Here you can find information on how Aarhus University (AU) processes your personal data when using AU’s Learning Management System (LMS), Brightspace.
You can also read about your rights under the general data protection regulation and how to contact us if you have any questions or inquiries about how we handle your personal data.
As the data controller and data processor, AU processes a number of personal data. We collect and process a range of information (see below) as they are necessary for the educational use and technical operation of Brightspace. You need to be aware that we also collect data to learn more about the use of Brightspace and to help you use Brightspace in the best possible way. These analyses will always take place on the basis of aggregated data.
The personal data we collect is only used internally at AU and will not be shared with or disclosed to a third party unless we are obligated to disclose information in order to comply with Danish law or if we are required to do so by court order. However, AU does use data processors for several of the purposes stated in the previous paragraph. We primarily use data processors to collect information about aggregated user behaviour in AU Brightspace.
To ensure that your personal data will not be used for the wrong purposes or in a way that is against the law, we take great care selecting our data processors. AU’s Centre for Educational Development and the Office for Corporate Relations and Technology Transfer make sure that a data processing agreement is made with each of the data processors needed to accomplish the purpose of the data collection. The data processors may only process our and your personal data for the specific purposes stated in the data processing agreement. These agreements ensure that the data may not be used for other purposes or for the data processor’s own purposes.
Data from AU Brightspace is stored on AWS servers in Europe, but some of our data processors are based in the United States or other countries outside the EU, which means that your data might be stored outside the EU. However, we always make sure that these data processors have signed the EU Commission’s standard agreements on the transfer of personal data or have obtained EU-US Privacy Shield certification and thereby committed themselves to process personal data in accordance with the European general data protection regulation.
The length of the period in which we store and process your data depends on the specific purpose of the data processing. We only store your data as long as it is needed to fulfil the purpose for which it was collected.
To ensure the safety of your personal data and your right to data protection, we have established a wide range of technical, physical, and organisational security measures. AU has created internal guidelines for how to process personal data and how to ensure that our employees only have access to the personal data needed to perform their work. Additionally, AU has adopted an IT and security policy that all employees must comply with, and we instruct our employees on how to handle personal data and the importance of processing your data in a safe and legal manner. You can read more about AU’s IT and security policy here:
Brightspace collects and processes the following data on behalf of AU:
AU Brightspace’s and AU’s need for data processing agreements may change over time. Therefore, you should be aware that our privacy policy may be adjusted to reflect the current processing of personal data. We encourage you to keep yourself updated on our privacy policy. We will, of course, notify you if we make substantial changes that will impact you and your data protection. You can also stay updated on AU’s general privacy policy here:
In accordance with applicable legislation, you always have the right to know what information AU Brightspace has registered about you and how we process it. This means that you can always contact us if you wish to get an overview of your personal data. If you have any inquiries regarding your personal data, please contact AU’s Data Protection Officer at dpo@au.dk or Division Manager of the Department of Educational IT, from the Centre for Educational Development, Anders Hyldig at ahyldig@au.dk. If you wish to complain about the processing of your personal data, you can do so by contacting the Danish Data Protection Agency.
---
The privacy policy was last updated on 27 October 2022.
