List of active policies

Name Type User consent
Moodle Datenschutzhinweis der ZHAW Privacy policy Authenticated users

Summary

ZHAW Data Protection Notice:


Für Deutsch wählen sie die Sprache im Menü

In this document, we provide you with information on how your data is collected and processed on Moodle.

Full policy

Data protection

This data protection notice gives an overview of how data is collected and processed in the learning management system (https://moodle.zhaw.ch) of the ZHAW (hereinafter referred to as “Moodle”). Moodle is an open-source learning management system (LMS) and is used by the ZHAW as its main learning platform. The courses located on Moodle provide students with a source of information and learning resources. Moodle is also used for assessments. This data protection notice is aimed at all users of Moodle, in particular students and teaching staff.

Who operates Moodle at the ZHAW?

Moodle is hosted and operated at the ZHAW. The LMS team, which comprises e-learning experts from the Teaching Technologies and Didactics section (President’s Office) as well as employees from the Teaching and Studying ICT Group (Finance and Services), ensures the provision of user and technical support as well as the development of Moodle. External IT specialists, generally employees from official Moodle partners, are also tasked with providing technical support and developing Moodle on a project and needs-specific basis.

What sources and data do we use?

We process data that you actively enter yourself, including forum posts, wiki contributions, solved tasks and exam answers, as well as additions to your profile. Then there is data about the grading of tests, tasks and assessments, which is either generated automatically or actively entered by your course supervisor. We also record which courses you use as well as what you do in these courses and when (e.g. which pages you visited). Master data such as your name and e-mail address is also processed. This data can be provided from other internal systems such as Evento and Active Directory as well as from external services like SWITCH edu-ID. Log files record every visit to Moodle and include data such as the IP address, information on the browser type and the date and time that Moodle was accessed.

Why do we process your data (processing purpose) and on what legal basis do we do so?

We process your data in order to provide you with access to the ZHAW’s e-learning offerings in the areas of academic programmes and continuing education courses and to ensure university operations. This allows you to interact with one another in various activities such as chats, forums, surveys or tests. Processing your master data enables us to identify you and authorise you to use Moodle. It also means that the Moodle settings defined by you are available again in the same form the next time you log in. Log files are initially saved for statistical purposes, to secure the service, to analyse cyber attacks and to ensure technical stability. On the other hand, we may access log files in the context of examinations or assessments in order to check whether there has been any dishonest conduct or to enable us to better track technical problems.

Moodle has a learning analytics function. It works on the basis of usage data from the past and current user behaviour and aims to predict the learning success of individual learners and to make diagnoses and recommendations. We currently only use this function in selected projects for purposes of internal research.

We process your data in accordance with the provisions of the law on Information and Data Protection (IDG) of the Canton of Zurich, the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR) to the extent that their corresponding regulations are applicable.

Data processing on the basis of legal requirements or to perform a task in the public interest

§ 6a of the FaHG law governing the Zurich universities of applied sciences and arts grants us the legal authority to process your data. This involves fulfilling the tasks that we as a university are granted by law. Among other things, our service mandate includes the provision of academic programmes, continuing education and applied research (§ 6 – 8 of the ZHAW university regulations).

To meet contractual obligations

We sometimes also process your data as this is necessary for executing a contract concluded with you, for example in the area of continuing education.

To protect our legitimate interests

Examples include establishing legal claims and defending legal disputes, ensuring IT security and IT operations, analysing traffic on Moodle and improving its functionality, and preventing and investigating criminal offences.

Based on your consent

To the extent that you have given us your consent to process your personal data for specific purposes, such processing is lawful based on your consent. Your consent may be revoked at any time. The revocation of consent does not affect the lawfulness of data processed before the revocation.

Data security

Your data is processed on our own servers in Switzerland with all due care and attention, and it is securely protected from being accessed by any unauthorised third parties. The ZHAW implements the necessary technical and organisational measures to ensure that the security of your data is maintained.

Who receives my data?

Within the ZHAW, access to your data will only be granted to those employees who require it to fulfil their tasks. These may be course directors, lecturers, administrative staff, support staff or administrators.

Other course participants have access to the courses that have been activated for them. Within these courses, they can see the first name, last name, email address and course contents (e.g. individual forum posts) of the other course participants.

Your data will only be disclosed to third parties (e.g. other public bodies) if this is done within the framework of a legal or official obligation or if the disclosure is necessary for legal or criminal prosecution. The ZHAW may, where necessary, commission external service providers to process your data for the purposes described above. These include companies in the categories of IT services and telecommunications. In these cases, the ZHAW takes the required measures to ensure compliance with the applicable data protection provisions.

The disclosure of certain data to providers of external services that are embedded in Moodle is described below.

How long will my data be stored?

We process and store your personal data for as long as is necessary to fulfil our contractual and statutory obligations or for as long as we consider it necessary for the purposes for which it is being processed.

What are my data protection rights?

You are entitled to different rights depending on the applicable legal basis. If the IDG is applicable, the following applies: you have the right to access your own personal data (§ 20(2) IDG), the right to have incorrect personal data corrected or destroyed (§ 21(a) IDG), the right to stop the unlawful processing of your data (§ 21(b) IDG), the right to the rectification of consequences arising from the unlawful processing of your data (§ 21(c) IDG), the right to determine the unlawful processing of your data (§ 21(d) IDG) and the right to have your data blocked (§ 22 IDG). If the GDPR is applicable, the following applies: you have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). You may revoke consent to the processing of personal data at any time by informing us accordingly. Please note that such revocation will only be valid for the future and does not affect any processing done before the date of revocation.

Is “profiling” done?

The learning analytics function processes your data on an automated basis with the goal of evaluating certain personal aspects (i.e. profiling). We currently only use this function in selected projects for purposes of internal research.

Cookies

Cookies are text files that are placed and stored on a computer system through a web browser. Moodle uses two different cookies (small text files) which are stored on your device. The first is the “Moodle Session” cookie, which you have to allow so that you remain logged in when moving from page to page when accessing Moodle. After logging out or closing your web browser, the cookie is deleted. The second cookie is the “Moodle ID” cookie, which serves to make things more convenient for you by saving your login name in the web browser. This cookie remains on your device even after logging out of Moodle, meaning that the next time you log in, your login name is already entered. If you do not allow this cookie, you will be required to re-enter your login name each time you wish to access Moodle. In addition to Moodle, providers of other services that are linked to Moodle can also place cookies on your device. You can at any time prevent cookies from being stored by means of a corresponding setting on your browser and thus permanently prevent them from being placed. In addition, previously stored cookies can be deleted at any time via your browser or other software programs.

Statistics / IT system logs

Statistics

The website moodle.zhaw.ch and its direct sub-pages use web analytics software (currently Matomo). Known as tracking, this can be disabled by using the Do Not Track setting found in most web browsers. This setting adds a Do Not Track tag to the header of the browser request, indicating that the user