List of active policies

Name Type User consent
Conditions of access to the site Site policy Authenticated users
Privacy, security and personal data Privacy policy Authenticated users
Policy of access to data by third parties Third parties policy Authenticated users

Summary

This policy defines the terms and conditions you must accpet to access and use the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle) and the good use you must do of it, specifically about this key aspects:

  • Username and password
  • Good use and respect among users
  • Regarding Intellectual Property
  • Correct use of technology services and resources
  • Accuracy of personal data
  • Cookies and browsing data
  • Legal age

Full policy

Conditions of access to the site

 

Access to the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle) and its use necessarily implies the full and unreserved acceptance of all provisions contained in this document, which you issue when you expressly consent by marking this policy’s checkbox. In any case, access to and use of the materials that are contained in MUdle implies that the user has read and accepts, without reservations, their conditions of access and use.

This document contains the general conditions of access and use of MUdle. Acceptance of these conditions of use is essential to access MUdle and use its benefits. In the event of noncompliance, Mondragon Unibertsitatea may deny, withdraw, suspend or block access to MUdle and the services provided through it.

Therefore, please read carefully the following conditions, which are applicable to all users of MUdle, including both students and staff of Mondragon Unibertsitatea as guests.

Good use

Username and password

To access MUdle, all users have a personal username and password. Access to MUdle includes the use of the contents and services that are made available to its members, according to the specific profile assigned to each one. This access is individual, personal, and non-transferable. The user agrees to keep confidential the identification (password) of which the user is the owner. Any actions performed using a given password are considered as performed by its owner. The user shall be responsible for any activity or misuse that a third party carries out through such identification with their consent or due to their negligence. The user agrees to notify the loss of this identification or use by third parties with the greatest possible brevity, as soon as such loss or use is detected. The user also agrees not to access or attempt to access spaces to which they do not have access using their own profile.

Good use and respect among users

The user undertakes to use the contents and services of MUdle in a correct manner, in accordance with the provisions of current legislation and avoiding any illegal or harmful action of rights or interests of third parties. In particular, the following are considered incorrect uses:

Private or commercial use of resources, platforms, or courses.

Inclusion, transmission or dissemination of any content that is illegal, defamatory, offensive or that threaten the values and dignity of people.

Use, whether in the form of reproduction, public communication or distribution, of materials that violate intellectual property rights.

Failure to comply with the regulations on personal data protection.

Each user undertakes to comply with a respectful attitude a language in communications with other users in both public and private spaces. They also undertake to maintain the confidentiality of private communications and not to make available to third parties data obtained through distribution lists or in the public spaces of MUdle.

Regarding Intellectual Property

The ownership of the intellectual property rights of the contents stored in MUdle corresponds to their authors or to whomever holds the exploitation rights as indicated.

Mondragon Unibertsitatea offers members of the university community and other authorised users a set of tools integrated in MUdle, which users can use to host or link to different contents. Users of MUdle must make a rational use of them and use them to satisfy their information and communication needs with an exclusively academic teaching/student, research or management purpose, without exploiting said contents collectively or commercially.

Consequently, MUdle users are able to view these contents according to the profile assigned thereto. Consequently, MUdle users are able to view these contents according to the profile assigned thereto. Users can only use academic content for personal use and are not able to reuse such content outside this area, except in cases where this is expressly indicated by the corresponding licence or notice of use. The materials available in MUdle on which the faculty or Mondragon Unibertsitatea does not hold intellectual property rights are only offered under the limits of the author’s rights provided in the legislation in force, by having the corresponding licence or authorisation, or because they are in the public domain.

MUdle contains links or hyperlinks that lead to other websites managed by third parties unrelated to Mondragon Unibertsitatea. Therefore, Mondragon Unibertsitatea cannot guarantee the content or information that is collected in said websites or its accuracy or updates, nor shall it be responsible for them.

Mondragon Unibertsitatea, in its capacity as administrator of MUdle, reserves the right to examine the contents stored in MUdle in case of receiving a request for removal of any content that is illegal or that violates copyright law.

Correct use of technology services and resources

In accordance with the academic nature of MUdle, the services provided shall only be used for academic purposes and never for commercial purposes. In particular, the user undertakes not to use the email address or public spaces of MUdle for commercial or advertising purposes.

Similarly, the user undertakes not to harm, directly or indirectly, or to jeopardise the smooth operation of MUdle, computer services, and shared technological resources that configure it, as well as not interfering in the correct use of these systems and resources by third parties.

Accuracy of personal data

The user is responsible for ensuring the accuracy and updating the information regarding personal data provided and that are incorporated into MUdle, as well as undertaking not to falsify their identity or committing acts of deception on their relationship with another person or entity.

Cookies and browsing data

This website uses its own cookies to manage the sessions of registered users and to improve its user experience. Third-party cookies are also used to collect anonymous information in order to obtain information on the use of our website. Any action other than blocking them implies consent for their installation and use.

In addition, certain activities may contain links to third-party websites. The use of cookies made by these external pages does not depend on Mondragon Unibertsitatea and shall be subject to its own use policy.

Legal age

MUdle services are not intended for people under 16 years of age. By accepting these conditions, you also state that your age is at least 16 years old. We do not intentionally collect information (including personal data) on children or other persons who not legally use MUdle. If we are aware of collecting any personal data from a minor, we shall proceed to its removal, unless we are legally required to keep such data.


Summary

This is the privacy, security and personal data policy of the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle). It defines the usage given to the personal data, the security measures we adopt to ensure its protection and the rights the user has, specifically this aspects:

  • Datuen Babeserako Ordezkaria (DPO Officer)
  • Zeintzuk dira biltzen diren datuak?
  • Zein da bildutako datuekin egiten den erabilera?
  • Nork du datuetarako sarbidea?
  • Noiz arte gordetzen dira datuak?
  • Zeintzuk dira zure eskubideak?

Full policy

Privacy, security and personal data

 

At Mondragon Unibertsitatea, we take privacy seriously and take all reasonable measures to protect your personal information. We do not share or distribute your personal information (including your email address), but in order to provide access to the service, we must collect and store certain personal information. By law, we may also request certain personal information.

The general privacy policy of Mondragon Unibertsitatea (available at https://www.mondragon.edu/en/privacy-policy ) also applies to MUdle, so here only are mentioned details regarding to this specific service.

We register in the logs of our servers the IP addresses, URLs visited and associated information of all users for analytical and statistical purposes. We use cookies to keep user names and sessions open, as well as to collect website traffic statistical information anonymously.

We adopt technical, physical and administrative security measures designed to provide reasonable protection of your personal data against loss, misuse, unauthorised access, disclosure and alteration thereof. These security measures include firewalls, data encryption, physical access controls relating to our data centres, and authorisation controls on access to information. Although we strive to maintain the security of our systems and services, it is your responsibility to maintain the privacy of your passwords and registration information of your profile or Account.

The following are some of the measures adopted by us to guarantee the privacy and security of the website and its data:

  • Security backup policy: we regularly make backup copies of the website in order to guarantee the recovery thereof in case of possible incidents.
  • Safe browsing: all site browsing is done through secure protocols (HTTPS, SSL, TLS, HSTS).
  •  

If you have any questions about these practices or the use we make of your personal information, please write to dpo@mondragon.edu.

Data Protection Officer (DPO Officer)

The contact address of the data protection officer of Mondragon Unibertsitatea is dpo@mondragon.edu. Please use this address to contact us and if you wish to exercise any of the rights in the regulation relating to you as the user. Mondragon Unibertsitatea also informs you of your right to file a claim with the Spanish Agency for Data Protection (www.agpd.es) if you consider that the processing does not comply with current regulations.

 

What data are collected?

In order to provide the MUdle service at https://mudle.mondragon.edu and https://online.mondragon.edu, we may share certain information with third parties as detailed later in this document.

In any case, MUdle does not collect specially protected personal data, only the data essential to provide the service: full name, email address, and access IP.

What use is given to the collected data?

The purpose of the data collected is only to offer the MUdle service, thereby excluding any other use of the data, such as for commercial or marketing purposes and research purposes.

The Moodle platform offers a Learning Analytics tool (more information) in a native way, and it is possible that the data collected in Moodle is used through this tool, always for academic purposes.

Who has access to the data?

The data collected in MUdle are accessible to the following people, roles, and organisations:

  • Teaching staff (each in their field), for academic purposes
  • Administrative staff, for management purposes or support to the teaching staff
  • Members of Mondragon Unibertsitatea, for purely statistical purposes
  • Some entities external to Mondragon Unibertsitatea have access to some data as detailed below.

For how long will the data be kept?

Your data will be processed and maintained for as long as the user is active on the platform. Once the account is closed, where appropriate, the data may be kept properly locked for the time required by applicable law and, where appropriate, until the expiry of possible responsibilities related to the processing of your data, or to meet any requirement of the Public Administrations, Courts, the and Public Prosecutor’s Office.

What rights do you have?

The user can exercise the following rights at Mondragon Unibertsitatea:

Right of access: it allows the interested party to know and obtain information about their personal data submitted to processing.

Right of rectification: it allows the interested party to correct errors, modify data deemed inaccurate or incomplete, and guarantee the certainty of the information subject to processing.

Right of suppression: it allows the interested party to request the deletion of the data subject to processing when they are no longer necessary.

Right of opposition: the right of the interested party to decline the processing of their personal data or to cease it, except for legitimate reasons or for the exercise of or defence against possible claims, in which case the data shall be kept locked during the corresponding period while the legal obligations persist.

Right to oppose the sending of advertising: the interested parties may oppose the sending of commercial communications by Mondragon Unibertsitatea. In this case, they may revoke their consent at any time to receive these notifications using the mechanism implemented for that purpose, or by sending a letter with the subject “Unsubscribe” to pribatutasuna@mondragon.edu.

Limitation of the processing: In certain circumstances, the interested party may request the limitation of the processing of their data, in which case they shall only be kept for the exercise of or defence against claims.

Portability of the data: the interested party can request the receipt of data relating to them that they have provided, whenever this is technically possible. The data shall be submitted to another processing entity of their choice, in a structured format of common use and mechanical reading.

Right not to be the subject of automated individual decisions (including preparation of profiles): the right not to be the subject of a decision based on automated processing that produces effects or significantly affects them.

If you wish to exercise any of the rights described above, please send us a letter with all your information, including your DNI/ID No. to: Loramendi, 4, 20500 Arrasate/Mondragon or by email to dpo@mondragon.edu.


Summary

This policy defines which external agents have access to data of the Moodle service of Mondragon Unibertsitatea (hereinafter, MUdle), and details which data can access each of them, specifically these ones:

  • External services with access to Personal Data
    • Turnitin
    • Google
      • Google Drive
      • Google Maps
      • Gmail [aukerazkoa]
    • ExLibris [aukerazkoa]
  • Other external services with access to data
    • Google Analytics
    • Moodle [aukerazkoa]
    • YouTube [aukerazkoa]
    • Dropbox [aukerazkoa]
    • Mozilla [aukerazkoa]

Full policy


Policy of access to data by third parties

In order to provide the MUdle service at https://mudle.mondragon.edu and https://online.mondragon.edu, we share certain information with the external agents described below. This information shall always be the minimum necessary for the service, and mechanisms of anonymity shall be established whenever possible.

Mondragon Unibertsitatea has agreements with these external agents to guarantee that the use made of said data is adequate and that the security of said data is guaranteed. Conversely, it is possible that some of them have their own EULA (End User License Agreement), which each user should read and accept, where necessary.

Integrated services

By means of your username and password, it is possible that you are given access or registration to services provided by third parties (each of them an "Integrated Service”), such as your Google account, or that you have the possibility of authorising an Integrated Service to give us access to personal information or other information. By authorising the connection with an Integrated Service, you authorise the access and storage of your name, email address and basic information of your profile provided by such Integrated Service, as well as the use and disclosure of said information, in accordance with this policy. You should check your privacy settings in each Integrated Service to understand what information the Integrated Service provides us and to make any adjustments you deem necessary. Please carefully review the terms of use and privacy policies of each Integrated Service before connecting it to our Service.

External services with access to Personal Data
Turnitin

Organisation: Turnitin, LLC

Organisation information: http://turnitin.com/en_us/about-us/our-company

Service: originality measurement and plagiarism control system

URL: https://www.turnitin.com/

Objective:

All personal data we process is directly linked to a specific purpose, such as requesting access to our academic content database, or requesting web content (i.e. a newsletter, case study, video, etc.)

Shared data: name, surname, email address, role in Moodle, and content of the submission

Organisation’s DPO email address: DPO@turnitin.com

URL of the organisation’s privacy policy: https://guides.turnitin.com/Privacy_and_Security#Privacy_Policy

Security measures implemented by the organisation to guarantee the privacy of the data:

The GDPR states that you must have a contract in place with Turnitin that is GDPR compliant. You are required to ensure that all your suppliers who act as data processors are GDPR compliant. Turnitin is involved in the same process with its suppliers.

To make this process as easy as possible for customers,
Turnitin will amend its Registration Agreement to incorporate all relevant changes from 25 May on your behalf. This means that you won’t need to send us a contract amendment, and no further action is required from you as far as your Turnitin contract is concerned. The updated Terms of Service can be viewed in our new Privacy Centre here.

Security measures implemented by the organisation to guarantee the privacy of the data: https://guides.turnitin.com/Privacy_and_Security

Method for requesting/exporting the data: DPO@turnitin.com

Notes: to enable its use, you must accept a specific EULA.

Google

Organisation: Google Inc.

Organisation information: https://about.google/

URL of the organisation's privacy policy: https://cloud.google.com/terms/data-processing-terms

Security measures implemented by the organisation to guarantee the privacy of the data:

https://gsuite.google.com/terms/dpa_terms.html?_ga=2.68926419.-399587139.1532617701

Security measures implemented by the organisation to guarantee the privacy of the data:

https://cloud.google.com/security/gdpr/

Google Drive

URL: drive.google.com (access via API)

  • Service: Document conversion to PDF format

Converting documents sent through Moodle to PDF format (more information)

  • Service [Optional]: Access to the proprietary Google Drive repository

Objective: Uploading files to Moodle from your the user's Google Drive profile (more information)

Google Maps

Service: Geographical location of IP addresses

URL: maps.google.com (access via API)

Objective: Geographically locating the IP addresses of the Moodle activity records (more information).

Shared data: IP address

Gmail [Optional]

Service: Management of emails sent to Moodle (more information)

URL: mail.google.com (access via API)

Shared data: Emails sent to Moodle (email address and content)

Objectives:

ExLibris [Optional]

Organisation: ExLibris (ProQuest)

Organisation information: https://www.exlibrisgroup.com/en/products/campusm/

Service: CampusM

Objective: Sending of push notifications to mobile devices through the Konet app of Mondragon Unibertsitatea

Shared data: telephone number

Organisation's DPO email address: dpo@exlibrisgroup.com

URL of the organisation's privacy policy:

https://trust.exlibrisgroup.com/gdpr/

 

Other external services with access to data
Google Analytics

Organisation: Google Inc.

Objective: Obtaining statistical data on the use of Moodle

Shared data: anonymous IP addresses

Moodle [optional]

Organisation: Moodle HQ

Organisation information: https://moodle.com/about/

Service: AirNotifier

URL: https://messages.moodle.net

Objective: Sending of push notifications to Android and iOS mobile devices that make use of the official Moodle app

Shared data:

For each message which the AirNotifier accepts from a Moodle site, it processes but does not store or record the message data, it just reroutes it to Google or Apple. The message data includes: recipient’s name and id, sender’s name and id, time of sending, subject of message, message content and summary, device id platform.

The AirNotifier service is a conduit for relaying mobile notifications from Moodle sites to Google or Apple for delivery to the Moodle Mobile App on the end users phone.

To facilitate this, the AirNotifier requires the Moodle site to register and connect with a token. The device type and id of the recipient is used to route the message to Google and Apple as appropriate. Both Google and Apple have confirmed that they cannot access or view the message data.

URL of the organisation's privacy policy: https://moodle.net/mod/page/view.php?id=29

YouTube [Optional]

Organisation: YouTube (Google)

Service: search of videos on YouTube

Objective: search and insertion in Moodle of YouTube videos (more information)

Dropbox [Optional]

Organisation: Dropbox

Organisation information: https://www.dropbox.com/about

Service: access to the proprietary Dropbox repository

Objective: Upload of files to Moodle from the user's Dropbox profile (more information)

URL of the organisation's privacy policy: https://www.dropbox.com/security/GDPR

Mozilla [Optional]

Organisation: Mozilla

Organisation information: https://www.mozilla.org/about/

Service: Mozilla Backpack

URL: https://backpack.openbadges.org/

Objective: Exporting and sharing badges in Moodle (more information)