Data Protection Declaration

Usage of this service is solely restricted to participants of this lecture. A registration is required to access the non-public parts of this service.

With your registrations and usage of this service personal data is being stored.

We obligate ourselves to protect these data adequately and keep it confidential. Furthermore we will not gather more data than necessary for this lecture and the technical implementation of this service.

What is stored? And Why?

The master data we store consists of your name, username, email address, immatriculation number, course of studies and the semester you are enrolled in. This data server to identify you and relate persons and submissions. Course of study and semester of enrollment may also be used for statistical purposes. Additionally we save your exercise group and all settings you chose yourself (e.g. color scheme).

We also save all data resulting from your submissions over the semester. The encompasses votes, presentation points, whether you were present during the exercise or not. From all this data the exam admission 1 is derived.

We save the following time stamps – *When was the account created? When was the user logged in the last time? – and we count how often you logged in or submitted something. This data server to detect inactivity or fraudulent behaviour.

Besides that some data is collected due to technical reasons and are used to control the service and especially submissions. These are for example time stamps, that are used for rate limiting uploads and one-time tokens to reset a forgotten password.

Submissions

Submissions include solutions to tasks, a submission consists of one or more files (usually source code files).

We store the submitted files in all versions. Versioning happens to make wrong submissions or accidental deletion traceable and to avoid data loss. The kind of versioning is a technical requirement, for which we use Git.

Submissions themselves are anonymous. We reserve the right to save and check the files for plagiarism/academic misconduct since we need to be able to recognize solutions from previous year and sanction cases of plagiarism if needs be. If you put your name or immatriculation number into the source code itself, this information will be stored and associated with the files longer.

Log Files

This service generates log files, that contains events like single requests, their respective steps and eventually error codes temporarily. Information contained in log files is usually also the IP address and/or a user name to relate the events unambiguously and trace events that belong to each other in their correct order – also across multiple [HTTP requests].

Log files serve solely to trace errors within our service and to detect fradulent or malicious behaviour.

Log files are rotated regularly and old files are deleted.

Since this service is still under development we have to assume that errors occur and log files are an essential tool to find these errors. Therefor the log files are kept for several weeks to find patterns in faults and errors. For the same reasons we cannot anonymise the log files.

In no case will the log files be used to derive user behaviour patterns!

How long do you store the data?

After the semester ends we will delete all data that is not required anymore – especially user data like password hashes and all remaining log files.

We archive submission along with the master data to make the information available (for us) that a students already got their exam admission.

Archived data are not available thorugh this service anymore. This holds especially for upcoming lectures in future semesters. I.e. teaching assistants from future semesters have no access to archived data.

Archived data are deleted after at most 3 years (6 semesters). This means that all submissions are deleted as well. Submitted files may be stored longer to check for plagiarism, but every personal information associated with the files will be removed.

Do you use cookies?

Yes, we us a single so-called session cookie. The information stored within is encrypted and serves as proof that you are currently logged-in. Without user interaction this cookie is only valid for a very short period of time.

Due to technical reasons cookies also store messages that concern the currently HTTP request. These are usually success or error messages. The cookie might also contain securita related information that should prevent abuse (e.g. session hijacking).

We do not require or use any further cookies and especially no cookies (or external services) that a used by third-parties for user tracking (so-called improved user experience).

Do you use external services or scripts?

No, we do not use external services. All services are implemented on FIN servers. No data is transferred to external services, especially not for plagiarism checks. Access to our servers is strictly regulated.

We do use external fonts, that are loaded by your browser from external sources (Google Fonts and Font Awesome).

We use MathJAX to render mathematical formulas. This is a JavaScript library, which does the typesetting and provides the required fonts.

Is the data transmission encrypted?

Yes, all data are transmitted encrypted. Internally we use HTTPS and SSH for this.

Do you store my password?

*No, ** we only store a *password hash and use bcrypt for that. The hash does not allow to reconstruct the password.

Security note: It is still a bad idea to use the same password twice for different services.

Do I have to expect emails?

No, we do not send automatically generated emails, neither to groups or individuals. The only exceptions are the first login in information when you create your account or reset your password. We might also contact you directly if this is required for the process of the lecture (e.g. if we have to cancel a lecture).

How can I access my data?

As long as the service is active and your login is valid you can access (almost) all information directly via this systems by looking at your profile page. Your submissions, the number of votes, etc. can be found here.

In this list all data required by the server for controlling this service are missing (e.g. time stamps, Git hashes).

Data which are created by plagiarism checks are not visible without exemption. Since plagiarism checks are performed pairwise (your solutions vs. every other solution) this data would always contain information about at least one other individual.

What if my account is blocked?

Access to this service can be blocked by an administrator. 2 This has the effect, that you cannot deregister from the lecture and that you cannot login anymore.

User accounts that are blocked are not automatically deleted. The reason for that is, that we might unblock your account without losing any data (i.e. without any disadvantage for you). On the other hand we archive the information that a user has been registered for a lecture. Resources for each lecture are limited and we reserve the right to exclude students from our lectures that continuously register and de-register and thus prevent other students from registering.

Should your account be blocked, please contact one of the teaching assistants or the lecturer responsible (or if you want to register anew or review your personal data). We will then negotiate a secure means of transmission beside unencrypted email.

How can I change my data?

You have only limited ways of changing your data on your own.

  • Master data cannot be changed by yourself. Please contact your teaching assistant if something needs to be corrected. Especially your user name and email adress cannot be changed under any circumstance.
  • Assignment to an exercise group can only be changed at the start of a semester. You have no influence on which group you are assigned to and changes are always subject to the availability of free places in the respective group.
  • Submissions can be replaced by submitting a new solution. Of course this only holds true during the regular editing time.
  • Accomplishments such as votes or presentation points can be reviewed but not changed.
  • Time stamps and counter can be reviewd (as far as it makes sense) but they cannot be changed.
  • Personal settings (e.g. color schemes) can be changed by yourself at any time

Please review your data on a regular basis! This applies especially to your accomplishments: Should you find any mistakes, please contact your teaching assistant immediately.

Who has access to my data?

Access to personal data is only provided to personnel organizing or conducting the teaching for this course and who therefore need access to your data. This includes lecturers, teaching assistants and tutors. It might become necessary that technical staff (server administrators) come into contact with your data.

To carry forward already achieved accomplishments it might be necessary to access already archived data. This happens manually and only on an individual basis.3

All persons having access to personal data are committed to secrecy!

Contact und Data Security Officer

You can contact the responsible persons for the lecture directly, e.g. after the lecture or exercise or tutorial. Of course you can also contact us via email. You can find the contact information in LSF or the lecture slides.

If you have questions regarding data protection you can ask us any time, either in person or via mail, or ask ask the Data Security Officer directly

  1. The exact requirements for the exam admission are not part of this declaration and are published seperately. 

  2. Reasons for blocking are not part of this declaration. Examples may be abusive behaviour or extended inactivity. 

  3. Basically there is entitlement to carry forward already achieved accomplishments nor does this happen automatically. Conditions for carrying forward accomplishments apply according to the course.