Data protection is a matter of confidence and your trust is important to us. We respect Swiss data protection legislation when we collect or use any data relating to your personal information, as detailed below. Your personal details are treated confidentially and only shared with third parties where necessary.
The EPFL Extension School Learner Platform
The EPFL Extension School learner platform, located at https://www.extensionschool.ch (referred to below as the "site"), uses a variety of third party services to develop and operate the service offering of the EPFL Extension School. The third parties with whom we work, including Google (for analytics and tags), may place cookies on your computer, if you choose to allow this, and the information that they collect through this method may be sent outside of Switzerland. We use other providers, as detailed below, for newsletter and electronic communications services, optimization and analysis services, as well as for infrastructure services and support.
When you access the site, various access data (e.g. IP address, date and time of access, name of the file accessed, etc.) are recorded in server log files. These data may be analyzed anonymously for purposes of statistics and performance. We and our service providers will also seek to place cookies - small text files - in the cache of your browser. You may choose to disable cookies by changing the settings in your browser, though our services may not function as they are designed to if you choose to do so and, as a result, you may not be able to follow our courses or programs. You can find more details about the specific cookies that may be placed in your browser cache in our Cookies table.
Our learner platform is built using a variety of third party service providers. Learner data is transferred to and may be stored with these third parties in order to provide services to you. To the degree possible, we work with Swiss or European service providers, or have selected service options within Europe/the EU. The specific service providers we use for the learning platform are:
- Heroku (https://www.heroku.com)
- Amazon Web Services (https://aws.amazon.com)
- Stripe (https://stripe.com)
- Mailjet (https://www.mailjet.com)
- Rollbar (https://rollbar.com)
- RoRvsWild (https://www.rorvswild.com)
If you have any specific questions about your personal data that shared with these service providers and/or how it is used by these service providers, please contact us at email@example.com.
Learner Enrollment Data
We are required to collect, process and store data related to our learners, which may include individuals who have begun but not completed the enrollment process for one of our courses or programs. This data includes the learner’s:
- Full name
- Date of birth
- Address of residence
- Credit card number, expiry date and CVV code
- Submission of digital copies of the front and back of a valid, color, government-issued, machine-readable, photo ID
- Submission of a current photo « selfie »
This data may also include details of payment information when payment is being made by a third party (for example, a company account).
We are required to prevent fraud by learners and, accordingly, may require learners to re-submit their ID and/or to validate their identity using biometric and/or personal identification methods. Learners are required to have a least one live video chat with our instructor team as part of our fraud detection efforts. We also use various services to track learner logins, IP addresses, devices and progress through our courses and programs.
The tools we use for identification, authentication and fraud detection are:
- AriadNext (https://www.IDcheck.io)
- Behaviosec (https://www.behaviosec.com)
- Woopra (https://www.woopra.com)
- Google Analytics and Google Tags (https://www.google.com/analytics)
- Whereby.com (https://whereby.com)
We are limited by law in our ability to delete learner data on a permanent basis. You may find further guidelines on this topic as part of the overall EPFL policy on privacy, data protection and GDPR.
Services Used as Part of the Learner Experience
We have integrated and partnered with various third party services in order to offer an enriched and privacy-enhanced learner experience. Each enrolled learner is provided with an anonymized forwarding e-mail address, allowing the learner to sign up to additional services without needing to use their private e-mail address. We use Infomaniak (https://www.infomaniak.com) to create these forwarding e-mail accounts.
We use GitHub (https://github.com) for project and course submissions, and learners are required to have an account with GitHub. They may use their forwarding mail to create this account, or may use an existing GitHub account. In either case, learner coursework resides in private repositories on GitHub.
We use YouTube (https://youtube.com) as our video hosting and streaming provider. Access to the in-platform videos on YouTube does not require learners to sign up or have an account with YouTube/Google.
We use CodePen (https://codepen.io) as an in-platform tool for some but not all of our courses.
We use Calendly (https://calendly.com) as our appointment scheduling provider. Learners may use their forwarding e-mail to book an appointment with Calendly.
We use whereby.com (https://whereby.com) as our video chat provider. Learners are not required to provide any personal, user or login details to use whereby.com, nor are they required to download any software.
Access to Your Personal Data
Enrolled learners may download a csv file containing their personal details as captured by our learning platform by logging into the platform and going to the account settings section, accessible in the upper right hand corner of the screen.
When you sign up to any of our newsletters or opt-in to other communications, you are providing personal data to us, specifically your e-mail address. This personal data is treated as confidential, subject to legal obligations, but is shared with third parties who provide newsletter mailing and marketing services on our behalf. By submitting your data to us, you specifically authorize its use for marketing purposes. You may unsubscribe from our newsletters or communications at any time. We use Campaign Monitor (https://www.campaignmonitor.com) as our newsletter provider and Salesforce (https://salesforce.com) as our CRM provider.
Other General Information
We do not share your personal data with any other entity outside of those with whom we have a contractual service relationship, and it is never sold.
We reserve the right to collect, treat and analyse personal information for research and statistical analysis as well as to transmit or share this information with third parties on an anonymized basis.
Last updated: 25 May 2018