Using non-university environments

For teaching, preference should be given to learning environments managed by the University of Tartu, which are located on the university servers or for which the university has acquired licenses. An overview of these environments can be found on the blended and online learning possibilities page.

Although non-university environments (e.g. Google applications, Facebook, Slack, etc.) may offer additional features that are not supported by the university's official platforms, their use involves various data protection and information security risks. Before using such environments for teaching, the principles below must be followed.

Information security principles when using digital environments

• Make sure that the environment uses secure connections (HTTPS). Avoid sharing sensitive information in insecure channels.
• Make sure that the environment does not require excessive permissions (e.g. access to contacts, files or the camera).
• It is safer to use an environment where it is possible to set up multi-factor authentication (MFA).
• Do not store or share personal data of learners (e.g. name, email, learning results) in environments that do not ensure secure storage of data.
• Use a secure password in the environment and do not share your account with other persons. Remind learners who will start using the environment of these principles.

Data protection principles when using digital environments

Compliance with data protection requirements

Before using a digital environment for learning process, make sure that it meets the requirements for the protection of personal data. To do this, read the terms of use, privacy policy or data protection conditions of the environment to understand how personal data is processed in the environment.

• Check whether the service provider stores data on servers located in the European Union.
• Assess what personal data is processed in the environment (e.g. whether in addition to the name and university email address, students' study results are also processed).
• Find out for what purposes the data is collected, how long it is stored and what rights the user has regarding the restriction of data processing and deletion.

If the environment uses servers outside the EU or does not comply with the European Union's General Data Protection Regulation (GDPR), or if there is any other doubt about the suitability of the environment, consult the university's Senior Specialist of Data Protection [email protected].

Access and account creation

• Make sure that learners have access to the environment with a university account or an account created by the university, preferably with a ut.ee email address.
• If creating an account with a ut.ee address is not possible:
  • ask learners for written consent to use their personal email address (consent forms are available on the intranet);
  • ask learners to join the environment themselves or send learners an invitation with a link to join the environment.

If it is not possible to enter the environment with a university account, but using the environment requires learners to create an account, then the learner has the right to refuse to use the environment and must be offered an alternative.

Environments where an account is not created

If learners do not need to create a user account to use the environment (e.g. Padlet, Mentimeter) and personal data is not processed in the environment, there is no need to ask learners for separate permission or consent.