Date of publication: 23 november 2018
- 1. Data which may be collected
- 2. Data use objectives
- 3. Cookies and web beacons
- 4. Sharing and transmission of data to third-parties
- 5. Data privacy and security
- 6. Transmission abroad
- 7. Right of access, rectification and opposition
- 8. Policy update
- 9. Contact
- 10. Exclusion of liability
- 11. Jurisdiction and applicable law
Remark: The French version of this document (available at https://courseware.epfl.ch/privacy_fr) is the legally valid binding version.
The Ecole Polytechnique Federal de Lausanne, 1015 Lausanne (Switzerland) (hereafter "EPFL" or "We") proposes access and use of the Swiss MOOC Service (hereafter "Services") to users (hereafter "User" or "You"), namely via the websites http://courseware.epfl.ch (hereafter individually or collectively the "Website"). These Services and the Website are governed by the General Terms and Conditions (hereafter "CGU").
By accessing the Website and/or using the Services, You acknowledge that You have read, understood and accepted that You are subject to all of the conditions laid down in the CGU and the Policy.
All terms which are not specifically defined in the Policy bear the same definition as is attributed to them in the CGU.
1. Data which may be collected
1.1 Data communicated by the User
When You register with the Website or interact in any other manner with EPFL within the framework of the Services, You may be requested to provide us with certain data, such as your personal address, professional address, invoicing information, login information, etc. either directly or via a pre-existing account (for example, SWITCH AAI) (hereafter "Registration data"). You may also freely provide supplementary information.
1.2 Usage data from the Website and Services
When You browse the Website or receive and/or consult our emails and interact with either of the above, or when You use certain Services, We shall use automatic data collection technologies to collect certain information regarding your actions. This includes data such as your IP address, the hyperlinks on which You click, the pages or the content that You view, the viewing duration and other similar information and statistics regarding your interactions, such as the content response time, loading errors and the duration of your visit to certain pages, the type of web browser used or the connection location, for example. These data are collected through automated technologies such as cookies (browser cookies, flash cookies) and web beacons. The information is also collected via external monitoring services (for example, Matomo).
1.3 Data from social networks
When You allow a third-party social network (such as Youtube, Facebook, etc.) to share and/or interact with us, We shall receive all data You have shared publicly on the third-party social network and data included on your profile. This may concern basic data relating to your account (for example, your name, your email address, your gender, your date of birth, your city of residence, your profile photograph, your username, your friend list, etc.) and all other information or activities that You have allowed the third-party social network to share.
We shall also receive data regarding your profile when You use a social network function integrated in the Website (such as Facebook Connect) or when You interact with us via a social network. To learn more about the manner in which We receive information about you from third-party social networks or to cease sharing your data on these social networks, We invite you to consult the terms and conditions of these social networks, for which we accept no responsibility.
1.4 Payment data
2. Data use objectives
The present article describes the aims for which We collect your data. All forms of data use are not applicable to all Users. It is to be noted that your data must be handled in accordance with the applicable legal framework as well as the relevant EPFL competences.
2.1 Service provision and Website management
We use your data to provide Services, to interact with You and to respond to your requests regarding the Website or Services. Your data may also be used with the aim of detecting fraud.
2.2 Benefits relating to surveys and statistics
With your consent or if the law allows us, We shall use your data to send You information regarding our Services in relation to studies and to the Website in general, to request your participation in surveys, namely statistic-based, or to develop a more direct relationship with You. Data related to Service use shall also be used on an aggregated basis in order to better understand the use of the Services and to improve their workings.
2.3 Identity verification
A participation certificate may only be awarded to a User whose identity has been verified. You may visit the Center for Digital Education in person or use an online service for this purpose. Identity verification is a service provided by a third-party and is governed by the conditions of this third-party. By using this service, You accept the conditions and allow EPFL to receive and handle the information transmitted by the third-party for the purpose of Your identity verification.
With your consent or provided the law allows us, We shall use you data to analyse your preferences and your User habits, to personalise your experience on our Website, and to optimise our Website and Services for You and your computer. We may also suggest content to You which better corresponds to your interests as a result.
3. Cookies and Web beacons
Cookies are small pieces of information sent by a web server to a web browser, which allow the server to identify the browser on each page in a unique way. Other tracking technologies similar to Cookies are also used. They can include web beacons and tracking URLs. All these technologies are referred to as "Cookies" for the purposes of this policy.
To learn more about Cookies, you can visit www.allaboutcookies.org or www.youronlinechoices.eu where you can find more information about behavioural advertising and online privacy.
4. Sharing and transmission of data to third-parties
EPFL may use subcontractors or service providers, particularly technical service providers, insofar as is necessary for the completion of the duties entrusted to them. As such, EPFL may call on service providers to manage and/or maintain the Website and the Services, for advertising purposes or to send messages from our account, to conduct research, and to monitor and analyse the status of our network, the response capacity of our services and the efficiency of our communication.
4.2 Transmission to third-parties
We may transmit your data to third-parties if the law or a request from a judicial or administrative authority so requires, in order to protect our rights or our interests, or to enforce the terms of the Contract.
5. Data privacy and security
Although complete security on the internet is not possible, We have implemented standard security measures (of a technical and organisational nature) in accordance with standard regulations, taking into account the risks involved in protecting information about You from any accidental or intentional manipulation, loss, destruction or communication, or from all non-authorised access.
6. Transmission abroad
Your data shall be primarily handled and stored in Switzerland or in the European Union. Should We request the services of a foreign service provider, We shall, of course, respect the applicable legal framework and shall adopt the measures required by law before commencing communications abroad.
7. Right of access, rectification and opposition
You have the right to be aware of the personal information held by EPFL about You. You also have the right to update, rectify and delete personal information about You. You have the right to oppose the handling of your personal data, subject to a legitimate reason.
You also have the right to oppose the use of your personal data for commercial prospection.
If you wish to exercise any of these rights, please complete the form https://cipd.epfl.ch/en/individual-request/ and send it to the following address: firstname.lastname@example.org. We may request that You provide proof of your identity (a copy of your identification card, for example).
8. Policy update
This Policy may be updated from time to time. We will therefore update the date at the top of this information notice accordingly. In some cases, we may also actively inform you of specific data processing activities or significant changes to this information notice, as required by applicable law.
For any request for information regarding our Policy, you may write to the Independent Data Protection Advisor, CIPD, at the following postal address: Ecole Polytechnique Fédérale de Lausanne, Station 4, CH 1015, Lausanne or by means of the website https://cipd.epfl.ch.
10. Exclusion of liability
For any prejudice or damages relating to your personal data that You incur in connection with the use of the Website, the Services or any other element in relation to the Contract, We expressly refer you to Article 5.3 of the CGU, “Exclusion of Liability”.
11. Jurisdiction and applicable law
The Contract and all resulting questions or questions in connection with it, including those relating to the use of the Website and the Services, shall be governed by and construed in accordance with Swiss law, without regard to conflict of law principles. You hereby agree that the courts of the district of Lausanne (Switzerland) shall have exclusive jurisdiction.