1. ENROPE STATEMENT ON PRIVACY
This document addresses privacy aspects in ENROPE, whereby ENROPE refers to the Platform and related services. ENROPE collects different types of data from the user: personal information, log information and non personally-identifiable information, and information about the user activities.
The ENROPE platform and related services ensure that data is tracked and stored only for ENROPE purposes and treated in accordance with the EU directive.
The ENROPE platform may contain links to external websites published by other content providers. These other websites are not under our control and we encourage you to review the privacy policies of each website you visit and use.
1.1 Definition of personal information
Personal information is information which you provide to ENROPE which personally identifies you, such as your name, email address or other data which can be reasonably linked to such information. You provide this when you register as a user.
ENROPE acts in accordance with European legislation for collection and treatment of personal data, and in particular ENROPE aims to follow the principles of the OECD Privacy Framework (OECD, 2013):
Data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject;
Personal data should be relevant to the purposes for which they are to be used, and to the extent necessary for those purposes. Data should be accurate, complete and kept up-to-date;
The purposes for which personal data are collected should be specified not later than at the time of data collection;
Personal data should not be disclosed, made available or used for purposes other than specified – except with the consent of the data subject or by the authority of the law;
Personal data should be protected by reasonable security safeguards against loss or unauthorised access, destruction, use, modification or disclosure;
Information on the existence and nature of personal data, purpose of their use and the identity and location of the data controller should be available.
Please read this notice carefully to understand what we do with the information you leave through your navigation in ENROPE.
2. COLLECTION OF INFORMATION
2.1 Data collected in ENROPE can be of two types:
Data provided by the user, i.e. through registration forms, mail contacts etc.
Data collected through the use of ENROPE services, i.e. navigation, activities, games.
When you create content or information using different content types, be aware that you are allowing everyone, to access and use that information, and to associate it with you (i.e., your username and profile picture).
2.1.1 Personal information - when a user registers in ENROPE platform, the following data is being collected and stored: full name, email address and role.
Personal information is collected and used with the following purposes:
to provide, maintain, protect and improve the quality of the Platform and the content that ENROPE offers; this includes conducting anonymised user research;
to provide you with personalised feedback;
to conduct evidence-based pedagogical improvements;
for purposes of scientific research, mainly in the areas of technology-enhanced learning;
to manage your account that you hold with us;
to allow you to make full use of ENROPE features and services.
Personal information is managed by Tallinn University and stored in secured servers. ENROPE has put in place technical and organisational security measures to prevent the loss or unauthorised access of users’ personal information.
2.1.2 Tracking ENROPE tracks user activities related to participation in our platform
2.2. No individual analytics will be knowingly made available to other people outside ENROPE.
3.1. The ENROPE platform is hosted on servers located in Estonia. Data concerning registration to the Platform, platform cookies, data related to game results are all collected and stored on those servers. Since Estonia belongs to the European Economic Area (EEA), the EEA legislation on privacy and the protection of personal data has been implemented. However, some usage data - mainly concerning analytics and client-side error tracking - may be stored in non-EU (e.g., Switzerland) or non-European Countries (e.g., United States). All of that data is anonymous and cannot be directly associated with users of the platform.
3.1.1 When registering, you are asked for consent before any data is collected, in accordance with the European Union (EU) Data Protection Directive 95/46/EC.
3.1.2 Registration is not allowed without user consent to Privacy and Terms and Conditions policies.
3.1.3 The Platform may, from time to time, contain links to the websites of third parties. If you follow a link to any of these websites, please bear in mind that these websites have their own privacy policies and that we do not accept responsibility or liability for any of these policies. Please check these policies before you submit any personal information to these websites.
4. YOUR RIGHTS
4.1. You have the right to know what kind of data is being collected about you and for what purposes, how your data are processed, and this information must be available in a clear and understandable way.
4.2. You have the right to cancel or correct any information in your user profile. This does not include anonymous information that has already been collected (e.g., reports, scientific publications).
4.3. You have the right to unsubscribe from the Platform and email communications.
4.4. You have the right to be treated with respect, regardless of race, religion, gender, sexual orientation, maternity, marital or family status, disability, age or national origin.
4.5. You have the choice to use an anonymous name or your clear name when registering as display name.
5.1. ENROPE cares for your privacy and procedural and technological measures are in place to protect your Personal Information. Such procedures protect the confidentiality of the personal information or user traffic that ENROPE creates, receives, stores and transmits.
5.2. ENROPE has done all in its power to ensure that all the requisite technical and organisational security measures to prevent unauthorised access to users’ personal information are in place. As far as security measures under the direct control of ENROPE are concerned, we ensure:
Authenticated access control using a password - all administrator users accessing the system will be required to use passwords;
Security Socket Layer - SSL "Secure Sockets Layer" installed (see 7.);
Regular back-ups of the system
5.2. ENROPE protects all stored data from misuse and respects the rights of the data owners which are guaranteed by the European Union's (EU) Data Protection Directive 95/46/EC.
5.3. ENROPE protects all personal data no matter where it is sent, processed or stored, even outside the EU, and therefore must comply with the EU standard contractual clauses.
5.5. ENROPE may disclose your Personal Information only:
(a) if we are required to do so by law, regulation or other government authority or otherwise in cooperation with an investigation of a governmental authority;
(b) to enforce the ENROPE Terms and Conditions of Use;
(c) to protect the safety of users of the ENROPE platform and services.
6. COOKIES AND SIMILAR TECHNOLOGIES
Cookie name(s): __utma, __utmb, __utmc, __utmv, __utmz are for example the names of Cookies used by Google Analytics; laravel_session is the name of the Cookie used by ENROPE to identify any authenticated users.
Data stored: A random unique number or string of letters and numbers to identify your browser, the times and dates that you interacted with the site recently and the marketing materials or referring pages that led you to the site.
Expiry: Some cookies have no expiration date. Others are deleted after certain amount of days and the moment you close your browser.
Web storage features:
Both Session Storage and Local Storage are used in addition to Cookies, those store certain data on the client side that is not directly need to be accessed on the backend server side.
Examples: Cookie Consent is stored within Local Storage in order not to show the consent screen again to the same user on the same device.
Expiry: Any entries from Session Storage will be deleted as soon as the browser is closed. Local storage would be stored for a longer period of time that could either be explicitly deleted by the user, from browser settings, or by the browser, in case there is a need for that.
6.2. ENROPE uses Google Analytics. Google Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us see how our Platform is used. The data collected by Google Analytics is used to analyse how frequently the same people revisit the Platform, how the Platform is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from other users to create an overall picture of Platform use.
7. ENROPE uses Secure Sockets Layer (SSL). The Secure Sockets Layer is a protocol that aims to allow the applications to transmit information in a secure and protected way. The applications that use the SSL certificates are able to manage sending and receiving of the protection keys, and encrypt and decrypt information transmitted using the same keys. In this way, all sensitive data that travels inside the Platform maintains a heightened level of security. The same SSL certificate technology is used by ENROPE partners when communication between different platforms is needed; this keeps the data transfer secure not only within the ENROPE platform but also when transferring data to and from the partner platforms.
For any additional information please contact: firstname.lastname@example.org
Effective as of 01/10/2018