Page:
Privacy
Pages
Add languages
Anlegen eines Benutzers
Aufruf: Hilfe für Übersetzung
Automatische Übersetzungen mit DeepL und Weblate
Configuration
Configure Weblate
Development (German)
FAQ Administration Frontend (Deutsch)
FAQ Administration Frontend (Deutsch)
Home
Hosting (Germany)
Hosting (Germany)
INDEX Wiki
Index
Installation
Legal notes concerning MongoDB
Privacy
Probleme
Production
Referenzen
Translate
Translating the help files (en)
Update
Vorlagen
No results
6
Privacy
tk100 edited this page 2021年01月04日 17:27:25 +01:00
Notes on Privacy
This section in no way replaces a valid privacy declaration!
Two different user groups have to be distinguished:
- Visitors: These are unregistered persons, such as participant in a survey or a collection of ideas
- User: Registered persons, e.g. teacher, leader of a workshop. Each user has a unique user ID
Cookies
The application uses cookies neither for visitors nor for users, so no cookie banner is necessary.
Java web token
After authentication, users receive an access as well as a refresh token (both time-limited), which are stored in the main memory of the JavaScript application and are transmitted to the server in the event of queries.
Logging
- Entries from visitors are saved without meta information (such as IP address).
- When a user enters data (e.g. creating a new quiz), the user ID will be saved (otherwise an assignment is not possible)
- For users, the date of the last login is also saved.
Confidentiality
- If a ticket is issued for a collection / quiz, then everyone who owns this ticken can obviously access all of the data in it
- Passwords of users are generally stored as hash (i.e. irreversibly encrypted)
- Users with the "admin" role have access to a list of all other registered users and can edit them. You will also see an overview of all content for each module (e.g. all collections of ideas), but you can only see the user ID and the title (but not the content).
- Contents are stored in the database not encrypted. This means that system administrators who have access to the database can read out all content.
Technical information about the application
- The transmission in a productive system must be secured by SSL.
- The database in a productive system must be secured with a password.
- The log of the web server must not contain any tickets.
Conclusion
The protection against tracking is very high, while that of confidentiality is rather low. In other words, for all modules no personal data should be stored:
- Use of nick names in the abcd quiz and similar modules
- Avoid personal information (such as real names) in all modules
Technisches:
Lerntools betreiben:
- FAQ Administration Frontend (de)
- Hosting Germany (de)
- Privacy (en)
- Legal notes concerning MongoDB (en)
- Referenzen (de)
- Probleme
- Vorlagen
- Anlegen eines Benutzers
Entwicklung/Development:
Übersetzung/Translation: