EPICUR VCLP Privacy Policy

The EPICUR Virtual Campus Learning Platform (VCLP) is offered by the Karlsruhe Institute of Technology (KIT) for the EPICUR Alliance.

The EPICUR Alliance (European Partnership for an Innovative Campus Unifying Regions) builds bridges between the creative academic communities of 8 leading European universities from Amsterdam (NL), Freiburg (DE), Karlsruhe (DE), Mulhouse-Colmar (FR), Poznań (PL), Strasbourg (FR), Thessaloniki (GR), Vienna (AT), serving as knowledge centers to both the surrounding research and innovation landscapes and beyond.

EPICUR’s vision on teaching and learning as well as on research and innovation grows to reflect societal challenges, academic and technological developments and educational innovation, preparing well-informed, open-minded and responsible European citizens capable of creating new knowledge and becoming drivers of transnational innovation.

Current and future generations of students, as well as teachers, researchers and staff, will engage in interdisciplinary, multilingual, research-inspired teaching and learning as well as cutting-edge research and innovation in an inter-university campus without borders.

1. Personal data

In the context of using the EPICUR VCLP, we process your personal data to the extent necessary to provide our content and services.

According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person (e.g. name, address, email and user behavior).

We take data protection very seriously and attach great importance to your rights and the security of your data.

2. Responsible

Responsible for data processing on the EPICUR VCLP within the meaning of the EU General Data Protection Regulation and other data protection regulations is

Karlsruher Institute of Technology
Kaiserstraße 12
76131 Karlsruhe
Germany
Phone: +49 721 608-0
Fax: +49 721 608-44290
Email: info@kit.edu

The Karlsruhe Institute of Technology is a corporation under public law. It is represented by the President Prof. Dr. Holger Hanselka.

Our data protection officer is

Ass. jur. Marina Bitmann
Phone: +49 721 608-41057
Fax: +49 721 608-41059
Email: datenschutzbeauftragter@kit.edu

3. Collection, processing and use of personal data

KIT collects, processes and uses personal data when registering for the EPICUR VCLP, when using the platform and when publishing content and data on the platform itself.

3.1 Informational use

When using the EPICUR VCLP for information purposes only, i.e. when you do not register or transmit other information, we will only collect the personal data that are transmitted by your browser to our server according to the settings made by you (server log files). For viewing the EPICUR VCLP, we collect the data required for this purpose and needed for ensuring stability and security according to Art. 6, par. 1, clause 1, (f) GDPR:

• Anonymized IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/http status code
• Websites from which the user's system accesses the EPICUR VCLP
• Websites that are accessed by the user's system via the EPICUR VCLP
• Browser data (type, language and version)
• Operating system and its interface

These data cannot be referred to certain persons. These data will not be combined with other data sources. We reserve the right to check these data later on, if concrete indications of unlawful use become known to us.

3.2 Registration

3.2.1 Shibboleth

The registration for the EPICUR VCLP is done exclusively via Shibboleth. During the Shibboleth registration, KIT processes your following data:

• User identifier (EduPersonPrincipalName)
• First and last name
• Email address
• Home institution
• Affiliation (student, employee)

You log in to your home institution via Shibboleth. As the identity provider, this institution transmits the above-mentioned data to us as the service provider. The transmission of this data is necessary to ensure authentication and authorization.

If it is not possible to access all of the above data during the Shibboleth login, you will be prompted to complete it manually.

3.2.2 Profile supplement

After registration, additional information can be entered in the profile settings. This information is voluntary.

In the profile settings you decide whether your profile is visible or invisible to other users. In the default setting it is invisible.

3.3 Posted content

Content data are all data voluntarily posted by you on our platform in your profile or in courses, such as your photo, your contact address as well as your messages, comments, materials, etc. By entering, you consent to the collection, processing and use of the data by KIT.

4. Purposes and duration of data collection, processing and use

4.1 Usage data

The usage data is not assigned to other personal data of the user. The data is not stored together with other personal data of the user. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

The user's IP address is stored for the duration of the session. This is necessary to enable the display of the EPICUR VCLP on the user's computer.

The storage of the IP address in the log files is done to ensure the functionality of the EPICUR VCLP. It also serves to optimize the EPICUR VCLP and the security of our systems. The data is not evaluated for marketing purposes.

The data is deleted when it is no longer required for the aforementioned purposes. In the case of the collection of data required for the display of the EPICUR VCLP, this occurs at the end of the respective session. In the case of storage of the data in the log files, this occurs after seven days at the latest. Further storage is possible if there are security concerns. In this case, the IP addresses are alienated so that an assignment of the calling client is no longer possible. Since the collection and storage of this data is mandatory, there is no possibility to object to this.

4.2 Registration

KIT needs and uses your registration data exclusively to provide adequate course support, to manage your user account and to contact you. KIT will use your email address to contact you regarding matters related to your user account and for messaging in the course context. After you log out of the platform, KIT will lock your registration data. Your registration data will be deleted when it is no longer required to fulfill legal retention obligations.

4.3 Posted content

The course administrator has access to all data created by you within the respective course environment. KIT shares your posted content with other users of the platform in the course context. After logging off from the platform, content posted by you on the platform will be anonymized or pseudonymized.

As a scientific institution, KIT reserves the right to evaluate anonymized user data of the platform.

5. Legal basis

The legal basis for the informational use of the EPICUR VCLP is Art. 6 para. 1 p. 1 lit. e, para. 3 p. 1 lit. b DS-GVO in conjunction with § 4 LDSG BW.

The legal basis for the processing of the registration data and your supplemented profile contents is your consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO.

6. Transfer of personal data to third parties

KIT will disclose your personal data to third parties outside the Platform only if KIT is required by law to do so or is required to do so by a court of law, or in response to requests from official bodies, in particular law enforcement and supervisory authorities, if and to the extent necessary to avert threats to public safety and order and to prosecute criminal offences.

7. Cookies

In addition to the data mentioned above, cookies are stored on your personal computer when using the EPICUR VCLP. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of the EPICUR VCLP) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.

Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to the EPICUR VCLP. Session cookies are deleted when you log out or close the browser.

In contrast, persistent cookies remain stored on your computer even after you log out or close your browser.

We use session cookies exclusively. We do not use any persistent cookies or flash cookies.

You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of the EPICUR VCLP may be limited.

8. Contact

When contacting us by email or telephone, your user contact data (email address or telephone number and name, if applicable) will be stored for the purpose of responding. This data is not passed on to third parties.

We delete the data collected in this context after the storage is no longer necessary for this purpose. This is the case when it can no longer be assumed that a response is desired.

The legal basis for the processing of this data is Art. 6 para. 1 lit. a DS-GVO.

You have the option to object to the processing of this data at any time. In this case, we will delete the data that was stored when you contacted us.

9. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us can generally not be read by third parties. Please note, however, that when transmitting data via the Internet, it is never possible to guarantee complete protection against access by third parties.

10. Your rights

In general, you have the following rights towards us concerning the personal data relating to you:

• Right to withdraw consent
• Right to information
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object to data processing

In addition, you have the right to complain about the processing of your personal data by us with a supervisory authority.

In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Article 12, par. 5 GDPR).

In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Article 12, par. 6 GDPR).

11. Data Security

KIT uses technical and organizational security measures to the best of its current knowledge to protect the data you have provided to us from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. For example, your data is stored in a secure operating environment that is not accessible to the public. Our security measures are reviewed at regular intervals and continuously improved in line with technological developments.

Your email address will only be used for correspondence with you. It will not be used for any other purpose or passed on to third parties.