a post in a forum, and they will also appear on a course’s “participants” page. Other people in the same course (moderators and other participants, but not guests) can click on your name and view your user profile. User profiles generally show the following information:
- First name and surname
- The name of the VC courses for which you are registered
- Your role in the course (possible roles: participant, moderator, tutor)
- Group membership (if groups are assigned as part of a VC course and you are assigned to one of the groups)
- Additional information (optional)
You have the option of providing more information about yourself if you wish. For example, you can fill in the “personal description” field (e.g. your CV) or “contact information” (telephone, webpage, ICQ number).
If you fill in these fields, the information will be visible to all course participants if they visit your VC profile.
Visibility of Personal Data by Third-Party Individuals with the Role of Moderator
Course instructors are usually assigned this roll. They have additional access to
- Users’ email addresses
- Data from deactivated Moodle courses
- The moderator role also has access to data submitted as part of a Moodle course, such as assignments turned in by participants.
Visibility of Personal Data by Third Party Individuals with the Role of System Administrator
This role is reserved for individuals in the responsible department within the University’s computing centre.
They have access to all data in the system unless the data is separately encrypted. Personal data is involved in the following:
- Record-keeping for the learning platform
- Log data from the entire system (webserver, email communication)
- All course content
- All data concerning user administration
Linked Features and Applications
The VC is linked to the following applications to provide the required functionality:
- efolio (e-portfolio based on Mahara)
- Panopto (video storage)
- Turnitin (plagiarism check)
When using linked functions and applications, an automated transfer of inventory data as well as content data may be required.
Storage Period for Personal Data
The individual personal user accounts in Moodle are considered basic data. Basic data that is no longer needed will be deleted after two years at the latest.
Basic Data Used by the University of Bamberg’s Central Directory Services
Members of the University are given access to its central directory services. Their status as University members gives them access to use and store basic data. Once a person is no longer a member of the University, their account will be deleted. To the extent that basic data are not included as part of usage and content data, they will be deleted upon account deactivation.
Basic Data Used by the DFN-AAI
Any personal data acquired from other institutions through the DFN-AAI and used for registration purposes will also be deleted no later than two years after the data has been established as no longer valid.
Basic Data from Accounts Created by Users
External individuals can create user accounts for themselves and have them deleted. Since the system does not always recognise if an account is still in continued use, users receive an email reminder every two years regarding basic data. A common example of this kind of use would be a subscription to receive alumni emails.
If the email address associated with an account proves to be invalid repeatedly, the account will be deactivated and then deleted within two years.
Usage Data and Content Data
Usage data and content data are components of VC courses. The data are therefore covered by Para. 2.1 of the “E-Learning Guidelines”. It is not possible to specify general timelines for data storage and erasure regarding the data use described in the “E-Learning Guidelines”.
Record-Keeping Files Used by Moodle Software
This data is automatically deleted after one semester.
Record-Keeping Files Used by the Server and Other System Components
As a rule, any personal data here is stored for a maximum of seven days.
Cookies are set for the duration of a given browser session.
When you use the Virtual Campus, so-called session cookies are stored to your computer. Cookies are small text files that are required in order to use Moodle. Cookies are not a threat to your computer and do not contain viruses. The cookies are deleted as soon as you end your browser session. You can disable cookie storage in your browser settings.
Please note that only users who are not logged in will not be subject to limited use if they deactivate cookie storage.
Voluntary Disclosure of Information
In your user profile you can check what personal data of yours is available on the VC. For further information see "Individual Profiles" (in German) and und "Editing Your Profile" (in German).
When you visit your profile page, you will see what information you have shared, what courses you are registered for, what forum posts you have submitted as well as information about your active browser sessions.
Rights of the Data Subject
The information provided by the General Data Protection Declaration applies.
Special information for vc.uni-bamberg.de
Deleting Basic Data
You can delete your user profile if you no longer need it. To do so, follow the instructions on "Removing myself from Virtual Campus because I no longer work/study at the University of Bamberg" (in German).
Statistical Analysis Only with Anonymous Data
Statistical analysis is not conducted using data that is not anonymous.
The Responsibility of Course Instructors to Adhere to Regulations Regarding the Use of vc.uni-bamberg.de for Purposes Other Than Teaching.
Records resulting from specific types of use and other content may only be used within the parameters set by current service agreements and other relevant regulations.