Privacy Statement

1 Name and address of the data controller

Within the meaning of the General Data Protection Regulation (GDPR) and other German national data protection laws and regulations, the data controller is:

Gottfried Wilhelm Leibniz Universität Hannover
Welfengarten 1
30167 Hannover

Tel. +49 511 762 - 0
Fax +49 511 762 - 3456

Leibniz Universität Hannover is a public corporation and is legally represented by its President, Prof. Dr. Volker Epping.

2 Name and address of the technically responsible person

The L3S Research Centre is responsible for the technical implementation and operation of the platform:

Forschungszentrum L3S
Appelstraße 9a
30167 Hannover

Tel. +49 511 762 - 17715
Fax +49 511 762 - 17779

Represented by: Prof. Dr. Wolfgang Nejdl (Director), Dr. Claudia Niederée (Managing Director)

3 Name and address of data protection officer

Data protection officer of Leibniz University Hannover is:

Gottfried Wilhelm Leibniz Universität Hannover
- Datenschutzbeauftragter -
Königsworther Platz 1
30167 Hannover

Tel. +49 511 762 - 8132
Fax +49 511 762 - 8258

4 Processing of personal data

Learnweb is a learning platform for collaboratively finding, sharing and editing resources (websites, images, videos, etc.). In order to use the system it is necessary to provide some personal data.
The legal basis for the processing of personal data is the consent pursuant to Article 6 paragraph 1 lit. a), Article 7 General Data Protection Regulation (GDPR)). Below is a list of all personal data stored in the database during the use of Learnweb and the reason for storage or processing. Who can view the stored data can be found under 5 Roles and access rights . How long the data are kept is described in section 6 Period of storage of personal data .

4.1 Profile information

Data users can store in their profile:

  • User name, e-mail address and password: This data is used to authenticate the user to the system. The password is stored encrypted.
  • Name and matriculation number: Teachers can use the real name (if entered by the user) or matriculation number (if required by the course) to identify individual users in the specific courses (this is particularly necessary for examinations or study achievements).
  • Profile photo, gender, address, organisation and interests: are absolutely voluntary and only for the information of other users.
4.2 Contents

Data created or uploaded to Learnweb:

  • Photos, Videos
  • Texts, tables, presentations
  • Surveys, glossaries
  • Other files (e.g. ZIP and other binary files)
  • Forum posts
  • Comments and ratings on resources
4.3 User behaviour

In order to provide and improve its functionality, Learnweb needs to record general user actions such as login and logout, but especially actions that occur when dealing with resources and groups. This includes creating, editing, viewing, commenting and searching, but also any other actions that can be applied to resources and groups. It is stored in each case which user, at which time, which action has executed. This serves to ensure the traceability of changes. The information is also used to notify users of changes to their groups and resources.

5 Roles and access rights

This section explains the individual access rights to the stored personal data (see previous section) ("who can see what from whom").

Administrators: The Research Center L3S, as the operator of the platform, has full access to all information stored in the database for technical reasons.
Moderators (teachers): Have full access to the data of the users of their own course.
Normal users: Can view resource, group and forum actions performed by members of their own and public groups. Users can also view and export their own log entries.

6 Period of storage of personal data

In principle, user data is kept in the database until the user account is deleted. This happens automatically two years after completion of a course or upon request by the user. The data in the Learnweb system is backed up at regular intervals (usually daily) and remains there for a period of 60 days.

7 Cookies

We use so-called cookies on our website. These are small text files that are sent to your browser by our web server when you open our website. They are stored on your device for later retrieval. Our web server only sets technically required cookies which do not contain any personal data.

7.1 Session-Cookies

Session cookies are stored exclusively for the duration of your use of our website. The session cookies used by us serve the sole purpose of identifying you as long as you are logged on to our website. At the end of each session the session cookies are deleted.

7.2 Login-Cookies

These cookies are only set if you select the option "Remember me for 30 days" during the login. Login-Cookies enable us to recognize your browser at the next visit and log you in automatically. These cookies are automatically deleted after 30 days.

8 Integration of external content

We embed third-party images and videos (Youtube, Vimeo, Flickr, GIPHY, Ipernity, Bing, TED) into Learnweb. The third party provider receives at least the following information about the Learnweb user:

  • Visited page
  • Browser type and version
  • IP
  • The web page from which the user accessed the called web page (referrer)
  • Time of access

Where possible, we integrate the contents in the extended data protection mode. Like most websites, however, these providers also use cookies to collect information about visitors to their website. YouTube and Vimeo use these, for example, to collect video statistics, to prevent fraud and to improve user-friendliness. When you start the video, it may trigger further data processing. We have no influence on that. Further information on data protection can be obtained from the providers.

9 Rights of the data subject

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:

9.1 Revocability of consent

You can revoke your consent to data processing at any time with effect for the future. In this case we will no longer process this data and delete it. The legality of the data processing until the revocation is not affected by this. The revocation is possible informally via the above-mentioned contact data of the technically responsible person.

9.2 Further rights

You may have the following rights with regard to your personal data (according to Article 15 to 21 GDPR):

  • Right of access
  • Right to rectification and completion
  • Right to deletion
  • Right to restrict processing
  • Right to data transfer / right to receive a copy
9.3 Right of opposition

You also have the right to object to data processing at any time. We will then no longer process your data unless there are compelling reasons worthy of protection for the processing or the processing serves the assertion, exercise or defence of legal claims.

If you make use of these rights, the person responsible will check whether the legal requirements are met.