This policy explains how Aarhus University (AU) processes your personal data when you use AU’s Learning Management System (LMS), Brightspace. It also explains how you can get in touch with us if you have questions or concerns about how we process personal data.
The overall purpose of Brightspace is to support teaching at AU, for example by providing students with access to information about courses, preparatory materials and online activities. At the same time that Brightspace is the central platform for students’ preparation for their classes, the system also enables teaching staff to monitor how students interact with their courses, including materials, assignments and so on. Teachers can use this insight to develop and improve their teaching. The primary purpose of the platform is to enhance students’ learning outcomes by enabling teaching staff to develop their teaching practices strategically, based on aggregated data. Data about individual students’ activities on the platform are used to a limited extent by teaching staff in their work with individual guidance.
A necessity analysis was performed for each function in Brightspace, which means that an active decision was made as to whether or not to activate each function and how the data it generates should be processed. This applies both to how data is displayed and what user groups have access to it. Some types of data are particularly relevant to the operation and administration of the system, and others are relevant for educational purposes. Which users have access to which types of data is regularly assessed. Brightspace is a standard system developed by D2L, with whom AU has entered into a contract. This means that in some areas, the types of data the system collects have been preselected, which limits the extent to which AU can customise data collection. Below is an overview of the types of data processed by the system.
Personal data is processed in Brightspace pursuant to Article 6(1)(e) of the General Data Protection Regulation (link as of 05.12.2025) and the Degree Programme Order no. 1119 of 19 September 2025 (link as of 05.12.2025). The personal data we collect is only used internally at AU and will not be shared with or disclosed to a third party, unless we are obligated to disclose information in order to comply with Danish law, or if we are required to do so by court order.
To ensure that your personal data is processed properly and in accordance with the law, AU has entered into a data processing agreement with the system supplier D2L, which operates Brightspace. The agreement clearly stipulates that D2L may only process information on behalf of AU and for the purposes determined by AU.
AU has also concluded agreements with other suppliers in addition to D2L in order to supplement the functionality of Brightspace. For example, FeedbackFruits, which supplements Brightspace with functionalities that make providing feedback to students easier. Data processing agreements have been concluded with all of these suppliers and security measures have been put in place. You can read more about these technologies in AU’s technology inventory here (link as of 9 December 2025).
In these cases, D2L uses subcontractors for the operation and support of the system. These subcontractors are covered by D2L’s own data processing agreement and security measures. A list of D2L’s subcontractors is available here (link as of 5 December 2025).
How long we store and process your data depends on the specific purpose of the data processing. We only store your data for as long as it is needed to fulfil the purpose for which it was collected. Once the purpose has been fulfilled, we will delete or anonymise your personal data. AU may be subject to special rules, including archiving requirements, the Examination Order and other documentation requirements under which AU may have an obligation or right to store personal data for a longer period of time. You can read more about AU's general privacy policy here (link as of 05.12.2025).
In order to ensure the security of your personal data and your right to data protection, we have established a wide range of technical, physical and organisational security measures. AU has adopted internal guidelines for how to process personal data and how to ensure that our employees only have access to the personal data needed to perform their work. Additionally, AU has adopted an IT and security policy which all employees must comply with, and we instruct our employees in how to handle personal data and the importance of processing your data in a safe and legal manner. You can read more about AU's IT and security policy here (link as of 5 December 2025):
Brightspace collects and processes a range of information (see below), as this is necessary to ensure the optimal educational use and technical operation of Brightspace. The personal data we collect is only used internally at AU and will not be shared with or disclosed to a third party, unless we are obligated to disclose information in order to comply with Danish law, or if we are required to do so by court order.
Brightspace collects and processes the following information for various purposes:
Information | Processing purpose |
First and last name | Processed so that:
|
Role, e.g. teacher, instructor or student | Processed to ensure the correct system permissions in Brightspace. |
Institutional affiliation | Processed to ensure correct placement in the organisational hierarchies in Brightspace, so that the user is assigned to the correct faculty, courses and communities. |
Contact information | Processed for the purpose of enabling teachers and students to communicate in connection with classes and teaching. |
ID data | Collected and processed to ensure stable system operation and system identification of system users. |
Login details | Collected and processed to ensure stable system operation and good support. |
Traffic and location data | Collected and processed to ensure stable system operation and good support. |
Learning activity, e.g. quiz answers and activation of learning content | Collected and processed in order to execute course activities that require learning data to be created and stored. In addition, data is used to gain insight into how students work with the course content. This makes it possible to:
|
Profile information | Collected and processed for the purpose of enhancing the online community experience. This data is not required and is only processed if users have entered the information themselves. |
Both Brightspace and AU's need for data processing agreements may change over time. Therefore, you should be aware that our privacy policy may be adjusted to reflect current personal data processing practices. We encourage you to stay informed about our privacy policy. Naturally, we will notify you if we make substantial changes that will have an impact on you and your data protection. You can also stay informed about AU’s general privacy policy here (link as of 5 December 2025).
You always have the right to know what information Brightspace has registered about you and how we process it. This means that you can always contact us if you wish to get an overview of your personal data. You have these rights by law, and any enquiries in this regard can be directed to AU's DPO at dpo@au.dkor the manager of the digital development team at the Centre for Educational Development, Anders Hyldig, at ahyldig@au.dk. If you wish to lodge a complaint about processing of your personal data in Brightspace, you can do so by contacting the Danish Data Protection Agency.
---
The privacy policy was updated on 9 February 2026.
In the event of any inconsistency between the Danish and English language versions of the document, the Danish version prevails.
