Online Courses learning environment of the University of Jyväskylä Privacy notice 

Privacy notice for the Online Courses learning environment of the University of Jyväskylä  

For what purposes are your personal data used, and what is the legal basis for their processing? 

JYU Online Courses is a learning environment of the University of Jyväskylä (JYU), and it is open for everyone. JYU Online Courses includes, for example, different MOOC courses (Massive Open Online Courses aimed at unlimited participation) for target groups engaged in continuous learning, such as employed and unemployed people as well as general upper secondary school students. Everyone can access the learning materials, but to complete a course, one needs to register for a course and log in to the learning environment with JYU’s user ID. Continuous learning courses are mainly offered by the Open University of JYU. This means that course administration complies with the processes of the Open University.   

Moodle serves principally as a platform for the teaching activities of the University of Jyväskylä. Personal data are used for the identification of course participants and for related contacts. The processing of personal data is primarily based on the basic mission of universities set in the Universities Act (558/2007; Section 2) and on fulfilling this mission (General Data Protection Regulation GDPR, Article 6.1. c on compliance with a legal obligation). The data are used for the purposes of teaching, guidance and educational development. The University’s right to process personal data as the data controller is also based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller (GDPR, Article 6.1 e). Personal data may also be used for scientific research or for statistical purposes, as their later processing for such purposes in order to serve the public interest is not considered to conflict with the original purpose of these data (teaching, guidance and educational development). Requests to use data for research or statistical purposes are submitted to the Registry Office ( 

Solving system problems and information security incidents, collecting log data from information systems as required by legislation, information security control, and providing an up-to-date view on the overall situation of information security. As regards log data, the legal basis for processing personal data is compliance with the controller’s legal obligation. [Act on Information Management in Public Administration (906/2019, Section 17) and the General Data Protection Regulation GDPR (EU 679/2016, Articles 24, 32–34, 39)]. 

What personal data do we process? 

Personal data in Moodle comprise 

    • name 
    • email address  
    • user ID 
    • user rights within the system 
    • content items produced by the data subject, such as assignments, comments, and exam answers 
    • the log data of the service are used for controlling the server and data transfer capacity, sorting out technical problems and misconduct, and to follow student activity 

The data are retrieved from universities’ user data systems when a user logs in to the service, and from the study information system when establishing a course.  

Cookies are used in browser-based information systems for processing personal data. Cookies are used for providing the services, making login easier, and enabling statistics on the use of the services. A user can refuse the use of cookies in the browser application, but this may prevent the system’s proper functioning. 

Who has access to your personal data? 

The teacher of the course has access to the data of the participants. System administrators have access to all data. Other students on the course can see your name in the course area if you create content there (e.g. in the discussion forum) and possibly other data if you add such in Moodle (e.g. your profile picture).  

Transfer of personal data: ;


Progress tracking 

This plugin takes it possible to monitor the completion of tasks/activities. Students can see a colour-coded progress bar that shows completed, partly completed and uncompleted tasks in different colours. The plugin makes it easy for students to perceive the remaining workload. Teachers see a summary of the studies, so they can notice if a student is at risk of failing. 


Medial is a media service used in the learning environment to facilitate the completion and submission of video assignments. Videos can be recorded directly on the browser and returned to the learning environment. Saved data are stored in the server room of the University of Jyväskylä. The data can be accessed by data administrators and, within Moodle, by those who have been given access rights.  


The re-engagement plugin runs in the background and sends messages from the learning environment to students’ emails. The plugin enables automatic reminder messages. The messages can be defined to be sent either based on a completed activity or based on missing completion. 

For how long will your data be processed? Will the data be archived? 

Student data must be stored in the system until the studies end, after which user IDs are inactivated and removed within a reasonable time.  

Your rights as a data subject 

You have the following rights as a data subject: 

    • Right to access your data  
    • Right to rectification, meaning that you can correct inaccurate personal data (remember to keep your contact details up to date) 
    • Right to erasure (“right to be forgotten”) in certain circumstances  
    • Right to restriction of processing in certain circumstances 
    • Right of notification: the data controller (unit responsible for the register) shall inform any third-party recipients of the data about the rectification, erasure, or restriction of processing of your personal data 
    • Right to object to processing of personal data in certain circumstances, such as where personal data are processed for direct marketing purposes 
    • Right to data portability from one system to the other in certain circumstances 
    • Right not to be subject to a decision which is based solely on automated processing, such as profiling, and which produces legal effects concerning you or similarly significantly affects you 
    • Right to be informed about a personal data breach that causes a major risk 
    • Right to lodge a complaint with a supervisory authority 

For further information on your rights, please contact JYU’s data protection officer or the contact person of the register. 

How can you apply your rights? 

The University has common guidelines for implementing the rights of data subjects: ;


General description of technical and organisational safety measures 

JYU requires that everyone processing personal data have completed training for the task. Instructions for the processing of personal data have been prepared for the staff, and staff members have been informed about these instructions, which are also available to everyone. 

Each information system and personal data processing activity has a designated responsible unit, whose contact information is provided in this privacy notice. User rights and authorisations are granted only to the extent required by the employees’ duties. The use of information systems is controlled by logging. The information security of information systems is reviewed on a regular basis. 

The University conducts self-assessments or orders audits from third parties to evaluate the level of cooperation partners’ and/or subcontractors’ data protection, information security and risk management. In compliance with the General Data Protection Regulation, data processing agreements are signed with all processors of personal data. 

University premises have camera surveillance and access control.  

Any alleged criminal activities are reported to the police for investigation. 

JYU implements information security in accordance with related state administration practices and the ISO 27000 standard. For more information on the information security principles of the University of Jyväskylä, see  ;

Making paper printouts from the JYU Online Courses learning environment is avoided. 

Contact information 


The University of Jyväskylä is the data controller and its Digital Services the unit responsible for processing these personal data. 

Contact information of the unit in charge: 

+358 14 260 3600 

Contact information of JYU’s data protection officer 

tietosuoja(at), +358 40 805 3297 


This privacy notice is released and submitted to data subjects as of 1 September 2021. 

Last modified: Wednesday, 1 September 2021, 8:15 AM