Legal basis for the use of personal data on Moodle
If you have an account, and use this to access Moodle, our legal basis for using your personal information is to allow us to deliver our contractual obligations to you as a user of our service.
Data held by Moodle
Data held by Moodle includes your name, and email address, as well as your College information, such as your ID number, username and enrolled paper information. It may contain other user contributed information.
Moodle logs contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated, the address of the machine from which the access was made, the browser identification information and information about the referring web page. Logs are used to create summary statistics which may be made internally available. Summary statistics do not include personal data.
The Moodle system contains information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other Moodle-based activities.
Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded.
Additional personal data may be held within individual courses, either within documents/resources uploaded to the course, or within activities within the course. Other than contributions to chat rooms and discussion forums which are submitted by individuals in a personal capacity, course maintainers are responsible for the information held about you that may be uploaded onto such courses.
How Moodle uses your personal information
Moodle records and uses your personal information to:
- Provide you an account to access, and be identifiable within, the College’s Learning Management System (Moodle)
- Provide you access to papers/sites within Moodle
- Provide you the ability to upload, amend and delete certain information within Moodle
- Provide you access to the information, resources and activities uploaded to Moodle
- Control access to different parts of the system.
- Help support Moodle users
- For system administration and bug tracking
- Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded)
- For producing usage statistics for management and planning purposes
Individual papers within Moodle may collect additional personal information in order to:
- Provide services to the users
- Facilitate and support business processes
- Support users in their use of Moodle
A non-exhaustive list of examples of this may include:
- Booking information
- User feedback
- Data collection for the purposes of business processes
- Contact information
- Application information
Where Moodle information comes from
For all users, Moodle records information supplied by the user. This includes information entered into your profile (such as telephone numbers, addresses) and data automatically entered via the College Student Management System, such as username, ID number and enrolled papers.
As well as the information that you upload and submit to Moodle, Moodle also contains additional information.
For users who identify themselves to the system with their College Username, Moodle uses information supplied by:
- The College’s authentication (ADFS) Service.
- The College’s student records (SITS) Service.
- The College’s central HR records.
- Relevant College departmental systems and services.
Additional information may be uploaded onto individual papers by users of the system.
What are the permissions we needed for the Google integrations to work?
profile – To view basic profile info
email – To view email address
openid – To authenticate using OpenID
https://www.googleapis.com/auth/drive – To upload, download, update, and delete files in Google Drive. To create, access, update, and delete native Google documents in Google Drive. To manage files and documents in your Google Drive (e.g., search, organize, and modify permissions and other metadata, such as title)
Who has access to Moodle data
The Moodle systems team at BTVI has access to all information stored within Moodle for the purposes set out above.
All course administrators and maintainers have access to the personal information of the other users of that course.
Relevant subsets of this data may be passed to computer security teams at the College ITS as part of an investigation into computer misuse.
Where Moodle information is shared
Moodle shares your personal information with other systems within the University
Certain data may be shared with the Lockdown Browser (Respondus). Their privacy notices are:
Moodle data retention
Information and data uploaded to Moodle, including accounts, papers and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely.
Moodle data is backed up at a facility managed by the IT department. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.
You may be given the option to access or register for the Service through the use of your username and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us.
By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), and basic profile information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate.
How ITS uses your information
If you approach the ITS service desk for help with a fault, issue, question or support, Moodle support staff will need to look at your data held on the system, which may include files in your personal areas and the Moodle courses to which you belong. We may need to perform any of the following:
- In the process of providing support, answering your Service Desk question, reproducing/investigating your issue/problem or when forming a response, the Moodle support staff may navigate and interact with Moodle using your account. To do this we may use a feature known as ‘login-as’ which allows the Moodle admins to impersonate your Moodle login. The Moodle admins do not add, edit or delete any data within Moodle when doing this, without your prior permission. We will never ask you to send your password to us as part of any support that we provide.
- The Moodle support staff, when providing support to your query, may also duplicate your course or data and transfer it into another part of the system or one of our test systems. This is to allow us to carry out investigations, test solutions and provide you with support.
- When providing support, the Moodle support staff never divulges your personal information to third parties, including usernames and passwords.