Skip to main content

Privacy Policy

Date of publication: 19 July 2022

1. Data which may be collected
2. Data use objectives
3. Cookies and web beacons
4. Sharing and transmission of data to third-parties
5. Data privacy and security
6. Transmission abroad
7. Right of access, rectification and opposition
8. Policy update
9. Contact
10. Exclusion of liability
11. Jurisdiction and applicable law
12. Appendix

This privacy policy supplements the EPFL Privacy Policy. The French version of this document (available at https://courseware.epfl.ch/privacy_fr) is the legally valid binding version.

The École Polytechnique Fédérale de Lausanne, 1015 Lausanne (Switzerland) (hereafter "EPFL" or "We") proposes access and use of the Swiss MOOC Service (hereafter "Services") to users (hereafter "User" or "You"), namely via the websites http://courseware.epfl.ch (hereafter individually or collectively the "Website"). These Services and the Website are governed by the General Terms and Conditions (hereafter "GTC").

Within the framework of your visit to the Website and use of its Services, EPFL may collect certain elements of your personal data from You. The present Privacy Policy (hereafter "Policy"), which shall remain applicable regardless of the means or materials used to access the Website and Services, sets out the conditions under which, when You use the Website or Services, EPFL shall collect, conserve, use and safeguard information about You, as well as the options available to You regarding the collection, use and disclosure of this information. The Policy constitutes an integral component of the GTC. You will find complementary information about your rights and how to exercise them under point 7.

By accessing the Website and/or using the Services, You acknowledge that You have read, understood and accepted that You are subject to all of the conditions laid down in the GTC and the Policy.

All terms which are not specifically defined in the Policy bear the same definition as is attributed to them in the GTC.

1. Data which may be collected

1.1 Data communicated by the User

When You register with the Website or interact in any other manner with EPFL within the framework of the Services, You may be requested to provide us with certain data, such as your personal address, professional address, invoicing information, login information, etc. either directly or via a pre-existing account (for example, SWITCH AAI) (hereafter "Registration data"). You may also freely provide supplementary information.

1.2 Usage data from the Website and Services

When You browse the Website or receive and/or consult our emails and interact with either of the above, or when You use certain Services, We shall use automatic data collection technologies to collect certain information regarding your actions. This includes data such as your IP address, the hyperlinks on which You click, the pages or the content that You view, the viewing duration and other similar information and statistics regarding your interactions, such as the content response time, loading errors and the duration of your visit to certain pages, the type of web browser used or the connection location, for example. These data are collected through automated technologies such as cookies (browser cookies, flash cookies) and web beacons. The information is also collected via external monitoring services (for example, Matomo).

1.3 Data from social networks

When You allow a third-party social network (such as Youtube, Facebook, etc.) to share and/or interact with us, We shall receive all data You have shared publicly on the third-party social network and data included on your profile. This may concern basic data relating to your account (for example, your name, your email address, your gender, your date of birth, your city of residence, your profile photograph, your username, your friend list, etc.) and all other information or activities that You have allowed the third-party social network to share.

We shall also receive data regarding your profile when You use a social network function integrated in the Website (such as Facebook Connect) or when You interact with us via a social network. To learn more about the manner in which We receive information about you from third-party social networks or to cease sharing your data on these social networks, We invite you to consult the terms and conditions of these social networks, for which we accept no responsibility.

1.4 Payment data

In order to pay fees, You shall transmit data to EPFL regarding your method of payment (banking preferences, name and account holder name, etc.). Payments by credit card are carried out via the stripe.com website and are governed by the conditions and the privacy policy applicable to this website, available at https://stripe.com/ch/legal and https://stripe.com/ch/privacy.

2. Data use objectives

The present article describes the aims for which We collect your data. All forms of data use are not applicable to all Users. It is to be noted that your data must be handled in accordance with the applicable legal framework as well as the relevant EPFL competences.

2.1 Service provision and Website management

We use your data to provide Services, to interact with You and to respond to your requests regarding the Website or Services. Your data may also be used with the aim of detecting fraud.

2.2 Benefits relating to surveys and statistics

With your consent or if the law allows us, We shall use your data to send You information regarding our Services in relation to studies and to the Website in general, to request your participation in surveys, namely statistic-based, or to develop a more direct relationship with You. Data related to Service use shall also be used on an aggregated basis in order to better understand the use of the Services and to improve their workings.

2.3 Identity verification

A participation certificate may only be awarded to a User whose identity has been verified. You may visit the Center for Digital Education in person or use an online service for this purpose. Identity verification is a service provided by a third-party and is governed by the conditions of this third-party. By using this service, You accept the conditions and allow EPFL to receive and handle the information transmitted by the third-party for the purpose of Your identity verification.

2.4 Personalisation

With your consent or provided the law allows us, We shall use you data to analyse your preferences and your User habits, to personalise your experience on our Website, and to optimise our Website and Services for You and your computer. We may also suggest content to You which better corresponds to your interests as a result.

3. Cookies and Web beacons

We may use cookies, Web beacons or similar technologies in order to identify You as a User and safeguard your personal preferences (language choice, for example), as well as technical information (including data such as click reports and path reports). We are using the Matomo software to this end. This allows us to simplify your access to the Services and to analyse the traffic and uses, and to identify malfunctions in the Website and Services. This also allows us to improve both your experience and the Website design and content.

Cookies are small pieces of information sent by a web server to a web browser, which allow the server to identify the browser on each page in a unique way. Other tracking technologies similar to Cookies are also used. They can include web beacons and tracking URLs. All these technologies are referred to as "Cookies" for the purposes of this policy.

If you do not wish to allow any type of Cookies, or if you only wish to allow certain Cookies, please refer to your browser settings. You can also use your browser settings to withdraw your consent to our use of Cookies at any time, and delete Cookies that have already been set. Please note that by deleting our Cookies or disabling future cookies, you may not be able to access some parts or functions of our websites.

To learn more about Cookies, you can visit www.allaboutcookies.org or www.youronlinechoices.eu where you can find more information about behavioural advertising and online privacy.

4. Sharing and transmission of data to third-parties

4.1 Subcontracting

EPFL may use subcontractors or service providers, particularly technical service providers, insofar as is necessary for the completion of the duties entrusted to them. As such, EPFL may call on service providers to manage and/or maintain the Website and the Services, for advertising purposes or to send messages from our account, to conduct research, and to monitor and analyse the status of our network, the response capacity of our services and the efficiency of our communication.

4.2 Transmission to third-parties

We may transmit your data to third-parties if the law or a request from a judicial or administrative authority so requires, in order to protect our rights or our interests, or to enforce the terms of the Contract.

5. Data privacy and security

Although complete security on the internet is not possible, We have implemented standard security measures (of a technical and organisational nature) in accordance with standard regulations, taking into account the risks involved in protecting information about You from any accidental or intentional manipulation, loss, destruction or communication, or from all non-authorised access.

6. Transmission abroad

Your data shall be primarily handled and stored in Switzerland or in the European Union. Should We request the services of a foreign service provider, We shall, of course, respect the applicable legal framework and shall adopt the measures required by law before commencing communications abroad.

7. Right of access, rectification and opposition

You have the right to be aware of the personal information held by EPFL about You. You also have the right to update, rectify and delete personal information about You. You have the right to oppose the handling of your personal data, subject to a legitimate reason.

You also have the right to oppose the use of your personal data for commercial prospection.

For technical reasons and pending their definitive deletion, data that have been collected through the Site (automatically or transmitted by You) may be stored and remain temporarily recorded even after termination of your account or closure of the Site, particularly in the case of backup systems. However, they will not be used. Anonymous information (namely including data collected through the use of cookies) may be conserved without limit.

If you wish to exercise any of these rights, please write to the following address: dpo@epfl.ch. We may request that You provide proof of your identity (a copy of your identification card, for example).

8. Policy update

This Policy may be updated from time to time. We will therefore update the date at the top of this information notice accordingly. In some cases, we may also actively inform you of specific data processing activities or significant changes to this information notice, as required by applicable law.

9. Contact

For any request for information regarding our Policy, you may write to:

Data Protection Officer
École Polytechnique Fédérale de Lausanne
P-SG-AJ DPO
BS 248
Station 4
CH-1015 Lausanne

dpo@epfl.ch

10. Exclusion of liability

For any prejudice or damages relating to your personal data that You incur in connection with the use of the Website, the Services or any other element in relation to the Contract, We expressly refer you to Article 5.3 of the GTC, “Exclusion of Liability”.

11. Jurisdiction and applicable law

The Contract and all resulting questions or questions in connection with it, including those relating to the use of the Website and the Services, shall be governed by and construed in accordance with Swiss law, without regard to conflict of law principles. You hereby agree that the courts of the district of Lausanne (Switzerland) shall have exclusive jurisdiction.

12. Appendix

Some course videos may be hosted on YouTube. In such case, the Google privacy policy applies.