Lernplattform Moodle der Charité – Universitätsmedizin Berlin

1. Privacy policy (DSGVO) of the Charité - Universitätsmedizin Berlin

https://www.charite.de/service/datenschutz/

2. Privacy protection of the Charité - Universitätsmedizin Berlin

Dear lecturer, dear student,

In order to use the learning platform of the Charité - Universitätsmedizin Berlin, we request your agreement to the following extended terms of use to protect the rights of third parties and avoid liability risks. If you do not accept the terms of use, you will unfortunately not be able to access the learning platform in full version. You will not be able to access internal teaching materials or upload your own materials.

Declaration of compliance with the regulations of data protection

The user of the learning platform hereby assures that the materials posted by him/her were created taking into account the DSGVO and national data protection laws (including the Federal Data Protection Act, the Berlin State Data Protection Act, the Berlin Hospital Act, etc.).

As far as anonymization or pseudonymization of personal data was not possible, he/she assures that personal data will only be used with the valid agreement of the data owner. The data owner has previously been fully informed about the use of his/her data. The written agreement of the data owner is available and can be presented to the Charité – Universitätsmedizin Berlin, if requested. If the data owner cancels his/her agreement to the use of his/her personal data with effect for the future, the user will immediately inform the Charité - Universitätsmedizin Berlin of this. The user agrees to release the Charité - Universitätsmedizin Berlin from any claims of third parties that may arise due to the violation of existing data protection regulations, insofar as this concerns content uploaded by the user.

Declaration of copyright protection

The user who uploads content to the learning platform undertakes to use it only within the scope of the learning platform’s purpose. In particular, he/she undertakes not to reproduce, distribute or otherwise use the content outside the learning purpose without express permission, in a way that impairs the usage rights of third parties or the rights of the author.

Declaration of exemption by the licensor/copyright holder

The licensor or author assures that - firstly - the self-created material as well as the templates used do not violate any third-party rights; - secondly - he/she is solely authorized to dispose of the material; - thirdly - no order has been issued either wholly or partially contradicting the granting of usage rights.

The licensor or author assures that the use of third-party materials permitted under copyright law has been made recognizable by naming the author/source.

The licensor or author informs the Charité - Universitätsmedizin Berlin immediately if he/she becomes aware of any legal impediment to the transfer of usage rights.

The licensor or author indemnifies the Charité - Universitätsmedizin Berlin against claims by third parties arising from the contractual use and evaluation of the material.

Declaration of compliance with the confidentiality obligation

The user assures that he/she has maintained confidentiality at all times when providing materials and that he/she will not disclose any secrets entrusted to him/her in his/her capacity as a doctor or member of another medical profession or by a third party without authorization by posting content on the learning platform (§ 203 Abs. 1 StGB).

If patient data is accessible via the learning platform or if patient data is exchanged within the learning platform, the duty of confidentiality also applies in this respect. The user assures to observe the duty of confidentiality and not to grant unauthorized persons access to protected data.

Each user is responsible for compliance with the duty of confidentiality and indemnifies the Charité - Universitätsmedizin Berlin against any claims by third parties in the event of non-compliance.

Externally linked contents

Externally linked contents within the Charité learning platform (Moodle) https://lehre.charite.de/ (e.g. Youtube, ...) can save so-called "cookies" on your devices (e.g. in browsers or apps). The saved data can be used for advertising purposes by these companies.

The Charité itself has no influence on externally linked contents from external providers. It is therefore up to you to adjust the cookie settings on your internet-enabled devices.

We therefore recommend that you read the document from the Federal Office for Information Security and adapt your devices and the installed software accordingly:

Here is the document:

https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Updates-Browser-Open-Source-Software/Der-Browser/Browser-sicher-einstellen/browser-sicher-einstellen_node.html

3. Data protection information on Moodle

In the following we inform you about the processing of personal data in connection with the use of Moodle, whether you are employed, teach, study, support or organise teaching at Charité - Universitätsmedizin Berlin or access https://lehre.charite.de as an external person.

Information on the processing of personal data when using the Moodle learning platform.

With this data policy, Charité - Universitätsmedizin Berlin fulfils its obligation to provide information in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (EU GDPR) with regard to the personal data processing mentioned here..

Regarding the other terms used, ‘personal data’, ‘processing’, ‘controller’, ‘third party’, etc., please refer to the definitions in Article 4 of the EU GDPR.

1. Contact Details

Charité - Universitätsmedizin Berlin is responsible for the use of the data.

1.1 Contact details of the responsible party

Charité – Universitätsmedizin Berlin
Zentrale Postanschrift: Charitéplatz 1, 10117 Berlin
Campuses of the Charité

Corporation under public law. Prof Dr Heyo K. Kroemer, Chairman of the Executive Board of Charité - Universitätsmedizin Berlin

1.2 Specialist contact

E-Mail: elearning@charite.de
Web: https://elearning.charite.de

1.3 Contact details of the data protection officer

Behördliche Datenschutzbeauftragte
Charité - Universitätsmedizin Berlin
Charitéplatz 1
10117 Berlin
E-Mail: datenschutzbeauftragte@charite.de

2. Processed Personal Data and Purposes

When using the ‘Moodle’ learning platform, your personal data is collected and processed for the following purposes:

For the support and implementation of face-to-face, online and hybrid teaching in studies and teaching as well as training and further education and other (teaching/learning) projects at Charité - Universitätsmedizin Berlin and in cooperating institutions:

• Master data: First and last name, email address, rights, roles, group memberships (e.g. enrolments in individual courses), organisation (via federated identities, e.g. kim.muster@charite.de), technical identification features (so-called ‘Pairwise ID’ for cross-institutional assignment), optional profile details (e.g. city, country, website, mobile number), personal account settings (e.g. language, notifications, text editor)
• Connection and content-related metadata (log data): IP address, retrieved content and data volume, time of access, referrer URL, browser information (‘user agent’), action taken (e.g. access to teaching material), content-related meta data (e.g. timestamp and author* of a forum post)
• Content data: Created text and media content as well as interactive content (e.g. quizzes, forums), uploaded files, submissions (e.g. to check learning progress or for self-tests), evaluations (e.g. feedback on submissions)

Cookies

Browsers store so-called COOKIES. Cookies are files that can be stored by the provider of a website in the directory of the browser programme on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the language selected by the user.

The storage of cookies can be switched off in the browser settings or assigned an expiry time. However, by deactivating cookies, some functions that are controlled by cookies can then only be used to a limited extent or not at all.

The learning platform uses cookies for the following purposes

• Recognising users during a session to be able to assign personal content, language selection and other user-defined settings and
• to be able to continue at the point in a learning module where a user previously left the learning module.
• Storage of the personal feature that is created when logging into the system via the Charité - Universitätsmedizin Berlin login.

3 Legal Bases for Data Processing

The legal basis for the processing of personal data of Charité students for the above-mentioned purposes is Art. 6 para. 1 lit. e. EU-DSGVO, §§ 6 ff. Berlin Higher Education Act in conjunction with § 4 Berlin Higher Education Act.

The legal basis for the processing of personal data of Charité employees for the above-mentioned purposes is Art. 6 para. 1 lit. b EU GDPR in conjunction with the employment contract.

The legal basis for the processing of personal data of members of other institutions who can access the platform via the single sign-on of the German research network (DFN-AAI) for the above-mentioned purposes is Art. 6 para. 1 lit. e. EU-DSGVO, §§ 6 ff. Berlin Higher Education Act in conjunction with § 4 Berlin Higher Education Act. (see § 6 Abs Bln Hochschulgesetz. Processing of data for study purposes, etc.).

Or Art. 6 para. 1 lit. f. EU-DSGVO (legitimate interest, necessity to cooperate/network for research etc....)

4. Data Transfers

Your personal data processed by Charité - Universitätsmedizin Berlin for the purposes mentioned under 2 will not be transferred to third parties.

In individual cases, data may also be transferred to third parties based on legal permission, for example to law enforcement authorities for the investigation of criminal offences within the framework of the provisions of the German Code of Criminal Procedure (StPO).

Embedding of (media) content

When creating content, HTML functions can be used to embed content from other websites. When a page with embedded content is called up, the browser sends a call to the provider of the respective website, which generally reads and processes at least personal connection data (and possibly cookies).

• YouTube - Many teachers use the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to embed videos. Normally, when a page with embedded videos is accessed, the IP address is sent to YouTube and cookies are installed. If the user is logged in to YouTube with the same browser at the same time, this information is also assigned to the YouTube user account. We have no knowledge of and no influence on the possible collection and use of data by YouTube. Further information can be found in YouTube's privacy policy at www.google.de/intl/de/policies/privacy
• Other embedded content - It is possible that users embed content from other websites that are not listed in this privacy policy. In accordance with § 3 c of the terms of use of the learning platform, users are obliged to comply with all data protection regulations when creating or offering content.

5 Duration of processing / data deletion

Master data (see 2) is not normally deleted. Deletion is excluded for accounts that still exist in the IDM. An account is blocked if it has not been used for 500 days. Data is blocked but not deleted on request.

Content data from the groups (including forum posts) is deleted at the end of each semester, unless it has already been deleted beforehand. Other content is not deleted by the system or the eLearning team by default.

6 Your rights as a data subject

As a data subject, you can assert the rights granted to you by the EU GDPR at any time:

the right to information as to whether and which of your data is being processed (Art. 15 EU GDPR),

the right to request the rectification or completion of data concerning you (Art. 16 EU GDPR),

the right to erasure of the data concerning you in accordance with Art. 17 EU GDPR,

the right to request the restriction of processing of the data in accordance with Art. 18 EU GDPR,

the right to receive the personal data concerning you in a structured, commonly used and machine-readable format (Art. 20 EU GDPR),

the right to object to future processing of the data concerning you in accordance with Art. 21 EU GDPR.

The collection of data for the purpose of providing the system and the storage of data in log files (see connection and usage data) is mandatory for the operation of the system. Consequently, the user has no right to object.

In addition to the above-mentioned rights, you have the right to lodge a complaint with the data protection supervisory authority (Art. 77 EU GDPR), for example with the competent authority for universities in Berlin

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61
10555 Berlin

Telephone: 030/138 89-0

E-mail: mailbox@datenschutz-berlin.de

Homepage: https://www.datenschutz-berlin.de