CONVENIENCE TRANSLATION: only the German language version shall be legally binding and prevail
Privacy Policy for the use of the feedback system “LEAP”

General privacy policy for the use of the feedback system "LEAP" (hereinafter referred to as the "feedback system") of the Chair of Didactics of Physics at Ludwig-Maximilians-University Munich (hereinafter "LMU"). This privacy policy explains how personal data is processed by the LMU in connection with the use of the feedback system. In addition, users of the feedback system are informed about their rights. For reasons of better readability, the simultaneous use of male, female, and diverse language forms is omitted. All personal designations apply equally to all genders.

A. General Data Protection Information

LMU is a state university of the Free State of Bavaria (Art. 4 para. 1 sentence 1 no. 1 Bavarian Higher Education Innovation Act, BayHIG). It is a personnel corporation under public law with the right of self-administration within the framework of the law and at the same time a state institution (Art. 4 para. 1 BayHIG). LMU handles its own matters as a corporation and state matters as a state institution (Art. 4 BayHIG).

I. Contact Information Regarding LMU's Website

I.1. Information on the Data Protection Officer at LMU

The Chair of Didactics of Physics at LMU is responsible for system maintenance and the content created by LMU in the feedback system in terms of data protection:

Chair of Didactics of Physics
Ludwig Maximilian University of Munich
Geschwister-Scholl-Platz 1
80539 Munich

For tasks and content areas created and offered by users within the feedback system, the respective task creators are responsible.

I.2 Information on the Official Data Protection Officer at LMU

The contact details of LMU's official data protection officer can be found on the LMU website at https://www.lmu.de/datenschutz. The official data protection officer is available for questions about data protection at LMU. Please use the contact form on the website of LMU's official data protection officer at https://www.lmu.de/datenschutz.

II. Information on Data Processing

II.1 Scope of the Privacy Policy

This privacy policy applies to the processing of personal data in connection with the feedback system "LEAP".

• According to Art. 4 No. 1 GDPR, 'personal data' means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• According to Art. 4 No. 2 GDPR, 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

II.2 Purposes and Legal Basis for Processing Personal Data

The purpose of processing is to provide and improve the feedback system. The feedback system is a system that teachers and researchers can use to create tasks where automated feedback is given to learners using a language model. The creation of exam tasks is not supported. Personal data is only processed to the extent necessary to provide the feedback system. When processing your personal data, we particularly take into account the data protection principles of lawfulness, processing in good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. Whenever possible and as long as it does not affect the purpose of processing, we anonymize or pseudonymize personal data. We ensure through an appropriate IT security infrastructure that only those individuals within our organization who need access to fulfill their duties can access this information. Personal data is treated confidentially and not provided to third parties, particularly not made public, without authorization. The legal basis for the collection and processing of personal data is your consent in accordance with Article 6 (1) (a) GDPR. The data processing is carried out in accordance with the applicable data protection regulations, particularly based on the General Data Protection Regulation and the Bavarian Data Protection Act. The collected data is collected and processed for the purpose described under II.2. The data processing is also carried out to the necessary extent for the continuous improvement of system operations, i.e., for quality assurance by the operators of the feedback system. Below, we describe which personal data is processed.

II.3 What data is stored?

Most data is entered by you, these are so-called 'master data', which you actively input, for example, as part of tasks. Therefore, you are already familiar with this data. Other master data is generated by the individuals to whom you grant access to the tasks. This data is accessible to the task creator. Core data includes operationally relevant basic information required for the continuous processing and provision of the feedback system. Activity data includes which tasks you use, which elements you click on, when you created the tasks, and when your tasks were worked on. Diagnostic data (automatic storage of core, master, and activity data following an error condition) is collected to maintain/increase system stability, performance, and security. Operational data at LRZ: Most data is stored in the feedback system’s database. This is located on servers operated by the Leibniz Supercomputing Centre of the Bavarian Academy of Sciences (LRZ). The LRZ also creates logs of your usage. The following data is stored by the LRZ: IP address of the accessing device; date and time of access; accessed resource; status code of the responding web server; size of the transferred data; the website from which the delivered resource was accessed ('referer'); browser type identification; in the event of an error, error messages issued by the web server. The activity data stored by the LRZ is collected exclusively for technical or statistical purposes. The necessary data transfers are secured. A comparison with other data records or an (automated) data transfer to third parties, even in excerpts, is excluded.

II.4 Who has access to what?

Task creators are individuals who, as described in 2.1, have created an account and thus have the ability to create their own tasks and distribute them to task solvers using a personalized and task-specific link. Task solvers are individuals who work on the tasks provided by the task creators. Via the link, task solvers can only complete the tasks assigned to them by the task creators and receive personalized feedback for these tasks. The link does not allow access to master data, core data, or activity data of other task solvers or the task creator. The responses of the task solvers can be viewed and downloaded by the task creator.

II.5 Data Security

To adequately and comprehensively protect the security of your data during processing and especially transmission, we use, as necessary and in line with current technological standards, appropriate encryption methods (e.g., SSL/TLS) and secure technical systems. The technical operation of the data processing system is carried out with the support of the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences (Boltzmannstraße 1, D-85748 Garching near Munich, Phone: (089) 35831 8000, Fax: (089) 35831 9700, Email: lrzpost@lrz.de, https://www.lrz.de), with whom a data processing agreement exists. All of our employees are subject to the legal obligation of data secrecy in accordance with Article 11 BayDSG or are bound to confidentiality.

II.6 Data Transfers

Data transfers are carried out based on legal requirements or with your consent. Where applicable, your data may be transferred to the relevant supervisory and auditing authorities to exercise their respective control rights. To protect against threats to IT security, data may be transmitted to the Bavarian State Office for Information Technology Security and processed there based on Articles 41 ff. BayDiG in the event of electronic transmission. Otherwise, we only transfer personal data to third parties if this is necessary for the execution of a contract (Article 6 (1) (b) GDPR), for example, to event organizers or commissioned service providers. The data passed on may only be used by the respective data processor or third party for the specified purposes or within the scope of applicable law. The master data is transmitted in anonymized form to OpenAI LP or its parent company, OpenAI Inc., for the creation of feedback.

II.7 Data Deletion and Retention Period

Your data is only stored for as long as it is necessary to fulfill the purpose in compliance with legal retention periods or if consent is provided. The personal data of users of the feedback system is deleted or anonymized as soon as the respective purpose of storage no longer applies, and there is no obligation to archive. Further storage may occur if this is provided for in the applicable regulations. You can delete data that you have created (e.g., tasks) yourself at any time.

• Core data in your user profile is stored until the user profile is deleted. User profiles are deleted two years after the last login.
• Master data generated during task processing is deleted when the user profile is deleted. There is no entitlement to deletion if information was created by you and is linked to information from other users (e.g., answers from task solvers to your tasks).
• Activity data in the feedback system is deleted when the user profile is deleted.
• Diagnostic data is deleted when the user profile is deleted.

A deletion review and implementation take place regularly and at least annually. Operational data at LRZ: The access data and error messages (weblogs) generated during the operation of the web server are anonymized after 7 days. A rolling deletion of the anonymized logs occurs regularly every three months.

II.8 Protection of Minors

Persons under 16 years of age should not submit personal data to LMU without the consent of their parents or guardians. Processing can only take place with the corresponding consent or in the context of fulfilling a legal obligation.

II.9 Your Rights

You have various claims against the responsible party regarding the data stored about you. Your rights include:

• Right to Access (Art. 15 GDPR): You have the right to obtain information about the personal data processed about you. Please note that you can also find data in your user profile.
• Right to Rectification (Art. 16 GDPR): If incorrect personal data is stored, you can partially correct it yourself (self-entered profile data) or ask the responsible party to do so. The responsible party will comply with the request if the correction is justified and permissible.
• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of personal data that is demonstrably incorrect or for which the responsible party cannot provide a processing purpose. There is no right to erasure if the responsible party is obligated to retain the data for legal reasons or due to official duties (proof of instructions, quality assurance, copyright usage rights, examination law). The obligation to delete personal data may also exist after the completion of tasks/course participation/employment or upon revocation of consent. There is also no right to deletion if the information you entered is irreversibly linked to the information of other users (e.g., tasks with solutions from task solvers). A request for deletion may be considered a revocation of consent. This may result in you losing access to the feedback system and the ability to create tasks.
• Right to Restriction of Processing (Art. 18 GDPR): The responsible parties will ensure that personal data is only accessible to those who need it for processing in the event of a justified restriction of processing. They may use pseudonymization and anonymization methods. The restriction of processing may result in you losing access to the feedback system and the ability to create tasks.
• Right to Object (Art. 21 GDPR): You may object to the further use of the data under the legal requirements. This can only be effective in the future. The right to object does not automatically obligate the responsible party to delete the data. If the responsible party has storage obligations from other legal reasons, these take precedence. The objection may result in you losing access to the feedback system and the ability to participate in a course.
• Right to Data Portability (Art. 20 GDPR): You are entitled, under the legal requirements, to receive data that you have provided in an electronic format that can be used elsewhere. This right is limited to data that is not subject to trade secrets and, therefore, cannot be transferred to other locations or data that affects the rights of others, such as privacy or copyright.
• Right to Withdraw Consent (Art. 7(3) GDPR): You have the right to withdraw your consent to the processing of your data for the future. The withdrawal does not affect the lawfulness of the processing before the withdrawal. The withdrawal may result in you losing access to the feedback system and the ability to participate in a course. If processing is carried out as part of an employment contract, the right to withdraw consent may be limited.
• In the event of a violation of legal provisions for the protection of your stored data, you may contact the relevant supervisory authority. The data protection supervisory authority directly responsible for LMU is the Bavarian State Commissioner for Data Protection (https://www.datenschutz-bayern.de). Please contact the responsible party or the official data protection officer first to have your concern addressed as quickly as possible.

In the event of deletion, restriction, or withdrawal, further use of the feedback system, as well as access to the learning content stored there and participation in the activities and functions available there, is no longer guaranteed with immediate effect.