List of active policies
Name | Type | User consent |
---|---|---|
Conditions of access to the site | Site policy | Authenticated users |
Privacy, security and personal data | Privacy policy | Authenticated users |
Policy of access to data by third parties | Third parties policy | Authenticated users |
Privacy Policy | Privacy policy | All users |
Summary
This policy defines the terms and conditions you must accpet to access and use the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle) and the good use you must do of it, specifically about this key aspects:
- Username and password
- Good use and respect among users
- Regarding Intellectual Property
- Correct use of technology services and resources
- Accuracy of personal data
- Cookies and browsing data
- Legal age
Full policy
Conditions of access to the site
Access to the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle) and its use necessarily implies the full and unreserved acceptance of all provisions contained in this document, which you issue when you expressly consent by marking this policy’s checkbox. In any case, access to and use of the materials that are contained in MUdle implies that the user has read and accepts, without reservations, their conditions of access and use.
This document contains the general conditions of access and use of MUdle. Acceptance of these conditions of use is essential to access MUdle and use its benefits. In the event of noncompliance, Mondragon Unibertsitatea may deny, withdraw, suspend or block access to MUdle and the services provided through it.
Therefore, please read carefully the following conditions, which are applicable to all users of MUdle, including both students and staff of Mondragon Unibertsitatea as guests.
Good use
Username and password
To access MUdle, all users have a personal username and password. Access to MUdle includes the use of the contents and services that are made available to its members, according to the specific profile assigned to each one. This access is individual, personal, and non-transferable. The user agrees to keep confidential the identification (password) of which the user is the owner. Any actions performed using a given password are considered as performed by its owner. The user shall be responsible for any activity or misuse that a third party carries out through such identification with their consent or due to their negligence. The user agrees to notify the loss of this identification or use by third parties with the greatest possible brevity, as soon as such loss or use is detected. The user also agrees not to access or attempt to access spaces to which they do not have access using their own profile.
Good use and respect among users
The user undertakes to use the contents and services of MUdle in a correct manner, in accordance with the provisions of current legislation and avoiding any illegal or harmful action of rights or interests of third parties. In particular, the following are considered incorrect uses:
Private or commercial use of resources, platforms, or courses.
Inclusion, transmission or dissemination of any content that is illegal, defamatory, offensive or that threaten the values and dignity of people.
Use, whether in the form of reproduction, public communication or distribution, of materials that violate intellectual property rights.
Failure to comply with the regulations on personal data protection.
Each user undertakes to comply with a respectful attitude a language in communications with other users in both public and private spaces. They also undertake to maintain the confidentiality of private communications and not to make available to third parties data obtained through distribution lists or in the public spaces of MUdle.
Regarding Intellectual Property
The ownership of the intellectual property rights of the contents stored in MUdle corresponds to their authors or to whomever holds the exploitation rights as indicated.
Mondragon Unibertsitatea offers members of the university community and other authorised users a set of tools integrated in MUdle, which users can use to host or link to different contents. Users of MUdle must make a rational use of them and use them to satisfy their information and communication needs with an exclusively academic teaching/student, research or management purpose, without exploiting said contents collectively or commercially.
Consequently, MUdle users are able to view these contents according to the profile assigned thereto. Consequently, MUdle users are able to view these contents according to the profile assigned thereto. Users can only use academic content for personal use and are not able to reuse such content outside this area, except in cases where this is expressly indicated by the corresponding licence or notice of use. The materials available in MUdle on which the faculty or Mondragon Unibertsitatea does not hold intellectual property rights are only offered under the limits of the author’s rights provided in the legislation in force, by having the corresponding licence or authorisation, or because they are in the public domain.
MUdle contains links or hyperlinks that lead to other websites managed by third parties unrelated to Mondragon Unibertsitatea. Therefore, Mondragon Unibertsitatea cannot guarantee the content or information that is collected in said websites or its accuracy or updates, nor shall it be responsible for them.
Mondragon Unibertsitatea, in its capacity as administrator of MUdle, reserves the right to examine the contents stored in MUdle in case of receiving a request for removal of any content that is illegal or that violates copyright law.
Correct use of technology services and resources
In accordance with the academic nature of MUdle, the services provided shall only be used for academic purposes and never for commercial purposes. In particular, the user undertakes not to use the email address or public spaces of MUdle for commercial or advertising purposes.
Similarly, the user undertakes not to harm, directly or indirectly, or to jeopardise the smooth operation of MUdle, computer services, and shared technological resources that configure it, as well as not interfering in the correct use of these systems and resources by third parties.
Accuracy of personal data
The user is responsible for ensuring the accuracy and updating the information regarding personal data provided and that are incorporated into MUdle, as well as undertaking not to falsify their identity or committing acts of deception on their relationship with another person or entity.
Cookies and browsing data
This website uses its own cookies to manage the sessions of registered users and to improve its user experience. Third-party cookies are also used to collect anonymous information in order to obtain information on the use of our website. Any action other than blocking them implies consent for their installation and use.
In addition, certain activities may contain links to third-party websites. The use of cookies made by these external pages does not depend on Mondragon Unibertsitatea and shall be subject to its own use policy.
Legal age
MUdle services are not intended for people under 16 years of age. By accepting these conditions, you also state that your age is at least 16 years old. We do not intentionally collect information (including personal data) on children or other persons who not legally use MUdle. If we are aware of collecting any personal data from a minor, we shall proceed to its removal, unless we are legally required to keep such data.
Summary
This is the privacy, security and personal data policy of the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle). It defines the usage given to the personal data, the security measures we adopt to ensure its protection and the rights the user has, specifically this aspects:
- Datuen Babeserako Ordezkaria (DPO Officer)
- Zeintzuk dira biltzen diren datuak?
- Zein da bildutako datuekin egiten den erabilera?
- Nork du datuetarako sarbidea?
- Noiz arte gordetzen dira datuak?
- Zeintzuk dira zure eskubideak?
Full policy
Privacy, security and personal data
At Mondragon Unibertsitatea, we take privacy seriously and take all reasonable measures to protect your personal information. We do not share or distribute your personal information (including your email address), but in order to provide access to the service, we must collect and store certain personal information. By law, we may also request certain personal information.
The general privacy policy of Mondragon Unibertsitatea (available at https://www.mondragon.edu/en/privacy-policy ) also applies to MUdle, so here only are mentioned details regarding to this specific service.
We register in the logs of our servers the IP addresses, URLs visited and associated information of all users for analytical and statistical purposes. We use cookies to keep user names and sessions open, as well as to collect website traffic statistical information anonymously.
We adopt technical, physical and administrative security measures designed to provide reasonable protection of your personal data against loss, misuse, unauthorised access, disclosure and alteration thereof. These security measures include firewalls, data encryption, physical access controls relating to our data centres, and authorisation controls on access to information. Although we strive to maintain the security of our systems and services, it is your responsibility to maintain the privacy of your passwords and registration information of your profile or Account.
The following are some of the measures adopted by us to guarantee the privacy and security of the website and its data:
- Security backup policy: we regularly make backup copies of the website in order to guarantee the recovery thereof in case of possible incidents.
- Safe browsing: all site browsing is done through secure protocols (HTTPS, SSL, TLS, HSTS).
If you have any questions about these practices or the use we make of your personal information, please write to dpo@mondragon.edu.
Data Protection Officer (DPO Officer)
The contact address of the data protection officer of Mondragon Unibertsitatea is dpo@mondragon.edu. Please use this address to contact us and if you wish to exercise any of the rights in the regulation relating to you as the user. Mondragon Unibertsitatea also informs you of your right to file a claim with the Spanish Agency for Data Protection (www.agpd.es) if you consider that the processing does not comply with current regulations.
What data are collected?
In order to provide the MUdle service at https://mudle.mondragon.edu and https://online.mondragon.edu, we may share certain information with third parties as detailed later in this document.
In any case, MUdle does not collect specially protected personal data, only the data essential to provide the service: full name, email address, and access IP.
What use is given to the collected data?
The purpose of the data collected is only to offer the MUdle service, thereby excluding any other use of the data, such as for commercial or marketing purposes and research purposes.
The Moodle platform offers a Learning Analytics tool (more information) in a native way, and it is possible that the data collected in Moodle is used through this tool, always for academic purposes.
Who has access to the data?
The data collected in MUdle are accessible to the following people, roles, and organisations:
- Teaching staff (each in their field), for academic purposes
- Administrative staff, for management purposes or support to the teaching staff
- Members of Mondragon Unibertsitatea, for purely statistical purposes
- Some entities external to Mondragon Unibertsitatea have access to some data as detailed below.
For how long will the data be kept?
Your data will be processed and maintained for as long as the user is active on the platform. Once the account is closed, where appropriate, the data may be kept properly locked for the time required by applicable law and, where appropriate, until the expiry of possible responsibilities related to the processing of your data, or to meet any requirement of the Public Administrations, Courts, the and Public Prosecutor’s Office.
What rights do you have?
The user can exercise the following rights at Mondragon Unibertsitatea:
Right of access: it allows the interested party to know and obtain information about their personal data submitted to processing.
Right of rectification: it allows the interested party to correct errors, modify data deemed inaccurate or incomplete, and guarantee the certainty of the information subject to processing.
Right of suppression: it allows the interested party to request the deletion of the data subject to processing when they are no longer necessary.
Right of opposition: the right of the interested party to decline the processing of their personal data or to cease it, except for legitimate reasons or for the exercise of or defence against possible claims, in which case the data shall be kept locked during the corresponding period while the legal obligations persist.
Right to oppose the sending of advertising: the interested parties may oppose the sending of commercial communications by Mondragon Unibertsitatea. In this case, they may revoke their consent at any time to receive these notifications using the mechanism implemented for that purpose, or by sending a letter with the subject “Unsubscribe” to pribatutasuna@mondragon.edu.
Limitation of the processing: In certain circumstances, the interested party may request the limitation of the processing of their data, in which case they shall only be kept for the exercise of or defence against claims.
Portability of the data: the interested party can request the receipt of data relating to them that they have provided, whenever this is technically possible. The data shall be submitted to another processing entity of their choice, in a structured format of common use and mechanical reading.
Right not to be the subject of automated individual decisions (including preparation of profiles): the right not to be the subject of a decision based on automated processing that produces effects or significantly affects them.
If you wish to exercise any of the rights described above, please send us a letter with all your information, including your DNI/ID No. to: Loramendi, 4, 20500 Arrasate/Mondragon or by email to dpo@mondragon.edu.
Summary
This policy defines which external agents have access to data of the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle), and details which data can access each of them, specifically these ones:
- External services with access to Personal Data
- Turnitin
- Google
- Google Drive
- Google Maps
- Gmail [aukerazkoa]
- ExLibris [aukerazkoa]
- Other external services with access to data
- Google Analytics
- Moodle [aukerazkoa]
- YouTube [aukerazkoa]
- Dropbox [aukerazkoa]
- Mozilla [aukerazkoa]
Full policy
Policy of access to data by third parties
In order to provide the MUdle service at https://mudle.mondragon.edu and https://online.mondragon.edu, we share certain information with the external agents described below. This information shall always be the minimum necessary for the service, and mechanisms of anonymity shall be established whenever possible.
Mondragon Unibertsitatea has agreements with these external agents to guarantee that the use made of said data is adequate and that the security of said data is guaranteed. Conversely, it is possible that some of them have their own EULA (End User License Agreement), which each user should read and accept, where necessary.
Integrated services
By means of your username and password, it is possible that you are given access or registration to services provided by third parties (each of them an "Integrated Service”), such as your Google account, or that you have the possibility of authorising an Integrated Service to give us access to personal information or other information. By authorising the connection with an Integrated Service, you authorise the access and storage of your name, email address and basic information of your profile provided by such Integrated Service, as well as the use and disclosure of said information, in accordance with this policy. You should check your privacy settings in each Integrated Service to understand what information the Integrated Service provides us and to make any adjustments you deem necessary. Please carefully review the terms of use and privacy policies of each Integrated Service before connecting it to our Service.
External services with access to Personal Data
Turnitin
Organisation: Turnitin, LLC
Organisation information: http://turnitin.com/en_us/about-us/our-company
Service: originality measurement and plagiarism control system
URL: https://www.turnitin.com/
Objective:
All personal data we process is directly linked to a specific purpose, such as requesting access to our academic content database, or requesting web content (i.e. a newsletter, case study, video, etc.)
Shared data: name, surname, email address, role in Moodle, and content of the submission
Organisation’s DPO email address: DPO@turnitin.com
URL of the organisation’s privacy policy: https://guides.turnitin.com/Privacy_and_Security#Privacy_Policy
Security measures implemented by the organisation to guarantee the privacy of the data:
The GDPR states that you must have a contract in place with Turnitin that is GDPR compliant. You are required to ensure that all your suppliers who act as data processors are GDPR compliant. Turnitin is involved in the same process with its suppliers.
To make this process as easy as possible for customers, Turnitin will amend its Registration Agreement to incorporate all relevant changes from 25 May on your behalf. This means that you won’t need to send us a contract amendment, and no further action is required from you as far as your Turnitin contract is concerned. The updated Terms of Service can be viewed in our new Privacy Centre
here.
Security measures implemented by the organisation to guarantee the privacy of the data: https://guides.turnitin.com/Privacy_and_Security
Method for requesting/exporting the data: DPO@turnitin.com
Notes: to enable its use, you must accept a specific EULA.
Organisation: Google Inc.
Organisation information: https://about.google/
URL of the organisation's privacy policy: https://cloud.google.com/terms/data-processing-terms
Security measures implemented by the organisation to guarantee the privacy of the data:
https://gsuite.google.com/terms/dpa_terms.html?_ga=2.68926419.-399587139.1532617701
Security measures implemented by the organisation to guarantee the privacy of the data:
https://cloud.google.com/security/gdpr/
Google Drive
URL: drive.google.com (access via API)
- Service: Document conversion to PDF format
Converting documents sent through Moodle to PDF format (more information)
- Service [Optional]: Access to the proprietary Google Drive repository
Objective: Uploading files to Moodle from your the user's Google Drive profile (more information)
Google Maps
Service: Geographical location of IP addresses
URL: maps.google.com (access via API)
Objective: Geographically locating the IP addresses of the Moodle activity records (more information).
Shared data: IP address
Gmail [Optional]
Service: Management of emails sent to Moodle (more information)
URL: mail.google.com (access via API)
Shared data: Emails sent to Moodle (email address and content)
Objectives:
- Uploading files to the Moodle private area via email (more information)
- Publication of answers on Moodle forums via email (more information)
ExLibris [Optional]
Organisation: ExLibris (ProQuest)
Organisation information: https://www.exlibrisgroup.com/en/products/campusm/
Service: CampusM
Objective: Sending of push notifications to mobile devices through the Konet app of Mondragon Unibertsitatea
Shared data: telephone number
Organisation's DPO email address: dpo@exlibrisgroup.com
URL of the organisation's privacy policy:
https://trust.exlibrisgroup.com/gdpr/
Other external services with access to data
Google Analytics
Organisation: Google Inc.
Objective: Obtaining statistical data on the use of Moodle
Shared data: anonymous IP addresses
Moodle [optional]
Organisation: Moodle HQ
Organisation information: https://moodle.com/about/
Service: AirNotifier
URL: https://messages.moodle.net
Objective: Sending of push notifications to Android and iOS mobile devices that make use of the official Moodle app
Shared data:
For each message which the AirNotifier accepts from a Moodle site, it processes but does not store or record the message data, it just reroutes it to Google or Apple. The message data includes: recipient’s name and id, sender’s name and id, time of sending, subject of message, message content and summary, device id platform.
The AirNotifier service is a conduit for relaying mobile notifications from Moodle sites to Google or Apple for delivery to the Moodle Mobile App on the end users phone.
To facilitate this, the AirNotifier requires the Moodle site to register and connect with a token. The device type and id of the recipient is used to route the message to Google and Apple as appropriate. Both Google and Apple have confirmed that they cannot access or view the message data.
URL of the organisation's privacy policy: https://moodle.net/mod/page/view.php?id=29
YouTube [Optional]
Organisation: YouTube (Google)
Service: search of videos on YouTube
Objective: search and insertion in Moodle of YouTube videos (more information)
Dropbox [Optional]
Organisation: Dropbox
Organisation information: https://www.dropbox.com/about
Service: access to the proprietary Dropbox repository
Objective: Upload of files to Moodle from the user's Dropbox profile (more information)
URL of the organisation's privacy policy: https://www.dropbox.com/security/GDPR
Mozilla [Optional]
Organisation: Mozilla
Organisation information: https://www.mozilla.org/about/
Service: Mozilla Backpack
URL: https://backpack.openbadges.org/
Objective: Exporting and sharing badges in Moodle (more information)
Summary
Privacy Policy
Full policy
You can see our privacy policy in the next link:
https://www.mondragon.edu/en/privacy-policy
Compliance with the duty of the person responsible to inform the application criteria and legal texts.
In accordance with Organic Act 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights, and the European Parliament and Council (EU) Regulation 2016/679, of 27 April (“General Data Protection Regulations” or “RGPD”), this Privacy Policy applies to the processing of personal data that Mondragon Unibertsitatea S.COOP. – hereinafter, Mondragon Unibertsitatea – performs as the Person Responsible, in relation to data on the users (natural persons) collected in any of the sections of the website.
If you do not agree with the terms of this Policy, please do not access or use the Services. This Privacy Policy is not applicable to any other product, service or activity of third parties.
PERSON RESPONSIBLE FOR THE PROCESSING OF YOUR DATA.
- Corporate Name: Mondragon Unibertsitatea (Mondragon Unibertsitatea)
- Address: Loramendi, 4, 20500 Arrasate / Mondragon.
- NIF: F20560991
- Email: info@mondragon.edu
- Registration information: Registration of University Centres and Degrees of the Ministry of Education: No. 061
PURPOSES OF DATA PROCESSING
Your personal data shall be used for the generic purpose of the management and administration of the website and specifically for the following purposes:
- To manage and administer the services made available through the Web for the community that makes up Mondragon Unibertsitatea (students, teachers, etc.).
- To disseminate the actions carried out by Mondragon Unibertsitatea.
- To manage and administer the online courses of Mondragon Unibertsitatea.
- To communicate with the users in response to requests, pre-registrations, comments and questions made through the contact forms on our website (including emails, phone calls, etc.).
- To send commercial communications about the training catalogue and other information of Mondragon Unibertsitatea.
We shall not process your personal data for any other purpose beyond those described above unless such processing is imposed by law or there is a judicial requirement.
The requests for information that you send us require that the interested party voluntarily provide us with the necessary information to be able to assist you or provide you with the Services. The obligation or need to provide us with these data shall be marked with an asterisk (*) in the forms or sections corresponding to each service.
Nevertheless, the interested party may freely refuse to provide us with these data or, subsequently, revoke the consent previously granted to process their data, although this refusal shall imply the impossibility for us to address your request or provide you the service in question.
Mondragon Unibertsitatea understands that, by providing us with these data, the interested party guarantees and is responsible for the veracity, timeliness and accuracy thereof and that it expressly accepts and consents to its processing for the purposes described above.
DURATION OF THE DATA PROCESSING
Mondragon Unibertsitatea shall keep and process the personal data collected for sending information, commercial communications, and newsletters (where applicable), from the moment the user gives their consent until the moment they request, cancel or withdraw their consent for data processing.
In the case of training actions, whether for regulated, university or professional training or any other type of training, the data shall be kept for as long as the agreement is in force. Once this relationship is finalised, where applicable, the data may be kept for the time required by the applicable legislation and until the expiry of any possible liabilities arising from the agreement.
Regarding administration and invoicing data, they shall be kept according to the reference regulations.
DATA PROCESSING LEGITIMACY
The legal basis for the treatment of data is legitimation based on the consent of the interested party for the purposes described above, which shall be requested at the time of:
- proceeding to process their data.
- including their data in our forms.
The registration on the website and the requests for information that you send us require that the interested person voluntarily provide us with the necessary information to be able to assist you or provide you with the Services. Nevertheless, the interested party may freely refuse to provide us with these data or, subsequently, revoke the consent previously granted to process their data, although this refusal shall imply the impossibility for us to address your request or continue with the registration in our platform.
Similarly, we may process your data based on the existing contractual relationship at the time of formalisation of the enrolment in relation to the services made available on the Web (online training, pre-registration, registration, etc.)
Mondragon Unibertsitatea understands that, by providing us with these data, the interested party guarantees and is responsible for the veracity, timeliness and accuracy thereof and that it expressly accepts and consents to its processing for the purposes described above.
Mondragon Unibertsitatea may send commercial or promotional offers on the services of Mondragon Unibertsitatea during the validity of the relation therewith and even after its termination, through email or an equivalent means of electronic communication.
Possibility of withdrawing consent: The user has the right to withdraw their consent at any time, without affecting the legality of the treatment based on the consent prior to said withdrawal. Similarly, the user may object at any time to the reception of any electronic communication made from Mondragon Unibertsitatea.
RECIPIENTS OF ASSIGNMENTS OR TRANSFERS.
Mondragon Unibertsitatea shall transfer its personal data to the cooperatives that make up the Cooperative University: Mondragon Goi Eskola Politeknikoa “Jose Maria Arizmendiarrieta” S.Coop., MU Enpresagintza S.Coop., Irakasle Eskola S.Coop and Basque Culinary Centre Hezkuntza Fundazioa in order to address the requests made through the Web and always related to the specific purposes established in this Privacy Policy.
In no other case shall Mondragon Unibertsitatea transfer its personal data to third parties, unless it is legally bound to do so (Public Administration related to Education, Tax Authorities, etc.) or you have expressly authorised it to do so.
Similarly, Mondragon Unibertsitatea may use different services or technology providers considered in accordance with data protection regulations as processing managers and for providers outside the EU, they will meet the requirements for possible international data transfers.SOCIAL NETWORKS
Mondragon Unibertsitatea has different social network profiles (Facebook, Twitter, etc.) for the dissemination of content related to Mondragon Unibertsitatea, as well as for providing users with a means of contact. Mondragon Unibertsitatea is responsible for the processing of the data of its followers and contacts on social networks. Nevertheless, to the extent that the processing of personal data takes place within the framework of social networks whose suppliers impose operating rules, the obligations of Mondragon Unibertsitatea shall be limited to those aspects in which it is free to act. In no case shall Mondragon Unibertsitatea extract data from social networks, make profiles of its users or collect additional personal data related to tastes, hobbies or mode of use of social networks, without the express consent of those affected.
RIGHTS OF THE INTERESTED PERSONS.
All persons have the right to obtain confirmation on whether Mondragon Unibertsitatea shall process personal data concerning them or otherwise. In particular, you can exercise the following rights before Mondragon Unibertsitatea:
- Right of access: It allows the interested party to know and obtain information about their personal data submitted to processing.
- Right to rectification: it allows users to correct errors, modify the data that prove to be inaccurate or incomplete, and guarantee the certainty of the information under processing.
- Right to restriction: It allows users to request the elimination of the data under processing when they are no longer necessary.
- Right to opposition: The right of the interested party not to carry out the processing of their personal data or to cease it, except for legitimate reasons or for the exercise or defence of possible claims, in which case we shall keep them blocked during the corresponding term while the legal obligations persist.
- Right to oppose the sending of advertising: The interested parties may oppose the sending of commercial communications by Mondragon Unibertsitatea. In this case, they may at any time revoke their consent to the receipt of these notifications using the mechanism implemented for that purpose or by sending a letter with the subject “Baja” (“Withdrawal”) to dpo@mondragon.edu
- Limitation of processing: In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case they shall only be kept for the exercise or defence of claims.
- Data portability: The interested persons may request the receipt of the data that they have and that they have provided or that – where it is technically possible – we send them to another person responsible for processing of their choice, in a structured format of common use and mechanical reading.
- Right not to be the subject of automated individual decisions (including profiling): The right not to be the subject of a decision based on automated processing, which produces effects or significantly affects them.
If you wish to exercise any of the rights described above, please send us a letter with all your information, including your DNI/ID No. to: Loramendi, 4, 20500 Arrasate / Mondragon or through the email dpo@mondragon.edu
You can also contact our Data Protection Delegate (DPO) through the following address or email: dpo@mondragon.edu
Possibility of making a claim before the Control Authority: Mondragon Unibertsitatea also informs you of your right to file a claim at the Spanish Agency for Data Protection (www.agpd.es) if you consider that the processing does not comply with current regulations.