Privacy notice

The Open Education Resource universitas (OERu) privacy notice provides a simple and concise summary to explain our treatment of personal information from OERu learners and users of the websites hosted by the OER Foundation (OERF).

This privacy notice complies with our Privacy Policy and Terms of Service and applies to you when you decide to use our services.

We collect information when users visit websites hosted by the OERF. This includes IP addresses which are unique numbers that identify specific internet connections, and sometimes specific computers and devices that visit our sites.

Table of Contents


In the context of this policy

  • Personal data refers to information related to an identified or identifiable natural person used for data processing by the OERF.

  • User generated public data refers to information published voluntarily by users on OERF public websites that are not used for data processing by the OERF. This includes posts, comments, replies, and opinions published by users on our websites.

  • The OERF - a non profit organisation, based in New Zealand, which coordinates the activities of the OERu.

  • The OERu - a network made up of partner organisations, primarily higher education institutions around the world, coordinated by the OERF.

What is the primary aim of the OERF for holding personal data?

The OERF is a registered charitable organisation. The OERF does not require any learner to register a website account and provide personal data in order to access OERu course materials, course announcements published on the course sites, or access student forums and OERF hosted social media to read posts.  

To participate in online discussions and interactions, however, users will need to register an account on the respective website. The primary aim for collecting and holding personal data at the OERF is to provide access to website services that enhance and support our free learning opportunities. In addition, limiting some interactions to logged in users helps us avoid both spam postings (which are annoying to everyone) and the anti-social behaviour some people exhibit when they are able to participate anonymously in open online spaces.

All technology infrastructure hosted by the OERF is powered by free and open source software and we do not require users to sacrifice personal data to third party corporate service providers in order to study with the OERu.

In rare cases where the OERF recommends externally hosted corporate services, for instance, online proctoring for OERu course examinations, learners will be advised of these requirements and express permissions from users for sharing any personal data held by the OERF must first be authorised.  Users choosing to use third party service providers should check their respective privacy and personal data collection policies.

Which personal data do we collect and for what purposes?

When you register an account on an OERF-hosted website or web service - you can tell because it will use the domain (for example,,, etc.), we collect and process some or all of the following personal data:

  • Email address

  • Username

  • Password

  • IP address

  • Name

  • Country

  • Avatar image

  • Personal blog url

  • User generated public data

This information is used to authenticate registered users and to provide the functionality and services associated with the relevant OERF hosted software applications.  Your email addresses and corresponding username may be also be used for Single Sign-On (SSO) services for websites hosted by the OERF. Single Sign-On refers to your ability to use your registered login credentials on one OERF site to authenticate your access to another site hosted by the OERF. We do not provide personal data you submit to the OERF to third-party web services not hosted by the OERF without your express permission.

Country information is used for reporting the aggregated geographical spread of our users without identifying personal data. Providing a personal blog url is optional, and used for sharing public links within the OERu learning community to any blog posts you write and tag with the respective OERu course code. Avatar and personal biography images are optional and users provide consent when they upload the image.

Will you transfer my personal data to others?

The OERF will never sell, trade, rent, or share personal information with third parties unless required to do so by law. Under the New Zealand Privacy Act 1993, for example (the OERF is based in New Zealand, and it therefore subject to New Zealand law), where government authorities believe on reasonable grounds that the disclosure of information is necessary to prevent or lessen a serious and imminent threat to public health or public safety or the life or health of the individual concerned or another individual, the OERF could be compelled to provide private user information we hold.  

Your information will be handled and used by the following trusted third parties under the provisions of the privacy policy and terms of service of the OERF:

  • professionals or organisations working under contract to provide official services for the OERF, or

  • partner institutions to facilitate registration of OERu learners seeking assessment services for OERu courses.

The OERF takes advantage of a world-wide server infrastructure. Some personal data may be retained in a number of jurisdictions currently including Germany, Australia, New Zealand, and the United States. The jurisdictions involved could change in future and we will notify users by updating this privacy notice. Your personal information is kept secure when being transfered.

How long will you keep my personal information?

We will keep your personal information for as long as you need access to the user accounts you have created on the OERF hosted websites.

You will need to tell us when you no longer require an account or wish to delete one or more of your accounts using the contact information below or sending an email to

When you choose to unsubscribe from course announcement emails or our newsletter communications, we keep your information unless your tell us otherwise to ensure that we don’t inadvertently send further course announcements or newsletters in error to your registered email account.

What websites does this privacy notice cover?

This policy covers the websites hosted by the OERF to support the OERu and other initiatives. These include:

  • All websites hosted on the domain, that is any website that contains “” in the url (for example:,, etc.) and


Does this privacy notice cover links to other websites?

No, this privacy notice does not cover links to other websites that do not have or in their url. They are third party websites and you should read the privacy statements on the other websites you visit.

Must I opt-in to receive course announcements and newsletters covering information about the OERF and OERu via email?

Yes, we respect your inbox and we require users of OERF hosted websites to provide consent before we will send certain types of communications via email. These include:

  • Course announcements which provide instructions about how to study the OERu courses you register. We post copies of these instructions on the course site, so you will still have access to this information even if you don’t opt in to receive these emails.

  • Orientation and support emails designed to help new learners get started with study at the OERu.

  • OERu newsletters in which we share relevant information with you on a regular basis - such as recent successes with our international network of innovative institutions; updates about courses we’re offering; and interesting info as it pertains to OER.

We use a double opt-in system to ensure that you are not inadvertently subscribed to any of these communication channels. There are two steps required to opt-in to receive these email communications:

  1. Providing your name, email address and actively selecting the appropriate checkbox selecting the communications you would like to receive.

  2. We will send an email with a link to an OERF hosted webpage to confirm your decision. (This is to minimise the risk of someone else subscribing you to an OERF email list without your permission.)

If you do not complete both steps, you will not be subscribed to any of these communications.

Do you use personal avatar images?

Yes, we use personal avatar images users choose to upload on OERF hosted sites.

An avatar is a picture, illustration, or other visual representation you give to yourself or, in some cases, is generated for you. When you create an account on some OERF services, you can upload an avatar image. Otherwise the services may consult the third-party “Gravatar” service using the email address you supply to see if you have already specified a personal image. This image is used to personalise posts you make. For example: If you have not specified a Gravatar image for your email, the service might generate a placeholder image, perhaps based on your name, for instance: a graphical representation of your initials.

By uploading a personal avatar image on an OERF hosted website, you consent to its use. If you have uploaded your image to an Avatar service like “Gravatar”, you must consult their privacy policy. As a service to our learners, we associate Gravatar images with WEnotes posts in our course feed.

Do you send emails without an opt-in requirement?

Yes, when you register an account on an OERF hosted website, there are some emails that are necessary for you to manage your account. These include confirmation emails and the ability to retrieve your password.

Many of the software systems hosted by the OERF also provide the option for account holders to receive notifications for different categories of site activity, for example, receiving notifications of replies to your posts or if someone mentions you in a post. Users can configure their email preferences according to the types of notifications they would like to receive. By managing your own personal email preference settings, you are providing consent for the types of communications you would like to receive.

Can I unsubscribe from course announcements and newsletters?

Yes, you can easily choose to stop receiving newsletters, updates, and course announcements you opted-in for by clicking on the unsubscribe link included in these emails or contacting us with a request to remove you from our mailing lists at

Do you use cookies on your websites?

Yes, the OERF uses cookies on most of our websites.

Cookies are small files which your browser stores on your computer or device when you visit websites on the internet. They are necessary for some features of our websites to work and they improve your experience of navigating our sites. Although it would be unusual, some cookies may record identifiable personal information.

Cookies are used, for example, to:

  • determine if a user is logged into the website in order to have access to features that require a user to be logged into the website, for instance, posting comments.

  • remember user preference or interface settings, like if you change the sorting order of a list, or expand collapse-able content.

  • remember your browsing history on our websites, for example “knowing” which posts in a discussion thread you have already “read” so that we can display new posts.

  • track site activity on our websites, for example, number of pages visited, duration of sessions, etc. When you are logged into some OERF hosted sites, we can associate the pages you have visited on the site with your registered account in the database which may be used to verify activity, for example when issuing certificates of participation.

We do not use any cookies for commercial advertising and we do not track your browsing activity on other websites.

By using our websites, you agree to us placing these cookies on your device(s).  Remember that OERu learners can access all our learning materials without the need to register an account with us.

Can I manage cookies from OERF hosted websites?

If you would like to restrict, block, or delete cookies from OERF hosted web sites, you can use your browser settings to do this.

If you block or delete cookies from OERF websites, some features may not work as expected.

Do your websites use Javascript?

Yes, most of our websites make use of Javascript to provide some core functionality and to improve the user experience.

Javascript is a programming language used for providing dynamic and interactive features in a browser, for instance, seamlessly accommodating alternate navigation and layouts for both desktop and mobile web browsers or creating “interactive” questions with immediate feedback.

In keeping with our open source policy, the OERF employs open source Javascript libraries like jQuery and various others. Some of these are supplied by third-party content delivery networks (CDNs) to ensure we are always using the latest, most secure versions of these software libraries.

We currently make use of Google Analytics to track the use of many of our websites, and this includes using some proprietary (not open source) Javascript authored by Google. We are currently evaluating the risk that this opaque software poses to learner privacy, and are trialling alternative solutions for gathering website analytics.

What is your sensitive data policy?

The OERF foundation hosts a number of social networking software applications where user generated public data is posted by registered account holders.

Users should not post sensitive personal information including race, ethnic origin, religion, philosophical beliefs, sexual orientation, health, political preferences or worker’s union membership.

The OERF does not take responsibility for user generated public data of sensitive information nor does it use this information for data processing. In the majority of cases, users can delete sensitive information they have inadvertently posted on our sites. In cases where this is not possible, users should contact the OERF (see contact information below) about removing personal data.    

On what legal basis do we process your Personal Data?

Legitimate interests refer to the interests of our not-for-profit organisation in conducting our operations to provide a quality service in a secure environment. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative). Where personal data is processed for purposes other than required for our legitimate interests, we require consent for those purposes (for example, opting in to receive course announcements via email). The table below sets out further detail on the ways we process your data for our legitimate interests.

Type of data

Data processing activity


Name, username, password and optional country

Account registration on OERF websites

  • Provide users with the ability to manage their own website accounts, for example:  confirmation emails on registration, password retrieval, email preferences for site notifications and public profile pages.

  • Enhance network security and ability to limit access by “bad actors”.

  • Aggregated reporting of global distribution of learners participating in OERu courses.

Analytics including number of visitors, posts, page views, session duration, country of origin etc.

Aggregated website statistics to assess performance and quality of service using Google Analytics .

  • Improve the quality of free services provided to users.

  • Better understand the usage of OERF hosted websites, and determine where to invest additional resources.

  • Monitoring loads and capacity of our technical infrastructure.

Cookie data

Monitoring session data, remembering user settings and prior navigation history. (Users can switch off cookies at the browser level but this will restrict your ability to use some features of our websites.)

  • To improve the user experience of OERF hosted websites.

What personal data requires consent for processing at OERF?

Type of data

Data processing activity


Personal blog url

For harvesting links to user blog posts which contain the course code for the aggregated course feed.

(User consents when providing the url.)

  • Improve the quality of the learning services.

Display name, username or name and user generated data

Attributing user generated posts on OERF websites and aggregated course feed

(User consents when posting)

  • Improve the quality of the learning services.

Name, email address, and personal preferences recorded by opt-in online survey

Course announcements,  optional support communications, and information updates about OERu and the OERF via email.

(User consents by active subscription to requested communications via checkbox on landing page survey)

  • Customise email communications based on needs identified, or confirmed, by users.

Avatar images

Associating a personal image with a user account on profile pages and course feed posts.

(User consents when they upload an avatar image)

  • Improve the personalisation  of the learning services.

Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs).  

We use marketing automation software for opt-in communications requested by users.  Web beacons are small electronic files that are embedded  in an email campaign. They are “fetched” when a user opens an email containing them in normally configured email software. Doing this allows us to see that the email has been opened. A user can block these by disabling “automatic image loading” in their email software.

(Users consent when they opt-in to receive these communications.)

  • To determine the effectiveness of communication campaigns. The web beacons enable the OERF to determine the number of emails opened and links clicked.

What rights do you have over your personal data?

Under the European General Data Protection Regulation (GDPR) you have the right to:

  • Access your personal data by making a subject access request.

  • Rectification, erasure or restriction of your information where this is justified.

  • Object to the processing of your information where this is justified.

  • Data portability.

To exercise these rights please contact the Privacy Officer at

Contact information

You can contact the Privacy Officer at or write to:

The Privacy Officer
OER Foundation Limited
c/o Otago Polytechnic
3rd floor, F Block
Forth Street
Private Bag 1910
Dunedin 9054
New Zealand

Changes to this privacy notice

We will keep this policy notice under regular review. Updates to this notice will be published on this page.

This privacy notice was last updated on 23 May 2018.