What is the purpose of course planning

Data protection

of the Language Center of the TU Braunschweig

As the operator of web applications, the Language Center of the TU Braunschweig takes the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. Employees of the language center and freelancers working for the language center (lecturers) can partially access the data you have provided. As an institution of the TU Braunschweig, Sections I, II and III of the data protection declaration of the TU Braunschweig apply to our offers. In addition, the following processing activities take place in our systems, which are described below:

IV. SZ account

1. Description and scope of data processing

An individual account is required to use the services of the language center. The following data (listed here in alphabetical order) are saved in this:

  • Address: is saved to enable clear identification and to send documents to participants by post if they wish.
  • E-mail address: is stored in order to enable identification, contact and information about further offers of the language center.
  • Date of birth: is saved for the purpose of identification.
  • Gender: is stored for the purpose of identification and to ensure correct salutation in correspondence or certificates.
  • GITZ ID: is saved for the purpose of unique identification of the person.
  • Group membership (e.g. collective bargaining group membership, course of study): is saved for the purpose of correct (internal and external) cost accounting, for allocation to group-specific courses and for the creation of statistics for needs-based course planning.
  • Message history (storage of all outgoing email correspondence): is saved to ensure transparent and traceable communication between SZ and participants.
  • Name and title, if applicable: are stored for the purpose of identification and to ensure that the address is correct in correspondence or certificates.
  • Password hash: is saved for the purpose of independent authentication / registration at the language center's systems. The user can change the password at any time. It is technically not possible for the language center to inspect the password in plain text.
  • SZ-ID: is stored for the purpose of unique identification of the person within the language center's systems.
  • Phone number: is saved in order to contact you by phone or SMS in rare cases. If you store a mobile phone number, the system allows you to reset your password via SMS if necessary. The information is voluntary.

2. Legal basis for data processing

The legal basis for the collection and processing of the data is the GDPR Article 6, Paragraph 1.

3. Purpose of data processing

The data collected are used to uniquely identify a person and to authenticate the person independently in the language center's systems. The stored data is also used to generate internal forms, shipping labels, information emails and certificates of attendance and performance.

4. Duration of storage, possibility of objection and removal

The SZ system automatically deletes the GITZ ID as soon as a person no longer belongs to any TU status group. The message history is deleted after one year.

All other data is automatically deleted 10 years after completing your last activity (e.g. 10 years after completing your last course). Exceptions are name, SZ ID, email address, date of birth and the password hash. These data are only deleted when the last data record is deleted (e.g. when the newsletter is canceled, ...).

You can update and delete the stored data for the address, e-mail address and telephone number in the SZ administration system at https://aura.sz.etc.tu-bs.de.

If the master data stored in the system (such as your name or date of birth) is incorrect, please contact the language center's advice center so that it can be corrected. You have to identify yourself with a valid photo ID.

V. Semester program

1. Description and scope of data processing

  • Registration for events: are stored for the purpose of realizing a desired and as fair as possible allocation of course places, taking into account curricular anchoring as well as enabling needs-based course planning and for targeted information about further course offers.
  • Processing history: is saved for the purpose of identifying changes and contact persons in the event of queries about the processing carried out.
  • Classifications (usually C-test): are saved for the purpose of level-appropriate course allocation and needs-based course planning.
  • Matriculation number: is saved for the purpose of unique identification of the person.
  • Notes: are saved for the purpose of processing / viewing information that affects the participants but is not covered by the other fields.
  • Exam results (including language level): are stored for the creation of certificates, for automated classification in follow-up courses, for the purpose of complying with the retention period for examination data.
  • Language certificates: are stored for the purpose of verification of the digital certificates by third parties.
  • Courses: are saved for the purpose of ensuring that course places are allocated correctly in the curricular anchoring of language courses.
  • Participation and performance certificates: are stored for the purpose of compliance with the mandatory attendance and the performance requirements.
  • Processing of data on learner profiles (overviews of course registrations and results achieved): for the purpose of C-Test independent classification and advice in individual cases.
  • Payment details (account details): are saved for the purpose of correct cost accounting for chargeable events.

2. Legal basis for data processing

The legal basis for the collection and processing of the data is GDPR Article 6, Paragraph 1, Sentence a and Sentence f.

3. Purpose of data processing

Provision of the service

4. Duration of storage, possibility of objection and removal

The processing history is deleted after one year. The payment data will be automatically deleted after the SEPA mandate has expired (if it has not been extended). All other data is automatically deleted 10 years after completing your last activity (e.g. 10 years after completing your last course).

If the data stored in the system is incorrect, please contact the language center's advice center so that it can be corrected. You have to identify yourself with a valid photo ID.

VI. Information emails

1. Description and scope of data processing

The Language Center sends out information emails to provide participants with the necessary information and, if requested, further information. The Language Center distinguishes between 5 categories of information emails:

  • System messages: System messages are emails that are sent by the system and are necessary for the smooth operation of the SZ software. This includes, for example, "forgot password" emails.
  • Course news: Messages relating to a booked course. This includes, for example, messages from the course instructor, information about the book to be bought, notifications of course cancellations, ...
  • System messages in Moodle: Some courses use the Moodle learning platform for course communication (e.g. in the form of forums). If you do not want to be informed about new posts, you can unsubscribe from these notifications.
  • Course information: News about other offers from the Language Center to potentially interested people who have already taken advantage of an offer from the Language Center (e.g. "There are the following advanced courses for your course:")
  • Newsletter: When booking courses in the semester program, you have the option of subscribing to a free newsletter. This is sent a few times a year. To subscribe to the newsletter, you must subscribe to it when booking the course or in the administration portal.

2. Legal basis for data processing

Sending system and course messages is a technical requirement for fulfilling the service according to GDPR Article 6, Paragraph 1 lit.f. The legal basis for processing the data after the user has registered for the newsletter is Article 6 (1) (a) GDPR if the user has given his / her consent.

3. Purpose of data processing

The purpose of collecting the user's e-mail address is to provide users with the information they need to participate in the services offered by the language center and, if requested, further information.

4. Duration of storage, possibility of objection and removal

The e-mail addresses required for sending messages are deleted when the SZ account is deleted.

Since both system messages and course messages are necessary for the provision of our service, they cannot be deactivated.

You can find out more about the settings for sending e-mails in our administration portal at https://aura.sz.etc.tu-bs.de and change the settings there at any time. Furthermore, the affected users can cancel their subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose.

VII General data processing

Your data will be used anonymously for the creation of TU-internal statistics and TU-internal billing processes.

The collection of personal data within the framework of the SZ systems always takes place on a voluntary basis as far as possible. These data will only be passed on to third parties if

  • the respective event is commissioned or financed by an external body to which the language center or another university institution has to provide information for billing reasons.
  • it is necessary for the technical processing of your data. This currently affects the service provider shipcloud GmbH, through which the language center books parcel shipping.

We will inform you about the following technical aspects relevant to data protection law (in alphabetical order):

  • Backup: The data is regularly backed up for backup purposes. This backup will be deleted after 14 days.
  • Cookies: The web application uses so-called cookies. Cookies do not damage your computer and do not contain viruses. These are small text files that are stored on your computer and saved by your browser. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, only allow them for certain cases or generally exclude them. It is also possible to activate the automatic deletion of cookies when you close the browser. If you deactivate cookies, however, you will not be able to use our web applications in some cases.
  • Log files: The language center automatically collects and stores information (e.g. IP addresses) about the page views of the web applications provided by the SZ in so-called log files. Some of these log files are evaluated automatically (e.g. with Fail2Ban) in order to recognize attempted break-ins and to block the corresponding IPs. This data will not be merged with other data sources. The SZ reserves the right to check this data retrospectively if concrete indications of illegal use or technical malfunctions become known. Log files are regularly deleted 14 days after creation. If data have to be kept for reasons of evidence, they are excluded from deletion until the incident has been finally resolved. The legal basis for the temporary storage of the data and the log files is Article 6 Paragraph 1, Letter f) of the GDPR.