Privacy Policy for Online Exams with OLAT

In this privacy statement, you will find information on what data UZH collects, processes and discloses during online reviews, and what measures are taken to ensure the security of this data.

According to § 3 of the Law on Information and Data Protection of the Canton of Zurich (IDG, LS 170.4), personal data is all information that relates to an identified or identifiable person. This includes, for example, information such as name, address, telephone number, matriculation number, e-mail or IP address. The basis for data processing by UZH is regulated in § 7a and following of the Universitätsgesetz (UniG, LS 415.11).

Each time a website is accessed, the following technical access data is collected and stored in a web server log file on UZH servers:

• the IP address and the port of the requesting computer (eg. 130.60.133.70)
• the site or address (URL) from which the UZH web page was requested
• the path and name of the requested UZH web page
• the date and time of the request (e.g. [12/Apr/2016:00:00:01 +0200])
• the volume of data transferred
• the access status
• the type of access
• a description of the type of web browser and/or operating system used
• the session ID

An entry in the OLAT log could look like this:

2020-12-10 14:46:46,412 [ajp-nio2-127.0.0.1-8888-exec-10] INFO UserSessionManager - OLAT::AUDIT ^%^ N1-A8 ^%^ org.olat.core.util.session ^%^ amuster ^%^ 130.60.133.70 ^%^ https://aai-idp.uzh.ch/ ^%^ Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 ^%^ n/a ^%^ Logged on: login: [amuster] first: [Anna] last: [Muster] fromIP: [130.60.133.70] fromFQN: [vpn-uzh-130.60.133.70.ch] authProvider: [Shib] webdav: [false] REST: [false] secure: [true] webMode: [null] duration: [7]s releaseAllLocksFor: 652905 END (0 locks deleted)

An entry in the Apache log could look like this:

130.60.133.70:5224 - - [10/Dec/2020:14:46:38 +0100] "GET /dmz/ HTTP/1.1" 200 7659 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"

In addition, on testing pages the testing behavior is also logged. Depending on the specific test layout, usually the following information is stored:

• Response that was clicked or entered
• Time at which the answer/section was saved
• Number of entries (repetitions) per question
• Duration of time a question / section was processed
• Time at which the exam was completed
• Time at which a file was uploaded, replaced, or deleted

These data are processed for the following purposes:

• Conducting the exam
• Preventing unfair exam behavior
• Identifying and tracking of unauthorized access attempts
• Safeguarding the network infrastructure and facilitating technical administration
• Optimizing online exam services

The log files are stored for a period of 5 years from the end of the access. After that, the web server log files are automatically deleted, unless a detected attack on our network infrastructure leads to civil or criminal prosecution of the attacker and thus requires further storage.

Personal data will only be disclosed to third parties (e.g. to other authorities) if this is required by mandatory legal provisions (e.g. official requests, court orders) or for the purpose of legal or criminal prosecution (e.g. in the event of attacks on the UZH network infrastructure).

In the event of an audit appeal, the data may also be made available to the appeal courts.

Notwithstanding this, UZH may, in accordance with the IDG, commission external service providers to further process the data collected via UZH websites for the above-mentioned purposes. UZH and the commissioned third-party service providers are obliged by means of legal, technical and organizational measures to ensure compliance with data protection regulations.

In order to better adapt the content structures and navigation mechanisms of the web pages to the needs of the users, the page views and the clicked elements within the pages are logged and analyzed. The usage information generated by the cookies, including their shortened IP address, is not forwarded to third parties, but stored on UZH servers for the purpose of usage analysis and website optimization. The IP addresses are immediately anonymized during this process. Therefore, it is not possible to assign the evaluation results to a specific IP address or to perform person-related behavior monitoring.

When requesting individual UZH websites, so-called cookies may be used. These are small files that are stored on your computer by the UZH website you are visiting for the purpose of enabling optimal use of the web pages. The temporary cookies are automatically deleted when you close your web browser. You can generally prevent the use of such cookies by making the appropriate settings in the web browser you are using. However, we would like to point out that rejecting, blocking or deactivating cookies can lead to restrictions in the function of accessed UZH websites.

Switch is a foundation of the Swiss Federal Government and various university cantons. The purpose of the foundation is to create, promote, offer, participate in and maintain the necessary foundations for the effective use of modern methods of information technology in the service of teaching and research in Switzerland. The foundation does not pursue commercial purposes nor is it aimed at realizing a profit.

Switch edu-ID is an authentication procedure provided by the Switch foundation and used by many universities in Switzerland. Among other things, it enables access to services of other universities with an existing university account (eg. for exchange students).

Since a short-term connection to Switch is established for login with Switch edu-ID, parts of the access data listed above are transferred to Switch for authentication before the actual login process. Switch has no access to the technical data transferred afterwards or to the data on exam behavior.

Certain online exams require the use of a Safe Exam Browser.
The privacy policy for the Safe Exam Browser can be found here: https://safeexambrowser.org/about_overview_de.html#privacy-statement

UZH uses technical and organizational security measures to ensure that the data it collects and further processes via the UZH websites,

• remains confidential and protected from accidental or unlawful access, alteration or disclosure and from loss or destruction; and
• access to the data is granted exclusively according to the principle of necessity ("need-to-know") to those persons who need to access the personal data due to their function and task.

The measures to be taken depend on the type of information, the type and purpose of use and the respective state of the art.

UZH reserves the right to change this privacy policy at any time with effect for the future, in particular in the event of the implementation of new technologies or changes in the legal situation. We therefore recommend that you review the privacy policy regularly.

If you wish to obtain information about the personal data collected and processed about you, or if you wish to correct, destroy or block this data, or if you have any further questions about its use, please contact the UZH Data Protection Law Department in writing. This can be reached at the following address:

Universität Zürich, Fachbereich Datenschutzrecht
Künstlergasse 15
CH-8001 Zürich

Weitere Informationen finden Sie auf der Webseite der Abteilung www.rud.uzh.ch.

(Last Update: 23.08.2024)