University Portal
Try demo

Privacy & Data Protection Policy (GDPR)

How personal data is collected, processed and safeguarded on this platform.

1. Data Controller

The entity responsible for the processing of personal data on this platform is: University Portal, Digital Campus, Worldwide.

2. Data Protection Officer

The Data Protection Officer (DPO) can be contacted at: privacy@university-portal.sden.ch.

3. Data Collected

The platform may collect the following categories of personal data:

  • Identification data such as name, surname and email address when registering or filling out forms.
  • Academic data submitted in the context of courses, assignments, exams and mentorship.
  • Technical data such as cookies, IP addresses and browsing logs.

4. Purposes of Processing

The data is collected and processed for the following purposes:

  • To operate the platform and provide the requested features.
  • To manage user accounts, authentication and role-based access control.
  • To respond to user support requests.
  • To improve platform usability, performance and audience measurement.

5. Legal Basis for Processing

Data processing is carried out based on:

  • The consent of the user (Article 6.1.a GDPR).
  • The performance of a contract to which the user is a party (Article 6.1.b GDPR).
  • Legitimate interests pursued by the data controller (Article 6.1.f GDPR).

6. Data Recipients

Personal data may only be shared with authorised personnel and sub-processors strictly necessary for the operation of the platform. Data is never sold or disclosed to third parties for commercial purposes.

7. Retention Period

  • Account data is retained for the duration of the user’s active relationship with the platform.
  • Contact data is retained for a maximum of 3 years after the last interaction.
  • Technical logs and navigation data are retained for a maximum of 12 months.

8. User Rights

In accordance with the GDPR, users have the following rights:

  • Right of access to their data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to object to processing.
  • Right to data portability.

Requests to exercise these rights should be sent to: privacy@university-portal.sden.ch.

9. Security

Appropriate technical and organisational measures are applied to protect data against loss, unauthorised access, alteration or disclosure — including httpOnly session cookies, optional 2FA, rate limiting, encryption in transit and audit logging.