Aarhus University Seal / Aarhus Universitets segl

Brightspace privacy policy

Here you can find information on how Aarhus University (AU) processes your personal data when using AU’s Learning Management System (LMS), Brightspace.

You can also read about your rights under the general data protection regulation and how to contact us if you have any questions or inquiries about how we handle your personal data.

The purpose of the data collection

AU processes personal data in various contexts as both data controller and data processor. We collect and process your data as it is essential in order to continue to improve the user experience of AU Brightspace. You should therefore be aware that we conduct analyses of how you use AU Brightspace. These analyses help us to learn more about the use of AU Brightspace and to give you the best possible user experience of AU Brightspace. We have no interest in tracking exactly how you as an individual use AU Brightspace. We only use the data in aggregated form to get an overview of and find patterns in how our users use AU Brightspace.

Data collection and data processing

The personal data we collect is only used internally at AU and will not be shared with or disclosed to a third party unless we are obligated to disclose information in order to comply with Danish law or if we are required to do so by court order. However, AU does use data processors for several of the purposes stated in the previous paragraph. We primarily use data processors to collect information about aggregated user behaviour in AU Brightspace.

How do we share and disclose your personal data?

To ensure that your personal data will not be used for the wrong purposes or in a way that is against the law, we take great care selecting our data processors. AU’s Centre for Educational Development and the Office for Corporate Relations and Technology Transfer make sure that a data processing agreement is made with each of the data processors needed to accomplish the purpose of the data collection. The data processors may only process our and your personal data for the specific purposes stated in the data processing agreement. These agreements ensure that the data may not be used for other purposes or for the data processor’s own purposes.

Data from AU Brightspace is stored on AWS servers in Europe, but some of our data processors are based in the United States or other countries outside the EU, which means that your data might be stored outside the EU. However, we always make sure that these data processors have signed the EU Commission’s standard agreements on the transfer of personal data or have obtained EU-US Privacy Shield certification and thereby committed themselves to process personal data in accordance with the European general data protection regulation.

How long do we store your personal data?

The length of the period in which we store and process your data depends on the specific purpose of the data processing. We only store your data as long as it is needed to fulfil the purpose for which it was collected.

How do we protect your data?

To ensure the safety of your personal data and your right to data protection, we have established a wide range of technical, physical, and organisational security measures. AU has created internal guidelines for how to process personal data and how to ensure that our employees only have access to the personal data needed to perform their work. Additionally, AU has adopted an IT and security policy that all employees must comply with, and we instruct our employees on how to handle personal data and the importance of processing your data in a safe and legal manner. You can read more about AU’s IT and security policy here:

Types of data

We use the data processor EesySoft to collect aggregated data on user behaviour in AU Brightspace. For this purpose, EesySoft collects sensitive data, which you read more about the types of data in EesySoft here:

ColumnExplanation
idEesySoft ID number for the user 
nameBrightspace user name 
fullnameComplete name 
emailEmail address 
session_startedStart date of the user’s most recent login session 
session_updatedDate and time when the user’s most recent login session was last updated 
reporting_session_idID number for the most recent login session
pk1Primary ID number for the user

Changes and updates to the privacy policy for AU Brightspace

AU Brightspace’s and AU’s need for data processing agreements may change over time. Therefore, you should be aware that our privacy policy may be adjusted to reflect the current processing of personal data. We encourage you to keep yourself updated on our privacy policy. We will, of course, notify you if we make substantial changes that will impact you and your data protection. You can also stay updated on AU’s general privacy policy here:

Contact and complaints

In accordance with applicable legislation, you always have the right to know what information AU Brightspace has registered about you and how we process it. This means that you can always contact us if you wish to get an overview of your personal data. If you have any inquiries regarding your personal data, please contact AU’s Data Protection Officer at dpo@au.dk or Division Manager of the Department of Educational IT, from the Centre for Educational Development, Anders Hyldig at ahyldig@au.dk. If you wish to complain about the processing of your personal data, you can do so by contacting the Danish Data Protection Agency.

---

The privacy policy was last updated on 2 June 2021.