From 2b7024fe8f696c2253e30ba90cdc4f0338adc60b Mon Sep 17 00:00:00 2001 From: Antti Leinonen Date: Wed, 17 Apr 2024 22:42:16 +0300 Subject: [PATCH] Add English translation of privacy policy (#1255) * Add English translation of privacy policy --- frontend/components/Home/FAQ/Common.tsx | 4 + .../components/NewLayout/Footer/Footer.tsx | 10 +- .../public/md_pages/faq/privacy-notice.md | 118 ++++++++++++++++++ .../md_pages/faq/tietosuojaseloste_en.mdx | 6 +- 4 files changed, 129 insertions(+), 9 deletions(-) create mode 100644 frontend/public/md_pages/faq/privacy-notice.md diff --git a/frontend/components/Home/FAQ/Common.tsx b/frontend/components/Home/FAQ/Common.tsx index 74fb68ba8..a9260889f 100644 --- a/frontend/components/Home/FAQ/Common.tsx +++ b/frontend/components/Home/FAQ/Common.tsx @@ -70,6 +70,7 @@ export const ContentBox = styled("div")` export const Title = styled(Typography)` margin-bottom: 0.4em; padding: 1rem; + justify-content: center; ` as typeof Typography export const TitleBackground = styled("div")` @@ -78,6 +79,9 @@ export const TitleBackground = styled("div")` margin-left: auto; margin-right: auto; margin-bottom: 1em; + @media (max-width: 600px) { + max-width: 100%; + } ` export const IngressBackground = styled(TitleBackground)` diff --git a/frontend/components/NewLayout/Footer/Footer.tsx b/frontend/components/NewLayout/Footer/Footer.tsx index 6fc0326eb..b3c29e90d 100644 --- a/frontend/components/NewLayout/Footer/Footer.tsx +++ b/frontend/components/NewLayout/Footer/Footer.tsx @@ -379,12 +379,10 @@ const Footer = () => { - {locale === "fi" && ( - - {t("privacyPolicy")} - - - )} + + {t("privacyPolicy")} + + This site is maintained by the University of Helsinki's MOOC center diff --git a/frontend/public/md_pages/faq/privacy-notice.md b/frontend/public/md_pages/faq/privacy-notice.md new file mode 100644 index 000000000..ba1bf874d --- /dev/null +++ b/frontend/public/md_pages/faq/privacy-notice.md @@ -0,0 +1,118 @@ +# Privacy notice + +This privacy notice for the MOOC.fi service is a description of the general principles for processing personal information and the rights of the users of the courses accessible with MOOC.fi usernames. Some individual courses, which may be located at their own web addresses, may have more detailed privacy notices that complement or replace this privacy notice. + +The MOOC.fi portal may also include links to courses on other platforms. These principles for processing personal information do not apply to such external systems, where MOOC.fi usernames are not valid. + +### 1. Controllers + +The University of Helsinki, the MOOC Centre at the University of Helsinki + +### 2. Contact address for matters concerning the register + +mooc@cs.helsinki.fi + +### 3. Contact details for the person in charge of data protection at the University of Helsinki + +tietosuoja@helsinki.fi + +### 4. Purpose of processing of personal data and legal basis for processing + +The open online courses of this service need your personal data for the following purposes: +- Management of access rights +- Teaching arrangements and decision-making regarding courses +- Student counselling +- Registration for courses +- Returning, assessing, and registering course credits +- Drawing up separate certificates for MOOC courses +- Further development of teaching +- Marketing communications related to studies +- Communication with students regarding life-long learning and services supporting employment +- Scientific research or statistics +- Identification of plagiarism + +#### The controller’s right to process personal data is based on +- Tasks carried out in the public interest or by official authority (Article 6.1 e) +- Legal obligations (GDPR Article 6.1 +- In some cases, based on contract or consent (Article 6.1 a and b) + +### 5. Data contents of register +- **Full particulars**: the basic information students input when registering (such as name, email address, student number) +- **Information on studies**: data generated during the course, such as log data from using the course environment, handing in assignments, assignment assessments, and other information that users themselves input during course activities. + +Further, we use the Google Analytics service to analyse user behaviour on our site. + +### 6. Regulation information sources + +Data is gained from students themselves or from course teachers. + +### 7. Regulation release of data and recipient groups + +Personal data are primarily processed by course-teaching staff and employees of the MOOC Center (e.g. to solve technical problems and research aimed at developing courses/course systems further). + +The University of Helsinki may also use external controllers to process personal data, such as companies offering system services, which can process personal data on behalf of the University of Helsinki based on a commission agreement. + +The University of Helsinki may release necessary personal data on students to the following recipients via the national university data pool or directly: +- When registering course credits to other data systems at the University of Helsinki +- The Ministry of Education and Culture + +Furthermore, the University of Helsinki may release student data +- For scientific research +- To fulfil the requirements of the Act on the Openness of Government Activities or other legislation +- Other Finnish universities for transferral of credits in e.g. teaching collaborations +- With the student’s permission, to foreign universities, including outside EU or EEA countries for exchange studies and double or co-degree studies or to transfer credits +- With the student’s permission, contact details for student support purposes and other special purposes external to the universit + +### 8. Transferring data outside the EU or EEA + +It is the university’s data-protection policy to be especially careful if personal data is to be transferred outside the EU and the European Economic Area (EEA) to countries that do not offer the same data protection as the EU’s GDPR. + +Personal data is transferred outside the EU and EEA in accordance with the requirements of the data-protection regulations. The course servers may be located on the servers of international companies (at present, Google) within the EU and EEA. In such cases, the MOOC Center will draw up separate agreements on processing of personal data with the service provider. + +### 9. Principles for protection of the register + +The MOOC.fi system is protected with a combination of username/password and in accordance with data-protection principles in general use at the University of Helsinki. + +Personal data are encrypted when transferred over the network. Only people appointed to the task have access to the user register. These persons are bound to confidentiality. + +### 10. Storage period for personal data or criteria for storage period + +The controller can remove identifying data as needed, or users can ask to have their personal data removed from the register, but the data is not removed automatically + +Student data is retained in accordance with the scheme of the document administration at the University of Helsinki. Personal data are primarily stored for the period of time required for the implementation of the course, but there are also long-term course modules, where the data are retained for a longer time. + +### 11. Information on the existence of automatic decision-making or profiling, as well as on the logic of processing and its significance for the registered student + +The automatic assessment of assignments (automatic decision-making) is a necessary feature for the service offered (courses based on automatic feedback). The correctness of a programming assignment, for example, will be assessed automatically based on whether the student’s program passes the automatic tests that a teacher has set. If there is a fault in the automatic assessment, you can ask for it to be corrected primarily by contacting the teacher of the course or the address mooc@cs.helsinki.fi. + +Users are not profiled according to personal qualities. + +### 12. Rights of registered students + +Registered students have the following rights, unless the data protection legislation states otherwise: + +**The right to check and correct personal data (access rights to their own data)** + +_Identifying data_ may be checked and modified by logging into the service http://tmc.mooc.fi/ and clicking on your username at the top right and going to the tab _account settings_. You can check _Information on studies_ separately for each course by logging in to the course page. If the information on studies is incorrect, you can ask to have it corrected by sending a request to mooc@cs.helsinki.fi. + +**The right to have data deleted** + +To delete your username, please log in to the service http://tmc.mooc.fi/, click on your username at the top right and go to the tab _account settings_. Then click on the _delete username_ button at the bottom of the page. You will receive an email asking you to verify the deletion of your account. Then all your personal data will be deleted. Information on your studies may be retained in anonymous form even though your _identifying data_ have been deleted. + +**The right to limit processing** + +Registered students may ask to limit processing of their personal data in certain situations, until their data has been properly checked and corrected or complemented. + +**The right to object** + +In some cases, students have the right to object to the processing of their personal data at any time based on personal, exceptional situations + +**The right to transfer data from one system to another** + +In some cases, registered students have the right to receive the personal data they have given the controller in an organised, commonly used, and machine-readable format and to transfer the data to another controller + +**The right to make a complaint to the authorities** + +Registered students have the right to make a complaint, specifically to the local supervising authority of their place of residence or work, if they think it is in breach of the GDPR of the EU (2016/679). Furthermore, registered students have the right to use administrative appeals and other legal remedies. + +In requests to use registered students’ rights, we follow the controller’s information request process. \ No newline at end of file diff --git a/frontend/public/md_pages/faq/tietosuojaseloste_en.mdx b/frontend/public/md_pages/faq/tietosuojaseloste_en.mdx index 864dac33d..d3743991c 100644 --- a/frontend/public/md_pages/faq/tietosuojaseloste_en.mdx +++ b/frontend/public/md_pages/faq/tietosuojaseloste_en.mdx @@ -1,10 +1,10 @@ import {ContentBox, SectionBox, Note} from "/components/Home/FAQ/Common" -import PrivacyPolicy from "./tietosuojaseloste.md" +import PrivacyPolicy from "./privacy-notice.md" export const meta = { - title: "Tietosuojaseloste", -} \ No newline at end of file + title: "Privacy policy", +}