Privacy Policy & Terms of Use

Last updated: 2026-01-19

1. Introduction & Research Context

Welcome to Tellertratsch. This service is provided by the Chair for Data Science (LS X), Institute of Computer Science, University of Würzburg, as a research project. We are committed to protecting your privacy and handling your data openly and transparently. This policy details how we collect, use, and safeguard your information when you voluntarily use our platform to rate and review canteen meals. Your participation and the data you provide (reviews, ratings, etc.) are entirely voluntary and contribute to research conducted by the Chair. We aim to collect only the necessary information to operate the service and facilitate our research goals.

2. Data Controller & Contact

The primary data controller responsible for processing your personal data according to GDPR is:
Julius-Maximilians-Universität Würzburg (University of Würzburg)
Sanderring 2
97070 Würzburg
Deutschland / Germany
Represented by the President Prof. Dr. Paul Pauli.

The authorized representative responsible for this specific Tellertratsch service and data processing within it is:
Prof. Dr. Andreas Hotho
Chair for Data Science (LS X)
Institute of Computer Science
Universität Würzburg
Am Hubland
D-97074 Würzburg
Tel: +49 931 / 31 – 86731
Fax: +49 931 / 31 - 86732

You can reach the University's appointed Data Protection Officer at:
Datenschutzbeauftragter der Julius-Maximilians-Universität Würzburg
Sanderring 2
97070 Würzburg
Tel. 0931/31-88131 oder 0931/31-81446
Fax 0931/31-86880
E-Mail: [email protected]

For specific questions regarding data processing within the Tellertratsch project, you can also contact the Chair for Data Science or use the contact details provided in the Imprint.

3. Information We Collect

We collect the following types of information, based on your voluntary usage:

• Account Information: When you register using your university credentials (LDAP), we store your university identifier (s-number) to link your contributions. We do not store your password. You may optionally provide a display name and email address. Your email is used only if provided, potentially for account recovery or notifications you opt into.
• Reviews, Ratings, and Comments: We store the ratings, comments, replies, and any images you voluntarily submit for canteen meals, linking them to your user account. This constructive feedback forms the core data for our platform and research.
• Usage Data: We automatically collect technical information about your interaction with the service, such as IP address (anonymized where possible), browser type, pages visited, and timestamps. This data is used for analyzing usage patterns, improving the service, and ensuring security.
• Cookies: We use technically necessary session cookies to keep you logged in. We also use cookies to store your preferences (like theme choice). We currently do not use third-party tracking or advertising cookies. By using the service, you consent to the use of these essential and preference cookies. You can manage cookie settings through your browser, but disabling necessary cookies may impair functionality.

4. How We Use Your Information & Research Purposes

Your data is used for the following purposes, based on your voluntary participation:

• To provide and maintain the Tellertratsch service.
• To allow you to create an account, submit constructive reviews, ratings, and comments, and interact with other users' content.
• To personalize your experience (e.g., showing relevant meals, remembering your theme).
• Research (Anonymized): To analyze usage patterns, ratings, and review text for scientific research purposes conducted by the Chair for Data Science (LS X). This research focuses exclusively on anonymized and aggregated data to understand collective behavior patterns, develop recommender systems, perform sentiment analysis, and study user behavior in general. All data used for research is strictly anonymized or aggregated before analysis, ensuring individual users cannot be identified in any way. We are primarily interested in understanding collective patterns, preferences, and feedback trends, not in tracking or analyzing individual users personally. Individual privacy is paramount in our research approach.
• To ensure the security and integrity of the platform.
• To communicate with you regarding your account or significant service updates, only if necessary and if you provided contact information.

The legal basis for processing your data includes Art. 6(1)(a) GDPR (consent - for voluntary participation and data submission), Art. 6(1)(b) GDPR (performance of a contract - providing the service features), Art. 6(1)(e) GDPR (task carried out in the public interest - research conducted by a public university), and Art. 6(1)(f) GDPR (legitimate interests - improving the service, security).

4a. Third-Party Services

We use the following third-party services to operate and improve Tellertratsch. These services process data on our behalf under appropriate data processing agreements.

Cloudflare (Content Delivery & Security)

We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a content delivery network (CDN) and for DDoS protection. When you access our website, your connection is routed through Cloudflare's servers.

• Data processed: IP address, browser information, access timestamps, requested URLs
• Purpose: Protection against attacks, performance optimization, SSL/TLS encryption
• Legal basis: Legitimate interest in security and availability (Art. 6(1)(f) GDPR)
• Data transfer: Cloudflare is certified under the EU-US Data Privacy Framework. Additional safeguards include Standard Contractual Clauses (SCCs).
• Cookies: Cloudflare may set security cookies (e.g., __cf_bm for bot detection). These are technically necessary for security and do not require consent under TTDSG §25.

More information: Cloudflare Privacy Policy

Sentry (Error Tracking & Performance Monitoring)

We use Sentry (Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) to detect and fix errors in our application and monitor performance.

• Data processed: Error messages, stack traces, browser/device information, page URLs where errors occurred, anonymized user identifiers (username only, no email/IP)
• Purpose: Identifying and fixing bugs, improving application stability and performance
• Legal basis: Legitimate interest in maintaining a functional and secure service (Art. 6(1)(f) GDPR); for Session Replay: consent via account registration (Art. 6(1)(a) GDPR)
• Data transfer: Sentry uses servers in the US. Data transfer is secured through Standard Contractual Clauses (SCCs) and Sentry's Data Processing Agreement.

Aggregated Usage Metrics: We collect aggregated, anonymous usage metrics through Sentry to understand how features are used and identify areas for improvement. These metrics include counts of actions (such as logins, ratings, comments) and performance data (such as page load times). Metrics are aggregated and do not contain any personal information - they cannot be used to identify individual users. Examples include "number of ratings submitted today" or "average meal import duration."

Session Replay (logged-in users only): For logged-in users, we use Sentry's Session Replay feature to record browser sessions. This helps us understand exactly what happened before an error occurred, making it easier to fix bugs. Session Replay records:

• Mouse movements, clicks, and scrolling
• Page navigation and form interactions
• Visual rendering of the page (DOM snapshots)

Privacy measures: Password fields and other sensitive inputs are automatically masked. Session Replay is only active for logged-in users who have agreed to this privacy policy. Anonymous visitors are not recorded. By creating an account and agreeing to these terms, you consent to Session Replay recording for debugging purposes.

More information: Sentry Privacy Policy

Your Rights Regarding Third-Party Services

You can object to data processing based on legitimate interest at any time. Contact us using the details in section 2. Note that some services (like Cloudflare) are essential for operating the website securely; objecting may limit your ability to use the service.

5. Data Sharing and Disclosure

We do not sell your personal data. We handle your data with care and share it only under the following limited circumstances:

• Your chosen display name (or anonymized identifier if none is set) and submitted reviews/ratings/images/comments are publicly visible on the platform as part of its core functionality.
• With service providers acting strictly on our behalf (e.g., hosting provider), under data processing agreements (Auftragsverarbeitungsvertrag - AVV).
• Anonymized or aggregated data derived from user contributions may be used for research publications or shared with research partners affiliated with the University of Würzburg, ensuring individual users cannot be identified.
• If required by law or legal process, or to protect the rights and safety of the University, its users, or the public.

6. Data Retention

We retain your account information as long as your account is active. Your contributions (reviews, ratings, comments, images) are valuable for the platform and research; they are retained as part of the service's data. Upon account deletion, we will make reasonable efforts to anonymize your past contributions where feasible, but some linked data might persist in backups or aggregated research datasets. Server logs containing usage data are kept for a limited period necessary for security and troubleshooting.

7. Your Rights

You have rights regarding your personal data under GDPR, including access, rectification, erasure, restriction, and portability. Since participation is voluntary, you can cease using the service at any time. To exercise your data rights or request account/data deletion, please contact the University's Data Protection Officer or the service representative (Prof. Hotho).

You also have the right to lodge a complaint with the responsible supervisory authority, the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

8. Terms of Use & Content Moderation

• By voluntarily using Tellertratsch, you agree to provide accurate information (where applicable) and use the service responsibly and lawfully.
• Do not submit offensive, hateful, discriminatory, illegal, or infringing content (text or images). Do not violate the personal rights of others. Keep feedback constructive.
• Respect other users. Harassment, insults, or abuse is strictly prohibited.
• You grant the University of Würzburg a non-exclusive, royalty-free, worldwide license to use, display, modify (e.g., for anonymization), and distribute the content (reviews, images, comments) you submit on the Tellertratsch platform and for related research purposes.
• You are responsible for maintaining the confidentiality of your account access.
• Moderation: We reserve the right to moderate and remove content or suspend accounts that violate these terms, applicable law, or are deemed inappropriate or non-constructive for the platform's purpose, without prior notice.
• The service is provided "as is" without warranties of any kind. We are not liable for inaccuracies in meal data provided by the Studentenwerk or user-generated content.

9. Changes to This Policy

We may update this policy from time to time, especially as the research project evolves. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact

For questions about this policy or data protection, please contact the University's Data Protection Officer or the service representative mentioned in section 2.