OUR PRIVACY POLICY

Effective date: May 1st 2026

At VideoLectures.net, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website.

1. Data Controller

The data controller responsible for your personal data is:

International Research Centre on Artificial Intelligence (IRCAI) under the auspices of UNESCO, based at the Jožef Stefan Institute, Jamova cesta 39, SI-1000 Ljubljana, Slovenia.

Contact email: info@videolectures.net

All personal data is hosted on infrastructure managed by IRCAI. No external data processors are used.

Data Protection Officer (DPO): dpo@ijs.si

2. Information We Collect

a. User Accounts

When you register on our platform, we collect the following information:

• Username
• Email address
• Optional Google account login

Registered users can:

• Access private videos when such permission is granted
• Create and share playlists

You may update your personal data (username and password) and delete your account at any time. The email cannot be changed. Email address changes require identity verification; please contact info@videolectures.net to request a change.

Data retention period: We retain account data for as long as your account remains active. If your account is inactive (i.e. no login) for 24 months, we may notify you and, if there is no response or renewed activity, delete or anonymise the associated personal data, unless retention is required to comply with legal obligations, maintain security, prevent fraud or abuse, or establish, exercise, or defend legal claims.

Usage/analytics data are retained in anonymised form. Server/access logs are retained for 7 days for security purposes. Data subject to an ongoing legal obligation may be retained beyond these periods.

We also send service emails for:

• Password resets
• Occasional notifications about portal functionality and updates

b. Cookies

We use cookies to detect and block bots. We are using local installation of Anubis, to confirm the visitor has passed the anti-bot challenge (proof of human). Anubis uses a JWT, does not contain personal data but proves the browser has passed verification.

Note on JWT: A JSON Web Token (JWT) is a digitally signed token that stores proof of successful challenge completion. It is secure, cannot be forged, and contains no personal data. It allows users to access protected resources without repeated verification until it expires.

Anubis cookie expires in 7 days or until server invalidates JSON Web Token inside it for a key rotation.

We use Matomo for cookieless, privacy-focused analytics. Matomo is configured to anonymise IP addresses. In this configuration, Matomo does not store analytics cookies on your device. Essential cookies used for session management, security, and anti-bot protection are strictly necessary for the operation of the website and do not require consent.

3. Legal Basis for Processing

We process personal data only where we have a valid legal basis under the GDPR. Depending on the purpose, this may include:

• Contractual necessity — where processing is required to create and manage your account, provide access to private videos, deliver account features, and send service-related communications.
• Legitimate interests — where processing is necessary for the secure and effective operation of the platform, including security and anti-bot measures, basic analytics, and certain research activities, provided these interests are not overridden by your rights and freedoms.
• Consent — where required by law, we will ask for your consent before processing your data for specific purposes.

In particular, we rely on the following legal bases for these activities:

• Account registration data — contractual necessity
• Access to private videos and account functionality — contractual necessity
• Service emails — contractual necessity
• Security and anti-bot measures — legitimate interests
• Platform analytics — legitimate interests, or consent where required by law
• Research and sharing of anonymised data — legitimate interests

4. Data Sharing

We do not share personal data with third-party organisations. All personal data is stored and processed on IRCAI-managed infrastructure. We may share anonymised and aggregated data for research purposes, including:

• Videos or lectures watched
• Search keywords

These anonymised data are used internally for research and may be shared with:

• Researchers
• Partner organisations developing technologies for personalised learning recommendations

All shared data are anonymised to prevent the identification of individual users.

5. Data Protection

We implement appropriate technical and organisational measures to protect your personal data, including:

• Hosting all data on secure IRCAI servers
• Regular security audits
• Encrypting data during transmission

Additional security measures include: access controls limiting data access to authorised personnel only; pseudonymisation of analytics data where practicable; and an incident response procedure for personal data breaches. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Slovenian Information Commissioner (IP RS) within 72 hours and, where required, notify affected users without undue delay, in accordance with GDPR.

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Correct any inaccurate or incomplete data.
• Deletion: Request the deletion of your personal data (account deletion).
• Objection: Object to certain processing based on legitimate interests.
• Withdrawal of consent: Withdraw your consent at any time for processing that relies on consent.
• Restriction of processing: You may request that we restrict processing of your data in certain circumstances (e.g. while a dispute over accuracy is resolved).

We may also delete or anonymise personal data on our own initiative when it is no longer necessary for the purposes for which it was collected, in line with applicable retention rules.

To exercise your rights, contact us at info@videolectures.net. We will respond to requests to exercise your rights within one month of receipt, as required by GDPR. This period may be extended by a further two months where requests are complex or numerous, in which case we will inform you of the extension within the first month.

You also have the right to lodge a complaint with the Slovenian Data Protection Authority if you believe your data is not being processed in accordance with GDPR. This right does not affect any other administrative or judicial remedies available to you.

7. Children's Privacy

We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at info@videolectures.net.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We distinguish between two types of changes:

• Minor changes (typographical corrections or clarifications that do not affect how your data is processed) will be reflected on this page with an updated effective date.
• Material changes (changes to the purposes for which we process your data, the categories of data collected, the legal basis, or your rights) will be communicated to registered users by email.

Continued use of the Website after the effective date of a material change constitutes acceptance of the updated Privacy Policy.