Aviso de Privacidad

In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.

Our legal bases for controlling or processing personal data are:

• Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You have the right to withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to privacy@moodle.com;
• Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
• Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
• Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
  • recruitment and induction of new employees, contractors and other people who work with us;
  • emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
  • business development; or
  • providing login systems to users via their existing social media accounts.

Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.

The special categories of personal data (Article 9 of GDPR) we process are:

• biometric data in the form of facial images, where you have uploaded and we store your profile picture;
• health data in respect of employees, contractors and other people who work with us; and/or
• any special categories of special personal data which any user volunteers while using our services (for example in a forum or submission).

If we need to pass on special category personal data (see Article 9 of GDPR) to a third party, we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above. This data is processed only in accordance with the legal grounds outlined in GDPR Article 9.

If you would like more details please refer to our Register of GDPR Information.

Moodle collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, including, without limitation, when you:

• create an individual or corporate user account;
• request support;
• register for or participate in an online class, exam, certification, training, webcast or other event;
• request information or materials;
• participate in surveys or evaluations;
• participate in promotions, contests or giveaways;
• make a purchase through our shop or register products;
• apply for employment;
• submit questions or comments; or
• submit content or posts on our forums or other interactive webpages.

We may need to pass your personal data on to third-party service providers contracted to Moodle in the course of dealing with you. We do this because there are services, such as our video conferencing facility, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.

We seek to enter into Data Processing Agreements with our third party service providers to ensure they only process your data as instructed by us. If you obtain products or services directly from us on behalf of others we will ensure you enter into a Data Processing Agreement (DPA) with us. You will also need to enter into a DPA with your students/employees/customers when using our systems.

We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organisational and technical safeguards for all personal data we hold. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We retain personal data for as long as necessary to fulfill the purposes outlined in this privacy notice or as required by law. Retention periods are determined based on the type of data and the purpose for which it was collected.

We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.

We do not share with, or receive personal information from, third parties unless it is necessary for the provision of our services and is carried out in accordance with applicable Data Processing Agreements (DPAs) and data protection laws.

We have no interest in collecting any data beyond that needed to ensure our services work for you. If we wish to contact you for marketing purposes, we will seek your explicit consent before doing so. You may withdraw your consent to marketing at any time by following the unsubscribe instructions provided in our communications. Moodle does not sell data, and has no intentions in doing so in the future.

At any point while we are in possession of or we process your personal data, you have the following rights:

• right to withdraw consent;
• right of access;
• right of rectification;
• right to erasure;
• right of data portability;
• right to restrict processing;
• right to object;
• right to object to automated processing, including profiling;
• right to know;
• right to opt out of the sale of your personal information, although we do not sell your data;
• right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why;
• right to be free of discrimination if you exercise your rights;
• notification of data breaches; and/or
• the right to lodge a complaint with a supervisory authority.

Where we are your Data Controller, please make your request directly to the Data Protection Officer at dpo@moodle.com. We will always respond within one month.

However, if we are processing your data on behalf of your Data Controller (your service provider) you should contact them directly.

This privacy notice outlines how we manage your personal data. If the website you are using is not hosted by us or you click on a link to another website, we encourage you to read their privacy notice.

Children and Personal Data

Verification

Amendments to our Privacy Notice

How to contact us

How to contact the appropriate authorities

Register of GDPR Information