Avis de confidentialité

Last updated: December 2021
Please ensure you read the privacy notice in full.

Moodle Pty Ltd and its affiliated companies (“Moodle”, “we” or “us”), is the company at the heart of the open source Moodle Project: empowering educators to improve our world. This privacy notice sets out how Moodle collects and uses information about you when you use our products and services (“services”) and why we collect certain personal data. This notice also explains the choices that you can make about the way that we use your information.

Your privacy protection is important to us. This is why we have adopted the following pivotal legislation: EU’s General Data Protection Regulation 2016/679 (“GDPR”), UK General Data Protection Regulation (“UK GDPR”) and the California Consumer Privacy Act 2018 (“CCPA”). This privacy notice relates to all personal data we process and addresses the legislation mentioned.

‘Personal data’, in this privacy notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Why we collect your personal data

So that we can help you, we need your data and here we tie in our legal justifications for needing to collect your data.

In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.

Our legal bases for controlling or processing personal data are:

Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to privacy@moodle.com;
Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
- recruitment and induction of new employees, contractors and other people who work with us;
- emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
- business development; or
- providing login systems to users via their existing social media accounts.

Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.

The special categories of personal data (Article 9 of GDPR) we process are:

biometric data in the form of facial images, where you have uploaded and we store your profile picture;
health data in respect of employees, contractors and other people who work with us; and/or
any special categories of special personal data which any user volunteers while using our services (for example in a forum or submission).

If we need to pass on special category personal data (see Article 9 of GDPR) to a third party, we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above.

If you would like more details please refer to our Register of Processed Information.

How we collect personal data

Here we give you examples of ways that you interact with us and the resulting data we may collect!

Moodle collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, including, without limitation, when you:

create an individual or corporate user account;
request support;
register for or participate in an online class, exam, certification, training, webcast or other event;
request information or materials;
participate in surveys or evaluations;
participate in promotions, contests or giveaways;
make a purchase through our shop or register products;
apply for employment;
submit questions or comments; or
submit content or posts on our forums or other interactive webpages.

How we use personal data

Here we let you know what happens if we need to engage others to assist us to service your needs. If we do engage others we have set how we ensure your data is kept safe.

We may need to pass your personal data on to third-party service providers contracted to Moodle in the course of dealing with you. We do this because there are services, such as our video conferencing facility, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.

We seek to enter into Data Processing Agreements with our third party service providers to ensure they only process your data as instructed by us. If you obtain products or services directly from us on behalf of others we will ensure you enter into a Data Processing Agreement (DPA) with us. You will also need to enter into a DPA with your students/employees/customers when using our systems. An example of our DPA is available on our website.

How we store personal data

Here we outline our processes for data storage, how we will protect your data and keep it only for as long as needed!

We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organisational and technical safeguards for all personal data we hold. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business sector requirements and agreed practices. Personal data can be held in addition to these periods depending on individual business needs.

We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.

Marketing

We love to share, but you can opt out and we will not sell your information!

We have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavour to seek your consent appropriately. Moodle does not sell data, and has no intentions in doing so in the future.

Data protection rights

You control the personal data you share with us! Here, we outline your rights under GDPR and CCPA.

At any point while we are in possession of or we process your personal data, you have the following rights:

(GDPR) right of access – you have the right to request a copy of the information that we hold about you;
(GDPR) right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
(GDPR) right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
(GDPR) right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
(GDPR) right of portability – you have the right to have the data we hold about you transferred to another organisation;
(GDPR) right to object – you have the right to object to certain types of processing such as direct marketing;
(GDPR) right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
(GDPR) right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below;
(CCPA) right to deletion - you have the right to delete personal information collected from you (with some exceptions);
(CCPA) right to opt out of sales - we do not sell your data;
(CCPA) right to be free of discrimination - if you exercise your rights we will not discriminate against you; and/or
(CCPA) right to know - you have the right to know:
- the categories of personal information collected;
- specific pieces of personal information collected;
- the categories of sources from which we collect personal information;
- the purposes for which we use your personal information;
- the categories of third parties with whom we share your personal information; and/or
- the categories of information that we disclose to third parties.

Where we are your Data Controller, please make your request directly to the Data Protection Officer at dpo@moodle.com. We will always respond within one month.

However, if we are processing your data on behalf of your Data Controller (your service provider) you should contact them directly.

Privacy notices of other websites

Our privacy notice and managing your data is only applicable when you are using our services. It does not cover your use of others’ sites and services.

This privacy notice outlines how we manage your personal data. If the website you are using is not hosted by us or you click on a link to another website, we encourage you to read their privacy notice.

Where we are not involved with your personal data, such as where the Moodle software has been self-hosted, you should address your requests to the Data Controller of the website since we have no access to your personal data.

Children and Personal Data

Let’s keep our children safe!

Here at Moodle we understand the importance of protecting the personal data of children under the age of 16. It is not our intention to collect personal data from a child. If you believe that a child has disclosed personal data or that we hold personal information about a child, please email us at privacy@moodle.com.

Verification

Before we action a request we need to ensure it is from you.

Before we action a personal data request we need to verify your identity. We accept a request made through your personal Moodle account while you are logged in. We sometimes require additional information such as a colour copy of your passport, driving licence or national ID card.

Amendments to our Privacy Notice

We are transparent about any updates made to this Notice.

Moodle updates our privacy notice when necessary or in response to:

feedback from our community, customers, relevant authority, industry or other stakeholders;
changes in our products or services; and/or
data processing or policy changes.

The “last updated” date at the top of this privacy notice reflects when the most recent changes were made. We encourage you to periodically review this privacy notice for any amendments.

How to contact us

We love feedback, reach out to us!

If you have any questions about our privacy notice, please contact us via our Feedback Form, or by email at privacy@moodle.com, or by mail at:

Moodle Pty Ltd
PO Box 303
West Perth WA 6872
Australia

How to contact the appropriate authorities

Here we provide further independent contacts should they be required.

If you have questions or wish to lodge a complaint about how your personal data is being processed by us (or third parties as described above), or how your complaint has been handled, you have the right to contact a supervisory authority and also our Data Protection Officer, Data Compliance Europe Ltd.

Our independent Data Protection Officer is:
Data Compliance Europe Ltd.
12 City Gate
Lower Bridge Street, Dublin 8
Ireland
Email: moodle@datacomplianceeurope.eu
Phone: +353 1 6351580

Our supervisory authority is:
Data Protection Commissioner
Canal House
Station Road, Portarlington
R32 AP23 Co Laois
Ireland
Email: info@dataprotection.ie
Phone: +353 57 8684800

Register of Process Information

Purpose of processing	Categories of personal data	The source of the personal data
Individual’s Profile on Moodle Partner site	Contact details	Data Subject and Data Subject employer
Access to Partner data on Moodle Partner site	User and activity data	Data Subject, Moodle HQ
Partner Marketing Support	Client details, Partner details	Data Subject, Data Subject employer, Partner organisation
Partnership support conference calls	Name, Voice Recording, Video/Photograph of user	Moodle HQ – Moodle Partner Site Data
Moodle Client Customer financial data from Partners	Client financial information, Partner details Client details, Partner details	Moodle Partner
writing and storage of agreements/contracts/documentation with partners, and potential partners	Contact details	Moodle Partner / Applicant
General Business Documentation of meetings including attendees	Partner Organisation details, Partner details, Partner Employees	Data Controller Controller
General Business Documentation	Partner Organisation details, Partner details	Data Controller Controller
Central code repository	contact details (name, surname, email, photo), activity and contribution	Data Subject
Community education and feedback	contact details (name, surname, email, photo), activity and contribution	Data Subject
Mirror of central code repository	contact details (name, surname, email, photo), activity and contribution	Data Subject
Public Moodle Code Repository	contact details (name, surname, email, photo), activity and contribution	Data Subject
Private Moodle Code Repository	contact details (name, surname, email, photo), activity and contribution	Data Subject
Developer code repository	contact details (name, surname, email, photo), activity and contribution	Data Subject
Sharing of rapid prototypes, research artefacts, usability testing feedback	Contact details, activity, contribution	Employee/contractors
Conduct user studies, interviews, and surveys	Contact details, activity, contribution	Employee/contractors
Conduct user surveys, MOBILE – Support for Airnotifier sites	Contact details, form entries,	Data Subject
Scheduler for usability testing & user interviews	Name, email, Contact details, schedules, location data	Data Subject
Host the usability tests and user interview recordings	Contact details, biometric data including pictures video and voice recording	Data Subject
Community engagement & recruitment for user studies	Names, Addresses, emails, phone numbers, Health Records, Contact details, biometric, IP Address, document contents, email contents, usage records	Data Subject
MOBILE – Training in Moodle moots	contact details (name, surname, email, photo), activity and contribution	Data Subject
sending newsletters, leads to commercials Partners	Name, email, phone number, country of subscribers, organisation name, organisation type, department	Data Subject
Attendees’ registration and payment for Moodle Moots organized by Moodle directly	email address, name, telephone, payment details, country of origin, occupation, dietary requirements	Data Subject
Presentations’ admission process run by Event department for Moodle Moots organized by Moodle directly	email address, name, country, workplace, personal presentation, summary of applicable presentations	Data Subject
sending notifications to Moodle Moots attendees that have voluntary downloaded the Moodle Moot application for the conference	name, surname, email address	Data Subject
MOOC participants information	name, email address	Data Subject
provide Moodle education certification service to the users	name, email address, user´s contributions, IP addresses, on a voluntary basis: geolocalization and picture	Data Subject and Moodle Partner that enrols Data Subject
use the image made public by a user on Gravatar	use the image made public by a user on Gravatar	Data Subject
registration of websites using Moodle and Moodle services	website URL, name and IT admin email address	Data Subject
Recruitment of candidates	Name, Address, phone number, email, social media profile links, Photograph, educational and work history, interests	Data Subject
Reference’s check of candidates to be recruited for recruitment	Contact details, role and any relevant info of referee’s candidate	Data Subject
On-boarding of employees and contractors	Contact details, emergency contact details, drivers licence, passport, ID documents, banking details, tax details, superannuation details, gender, qualifications, biometric data, date of birth	Data Subject
Health and Safety	Name, phone number, email, relationship with Employee	Data Subject
Health Records for Employees/contractors	Health Records	Data Subject
Performance’s measure	Performance information, contact details	Managers/HR
Letter of Offer	Name, address, phone number, email and remuneration details of contractors	Data Subject
Management coaching to strength management capability	Performance information, performance opinions, contact details	Data Subject
Manage the organizational structure of the company	Pictures, name and surname	Data Subject
Collecting names and surnames of Moodle employees and contractors and their details linked to individual KPIs	Pictures, name and surname, role and title	Data Subject
Paying wages to employees	Contact details (name, surname and email), Bank details, Tax details, sick leave, Annual Leave, salary, pension	employee
Collecting fees payable by direct clients	Contact details (name, surname and email)	Client
Collecting fees payable by partners	Contact details (name of partner, email, name and surname of partner representative)	Partner
Receiving event registration fee	Contact details (name, surname, email of the participant, phone number, business name and address)	Attendee
Paying supplier invoices	Supplier details (name, surname, email, bank details)	Supplier
log storing and searching for analysing and troubleshooting MoodleCloud sites and signup/provisioning	Location, IP address	MoodleCloud site admins and MoodleCloud site users
Storing of historical logs – Moodle, web server, statistics	Site name, location, IP address	MoodleCloud site admins and users
Facilitating the signup and control of the MoodleCloud account and Moodle Apps Plans Portal	Name, email, location, telephone number	MoodleCloud and Moodle Apps Plans Portal site admins
Primary provider for text messaging. Logs for text message sending	Phone numbers	MoodleCloud site admins
Email processing (moodle and signup)	email	MoodleCloud site admins and MoodleCloud site users
Text messaging service	Phone numbers	MoodleCloud site admins
Backup text messaging service	Phone numbers	MoodleCloud site admins
sending emails to site admins regarding their MoodleCloud and Moodle Apps Plans Portal service	Name, email, financial data	MoodleCloud and Moodle Apps Plans Portal site admins
Operational reporting on cloud servers and moodle sites	Location, IP address, moodle activity data	MoodleCloud site admins
manage recurring subscriptions and payments	name, email, country	MoodleCloud and Moodle Apps Plans Portal site admins
billing and subscription management	name, surname, billing country, website name	MoodleCloud and Moodle Apps Plans Portal site admins
Conversion of assignments in various formats into PDF file to enable the teacher to grade and annotate the document	any data submitted in the document submitted	MoodleCloud site users
Web conferencing feature for all MoodleCloud sites	contact details, voice, audio, video, biometrics, IP address, location data	MoodleCloud site users
Webhooks from payment processor triggered on subscription change	Payment method details (NOT INCLUDING CREDIT CARD NUMBER)	Moodlecloud site admins
Customer data storage	any data submitted in the file	MoodleCloud site admins and users

Biscuit	Durée	La description
_Géorgie	2 années	Le cookie _ga, installé par Google Analytics, calcule les données des visiteurs, des sessions et des campagnes et assure également le suivi de l'utilisation du site pour le rapport d'analyse du site. Le cookie stocke les informations de manière anonyme et attribue un numéro généré de manière aléatoire pour reconnaître les visiteurs uniques.
_gat_UA-54430059-1	1 minute	Une variante du cookie _gat défini par Google Analytics et Google Tag Manager pour permettre aux propriétaires de sites Web de suivre le comportement des visiteurs et de mesurer les performances du site. L'élément de modèle dans le nom contient le numéro d'identité unique du compte ou du site Web auquel il se rapporte.
_gcl_au	3 mois	Fourni par Google Tag Manager pour expérimenter l'efficacité publicitaire des sites Web utilisant leurs services.
_gid	Un jour	Installé par Google Analytics, le cookie _gid stocke des informations sur la façon dont les visiteurs utilisent un site Web, tout en créant un rapport d'analyse des performances du site Web. Certaines des données collectées incluent le nombre de visiteurs, leur source et les pages qu'ils visitent de manière anonyme.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar définit ce cookie pour détecter la première session de consultation de page d'un utilisateur. Il s'agit d'un indicateur Vrai/Faux défini par le cookie.
_hjFirstSeen	30 minutes	Hotjar définit ce cookie pour identifier la première session d'un nouvel utilisateur. Il stocke une valeur vrai/faux, indiquant si c'était la première fois que Hotjar voyait cet utilisateur.
_hjIncludedInPageviewSample	2 minutes	Hotjar définit ce cookie pour savoir si un utilisateur est inclus dans l'échantillonnage de données défini par la limite de pages vues du site.
_hjIncludedInSessionSample	2 minutes	Hotjar définit ce cookie pour savoir si un utilisateur est inclus dans l'échantillonnage de données défini par la limite de session quotidienne du site.
CONSENTEMENT	2 années	YouTube définit ce cookie via des vidéos YouTube intégrées et enregistre des données statistiques anonymes.
utm_campagne	passé	Google Ad Services définit ce cookie pour stocker la valeur de la campagne de session, si elle est présente.
utm_content	passé	Ce cookie est utilisé pour stocker la valeur du contenu de la session si elle est présente.
utm_source	passé	Ce cookie est utilisé pour enregistrer d'où le visiteur est arrivé sur le site Web à l'origine. Ces informations sont utilisées par l'opérateur du site Web pour connaître l'efficacité de leur marketing.
utm_term	passé	Ce cookie est utilisé pour enregistrer d'où le visiteur est arrivé sur le site Web à l'origine. Ces informations sont utilisées par l'opérateur du site Web pour connaître l'efficacité de leur marketing.

Biscuit	Durée	La description
_fbp	3 mois	Ce cookie est défini par Facebook pour afficher des publicités sur Facebook ou sur une plate-forme numérique alimentée par la publicité Facebook, après avoir visité le site Web.
en	3 mois	Facebook définit ce cookie pour afficher des publicités pertinentes aux utilisateurs en suivant le comportement des utilisateurs sur le Web, sur des sites dotés d'un pixel Facebook ou d'un plugin social Facebook.
EDI	1 an 24 jours	Les cookies Google DoubleClick IDE sont utilisés pour stocker des informations sur la façon dont l'utilisateur utilise le site Web pour lui présenter des publicités pertinentes et en fonction du profil de l'utilisateur.
JNV	6 mois	Le cookie NID, défini par Google, est utilisé à des fins publicitaires ; pour limiter le nombre de fois où l'utilisateur voit une publicité, pour désactiver les publicités indésirables et pour mesurer l'efficacité des publicités.
test_cookie	15 minutes	Le test_cookie est défini par doubleclick.net et est utilisé pour déterminer si le navigateur de l'utilisateur prend en charge les cookies.
utm_medium	passé	Ce cookie est utilisé pour enregistrer d'où le visiteur est arrivé sur le site Web à l'origine. Ces informations sont utilisées par l'opérateur du site Web pour connaître l'efficacité de leur marketing.
VISITOR_INFO1_LIVE	5 mois 27 jours	Un cookie défini par YouTube pour mesurer la bande passante qui détermine si l'utilisateur obtient la nouvelle ou l'ancienne interface du lecteur.
SJC	session	Le cookie YSC est défini par Youtube et est utilisé pour suivre les vues des vidéos intégrées sur les pages Youtube.
yt-remote-connected-devices	jamais	YouTube définit ce cookie pour stocker les préférences vidéo de l'utilisateur à l'aide de la vidéo YouTube intégrée.
yt-remote-device-id	jamais	YouTube définit ce cookie pour stocker les préférences vidéo de l'utilisateur à l'aide de la vidéo YouTube intégrée.
yt.innertube::nextId	jamais	Ce cookie, défini par YouTube, enregistre un identifiant unique pour stocker des données sur les vidéos de YouTube que l'utilisateur a vues.
yt.innertube::demandes	jamais	Ce cookie, défini par YouTube, enregistre un identifiant unique pour stocker des données sur les vidéos de YouTube que l'utilisateur a vues.

Biscuit	Durée	La description
_hjSession_2540932	30 minutes	Pas de description
_hjSessionUser_2540932	1 année	Pas de description
BOUSSOLE	1 heure	Pas de description
email	passé	Pas de description disponible.
FluentLocal	3 mois	Pas de description disponible.
gclid	passé	Pas de description
handle_ip	1 mois	Pas de description disponible.
handle_landing_page	1 mois	Pas de description disponible.
handle_original_ref	passé	Pas de description disponible.
handle_ref	passé	Pas de description disponible.
handle_url	1 mois	Pas de description disponible.
Nom d'utilisateur	passé	Pas de description disponible.
wmc	10 années	Pas de description disponible.