Data protection is an important concern and a legal obligation for Munich University of Applied Sciences (HM). This web application is operated on behalf of the Faculty of Computer Science and Mathematics.
Faculty of Computer Science and Mathematics
HM Hochschule München University of Applied Sciences
Lothstraße 64
D-80335 Munich, Germany
Phone: +49 89 1265-3700
Email: Sek-Fk07@hm.edu
Website: cs.hm.edu
The person responsible for this concrete website (content and operation) is Dr. Bernhard Werner, bernhard.werner@hm.edu.
You can reach the university's data protection officer at datenschutzbeauftragter@hm.edu.
When visiting this web application, no personal data is collected, processed, or stored beyond what is described below. No user profiling takes place, no tracking tools are used, and no data is shared with third parties for advertising or analytics purposes.
Teachers register with a username, display name, email address, and password. The password is stored in hashed form only (bcrypt); the original password is never retained. The email address is used solely for account management purposes (e.g. account identification and future password recovery). This data is necessary to provide the service and is processed on the basis of the user's request to use the platform. Teachers may update their email address or change their password at any time via the account settings page.
Students do not create accounts. When a student joins a session, a random anonymous token is generated and stored in their browser session. This token is used solely to prevent duplicate submissions within a session and cannot be linked to any individual. No names, email addresses, IP addresses, or other personally identifiable information are collected from students.
Answers submitted during sessions are stored and may be automatically evaluated (e.g. checked for correctness). This processing is necessary for the core functionality of the application. Responses are linked only to anonymous student tokens and cannot be attributed to identifiable individuals.
Aggregated and anonymized response data may be used for academic research (e.g. statistical analysis, study of response patterns, or development of teaching methods). No re-identification of individual participants is attempted or possible.
Users are asked not to include any personally identifiable information in their responses. Should personal data be submitted voluntarily, it will be anonymized or deleted before any analysis, where technically feasible.
This application uses a session cookie that is strictly necessary for its operation. It maintains login state for teachers and anonymous session tokens for students. This cookie does not track users across websites, does not contain personal data, and expires after 24 hours of inactivity.
No cookies are used for tracking, marketing, or analytics purposes. Since only technically necessary cookies are employed, no separate cookie consent banner is required under applicable data protection law.
Teachers may upload images and PDF documents to use as question content. Uploaded files are stored on the application server and are served without access control — any person who knows or guesses the file URL can access them. Teachers should therefore not upload files containing personal data or sensitive information. Uploaded files remain on the server until deleted by the teacher via the media library. Teachers bear responsibility for ensuring that any content they upload complies with applicable data protection and copyright law.
This application loads fonts, stylesheets, and scripts from third-party content delivery networks (CDNs) such as jsdelivr.net. These requests transmit your IP address to the CDN provider as a technical necessity of the HTTP protocol. No additional data is shared, and these providers do not receive any application-specific information.
The university's technical infrastructure may generate server log files for IT security and operational stability (e.g. to prevent attacks). Where IP addresses are processed, this is done exclusively for technical operation, following the principle of data minimization, and only for the necessary period; data is subsequently deleted or anonymized.
Where personal data is processed, you have the following rights under Articles 15 ff. GDPR:
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.
This privacy policy may be updated to reflect changes in legal requirements or technical and organizational changes. The current version published on this page always applies.