Privacy Notice for the Moodle Learning Environment

Privacy notice for the Moodle learning environment of the Ģ��ֱ��

Published

28.9.2023

What should you know about the processing of your personal data?

From the time you start your studies until you finish them, the Ģ��ֱ�� collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the Ģ��ֱ��.

Contact the data protection officer

Why we process your personal data?

Moodle is the primary learning environment of the Ģ��ֱ��, to which you can log in with JYU user credentials, HAKA user credentials or separate user credentials by a separate agreement. Moodle is a platform mainly for the teaching activities of the Ģ��ֱ��. Personal data are used for the identification of course participants and for related contacts.

Personal data can also be used for scientific research or for statistical purposes, because later use of personal data for such purposes to serve the public interest is not considered to be in conflict with the original purpose of these data (teaching, guidance and educational development).

What data we process and how long?

Student data should be kept in the system for the whole time of studies, after which the credentials are inactivated and removed within a reasonable time. To get more information about what personal data we collect, check the sections below.

Personal data in Moodle comprise

name,
email address,
user ID,
student number,
user rights within the system
content items produced by the data subject, such as assignments, comments and exam answers
the log data of the service are used for controlling the server and data transfer capacity, sorting out technical problems and misconducts as well as to follow student activity

Data are retrieved from universities’ user data systems when a user logs into the service, and from the study register when establishing a course.

Cookies are used in the browser-based data systems for the processing of personal data. Cookies are used for providing the services, making login easier and enabling statistics on the use of these services. A user can refuse the use of cookies in the browser application, but this may prevent the system’s proper functioning.

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing, e.g. direct marketing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally. Keep in mind that withdrawing your consent doesn’t change the processing that happened before the withdrawal.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

The teacher of the course has access to the data of the participants. System managers have access to all data. Other students can see your name on the list of participants and possibly also other data items if you add such in Moodle, like your profile image, for example.

Also, the service providers we use can access your personal data in their role as data processors. However, these providers do not actively process your personal data, but they have access to it for maintenance reasons.

Learn more about data processors

To whom we transfer your data?

Your personal data can be used for the purposes of scientific research, statistics or learning analytics. For more information, see the link below.

Personal data of students – Privacy notice

Some user data (name, email address) are transferred outside the university to the Turnitin plagiarism detector. The Turnitin service provider is located in the United States. Personal data are protected by contract obligations.

Find more information about the transfer of your personal data outside the university below.

Personal data processors and transfers outside the EU/EEA

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

Processing is based primarily on the University’s basic responsibilities as defined in the Universities Act (558/2007; Section 2) and on fulfilling these responsibilities (GDPR, Article 6.1c on compliance with legal obligations). The data are used for the purposes of teaching, guidance and educational development. The University’s right to process these data as the data controller is also based on
the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller (GDPR, Article 6.1e)
and in certain cases, an agreement or consent (Article 6.1 a and b)

In principle, as the data controller, the University is entitled to process also personal data of special category

when processing is necessary for reasons of substantial public interest (Article 9.2 g)
and in certain cases, when the data subject have given explicit consent to the processing of those personal data for one or more specified purposes (Article 9.2a)

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Below you find the contact information of the responsible unit. If you wish, you can directly contact the responsible unit (JYU Digital Services) instead of the data protection officer.

If you want to exercise your rights (withdraw your consent for example) you can contact the Registry Office by email:

Send a request to the Registry Office

Ģ��ֱ��