chAnGe

1. Group of data subjects

All users of the platform, such as academic and non-academic university staff, all students, and selected external third parties who have been expressly granted access by the Carinthia University of Applied Sciences.

2. Purpose of data processing

The processing of access, profile and content data is carried out for the purpose of user administration, authentication of users and for the support and implementation of courses, including examinations, and research, as well as administration and project work, thus supporting the legal tasks assigned to the university in the area of teaching and research. Connection and usage data and cookies are processed to ensure the use of the platform, system security and the technical administration of the platform.

3. Data categories

When using Moodle the following data is processed:

a. Profile data
Profile data (first name, last name, email address, user name) are processed for registration to the Moodle platform. These are mandatory data, without which it is not possible to use the platform. For persons not affiliated with the university, a Moodle account is created manually with the above data. When registering or at a later point in time, you can customise the personal profile on your profile page by voluntarily entering further personal data about yourself. There is for example the option to upload a picture of yourself. By actively entering or uploading data, users give their (express) consent to the processing of this data.

b. Content
Moodle enables users to publish personal contributions to Moodle activities such as forums, wikis, blogs or tasks and make them available for other participants to access. The uploading and posting of content serves the purpose of conducting research and teaching, as well as administration. Further information on the provision of content is set out in the Moodle Platform Terms of Use. Access to the contents of a Moodle course is restricted to the course participants, the course management and the Moodle administrators for system support. Furthermore, a role concept regulates who can view the different pieces of content. For example, first name and surname will be visible to all participants of the respective course; only the teacher can view the grades.

c. Usage and connection data
When using Moodle, usage data such as name, day and time and, if applicable, any voluntarily uploaded profile picture will be documented and stored with every contribution to Moodle activities such as chats, forums, blogs and wikis, which serve, among other things, the organisation or conducting of teaching and research as well as system security. This data is visible to all participants of the course. Persons with editing rights have access to what are known as activity overviews and can use them for teaching and assessment purposes in the relevant course. In addition, connection data for holding courses and examinations, such as the IP address, are also stored. This data is only accessible to the Moodle administrators and the course management.

d. Cookies
Moodle uses two types of cookies that are stored on the user’s device.
One cookie is called “MoodleSession” and stores the login of the current Moodle session. This cookie must be given permission in order to maintain the login and thus access rights within Moodle during the session. This cookie is automatically deleted when you log out of Moodle or exit your web browser. The other cookie is called “MoodleID” and stores the user’s name in the web browser if desired.
The next time you log in, your login name will appear automatically. It simplifies the login process and can be activated at login if desired.

4. Legal basis

The processing of the above-mentioned data is carried out, on the one hand, to perform the teaching and research tasks assigned to the Carinthia University of Applied Sciences using modern information technologies (Art. 6 para. 1 lit. c and e GDPR), and, on the other hand, due to the University’s prevailing legitimate interest (Art. 6 para. 1 lit. f GDPR) in the fulfilment of data security and system improvement.
Insofar as data are made available voluntarily through active input or upload (personal profile), this data is processed on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR.

5. Data transfer

The data is processed internally for a specific purpose by the staff entrusted with the execution of teaching/research and by the teaching staff of the respective department concerned and is only passed on internally or to third parties if this is necessary to fulfil the public interest in accordance with Art. 6 para. 1 lit. e GDPR in conjunction with §§ 1-3 Universities Act (UG) or for the purpose of contract implementation or if the data subject has given his or her prior consent. To secure evidence in criminal cases or for law enforcement purposes, the necessary data is transmitted to lawyers or to the competent authorities or courts in individual cases. No other data will be passed on to third parties.

6. Duration of data storage

We only store your personal information processed as part of Moodle courses as long as is necessary for the specified purpose of processing, or, in addition to this, for as long as is required for legal grounds or on the basis of statutory storage terms. In this context, for all Moodle courses connected to degree programmes, personal data will be deleted 3 (three) years after the Moodle course has been created.

7. Rights of data subjects according to Art. 12ff GDPR

 You have the right to independently delete profile data (e.g. photo) entered on a voluntary basis as long as you have an active Moodle account. Thereafter, you have the right to revoke the consent you have given at any time with effect for the future by written notification to the bodies listed under “Contact”. Revocation does not affect the lawfulness of the processing carried out on the basis of the consent given prior to revocation.
With regard to your data stored by us, you have the basic rights to information, correction, deletion, restriction, data transferability and objection. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can complain to the data protection officer of the Universität Klagenfurt dsb@aau.at or to the Austrian data protection authority.

8. Contact

• Data Controller: Marvin Hoffland, Carinthia University of Applied Sciences
• Europastrasse 4, 9524 Villach
• Contact details for the Moodle platform: m.hoffland@fh-kaernten.at