The responsible party for the processing of your personal data within the scope of operation is the Graz University of Technology (hereinafter: TU Graz), Rechbauerstraße 12, 8010 Graz.
The data protection officer of TU Graz is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels, firstname.lastname@example.org.
If you have any data protection concerns, please contact email@example.com or the respective course providers.
The persons responsible for the processing of personal data in the course (see point 4) are basically the providers of the respective course.
CATEGORIES OF PERSONS AND DATA
In the process of using the platform, the following categories are processed by TU Graz in the course of its operation:
- All users registered on the platform who have an account: Master data (Moodle userID, first name, last name, email address), IT security data (IP address, log data), profile data (confirmation of participation, voluntary data such as profile pictures, etc.), standardized feedback/questionnaires, newsletter
- For users with an EduID account: Additional master data (institution affiliation, user institution ID)
- Course instructors/certified course creators: Additionally, academic degree, personal information, teaching materials, image and sound recordings
- Co-operation partners: Information on the legal person
In the course of participation in a course, the following categories are processed by the respective providers as part of the course:
- All users registered for the course: contact details (first and last name, email address), course data (enrolled course, data related to course activities, course responses, results, assignments, badges, entries in forums, etc.).
PURPOSE AND LEGAL BASIS
The platform serves to support the public dissemination of teaching and learning content for students, staff as well as external persons in order to make education freely accessible. The processing of personal data takes place
by the TU Graz for the following purposes
- Operation of the platform (administration, user management, public relations, participation confirmations, etc.)
- Newsletter subscriptions (dispatch, analysis function)
- quality assurance of online teaching (statistical evaluation)
- technical provision of the platform and ensuring smooth use (data security)
- scientific research (primarily in anonymized and pseudonymized form)
by the providers for the following purposes
- Organizational and administrative activities in the course (optional feedback/questionnaires, badges, notifications, visualization of the course and the course management etc.)
- Implementation of the didactic concept - see details in the course description (features - quiz, forum, videos, notifications etc.)
Data processing for the purpose of fulfilling a contract to which the data subject is party takes place on the legal basis of Art 6 (1) b GDPR (processing necessary for the performance of a contract – Condition of Use/implementation of courses - fulfilment of pre-contractual measures).
Data processing that is in connection with the performance of tasks in the public interest or in the exercise of official authority is based on the legal basis in Art 6 Abs lit e DSGVO iVm §§ 2, 3 and 13 UG 2002 (operation of the platform - quality assurance of online teaching, scientific research).
The legal basis for data processing of voluntarily uploaded and/or used content and/or services (e.g. profile pictures) including any resulting sensitive data is your consent according to Art 6 Abs 1 lit a DSGVO or Art 9 Abs 2 lit a DSGVO.
For the purpose of processing the voluntary newsletter subscription, we process your personal data in accordance with § 174 TKG 2021 in conjunction with Art 6 para 1 lit a DSGVO.
To ensure data security, the processing of personal data is carried out in the overriding legitimate interest of Graz University of Technology according to Art 6 para 1 lit f DSGVO.
STUDENTSPROCESSING FOR SCIENTIFIC RESEARCH PURPOSES
The use and transmission of personal data within the framework of the study program is carried out for the execution and organization as well as for the implementation of the didactic concept of the respective course. The purpose is to maintain the teaching operation and to offer an extensive digital teaching and learning offer (see point 6, Students).
Graz University of Technology processes (personal) data primarily in pseudonymized or anonymized form and subsequently in compliance with appropriate technical and organizational measures for scientific research purposes. measures for scientific research purposes, for example to evaluate which functions and applications are used particularly frequently by the user, in order to be able to continuously improve the offer of the iMooX platform. Legal basis of these evaluations is the public interest according to Article 6 (1) lit e DSGVO in conjunction with § 7 DSG.
INTERNAL SERVICES AND INTERNAL DATA TRANSFER
MATOMO ANALYSIS TOOL WITH ANONYMISATION FUNCTION
Our means of ensuring the quality of online instruction is to use our own TU Graz Analytics tool based on the open-source web analysis service Matomo. This requires analysis cookies to enable us to statistically evaluate the content accessed (e.g., creating reports on website activity). The information is only saved once the respective IP address has been shortened and/or anonymised. The shortened IP address thus no longer provides any conclusive information about the original user. When using this website analysis tool, no personal data is transferred to third parties. The data is processed exclusively on secure servers of TU Graz.
Log data essential for technical purposes is stored when using the platform. This allows Graz University of Technology to identify, limit and eliminate system malfunctions, system errors that limit the availability of online services and unauthorised access to our systems. The log data is not linked to other personal data. The following data categories are processed: Date and time of a query, name and URL of the resources accessed, data volume (in bytes) of the requested and/or accessed resource, response from the server (e.g., http status code), identification data of the browser and operating system used, the website from which the access was made, IP address, MAC address, and user name.
Only those personal data will be transmitted to the providers that are necessary for the processing of the course.
For the purpose of the transactional sending of emails (e.g. account termination, subscribed notifications in forums) as well as for the sending of the iMooX newsletter (voluntary and active registration required), SendinBlue GmbH is used as an order processor. There is no transfer of personal data to a third country.
In the course of sending the newsletter, it is collected whether, when, how often and with which e-mail client the newsletter was delivered, opened or clicked on (measurement of the opening and click rate, the location and the e-mail provider). With this collection, we can understand whether the information contained in the newsletter is relevant to the recipients and thus improve our information offering.
You can unsubscribe at any time by clicking on the unsubscribe link in the footer of the newsletter itself. After unsubscribing, your personal data that was processed to send the newsletter will be deleted.
THIRD COUNTRY TRANSFER
STORAGE PERIODS (CRITERIA USED TO DETERMINE THE PERIOD)
Where technically possible, the personal reference is deleted after 30 days. The log data is generally stored for eight weeks. Depending on the system, data may be stored for a longer period, but not longer than twelve months.
PERFORMANCE OF A CONTRACT/PRE-CONTRACTUAL STEPS
We will store your personal data for as long as is necessary to fulfil the contract respectively it is necessary to carry out pre-contractual steps.
IN CASE OF PUBLIC OR LEGITIMATE INTEREST
We will process the data for as long as this is necessary to serve the public/legitimate interest or until justified objections are raised.
IN CASE OF CONSENT
If you have given us your consent to the processing of your data, your personal data will be stored until you withdraw your consent. In the event of you withdrawing your consent, only your data that is necessary for the purpose of proving your consent or its withdrawal will be stored for a period of three years from withdrawal.
Furthermore, your data is only stored if statutory retention periods or limitation periods regarding potential legal claims apply.
RIGHTS OF DATA SUBJECTS
You have the right to information, rectification, portability, restriction of processing, objection and erasure of data, whereby it is noted that it is not possible to use the iMooX platform without processing personal data. Beside these, you also have the right to withdraw your consent to the processing of data (in case of consent). However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. Also, the exercise of these rights cannot override contractual or statutory obligations.
You also have a right to make a complaint to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Wien.
1 Racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.