Effective: July 11, 2018.
- Coursera, Inc. is the data controller of your personal information.
Purpose and who we are
"Personally Identifiable Information" (i.e., information that can be used to identify you). Personally Identifiable Information can include information such as your name and email address, among other things. If you reside or are located in the EEA, it can also include your IP address or device identifier. You are responsible for ensuring the accuracy of the Personally Identifiable Information you submit to Coursera. Inaccurate information may affect your ability to use the Site, the information you receive when using the Site, and our ability to contact you. For example, your email address should be kept current because that is one of the primary manners in which we communicate with you.
What You Agree to by Using Our Site
- our use of your personal information is necessary for complying with our legal obligations; or
- where neither of the above apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests are to:
- run, grow and develop our business;
- operate our Site and provide our services;
- select appropriately skilled and qualified suppliers;
- build relationships with partners and academic institutions;
- carry out research and statistical analysis;
- carry out marketing and business development; and
- for internal administrative and auditing purposes.
If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.
We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).
If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by visiting your profile page and clicking the box to remove consent or delete your account and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our services to you.
What Information We Collect
We gather two types of information about users through the Site:
- Personally Identifiable Information provided directly by you or via third parties. We collect Personally Identifiable Information that you provide to us when you register for an account, update or change information for your account, purchase products or services, complete a survey, sign-up for email updates or Online Courses, participate in our public forums, send us email messages, and/or participate in Online Courses or other services on our Site. We may use the Personally Identifiable Information that you provide to respond to your questions, provide you the specific course and/or services you select, send you updates about Online Courses offered by Coursera or other Coursera events, and send you email messages about Site maintenance or updates.
Account Registration. If you register for an account on our Site, you may be required to provide us with Personally Identifiable Information such as your name and email address.
Updates. Coursera may offer you the ability to receive updates either via email or by posting on portions of the Site only accessible to registered users. In order to subscribe to these services, you may be required to provide us with Personally Identifiable Information such as your name and email address.
- Participation in Online Courses. Coursera offers users the opportunity to participate in an Online Course on or through the Site. If you desire to participate in a course, you will be asked to provide us with certain information necessary to conduct such a course. This information may include, among other things, your name and email address.
If you participate in an online course, we may collect from you certain student-generated content, such as assignments you submit to instructors, peer-graded assignments, and peer grading student feedback. We also collect course data, such as student responses to in-video quizzes, standalone quizzes, exams, and surveys. You should not include any Personally Identifiable Information or other information of a personal or sensitive nature, whether relating to you or another person, on assignments, exams, or surveys, except for information required to participate or submit such assignments, exams, or surveys.
Identity Verification. Coursera may offer you the ability to verify your identity for selected classes. In order to enroll for these services, you may be required to provide us or our third-party identity verification vendor with Personally Identifiable Information such as your name, address, date of birth, a headshot taken using a webcam, and a photo identification document. Additionally, if you apply for financial aid in connection with these services, you may be required to provide information regarding your income.
Communications with Coursera. We may receive Personally Identifiable Information when you send us an email message or otherwise contact us.
Third Party Sites. We may receive Personally Identifiable Information when you access or log-in to a third party site, e.g., Facebook, from our Sites. This may include the text and/or images of your Personally Identifiable Information available from the third party site.
Surveys. We may receive Personally Identifiable Information when you provide information in response to a survey operated by us. This may include details about your race, your education history, and your employment.
Partner sites. Partner sites providing Online Course related tools and services to Coursera users may collect nonfinancial individual level user data regarding the individual’s use of that partner site while engaged with such Online Course related activities, and the partner sites may share that data with Coursera for the purpose of improving Coursera’s services, the partner site’s services, and the individual’s education experience. This data includes information such as the amount of time spent on the partner site and pages viewed.
- Third Party Credit Card Processing. Coursera provides you with the ability to pay for Online Courses and other services using a credit card through a third party payment processing service provider. Please note that our service provider – not Coursera – collects and processes your credit card information.
How We Use the Information
- Information relating to your use of our Site. We use information relating to your use of the Site to build higher quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users, and by measuring demographics and interests regarding specific areas of our Site. We may also use this information to ensure the security of our services and the Site.
Providing the Site and our services. We use Personally Identifiable Information which you provide to us in order to allow you to access and use the Site and in order to provide any information, products or services that you request from us.
Technical support and security. We may use Personally Identifiable Information to provide technical support to you, where required, and to ensure the security of our services and the Site.
Updates. We use Personally Identifiable Information collected when you sign-up for our various email or update services to send you the messages in connection with the Site or an Online Course. We may also archive this information and/or use it for future communications with you, where we are legally entitled to do so.
Forums. You should not post any Personally Identifiable Information or other information of a personal or sensitive nature, whether relating to you or another person, within a Forum post. If you choose to post Personally Identifiable Information, such Personally Identifiable Information may be collected during your use of the Forums. We may publish this information via extensions of our Platform that use third-party services, like mobile applications. We reserve the right to reuse Forum posts that contain Personally Identifiable Information in future versions of the courses we offer, and to enhance future course offerings. We may archive this information and/or use it for future communications with you and/or your designee(s), and/or provide it to the University partner, business partner, or the instructor(s) associated with the courses you have taken. We may also use or publish posts submitted on the Forums without using Personally Identification Information.
Participation in Online Courses. We use the Personally Identifiable Information that we collect from you when you participate in an Online Course through the Site for processing purposes, including but not limited to tracking attendance, progress, and completion of an Online Course. We may also share your Personally Identifiable Information and your performance in a given Online Course with the instructor or instructors who taught the course, with teaching assistants or other individuals designated by the instructor or instructors to assist with the creation, modification or operation of the course, and with the institution or institutions with which they are affiliated. Also, we may archive this information and/or use it for future communications with you, where we are legally entitled to do so.
Identity Verification. For services that require identity verification, we use the Personally Identifiable Information that we collect for verifying your identity, and for authenticating that submissions made on the Site were made by you. This service may be provided through a third-party identity verification vendor. Your photo identification document will be deleted after successful verification of your profile information.
Communications with Coursera Business Partners. We may share your Personally Identifiable Information with University partners and other business partners of Coursera so that Coursera University partners and other business partners may share information about their products and services that may be of interest to you where they are legally entitled to do so.
Research. We may share general course data (including quiz or assignment submissions, grades, and forum discussions), information about your activity on our Site, and demographic data from surveys operated by us with our University partners and other business partners so that our University partners and other business partners may use the data for research related to online education.
Disclosure to Coursera Operations and Maintenance Contractors. We use various service providers, vendors and contractors (collectively, "Contractors") to assist us in providing our products and services to you. Our Contractors may have limited access to your Personally Identifiable Information in the course of providing their products or services to us, so that we in turn can provide our products and services to you. These Contractors may include vendors and suppliers that provide us with technology, services, and/or content related to the operation and maintenance of the Site or the Online Course. Access to your Personally Identifiable Information by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for us.
Disclosure to Acquirers. Coursera may disclose and/or transfer your Personally Identifiable Information to an acquirer, assignee or other successor entity in connection with a sale, merger, or reorganization of all or substantially all of the equity, business or assets of Coursera to which your Personally Identifiable Information relates.
- e-Readers. If we receive any Personally Identifiable Information related to the extent to which you use designated e-Readers to access Coursera materials, we may archive it, and use it for research, business, or other purposes.
Retention of Personally Identifiable Information
If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
Confidentiality & Security of Personally Identifiable Information
Updating or Deleting Your Personally Identifiable Information
You have certain rights in relation to your Personally Identifiable Information. You can access your Personally Identifiable Information and confirm that it remains correct and up-to-date or choose whether or not you wish to receive material from us or some of our partners by logging into the Site and visiting your user account page.
If you would like further information in relation to your rights or would like to exercise any of them, you may also contact us via email@example.com. If you reside or are located in the EEA, you have the right to request that we:
- provide access to any Personally Identifiable Information we hold about you;
- prevent the processing of your Personally Identifiable Information for direct-marketing purposes;
- update any Personally Identifiable Information which is out of date or incorrect;
- delete any Personally Identifiable Information which we are holding about you;
- restrict the way that we process your Personally Identifiable Information;
- provide your Personally Identifiable Information to a third party provider of services; or
- provide you with a copy of any Personally Identifiable Information which we hold about you. We try to answer every email promptly where possible, and provide our response within the time period stated by applicable law. Keep in mind, however, that there will be residual information that will remain within our databases, access logs and other records, which may or may not contain your Personally Identifiable Information. Please also note that certain Personally Identifiable Information may be exempt from such requests in certain circumstances, which may include if we need to keep processing your Personally Identifiable Information to comply with a legal obligation. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity.
Questions, Suggestions and Complaints
If you have any privacy-related questions, suggestions, unresolved problems, or complaints you may contact us via firstname.lastname@example.org. If you reside or are located in the EEA, our Data Protection Officer and Privacy Team may assist with all queries regarding our processing of Personally Identifiable at email@example.com. If you reside or are located in the EEA, you may also make a complaint to our supervisory body for data protection matters (namely the UK Information Commissioner's Office) or seek a remedy through local courts if you believe that your rights have been breached.
Coursera UK Limited serves as the EU Representative for Coursera, Inc. To contact Coursera UK Limited, please use the following contact info:
Post: Coursera UK Limited Attn: Privacy Request 256 - 260 Old Street, London EC1V9DD Phone: ++44 20 3457 0256 Email: firstname.lastname@example.org
California Privacy Rights
Under California’s "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2012 will receive information regarding 2011 sharing activities).
To obtain this information, please send an email message to email@example.com with "Request for California Privacy Information" on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
International Privacy Practices
Coursera’s Sites are primarily operated and managed on servers located and operated within the United States. In order to provide our products and services to you, we may send and store your Personally Identifiable Information (also commonly referred to as personal data) outside of the country where you reside or are located, including to the United States. Accordingly, if you reside or are located outside of the United States, your Personally Identifiable Information may be transferred outside of the country where you reside or are located, including to countries that may not or do not provide the same level of protection for your Personally Identifiable Information. We are committed to protecting the privacy and confidentiality of Personally Identifiable Information when it is transferred. If you reside or are located within the EEA and such transfers occur, we take appropriate steps to provide the same level of protection for the processing carried out in any such countries as you would have within the EEA to the extent feasible under applicable law. We participate in and commit to adhering to the EU-U.S. Privacy Shield Framework when transferring data from the EEA to the United States. Please see our Privacy Shield Policy for further information.
No Information from Children Under 13
Coursera strongly believes in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain Personally Identifiable Information on our Site from persons under 13 years of age, and no part of our Site is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access this Site at any time or in any manner. We will take appropriate steps to delete any Personally Identifiable Information of persons less than 13 years of age that has been collected on our Site without verified parental consent upon learning of the existence of such Personally Identifiable Information.
Privacy Shield Policy
Effective as of June 28, 2017.
Coursera, Inc. (referred to as "we," "us," or "our"), believes in protecting your privacy.
We participate in and commit to adhering to the EU-U.S. Privacy Shield Framework which includes the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access and enforcement (the "Principles") for all transfers of personal data from EEA to the U.S. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please click here. When we use the term "Personal Information" in this Privacy Shield Policy, we are referring to any information that (i) is recorded in any form; (ii) is about an identified or identifiable individual; and (iii) is received by us from the EEA.
When we use the term "Sensitive Personal Information" in this Privacy Shield Policy, we are referring to a particular subset of an individual’s Personal Information that provides details of his or her race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership or that concerns his or her health.
Where we process personal data on behalf of our business partners, we will work with them to ensure you are offered appropriate choices (and means to exercise those choices) for limiting use or disclosure of your personal data (where appropriate).
Notwithstanding the foregoing, you agree that we may disclose Personal Information under the following circumstances without offering you an opportunity to opt out of such disclosure: (i) to our partner institutions and other service providers that we have retained to perform requested services on our behalf; (ii) if we are required to do so by law or legal process; (iii) pursuant to valid requests by law enforcement or other government authorities (which we are legally required to respond to); and (iv) when we believe disclosure is necessary to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. In addition, we reserve the right to transfer Personal Information in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use the Personal Information in a manner consistent with this Privacy Shield Policy.
- Onward Transfers (Transfer to Third Parties). We will only transfer Personal Information to third parties where the third party: (i) has provided satisfactory assurances to us that it will protect the Personal Information in accordance with this Privacy Shield Policy and the Principles; (ii) is located in the EU or a country considered "adequate" for privacy by the EU Commission, and therefore is required to comply with the EU data protection laws or substantially equivalent privacy laws; or (iii) has certified to Privacy Shield, and is independently responsible for complying with the Principles.
Where we have knowledge that a third party to whom we have provided Personal Information is processing that Personal Information in a manner contrary to this Privacy Shield Policy or the Principles, we will take reasonable steps to prevent or terminate processing by the third party until such time the third party can process Personal Information in compliance with this Privacy Shield Policy and the Principles. Under certain circumstances, we may be potentially liable if these requirements are not met.
Data Security. We will take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have implemented appropriate physical, electronic and managerial procedures to help safeguard and secure Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.
Data Integrity and Purpose Limitation. We will process Personal Information in a manner that is compatible with and relevant to the purpose for which it was collected or authorized by you. To the extent necessary for those purposes, we will take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Access. Upon request, we will provide you with reasonable access to the Personal Information about you that we hold. We will also take reasonable steps to correct, update, amend or delete any information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to your privacy in the case in question or where the rights of third parties would be violated. Where we process personal data on behalf of our business partners, we will work with them in complying with such requests in accordance with applicable law.
Recourse; Enforcement. We will regularly review our compliance with the statements set forth in this Privacy Shield Policy, and we will provide an independent way to resolve complaints about our privacy practices. We encourage interested persons to first contact us (contact information provided below) and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. If your inquiry is not satisfactorily addressed by us, we have registered with the International Centre for Dispute Resolution ("ICDR"), a division of the American Arbitration Association, to provide independent third party dispute resolution (free of charge) to you. To contact ICDR and/or learn more about the company’s dispute resolution services, including complaint submission, please visit: http://go.adr.org/privacyshield.html. There may also be circumstances when disputes can be resolved through the Privacy Shield binding arbitration process. Please see the Privacy Shield website for further information: https://www.privacyshield.gov/article?id=C-Pre-Arbitration-Requirements.
- Jurisdiction. As part of our participation in Privacy Shield, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and other authorized statutory bodies.
We may amend this Privacy Shield Policy from time-to-time in accordance with the requirements of the EU-U.S. Privacy Shield Framework. The most recent version of the Privacy Shield Policy will always be posted to this website. Anytime that we do make such changes, we will also update the effective date listed at the bottom of the Privacy Shield Policy. Please be sure to review the most recent version of the Privacy Shield Policy each time that you visit this website so that you are aware of how we collect, use and retain personal information.
Please contact us with any questions or comments about this Privacy Shield Policy, transfer of your personal information from the EEA to the U.S., our privacy practices, or your consent choices by email at firstname.lastname@example.org.
Below is a list of all the revisions made to our Privacy Policies, with links to view the difference between each revision.
- 2019-03-19: Updated to include EU Representative contact info
- 2018-12-11: Updated contact ICDR link
- 2018-07-11: Updated for clarification on grounds for data processing.
- 2018-05-16: Added table of contents and summary. Clarified sections on data processing bases and communications
- 2018-03-16: Updated for GDPR and removed outdated Swiss Safe Harbor Policy
- 2017-06-28: Updated Privacy Shield Policy
- 2016-09-29: New Privacy Shield Policy/Revised Safe Harbor Policy
- 2014-01-02: Initial revision