Privacy Notice
1. Controller
The controller within the meaning of the GDPR is the Technical University of Munich (TUM), School of Social Sciences and Technology, Chair of Computational Social Science (course lead: Prof. Jürgen Pfeffer).
Address: Richard-Wagner-Straße 1, Munich, Germany
Contact (project/course):daniel.matter@tum.de
2. Data Protection Officer (TUM)
You can contact the Data Protection Officer of the Technical University of Munich at:beauftragter@datenschutz.tum.de.
3. Personal data we process
(a) Login and session management
When you sign in, we receive the identity data required for authentication from TUM, typically your name, email address, and a unique identifier. Where necessary, we also process course- related assignment data from the study context (e.g., affiliation/status), if provided by TUM or entered by you.
(b) Course and assessment data
We store your answers, submissions, and progress (including timestamps) and, where applicable, feedback/grades, insofar as this is necessary to conduct and assess the course.
Note: Please do not include special categories of personal data (e.g., health data) in essays unless the course explicitly requires it.
(c) Technical log data
When you access the platform, technical log data is processed (e.g., IP address, date/time, accessed content, device/browser information). We primarily use this data to ensure the platform's operation and IT security.
4. Purposes and legal bases
(a) Providing and running the course
We process data to provide access, manage participation, and deliver course content. The legal basis is Art. 6(1)(e) GDPR (performance of a task carried out in the public interest) in the context of university teaching.
(b) Collecting and assessing quizzes and essays
We process data for assessment, grading, and course-related evaluation. The legal basis is Art. 6(1)(e) GDPR.
(c) IT security and stability
We process data to ensure IT security, troubleshoot errors, and maintain stability of the platform. The legal basis is Art. 6(1)(e) GDPR; additionally, Art. 6(1)(f) GDPR (legitimate interests in secure operations) may apply where necessary.
5. Recipients
Access to personal data is limited to those units within TUM / HfP who need it to run the course, assess and evaluate submissions, and administer the system (e.g., course lead, teaching team, where applicable graders, system administration). We do not disclose personal data to third parties unless we are legally required to do so.
6. Hosting and international transfers
The platform is hosted entirely on our own infrastructure within the EU. We do not transfer personal data to countries outside the EU/EEA.
7. Cookies
We only use strictly necessary authentication cookies to enable sign-in and manage sessions (e.g., session and security tokens). The legal basis is Section 25(2) No. 2 TTDSG and Art. 6(1)(e) GDPR.
8. Retention
We store personal data for the duration of the course (one semester) and retain it for an additional semester. After that, we delete or anonymise the data unless statutory retention obligations or overriding reasons require longer storage.
9. Your rights
Under the GDPR, you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object (Art. 21), where the respective requirements are met. To exercise your rights, you can contactdaniel.matter@tum.de or the Data Protection Officer.
10. Right to lodge a complaint
You also have the right to lodge a complaint with a data protection supervisory authority. For public bodies in Bavaria, the competent authority is the Bavarian State Commissioner for Data Protection (Bayerischer Landesbeauftragter für den Datenschutz).
11. Version
Version: 03 February 2026