D2L Privacy Statement

General

We at the D2L family of companies (“we” or “us”) are committed to protecting the privacy of our users. Please review this Privacy Statement carefully to understand how the information you provide to us will be treated.

This Privacy Statement applies to personal information collected (1) at D2L Web sites and other sites that we own or control (“D2L Web sites”), including www.D2L.com, (2) for or by Brightspace enterprise offerings that may be hosted by D2L or its third party service providers, or (3) for or by Brightspace consumer offerings. This Privacy Statement applies to this list of websites.. There are two main classes of users of Brightspace or other D2L offerings: enterprise users and consumer users. Enterprise users access Brightspace or other D2L offerings by virtue of an agreement that we have with the user’s institution (educational or otherwise), employer or other organization (“Organization”). Consumer users are visitors to D2L Web sites, or persons who access Brightspace or other D2L offerings by virtue of an agreement directly with us.

If you were given access by an Organization as an enterprise user or as a parent or guardian of an enterprise user, this Privacy Statement does not affect or control the Organization’s collection, use or disclosure of your information. You should contact your Organization to find out its practices regarding your personal information.

Consent to D2L Processing Information about You

“Personal information” means any information about an individual who is either directly or indirectly identified by the information or could be reasonably identified by it. Personal information includes information that relates to an individual’s personal characteristics (e.g. gender, age, income, home address, personal phone number, identification number, location data, an online identifier, ethnic background, family status, etc.), health (e.g. health history, health conditions, health services received, etc.), or activities and view (e.g. religion, politics, opinions expressed by the individual, etc.) This Privacy Statement does not apply to information we collect in the aggregate. Aggregated information does not identify you as an individual.

By providing any Personal Information to us or sharing Personal Information with others (including sensitive information) using a Brightspace or other D2L offering or D2L website, you expressly and voluntarily consent to the storage and processing of that Personal Information by us in accordance with the terms and conditions of this Privacy Statement and any applicable user agreement (including an end user license agreement or service agreement) that allows us to store and process Personal Information about you. When you provide information, that information may reside on our or our service providers’ systems. You understand and agree that Personal Information collected through Brightspace or other D2L offerings and D2L Web sites may be stored and processed by us, our affiliates or our service providers in Canada, the United States, Ireland, Australia, Singapore or other countries, including countries other than your country of residence; the laws of the jurisdiction in which the information is stored and processed will apply to its storage and processing.  If you are a user of D2L’s products and services, the location of your data and the laws that apply to its storage and processing may be subject to a contract between D2L and your Organization.

Collection of Personal Information

We may collect personal information from you in the following ways:

Registration and Professional Services

In order to access some Brightspace or other D2L offerings, you may be asked to create an account which will require you to provide us with information that may include your name and email address and other Personal Information. Certain Brightspace or other D2L offerings enable you to provide additional information voluntarily. Providing information beyond what is required at registration is up to you, but providing such information may enable you to derive more benefit from Brightspace or other D2L offerings.

We may collect Personal Information about you if your Organization has contracted with us for professional services or end-user support, or if you are an approved support contact under our agreement with your Organization. This information may include your name, email address or other Personal Information.  Information collected in connection with our provision of professional services to your Organization is collected for the purpose of providing such services to your Organization efficiently and effectively.  Information collected through the use of our support service is intended to help resolve issues as quickly as possible, and to ensure that you can be notified of the progress of any issues that you describe.

We may collect Personal Information about you if you contact us by email or for support for a Brightspace consumer offering.

Web Sites, eCommerce and Other Marketing Initiatives

At some D2L Web sites, we ask you to provide Personal Information, such as your email address, name, employer name, home or work address, or telephone number. We may also collect demographic information, such as your postal or zip code, gender, age, preferences, interests and favorites.

We may collect Personal Information from you such as your name, email address, telephone number and Organization information when you sign up for webinars, product trials, newsletters, the annual Brightspace FUSION global conference, contests or other marketing initiatives through D2L Web sites.

If you make a purchase through a D2L Web site or Brightspace or other D2L offering or sign up for a conference or seminar, a paid subscription service or a consumer offering, we or our third party providers may ask for additional information, such as your credit card information, billing address or shipping address.

When you join, or post information to, one of our communities, you share your profile information, including your name and other information that you choose to share, with other community members. When you submit an application or inquiry through our Careers site, you voluntarily provide Personal Information to us.

When you post a comment on our company blog, you share information within your comment, along with the name you provide, with the general public.

Cookies and Web Beacons

Like most web sites, we use technologies, such as cookies and web beacons, to collect information about the pages you view, the links you click and other actions you take in using Brightspace or other D2L offerings and D2L Web sites. More information regarding our use of cookies can be found here: https://www.d2l.com/legal/cookies-policy/.

Information Collected by Your Organization or Third Parties

If you are an enterprise user, your Organization may collect information on its own through the use of Brightspace or other D2L offerings. Collection and use of information in this way is governed by the privacy policies of your Organization.

Analytics

We use tools to help us analyze how Brightspace or other D2L offerings and D2L Web sites are used, and to help us develop and optimize our Brightspace or other D2L offerings and D2L Web sites. We also use Google Analytics to improve our offerings and our Web sites. See http://www.google.com/analytics/terms/us.html for more information about Google Analytics.

Use of Personal Information

How We Use Your Information

If you are an enterprise user:

Your Organization may use information that it has collected through the use of Brightspace or other D2L offerings in a manner that is different from what is set out in this Privacy Statement. Any use of your information by your Organization is subject to the privacy policies of your Organization.

If your Organization is a school in the United States, our provision of services may involve us having access to student education records subject to the US Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, et seq. Under FERPA, we are deemed a “school official” to the extent we have access to student education records, and we will not use such student education records for any purpose other than to perform our agreements with you or as otherwise mandated by applicable regulations.

Beyond the Personal Information that you directly provide to use D2L products and services, we infer Personal Information based on your usage.  Monitoring information such as IP Addresses, the date/time of actions being taken, and what features are being used help us deliver great experiences.  For example, having a historical record of the number of logins that occur over the months of August and September assists us in making sure our systems are ready during the typical semester start period of North America.  D2L analyzes this type of data in aggregate and does not sell this information to third parties.

If you are a consumer user:

We may use your information to communicate with you. We may send certain service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Brightspace or other D2L offerings may send periodic member letters that are considered part of the service. We may also send you promotional information to inform you of other Brightspace or other D2L offerings and promotions.

We use your information to operate and improve Brightspace or other D2L offerings and D2L Web sites. These uses include providing you with more effective customer service, making Brightspace or other D2L offerings easier to use by eliminating the need for you to repeatedly enter the same information, performing research and analysis aimed at improving Brightspace or other D2L offerings and D2L Web sites, and displaying content and advertising that are customized to your interests and preferences.

Some Brightspace or other D2L offerings are accompanied by interactive features such as chat rooms, forums, messaging and other ways to share. If you are an enterprise user, permissions as to what features are enabled and who has access to those features is determined by your Organization. If you are a consumer user, it is your choice whether to use the available functionalities.

If you submit information through a D2L Web site, Personal Information you submit may be used to provide the Brightspace or other D2L offerings that you requested, and may also be used for activities related to the purpose for which you’ve submitted the information.

When you receive newsletters or promotional emails from us, we may use web beacons, customized links or similar technologies to determine whether the email has been opened and which links you click in order to provide you more focused e-mail communications or other information.

Communications We Send

We may communicate with you through email or other means available through a Brightspace or other D2L offering. We may send emails that help inform you about features of Brightspace or other D2L offerings and we may also send you service messages related to the function of Brightspace or other D2L offerings. We may send you messages with promotional information directly or on behalf of our partners.

If you sign up for webinars, product trials, newsletters, our annual FUSION global conference, contests, mailing lists or other marketing initiatives through the D2L Web sites, employees of D2L may contact you with information about Brightspace or other D2L offerings and promotions that may be of interest to you. We may offer Webinars, product trials, conferences and events, contests or other marketing initiatives with certain partners; in such cases, the information you submit upon sign-up is shared with the relevant partner(s).

Sharing Your Information with Third Parties

We may share your information with third parties who are not our partners or service providers only in the following situations:

  • We have your consent through an opt-in option provided to you; or
  • We have a good faith belief that access, use, preservation or disclosure of your Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms and conditions of this Privacy Statement or any applicable user agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.

As may be necessary in the course of providing our product offerings to you, we may disclose information to the payment processors, auditors, commercial partners, customer support providers, marketing and public relations companies, and operational services providers.

Mergers or Acquisitions: As with any other business, it is possible that in the future, D2L could merge with, or be acquired by, another company. If such an acquisition occurs, you consent to the successor company having access to the information maintained by D2L, and such successor company would continue to be bound by this Privacy Statement unless and until it is amended.

Except as part of the sale of all or substantially all of our assets, we will not sell, trade, or rent your Personal Information to third parties who are not our partners or service providers unless we have your consent.

Information You Share With Other Users

Brightspace or other D2L offerings may enable you to share information with or send communications to other users or the general public. You (or, if you are an enterprise user, your Organization) may select the other users with whom you share or to whom you send this information. Once you share information with or send information to other users, however, those other users may share your information at their discretion.

Your Options for Your Personal Information

Accessing and Correcting Your Personal Information

We offer users the ability to access or correct information we collect during registration or which they have provided in using Brightspace or other D2L offerings. Users may correct this information at any time and as often as necessary by using the features provided within the applicable Brightspace or other D2L offering. To access or correct Personal Information collected by us that is not available through a Brightspace or other D2L offering, please contact us at the address listed below. We will respond within a reasonable timeframe of receiving your request or as otherwise required by law.

We may decline to provide you with access to, or to change, your Personal Information if (a) your request is not provided in writing, (b) your request does not provide us with sufficient detail to identify the Personal Information you seek to access or change, (c) we are unable to verify your identity to our satisfaction, (d) we deem, in our sole discretion, that it would be unreasonable in the circumstances to provide you with access to or to correct your Personal Information, or (e) as otherwise provided by legislation.

If you are an enterprise user, you should contact your Organization for questions about access to the Personal Information collected by your Organization.

User Opt-Out Option and Retention of Your Information

You may opt out of receiving promotional information from us by following the unsubscribe procedures indicated in promotional information you receive.

If you are an enterprise user, retention of your Personal Information is governed by the privacy policies and is the responsibility of your Organization. If you wish to remove your account, please contact your Organization.  If your Organization retains the information, it is subject to our contractual arrangement with your Organization and may be subject to our archival policies.

If you are a consumer user, we will retain your Personal Information for so long as you maintain an active account or user profile, or as needed to provide you with the applicable Brightspace or other D2L offering.

If you are a consumer user and you wish to remove or restrict the collection of data with an account you have with us, you may do so by contacting us at AskUs@D2L.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce this Privacy Statement and any applicable user agreements. We will take steps to ensure that your Personal Information is destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as required by law.

Please be aware that, as long as you have access to Brightspace or other D2L offerings, you cannot opt out of receiving service messages from us. Also, if we send communications to you via the carrier service with which you have a mobile communications subscription or otherwise have access, you understand you will pay any service fees associated with your receipt of messages on your mobile device (including text messaging charges).

Information Security

We hold many security certifications and we take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information.  For more information on our Security please visit www.d2l.com/security/certifications.

We restrict access to Personal Information to D2L employees, contractors and agents who have a need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, up to and including termination, as well as civil action and criminal prosecution, if they fail to meet these obligations.

We do not guarantee that we will eliminate all risk of misuse of, or unauthorized access to, your Personal Information. There is no such thing as perfect security, and we cannot guarantee or warrant the security of any data (including Personal Information) that we receive and store on our or our service providers’ systems.

You are responsible for keeping any passwords secret to prevent unauthorized access to and use of any Brightspace or other D2L offerings to which you have access.

If you are an enterprise user, your Organization is responsible for ensuring that the system is configured to properly restrict access to information in accordance with its own privacy statement or policy, and that anyone with access to that information is covered by its privacy statement or policy.

Protection of Children’s Personal Information

If you are an enterprise user, your Organization may collect information on its own through the use of Brightspace or other D2L offerings. Collection of information in this way is at your Organization’s discretion and is governed by the privacy policies of your Organization. Brightspace or other D2L offerings contain configuration options that your Organization may use to align the Brightspace or other D2L offerings with Organization policies.

We do not knowingly collect any Personal Information from individuals under the age of 13 through D2L consumer offerings or D2L Web sites. The D2L Web sites are general audience Web sites.

Data Transfers

To the extent that we store data with third party providers, we and our service providers comply with the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).  In order to adequately protect data transfers originating from the EU, we will ensure that the country to which the data is transferred is approved by the European Commission as having a sufficient level of privacy protection, or we will use approved standard contractual model clauses.

If you reside in the European Union, upon registration for any applicable Brightspace or other D2L offering you consent that the Personal Information you have provided may be transferred and stored in countries outside the EU.

Privacy Shield

We (specifically D2L Ltd.) and our service providers comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from the European Union and Switzerland to the United States.  We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.

If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield. We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We are responsible for any of your Personal Information that is shared under the onward transfer principle with third parties for external processing on our behalf, as described in the “Use of Personal Information” section.

In compliance with the Privacy Shield Principles we commit to resolve complaints about our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at Privacy@D2L.com or by using the contact information posted in the sections below.

We have further committed to refer unresolved Privacy Shield complaints to JAMS, our alternative dispute resolution provider.  If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Under certain circumstances, a binding arbitration option may be available for complaints regarding the Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms.  For more information about the binding arbitration process, please visit  https://www.privacyshield.gov/article?id=ANNEX-I-introduction

For more information about the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, or to access our Privacy Shield certification statement, please visit www.privacyshield.gov

GDPR

The European Union’s General Data Protection Regulation (GDPR) enters into force on 25 May 2018.  The GDPR protects European Union data subjects’ fundamental right to privacy and the protection of personal data.

For an overview of the rights that are given to individuals and how it may affect D2L customers using Brightspace, please consult our GDPR page.

D2L will comply with the GDPR when it comes into force and, after May 25, 2018, you have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal data if it is not in compliance with the GDPR.

Changes to this Privacy Statement

We keep our Privacy Statement under regular review.  We reserve the right to modify or supplement this Privacy Statement at any time.  If we make a change to this Privacy Statement, we will post such changes on our website.

How to Contact Us

We commit to the resolution of questions or concerns about your privacy and our collection or use of your Personal Information.

Our Privacy Officer/Data Protection Officer is responsible for ensuring our compliance with this Privacy Statement and all relevant privacy laws.

If you have any comments, questions or concerns about this Privacy Statement, the data that we collect from you or how that data is being used, or to report suspected misuse of your information, please contact us at Privacy@D2L.com or write to us at:

 

D2L Corporation

Attn: Privacy Officer

151 Charles Street West, Suite 400

Kitchener, Ontario N2G 1H6  Canada

cc: Legal Department

 

D2L Europe Ltd. is our EU data protection representative under the GDPR.  You can contact the data protection representative of D2L Europe Ltd. at the following address:

D2L Europe Ltd.

Attn: Data Protection Representative

c/o Taylor Wessing LLP

5 New Street Square, London

EC4A 3TW

Last Modified: 05/23/2018