Effective: January 1, 2020.
- Coursera, Inc. is the data controller of your personal information.
- We collect the personal information set out in the "What Information We Collect" section of this Privacy Notice below, including account registration details such as name and email, details of Content Offerings you undertake, survey information (where you provide it), identity verification data, and information about your use of our site and Services.
- We use your personal information for the purposes set out in the "How We Use the Information" section of this Privacy Notice below, including providing our site and Services to you, ensuring the security and performance of our site, conducting research relating to Content Offerings, sharing information with our Content Providers and our suppliers, direct marketing, and performing statistical analysis of the use of our site and Services.
- You have a number of rights that you can exercise in relation to our use of your personal information, as set out in the "Updating or Deleting Your Personally Identifiable Information" section of this Privacy Notice below.
Purpose and who we are
What Information this Privacy Notice Covers
This Privacy Notice covers information we collect from you through our Site. Some of our Site’s functionality can be used without revealing any Personally Identifiable Information, though for features or Services related to the Content Offerings, Personally Identifiable Information is required. In order to access certain features and benefits on our Site, you may need to submit, or we may collect,
"Personally Identifiable Information" (i.e., information that can be used to identify you)(may also be referred to as “personal data” or “personal information”). Personally Identifiable Information can include information such as your name, email address, IP address, and device identifier, among other things. You are responsible for ensuring the accuracy of the Personally Identifiable Information you submit to Coursera. Inaccurate information may affect your ability to use the Site, the information you receive when using the Site, and our ability to contact you. For example, your email address should be kept current because that is one of the primary manners in which we communicate with you.
What You Agree to by Using Our Site
We consider that the legal bases for using your personal information as set out in this Privacy Notice are as follows:
- our use of your personal information is necessary for complying with our legal obligations; or
- use of your personal information is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests are to:
- run, grow and develop our business;
- operate our Site and provide our Services;
- select appropriately skilled and qualified suppliers;
- build relationships with partners and academic institutions;
- carry out research and statistical analysis;
- carry out marketing and business development; and
- for internal administrative and auditing purposes.
- consent, to send you certain communications or where you submit certain information to us.
Which legal basis applies to a specific processing activity will depend on the type of personal information processed and the context in which it is processed.
If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.
We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time as described below).
If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by visiting your profile page and clicking the box to remove consent or delete your account and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our Services to you.
What Information We Collect
We gather two types of information about users through the Site:
- Personally Identifiable Information provided directly by you or via third parties. We collect Personally Identifiable Information that you provide to us when you register for an account, update or change information for your account, purchase products or Services, complete a survey, sign-up for email updates, participate in our public forums, send us email messages, and/or participate in Content Offerings or other Services on our Site. We may use the Personally Identifiable Information that you provide to respond to your questions, provide you the specific Content Offering and/or Services you select, send you updates about Content Offerings or other Coursera events, and send you email messages about Site maintenance or updates.
Account Registration. If you register for an account on our Site, you may be required to provide us with Personally Identifiable Information such as your name and email address.
Updates. Coursera may offer you the ability to receive updates either via email or by posting on portions of the Site only accessible to registered users. In order to subscribe to these Services, you may be required to provide us with Personally Identifiable Information such as your name and email address.
- Participation in Content Offerings. Coursera offers users the opportunity to participate in an Content Offerings on or through the Site. If you desire to participate in a Content Offering, you will be asked to provide us with certain information necessary to conduct such a Content Offering. This information may include, among other things, your name and email address.
If you participate in a Content Offering, we may collect from you certain student-generated content, such as assignments you submit to instructors, peer-graded assignments, and peer grading student feedback. We also collect course data, such as student responses to in-video quizzes, standalone quizzes, exams, and surveys. You should not include any Personally Identifiable Information or other information of a personal or sensitive nature, whether relating to you or another person, on assignments, exams, or surveys, except for information required to participate or submit such assignments, exams, or surveys.
Identity Verification. Coursera may offer you the ability to verify your identity for select Services. In order to enroll for these Services, you may be required to provide us or our third-party identity verification vendor with Personally Identifiable Information such as your name, address, date of birth, a headshot taken using a webcam, and a photo identification document. Additionally, if you apply for financial aid in connection with these Services, you may be required to provide information regarding your income.
Communications with Coursera. We may receive Personally Identifiable Information when you send us an email message or otherwise contact us.
Third Party Sites. We may receive Personally Identifiable Information when you access or log-in to a third party site, e.g., Facebook, from our Sites. This may include the text and/or images of your Personally Identifiable Information available from the third party site.
Surveys. We may receive Personally Identifiable Information when you provide information in response to a survey operated by us or a Content Provider.
Partner sites. Partner sites providing Content Offering related tools and services to Coursera users may collect nonfinancial individual level user data regarding the individual’s use of that partner site while the partner sites provide those services to Coursera. The partner sites may share that data with Coursera for the purpose of improving Coursera’s Services, the partner site’s services, and the individual’s education experience. This data includes information such as the amount of time spent on the partner site and pages viewed.
- Third Party Credit Card Processing. Coursera provides you with the ability to pay for Content Offerings and other Services using a credit card through a third party payment processing service provider. Please note that our service provider – not Coursera – collects and processes your credit card information.
How We Use the Information
- Information relating to your use of our Site. We use information relating to your use of the Site to build higher quality, more useful Services by performing statistical analyses of the collective characteristics and behavior of our users, and by measuring demographics and interests regarding specific areas of our Site. We may also use this information to ensure the security of our Services and the Site.
- Personally Identifiable Information provided directly by you or via third parties. Except as set forth in this Privacy Notice or as specifically agreed to by you, Coursera will not disclose any of your Personally Identifiable Information. In addition to the other uses set forth in this Privacy Notice, we may disclose and otherwise use Personally Identifiable Information as described below.
Providing the Site and our Services. We use Personally Identifiable Information which you provide to us in order to allow you to access and use the Site and in order to provide any information, products, or Services that you request from us.
Technical support and security. We may use Personally Identifiable Information to provide technical support to you, where required, and to ensure the security of our Services and the Site.
Updates. We use Personally Identifiable Information collected when you sign-up for our various email or update services to send you the messages in connection with the Site or Content Offerings. We may also archive this information and/or use it for future communications with you, where we are legally entitled to do so.
Forums. You should not post any Personally Identifiable Information or other information of a personal or sensitive nature, whether relating to you or another person, within a Forum post. If you choose to post Personally Identifiable Information, such Personally Identifiable Information may be collected during your use of the Forums. We may publish this information via extensions of our Platform that use third-party services, like mobile applications. We reserve the right to reuse Forum posts that contain Personally Identifiable Information in future versions of the Content Offerings, and to enhance future Content Offerings. We may archive this information and/or use it for future communications with you and/or your designee(s), and/or provide it to the Content Provider, business partner, or the instructor(s) associated with the courses you have taken. We may also use or publish posts submitted on the Forums without using Personally Identification Information.
Participation in Content Offerings. We use the Personally Identifiable Information that we collect from you when you participate in a Content Offering through the Site for processing purposes, including but not limited to tracking attendance, progress, and completion of an Online Course. We may also share your Personally Identifiable Information and your performance in a given Content Offering with the instructor or instructors who taught it, with teaching assistants or other individuals designated by the instructor or instructors to assist with the creation, modification, or operation of the Content Offering, and with the Content Provider(s) with which they are affiliated. We may also use the information generated when taking a Content Offering or using the Services for predictive analysis of your performance in the Content Offerings. Also, we may archive this information and/or use it for future communications with you, where we are legally entitled to do so.
Identity Verification. For Services that require identity verification, we may use the Personally Identifiable Information that we collect for verifying your identity, and for authenticating that submissions made on the Site were made by you. This Service may be provided through a third-party identity verification vendor. Your photo identification document will be deleted after successful verification of your profile information.
Communications with or from Coursera. When you send us an email message or otherwise contact us, we may use the information provided by you to respond to your communication and/or as described in this Privacy Notice. We may also archive this information and/or use it for future communications with you where we are legally entitled to do so. Where we send you emails, we may track the way that you interact with these emails (such as when you open an email or click on a link inside an email). We use this information for the purposes of optimizing and better tailoring our communications to you.
Communications with Coursera Business Partners. We may share your Personally Identifiable Information with Content Providers and other business partners of Coursera so that Content Providers and other business partners may share information about their products and services that may be of interest to you where they are legally entitled to do so.
Research. We may share general course data (including quiz or assignment submissions, grades, and forum discussions), information about your activity on our Site, and demographic data from surveys operated by us with our Content Providers and other business partners so that our Content Providers and other business partners may use the data for research related to online education.
Disclosure to Coursera Operations and Maintenance Contractors. We use various service providers, vendors and contractors (collectively, "Contractors") to assist us in providing our Services to you. Our Contractors may have limited access to your Personally Identifiable Information in the course of providing their products or services to us, so that we in turn can provide our Services to you. These Contractors may include vendors and suppliers that provide us with technology, services, and/or content related to the operation and maintenance of the Site or the Content Offerings. Access to your Personally Identifiable Information by these Contractors is limited to the information reasonably necessary for the Contractor to perform its limited function for us.
Disclosure to Acquirers. Coursera may disclose and/or transfer your Personally Identifiable Information to an acquirer, assignee or other successor entity in connection with a sale, merger, or reorganization of all or substantially all of the equity, business, or assets of Coursera to which your Personally Identifiable Information relates.
- e-Readers. If we receive any Personally Identifiable Information related to the extent to which you use designated e-Readers to access Coursera materials, we may archive it, and use it for research, business, or other purposes.
Retention of Personally Identifiable Information
We keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is collected and processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise, or defend our legal rights.
Confidentiality & Security of Personally Identifiable Information
We consider the confidentiality and security of your information to be of the utmost importance. We will use industry standard physical, technical, and administrative security measures to keep your Personally Identifiable Information confidential and secure, and will not share it with third parties, except as otherwise provided in this Privacy Notice, or unless such disclosure is necessary in special cases, such as a physical threat to you or others, as permitted by applicable law. Because the Internet is not a 100% secure environment, we cannot guarantee the security of Personally Identifiable Information, and there is some risk that an unauthorized third party may find a way to circumvent our security systems or that transmission of your information over the Internet will be intercepted. It is your responsibility to protect the security of your login information. Please note that e-mails communications are typically not encrypted and should not be considered secure.
Updating or Deleting Your Personally Identifiable Information
You have certain rights in relation to your Personally Identifiable Information. You can access your Personally Identifiable Information and confirm that it remains correct and up-to-date, choose whether or not you wish to receive material from us or some of our partners, and request that we delete or provide you with a copy of your personal data by logging into the Site and visiting your user account page.
If you would like further information in relation to your rights or would like to exercise any of them, you may also contact us via email@example.com. If you reside or are located in the EEA, you have the right to request that we:
- provide access to any Personally Identifiable Information we hold about you;
- prevent the processing of your Personally Identifiable Information for direct-marketing purposes;
- update any Personally Identifiable Information which is out of date or incorrect;
- delete any Personally Identifiable Information which we are holding about you;
- restrict the way that we process your Personally Identifiable Information;
- provide your Personally Identifiable Information to a third party provider of services; or
- provide you with a copy of any Personally Identifiable Information which we hold about you. We try to answer every email promptly where possible, and provide our response within the time period stated by applicable law. Keep in mind, however, that there will be residual information that will remain within our databases, access logs, and other records, which may or may not contain your Personally Identifiable Information. Please also note that certain Personally Identifiable Information may be exempt from such requests in certain circumstances, which may include if we need to keep processing your Personally Identifiable Information to comply with a legal obligation. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity.
Questions, Suggestions, and Complaints
If you have any privacy-related questions, suggestions, unresolved problems, or complaints, you may contact us via firstname.lastname@example.org. If you reside or are located in the EEA, our Data Protection Officer and Privacy Team may assist with all queries regarding our processing of Personally Identifiable at email@example.com. If you reside or are located in the EEA, you may also make a complaint to our supervisory body for data protection matters (namely the UK Information Commissioner's Office) or seek a remedy through local courts if you believe that your rights have been breached.
Coursera UK Limited serves as the EU Representative for Coursera, Inc. To contact Coursera UK Limited, please use the following contact info:
Post: Coursera UK Limited Attn: Privacy Request City Bridge House, 57 Southwark Street, London SE1 1RU Phone: +44 20 3457 0256 Email: firstname.lastname@example.org
California Privacy Rights
Under California’s "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2018 will receive information regarding 2017 sharing activities).
To obtain this information, please send an email message to email@example.com with "Request for California Privacy Information" on the subject line and in the body of your message. We will provide the requested information to you at your email address in response. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
Under the California Consumer Privacy Act (“CCPA”), California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights. Coursera does not sell any of the data we collect about you. If you’d like to exercise any of the other rights afforded to you, select ‘Settings’ in your account or contact us at firstname.lastname@example.org.
International Privacy Practices
Coursera’s Sites are primarily operated and managed on servers located and operated within the United States. In order to provide our products and Services to you, we may send and store your Personally Identifiable Information (also commonly referred to as personal data) outside of the country where you reside or are located, including to the United States. Accordingly, if you reside or are located outside of the United States, your Personally Identifiable Information may be transferred outside of the country where you reside or are located, including to countries that may not or do not provide the same level of protection for your Personally Identifiable Information. We are committed to protecting the privacy and confidentiality of Personally Identifiable Information when it is transferred. If you reside or are located within the EEA and such transfers occur, we take appropriate steps to provide the same level of protection for the processing carried out in any such countries as you would have within the EEA to the extent feasible under applicable law. We participate in and commit to adhering to the EU-U.S. Privacy Shield Framework when transferring data from the EEA to the United States. Please see our Privacy Shield Notice below for further information.
Changing Our Privacy Notice
Please note that we review our privacy practices from time to time, and that these practices are subject to change. Any change, update, or modification will be effective immediately upon posting on our Site. We will notify you of any material change to this Privacy Notice by posting a notice on our Site’s homepage for a reasonable period of time following such update or by sending an email to the email address associated with your user account, and by changing the effective date (located at the top and bottom of this page). Be sure to return to this page periodically to ensure familiarity with the most current version of this Privacy Notice.
No Information from Children Under 13
Coursera strongly believes in protecting the privacy of children. Any use or access by anyone under the age of 13 is prohibited, and certain regions and Content Offerings may have additional requirements and/or restrictions. In line with this belief, we do not knowingly collect or maintain Personally Identifiable Information on our Site from persons under 13 years of age, and no part of our Site is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access this Site at any time or in any manner. We will take appropriate steps to delete any Personally Identifiable Information of persons less than 13 years of age that has been collected on our Site without verified parental consent upon learning of the existence of such Personally Identifiable Information.
Privacy Shield Notice
Effective as of January 1, 2020.
Coursera, Inc. (referred to as "we," "us," or "our"), believes in protecting your privacy.
We participate in and commit to adhering to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks which includes the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (the "Principles") for all transfers of personal data from the EEA, Switzerland, or the United Kingdom to the U.S. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please click here. When we use the term "Personal Information" in this Privacy Shield Notice, we are referring to any information that (i) is recorded in any form; (ii) is about an identified or identifiable individual; and (iii) is received by us from the EEA, Switzerland, or the United Kingdom.
When we use the term "Sensitive Personal Information" in this Privacy Shield Notice, we are referring to a particular subset of an individual’s Personal Information that provides details of his or her race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership or that concerns his or her health.
The purpose of this Privacy Shield Notice is to outline our general practices for implementing the Principles with respect to the Personal Information we collect. If you would like to obtain additional information regarding our privacy practices in connection with information collected on this website in general, please refer to our online Privacy Notice.
- Choice. We will offer you the opportunity to opt-out of your Personal Information (or to provide explicit consent for Sensitive Personal Information) being: (i) disclosed to a third party (other than a service provider as set forth below); or (ii) used for a purpose materially different from the purpose for which it was originally collected (as set out in our Privacy Notice), or subsequently authorized by you, when the circumstances arise. You also have the ability to opt out at any time from the use of your Personal information for direct marketing purposes. To exercise this right, please check your settings options. If you have further questions related to the above, you can also contact us at email@example.com.
Where we process personal data on behalf of our business partners, we will work with them to ensure you are offered appropriate choices (and means to exercise those choices) for limiting use or disclosure of your personal data (where appropriate).
Notwithstanding the foregoing, you agree that we may disclose Personal Information under the following circumstances without offering you an opportunity to opt out of such disclosure: (i) to our Content Providers and other service providers that we have retained to perform requested Services on our behalf; (ii) if we are required to do so by law or legal process; (iii) pursuant to valid requests by law enforcement or other government authorities (which we are legally required to respond to); and (iv) when we believe disclosure is necessary to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. In addition, we reserve the right to transfer Personal Information in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use the Personal Information in a manner consistent with this Privacy Shield Notice.
- Onward Transfers (Transfer to Third Parties). We will only transfer Personal Information to third parties where the third party: (i) has provided satisfactory assurances to us that it will protect the Personal Information in accordance with this Privacy Shield Notice and the Principles; (ii) is located in the EU or a country considered "adequate" for privacy by the EU Commission, and therefore is required to comply with the EU data protection laws or substantially equivalent privacy laws; or (iii) has certified to Privacy Shield, and is independently responsible for complying with the Principles.
Where we have knowledge that a third party to whom we have provided Personal Information is processing that Personal Information in a manner contrary to this Privacy Shield Notice or the Principles, we will take reasonable steps to prevent or terminate processing by the third party until such time the third party can process Personal Information in compliance with this Privacy Shield Notice and the Principles. Under certain circumstances, we may be potentially liable if these requirements are not met.
Data Security. We will take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have implemented appropriate physical, electronic and managerial procedures to help safeguard and secure Personal Information from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
Data Integrity and Purpose Limitation. We will process Personal Information in a manner that is compatible with and relevant to the purpose for which it was collected or authorized by you. To the extent necessary for those purposes, we will take reasonable steps to ensure that Personal Information is accurate, complete, current, and reliable for its intended use.
Access. Upon request, we will provide you with reasonable access to the Personal Information about you that we hold. We will also take reasonable steps to correct, update, amend, or delete any information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to your privacy in the case in question or where the rights of third parties would be violated. Where we process personal data on behalf of our business partners, we will work with them in complying with such requests in accordance with applicable law.
- Recourse; Enforcement. We will regularly review our compliance with the statements set forth in this Privacy Shield Notice, and we will provide an independent way to resolve complaints about our privacy practices. We encourage interested persons to first contact us (contact information provided below) and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. If your inquiry is not satisfactorily addressed by us, we have registered with the International Centre for Dispute Resolution ("ICDR"), a division of the American Arbitration Association, to provide independent third party dispute resolution (free of charge) to you. To contact ICDR and/or learn more about the company’s dispute resolution services, including complaint submission, please visit: http://go.adr.org/privacyshield.html. There may also be circumstances when disputes can be resolved through the Privacy Shield binding arbitration process. Please see the Privacy Shield website for further information: https://www.privacyshield.gov/article?id=C-Pre-Arbitration-Requirements. For residents of Switzerland, the Swiss Federal Data Protection and Information Commissioner’s authority will replace that of the EU bodies. For residents of the United Kingdom, the Information Commissioner’s Office will serve this role.
- Jurisdiction. As part of our participation in Privacy Shield, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and other authorized statutory bodies.
We may amend this Privacy Shield Notice from time-to-time in accordance with the requirements of the EU-U.S. or Swiss-U.S. Privacy Shield Framework. The most recent version of the Privacy Shield Notice will always be posted to this website. Anytime that we do make such changes, we will also update the effective date listed at the top of the Privacy Shield Notice. Please be sure to review the most recent version of the Privacy Shield Notice each time that you visit this website so that you are aware of how we collect, use, and retain personal information.
Please contact us with any questions or comments about this Privacy Shield Notice, transfer of your personal information from the EEA, Switzerland, or the United Kingdom to the U.S., our privacy practices, or your consent choices by email at firstname.lastname@example.org.
Below is a list of all the revisions made to our Privacy Policies, with links to view the difference between each revision.
- 2019-12-20: Updated to incorporate CCPA and increase transparency of data handling practices.
- 2019-03-19: Updated to include EU Representative contact info
- 2018-12-11: Updated contact ICDR link
- 2018-07-11: Updated for clarification on grounds for data processing.
- 2018-05-16: Added table of contents and summary. Clarified sections on data processing bases and communications
- 2018-03-16: Updated for GDPR and removed outdated Swiss Safe Harbor Policy
- 2017-06-28: Updated Privacy Shield Policy
- 2016-09-29: New Privacy Shield Policy/Revised Safe Harbor Policy
- 2014-01-02: Initial revision