With its online platform - openHPI - the Hasso Plattner Institute offers you the possibility to take part in free online courses on Information Technology-related topics. As a registered user, you have access to the course content (videos, quizzes, reading material) and, after a successfully completed final exam, you receive a record of achievement. Moreover, for the duration of the course the discussion forum and the collab spaces are available for your questions and interaction with other learners.
When conducting online courses, the collection and storage of personal data are unavoidable. The protection of your data and the lawful collection, processing, and use of it is, therefore, a matter of particular concern to us. We would thus like to inform you here which data will be collected when you visit our website and register for one or more of our courses. We would further like to inform you about the purpose of collecting this data and in what scope it will be used.
You can find the most important points and principles of this privacy statement here:
- Responsible for the processing of your data on openHPI (the openHPI Shop and the openHPI apps) is the Hasso-Plattner-Institut für Digital Engineering gGmbH, Prof.-Dr.-Helmert-Str. 2-3, 14482 Potsdam, Germany ("HPI").
- openHPI handles your personal data with care and under the principle of data economy: for the participation in our courses, you only need to provide your name and e-mail address and choose a password. Any other data you can provide in your profile (e.g. age, gender, professional situation, etc.) helps us to improve our offerings, but are voluntary.
- openHPI processes your personal data when creating the performance records, you can achieve in the courses. Your name and e-mail address will be printed on those records. Your name will also appear in the discussion forums, when you decide to take part there. Please note: if you do not set a differing display name in your profile, your real name will be used in the forum. Furthermore, we use your e-mail address for course-related communication as well as for the announcement of new courses or changes to the platform.
- openHPI analyzes pseudonymized datasets in the context of research that aims to improve your learning experience as well as our offerings.
- All data on openHPI are stored on the servers of the HPI in Potsdam, Germany. The HPI does not transfer any data to countries outside the EEA or to third parties.
- openHPI will gladly help you in exercising your rights concerning the protection of your personal data. Please direct your requests to firstname.lastname@example.org.
The following sections give you all the details concerning our privacy statement.
A. General Information
Data Controller. The data controller in case of openHPI (https://open.hpi.de, https://shop.openhpi.de/ and respective openHPI mobile applications) is the Hasso-Plattner-Institut für Digital Engineering gGmbH, Prof.-Dr.-Helmert-Str. 2-3, 14482 Potsdam, Germany ("HPI"), with its data protection officer Bernhard Rabe (email@example.com).
Collection and storage of personal data. HPI will only store your name, email address and the respective profile data that you provide voluntarily, e.g. gender, date of birth, employer or university, city, country, career status, expertise, highest degree, IT background and position (your “Personal Data") for as long as you have an active user account on the openHPI platform plus, where applicable, any additional periods under applicable laws during which HPI has to retain your Personal Data.
Why is the provision of Personal Data required? HPI requires your Personal Data to enable you to attend openHPI courses that are of interest to you. Any provision of this information is entirely voluntarily for you. However, without provisioning email address and name, it will unfortunately not be possible for HPI to make the relevant openHPI courses available to you.
Your name and email address will also appear on personal course documents, such as “Confirmations of Participation", “Records of Achievement" and "Certificates". Your email address will be used for course-related communications and the announcement of new courses and changes to the openHPI platform.
Transmission of Personal Data to a non-EEA country. HPI does not transfer any of your Personal Data to countries outside the European Economic Area.
Recipients of Personal Data. HPI does not forward or otherwise transmit any Personal Data to third parties.
Rights to access/rectification/erasure/restriction of processing/portability. You can request from HPI at any time information about which Personal Data HPI processes about you and the correction or deletion of such Personal Data. You can also always change or delete your Personal Data by yourself on the openHPI platform. Please note, however, that HPI can or will delete your Personal Data only if there is no statutory obligation or prevailing right of HPI to retain it. Kindly note further that if you request that HPI deletes all of your Personal Data, you will not be able to continue to use openHPI.
You may further request from HPI a copy of the Personal Data that you have provided to HPI. In this case, please contact the email address below and specify the information or processing activities to which your request relates. HPI will carefully consider your request and discuss with you how it can best fulfil it.
Furthermore, you can request from HPI that HPI restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data HPI has about you is incorrect, (but only for as long as HPI requires to check the accuracy of the relevant Personal Data), (ii) there is no legal basis for HPI processing your Personal Data and you demand that HPI restricts your Personal Data from further processing, (iii) HPI no longer requires your Personal Data but you claim that you require HPI to retain such data in order to claim or exercise legal rights or to defend against third-party claims or (iv) in case you object to the processing of your Personal Data by HPI (based on HPI’s legitimate interest as further set out in Section B. below) for as long as it is required to review as to whether HPI has a prevailing interest or legal obligation in processing your Personal Data.
Please direct any such request to firstname.lastname@example.org.
Right to lodge a complaint with a supervisory authority. If you take the view that HPI is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of Germany.
Consents of children. This website and app also offer content for users of an age of below 16 years. If you are younger than 16, you need your parents to give consent to your usage of openHPI. Please direct this consent, written and signed, either to email@example.com or to
Hasso-Plattner-Institut für Digital Engineering gGmbH
B. Data Processing based on a Statutory Permission
Processing based on a legitimate interest of HPI. Each of the use cases below constitutes a legitimate interest of HPI to process or use your Personal Data. If you do not agree with this approach, you may object against HPI’s processing or use of your Personal Data as set out below.
Surveys. HPI may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, HPI may use such Personal Data to improve the openHPI services.
Evaluation of Pseudonymized Data Sets. HPI may pseudonymize Personal Data provided under this Privacy Statement to create and process pseudonymized and aggregated data sets, which will then be used to improve the openHPI offerings.
Logging. In every visit to our website, the user data from your Internet browser is automatically submitted and stored in protocol files - the so-called server log files. The stored data sets contain the following information:
- Date and time of the server request
- Name of the requested page
- Referrer URL (the website from where you arrived at our website)
- Type and version of your HPI browser
- The IP address of the accessing computers
- HTTP Error Code and Error Message (in case of erroneous requests)
These data are solely used for bug tracking purposes, i.e. to find and fix errors in our platform software. Logging data is retained for a maximum duration of 4 weeks.
You can at any time object against HPI’s use of your Personal Data for these purposes by sending an email to firstname.lastname@example.org. In this case, HPI will carefully review any such objection and cease further use of the relevant information, unless HPI can claim compelling legitimate grounds for the use of the information, which override your interest in objecting or if HPI requires the information for the establishment, exercise or defence of legal claims.
Web Analysis. To continually improve our offer, we use the open-source web analytics software "Matomo" (formerly known as "Piwik").
With Matomo we can receive in real-time reports about, e.g., the number of visitors, the search machines and the search words used that lead user to our offer. This helps us to constantly optimize our offer and design it accordingly.
In contrast to the web analysis tools of external providers, using Matomo offers you the advantage that the analysis is carried out by the Data Controller itself (see Section A.) instead of by an external service provider. This means that none of your Personal Data used for Web Analysis (in particular your IP address) will be transmitted to third parties.
You can object to being tracked with Matomo anytime by setting the "Do Not Track" option in your browser or opting out here:
You can obtain further information about Matomo, for example, at the following address: https://matomo.org/what-is-matomo/
C. Data Processing based on Consent
The purposes of the processing of personal data including the legal basis.
Creating a minimal user profile. HPI requires your name and email address in order to enable you to participate in openHPI courses and to register for the openHPI website and respective mobile applications. Your name, email address and date of birth (optionally, if you provide it in your profile) will also appear on personal course documents, such as “Confirmations of Participation", “Records of Achievement" and "Certificate". Your email address will be used for course-related communications and the announcement of new courses and changes to the openHPI platform.
Parts of the openHPI web offerings and respective mobile applications bring you in touch with other openHPI users, e.g. to discuss with other learners in the discussion forum or the Collab Spaces of openHPI courses. If you decide to participate in these activities, other users will have access to parts of your minimal profile data, i.e. your full name (unless you choose to set a differing display name in your user profile) and your profile picture, if you have uploaded one.
Withdrawal of consent into the processing of Personal Data. You may withdraw your consent for HPI to process your Personal Data as stated herein at any time. Once you assert this right, HPI will not process your Personal Data any longer unless legally required to do so. However, any withdrawal has no effect on past processing by HPI up to the point in time of your withdrawal. Please direct any such request to email@example.com.
Cookies. Our website uses "cookies". Cookies are small files that are stored on your data carrier and store specific settings and data for exchange with our system via your browser. Cookies help us, for example, to realize fundamental features of the platform, e.g. keeping you logged in, as well as to design our offers to be as comfortable, efficient and interesting as possible for you. A basic distinction is made between different types of cookies: so-called session cookies, which can be deleted as soon as you close your browser, and temporary cookies, which are saved for a longer period of time on your data carrier. This storage helps us design our website and our offer in a way that suits you. It also eases your use. For example, certain entries you make are saved in such a way that you do not have to continually repeat them.
For the most part, the cookies we use are so-called session cookies, with which you can be identified during the duration of your visit. After the session has ended the session cookies expire automatically.
Moreover, we use temporary cookies to store user preferences in your browser (for example caption language or volume in the video player). If you give us consent for Web Analysis (see Section C), we store temporary cookies as part of the web analysis tool "Matomo". These have a lifespan of 1 week.
There is no personal data saved on the cookies we implement. The cookies are thus not assignable to you or to any other person.
If you wish to dissent from the storage of cookies, you can deactivate cookie storage in your browser, limit its use to certain websites, or set your browser in such a way that you will be informed as soon as a cookie is sent. You can also delete cookies at any time from your PC's hard drive. However, please note that you will be unable to use our offer if you completely reject the storage of session cookies.
E. Payment Processing
PayPal. You can also choose to pay via PayPal. The provider of this payment service is the European operating company of PayPal, PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter: "PayPal"). If you choose to pay via PayPal, the payment details you have entered will be transmitted to PayPal. This involves the following data:
- Company Name (if applicable)
- Phone- and mobile number
Your data is processed by PayPal on the basis of Art. 6 Para. 1 S. 1 lit. b) GDPR (processing to fulfil a contract). The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the data is not provided, it is not possible to conclude and / or execute a contract using the PayPal payment method. The data required for payment processing is securely transmitted using the SSL procedure and processed exclusively for payment processing. We delete the data that arises in this context after the storage is no longer required, or we restrict the processing if there are statutory retention requirements. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the end of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
Further information on data protection under storage duration at PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
F. External Resources
Links to other websites. Our website contains links to the websites of other, unrelated providers. After clicking on such a link, we no longer have any influence on the processing of any data that is transferred to the third party (such as the IP address or the URL on which the link is located), since the behaviour of third parties is beyond our control. Therefore, we cannot accept any responsibility for the processing of any such data by third parties.
The social media buttons used are purely links, and thus not the so-called "like" and "share" buttons used by social media services. They do not transfer customer data or IP addresses.
Vimeo. Our website includes content from the video portal Vimeo.com. The site operator is Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. When you visit one of our sites with a video player, a connection will be established to the Vimeo servers.
Vimeo will then be informed which of our pages you have visited ("Referrer URL"). Vimeo will also have access to your IP address.
For more information about Vimeo's handling of user data, please see the Vimeo data privacy statement at https://vimeo.com/privacy.
The CDN for openHPI is Microsoft Azure Edge, operated by the Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. The responsible data protection officer for the EEA can be contacted via Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
In contrast to the other certificates that the HPI issues for openHPI courses, a photo of the participant is printed on the certificate. The participant has agreed to the online supervision (proctoring) during the homework and the final exam via webcam. Using this technique, we check that the registered participant personally completes the homework and the final exam.
In addition to the photo of the participant, the following information can be found on the certificate:
- Name of the participant
- Date of birth (optional)
- Course content
- Total number of points achieved
- Performance in the course (indication of whether the result belongs to the top 5%, 10% or 20%)
- Link to anti-counterfeiting and QR code
The proctoring is carried out on behalf of the HPI by Smiley Owl Tech S.L.
The aim of data collection is user identification and control of user activities during the course.
The legitimacy of the data collection is based on the prior consent request of the user.
Recipient of transmissions. The data collected will not be passed on to third parties.
More detailed information on the subject of data protection can be found on the website of Smiley Owl Tech S.L: GDPR Conditions