Privacy Policy
This Privacy Policy is for the EPICUR Inter-University Campus (EIUC) at "https://learn.epicur.education". The EIUC is hosted and offered by the Karlsruhe Institute of Technology (KIT) for the EPICUR Alliance (European Partnership for an Innovative Campus Unifying Regions). The KIT takes data protection very seriously and attach great importance to your rights and the security of your data.
Controller
Controller of data processing on the EIUC within the meaning of the EU General Data Protection Regulation and other data protection regulations is
Karlsruher Institute of Technology
Kaiserstraße 12
76131 Karlsruhe
Germany
Phone: +49 721 608-0
Fax: +49 721 608-44290
Email: info@kit.edu
The Karlsruhe Institute of Technology is a corporation under public law. It is represented by the President Prof. Dr. Holger Hanselka.
Our data protection officer is
Ass. jur. Marina Bitmann
Phone: +49 721 608-41057
Fax: +49 721 608-41059
Email: datenschutzbeauftragter@kit.edu
Administrative and technical contact is
Steinbuch Centre for Computing (SCC)
Information Systems for Study and Teaching (ISL)
Email: support@learn.epicur.education
Karlsruher Institute of Technology
Kaiserstraße 12
76131 Karlsruhe
Germany
Phone: +49 721 608-0
Fax: +49 721 608-44290
Email: info@kit.edu
The Karlsruhe Institute of Technology is a corporation under public law. It is represented by the President Prof. Dr. Holger Hanselka.
Our data protection officer is
Ass. jur. Marina Bitmann
Phone: +49 721 608-41057
Fax: +49 721 608-41059
Email: datenschutzbeauftragter@kit.edu
Administrative and technical contact is
Steinbuch Centre for Computing (SCC)
Information Systems for Study and Teaching (ISL)
Email: support@learn.epicur.education
Personal Data Collection, Processing and Use
In the context of using the EIUC, we process your personal data to the extent necessary to provide our content and services. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person (e.g. name, address, email and user behavior). KIT collects, processes and uses personal data when registering for the EIUC, when using the platform and when publishing content and data on the platform itself.
The personal data of users will be protected according to the GÉANT Data Protection Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the privacy of users.
The personal data of users will be protected according to the GÉANT Data Protection Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the privacy of users.
Usage Data
When using the EIUC we will collect the personal data that are transmitted by your browser to our server according to the settings made by you (server log files). For viewing the EIUC, we collect the data required for this purpose and needed for ensuring stability and security:
The storage of the user's IP address in log files is done to ensure the functionality of the EIUC. It also serves to optimize the EIUC and the security of our systems. The data is not evaluated for marketing purposes.
The data is deleted when it is no longer required for the aforementioned purposes. In the case of the collection of data required for the display of the EIUC, this occurs at the end of the respective session. In the case of storage of the data in log files, this occurs after fourteen days at the latest. Further storage is possible if there are security concerns. In this case, the IP addresses are alienated so that an assignment of the calling client is no longer possible. Since the collection and storage of this data is mandatory, there is no possibility to object to this.
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/http status code
- Websites from which the user's system accesses the EIUC
- Websites that are accessed by the user's system via the EIUC
- Browser data (type, language and version)
- Operating system
The storage of the user's IP address in log files is done to ensure the functionality of the EIUC. It also serves to optimize the EIUC and the security of our systems. The data is not evaluated for marketing purposes.
The data is deleted when it is no longer required for the aforementioned purposes. In the case of the collection of data required for the display of the EIUC, this occurs at the end of the respective session. In the case of storage of the data in log files, this occurs after fourteen days at the latest. Further storage is possible if there are security concerns. In this case, the IP addresses are alienated so that an assignment of the calling client is no longer possible. Since the collection and storage of this data is mandatory, there is no possibility to object to this.
Registration
The registration for the EIUC is done exclusively via Shibboleth. During the Shibboleth registration, KIT processes your following data:
After registration, additional information can be entered in the profile settings. This information is voluntary. In the profile settings you decide whether your profile is visible or invisible to other users. In the default setting it is invisible.
KIT needs and uses your registration data exclusively to provide adequate course support, to manage your user account and to contact you. KIT will use your email address to contact you regarding matters related to your user account and for messaging in the course context. After your account is disabled, we will lock your registration data. Your registration data will be deleted when it is no longer required to fulfill legal retention obligations.
- User identifier (EduPersonPrincipalName)
- First and last name
- Email address
- Home institution
- Affiliation (student, employee/staff)
After registration, additional information can be entered in the profile settings. This information is voluntary. In the profile settings you decide whether your profile is visible or invisible to other users. In the default setting it is invisible.
KIT needs and uses your registration data exclusively to provide adequate course support, to manage your user account and to contact you. KIT will use your email address to contact you regarding matters related to your user account and for messaging in the course context. After your account is disabled, we will lock your registration data. Your registration data will be deleted when it is no longer required to fulfill legal retention obligations.
Posted Content
Content data are all data voluntarily posted by you on our platform in your profile or in courses, such as your photo, your contact address as well as your messages, comments, materials, etc. By entering, you consent to the collection, processing and use of the data by KIT.
The course administrator has access to all data created by you within the respective course environment. KIT shares your posted content with other users of the platform in the course context. After disabling your account, content posted by you on the platform will be anonymized or pseudonymized.
As a scientific institution, KIT reserves the right to evaluate anonymized user data of the platform.
The course administrator has access to all data created by you within the respective course environment. KIT shares your posted content with other users of the platform in the course context. After disabling your account, content posted by you on the platform will be anonymized or pseudonymized.
As a scientific institution, KIT reserves the right to evaluate anonymized user data of the platform.
Transfer of Personal Data to Third Parties
KIT will disclose your personal data to third parties outside the Platform only if KIT is required by law to do so or is required to do so by a court of law, or in response to requests from official bodies, in particular law enforcement and supervisory authorities, if and to the extent necessary to avert threats to public safety and order and to prosecute criminal offences.
Legal Basis
The legal basis for the informational use of the EIUC is Art. 6 para. 1 subpara. 1 (e), para. 3 subpara. 1 (b) GDPR in conjunction with Section 4 Landesdatenschutzgesetz Baden-Württemberg (State data protection act of the state Baden-Württemberg).
The legal basis for the processing of the registration data and your supplemented profile contents is your consent according to Art. 6 para. 1 subpara. 1 (a) GDPR.
The legal basis for the processing of the registration data and your supplemented profile contents is your consent according to Art. 6 para. 1 subpara. 1 (a) GDPR.
Your Rights
In general, you have the following rights towards us concerning the personal data relating to you:
In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).
In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).
- Right to withdraw consent
- Right to information
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object to data processing
In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).
In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).
Data Security
KIT uses technical and organizational security measures to the best of its current knowledge to protect the data you have provided to us from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. For example, your data is stored in a secure operating environment that is not accessible to the public. Our security measures are reviewed at regular intervals and continuously improved in line with technological developments.
TLS encryption
For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, this site uses TLS encryption (Transport Layer Security, minimum version 1.2). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If TLS encryption is activated, the data you transmit to us can generally not be read by third parties. Please note, however, that when transmitting data via the Internet, it is never possible to guarantee complete protection against access by third parties.
If TLS encryption is activated, the data you transmit to us can generally not be read by third parties. Please note, however, that when transmitting data via the Internet, it is never possible to guarantee complete protection against access by third parties.
Cookies
In addition to the data mentioned above, cookies are stored on your personal computer when using the EIUC. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of the EIUC) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to the EIUC. Session cookies are deleted when you log out or close the browser. In contrast, persistent cookies remain stored on your computer even after you log out or close your browser.
We use session cookies exclusively. We do not use any persistent cookies or flash cookies. You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of the EIUC may be limited.
Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to the EIUC. Session cookies are deleted when you log out or close the browser. In contrast, persistent cookies remain stored on your computer even after you log out or close your browser.
We use session cookies exclusively. We do not use any persistent cookies or flash cookies. You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of the EIUC may be limited.
Contact
When contacting us by email or telephone, your user contact data (email address or telephone number and name, if applicable) will be stored for the purpose of responding. This data is not passed on to third parties.
We delete the data collected in this context after the storage is no longer necessary for this purpose. This is the case when it can no longer be assumed that a response is desired.
The legal basis for the processing of this data is Art. 6 para. 1 subpara. 1 (a) GDPR.
You have the option to object to the processing of this data at any time. In this case, we will delete the data that was stored when you contacted us.
We delete the data collected in this context after the storage is no longer necessary for this purpose. This is the case when it can no longer be assumed that a response is desired.
The legal basis for the processing of this data is Art. 6 para. 1 subpara. 1 (a) GDPR.
You have the option to object to the processing of this data at any time. In this case, we will delete the data that was stored when you contacted us.