List of active policies
Name | Type | User consent |
---|---|---|
iLearn Site Policy | Site policy | All users |
ORMS’ iLearn Site Policy Statement: General Data Protection Regulations 2018 | Site policy | All users |
The Use of Cookies on iLearn/Moodle | Privacy policy | All users |
Privacy Policy | Privacy policy | All users |
Summary
Introduction
ORMS iLearn is the Virtual Learning Environment (VLE) used at http://iLearn.orms247.co.uk. It is based on the Moodle ‘Course Management System’ (http://www.moodle.org), a free open source software package designed using sound pedagogical principles, to help educators create effective online learning communities. Moodle is distributed under the GNU General Public License.
Full policy
ORMS iLearn provides a range of features for the delivery, support, administration and participation in teaching and learning activities. The features include content delivery and collaboration between tutors and learners, such as:
- Content creation or upload;
- Discussion forums and chat rooms;
- Messaging tools;
- Assignments;
- Quizzes; and
- Monitoring of users’ online
activity.
The ORMS iLearn VLE is integrated with the ORMS Learner Records database to enable the creation of accounts for enrolled learners and their allocation to the appropriate study areas. Other software and web services may also be linked to provide an integrated learning environment for staff and learners. The ORMS iLearn VLE is defined as the ORMS implementation of the Moodle course management system and all other linked software tools for the support and delivery of teaching, learning and research at ORMS. Hereafter it will be referred to as ‘The ORMS VLE’.
Purpose of the User Policy
The purpose of the ORMS iLearn VLE User Policy is to specify user responsibilities and to promote the appropriate use of the ORMS VLE for the protection of all members of the ORMS community. The User Policy applies both within and outwith ORMS premises.
User Policy
Please note that users include ad hoc learners attending short courses with ORMS.
Registration
- All users must register to use the ORMS VLE.
- All registered users must agree to the ORMS iLearn VLE User Policy and the GDPR iLearn Site Policy and any other applicable ORMS policies. All ORMS policies are available at http://intranet.orms247.co.uk
- These Policies cover the whole period that the user is a member of the Moodle community at ORMS.
- On registration, users must give their consent to ORMS’s processing of their personal data via the ORMS VLE and to acknowledge the ORMS’s Data Protection Statement.
Your Responsibilities
Users of the ORMS VLE must agree to:
- Not
use the ORMS VLE for anything else other than for the purposes of teaching,
learning and research. However, incidental personal use, for example via the
Moodle social forums, is acceptable.
- Not
use the ORMS VLE for personal commercial use, for example marketing.
- Not
use the ORMS VLE for uploading, storing, viewing or transmitting any material
which is (or may be considered to be) defamatory, inflammatory, discriminatory,
obscene or offensive.
- Not
misrepresent ORMS or bring it into disrepute in any way through the use of the
ORMS VLE.
- Be
responsible for moderating discussion forums which they may have created.
- Always
act in a professional manner. Be polite and courteous to others when using the
ORMS VLE. The ORMS VLE is not to be used
to libel, slander, or harass any other persons.
- Not
plagiarise in submitted postings or assignments.
- Not
breach the copyright of the ORMS or any third party by copying from the ORMS
VLE without authorisation. Copyright of the course materials and content of the
ORMS VLE are owned or controlled by ORMS unless otherwise stated. Any copies of third party materials will be
clearly labelled with warnings about any copyright restrictions.
Your Responsibilities and Data Protection
Users of the ORMS VLE must agree to:
- Look
after their own username and password.
Do not share your password or logon identity with anyone else and do not
use the username and password of other users.
- Keep
physical access to the ORMS VLE secure.
For example, do not login to the ORMS VLE and then leave your computer
unattended.
- Not
attempt to gain unauthorised access to any part of the ORMS VLE.
- Not
post material which contains viruses or other programs which may disrupt the
ORMS systems.
- Not
upload private, confidential or sensitive material unless this is
authorised. For a further explanation of
‘sensitive personal data’ see Appendix 1 ‘Sensitive Personal Data’
- Keep
their own data up-to-date and secure.
- Understand
that ORMS will not take responsibility for any loss of information, which has
been posted on the ORMS VLE, once users cease to be formally associated with
the ORMS.
Enforcement
Certain activities will be regarded as gross misconduct by the ORMS, and are subject to severe penalties for users, including suspension of use of the ORMS VLE or termination of their studies with ORMS.
These activities include
- deliberate interruption to the use of the ORMS VLE;
- gaining or attempting to gain unauthorised access to any part of the ORMS VLE or information stored therein;
- unauthorised disclosure of personal data;
- wilful or reckless infringement of any intellectual property rights of ORMS or third parties; and
- the viewing, transmitting or storing any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.
Where to find help?
If you have any queries about getting logged in, finding your modules or other issues, please contact the Helpdesk:
Tel: 01248 603012
Email: orms.helpdesk@orms247.co.uk
Summary
This site policy includes all of the following information in simple language:
- What information is
collected.
- The purpose of all processing to be performed on the user’s data.
- The identity of the data controller and contact information
- List of rights
- The period the data is stored
- The mechanism for withdrawing consent
- The mechanism for requesting corrections, or erasures of personal data
- The mechanism for requesting a record of all personal data
- List of third
parties that data will be shared with (This includes integrations such as
LTI, portfolios, plagiarism, repositories, authentication etc.) including:
- The contact details of the data protection officer for each
- The privacy policy for each.
- Whether the personal data will be used for any automated decision-making process, including the significance and details of the process (e.g. analytics).
Full policy
ORMS’ iLearn Site Policy Statement: General Data Protection Regulations 2018
This site policy includes all of the following information in simple language:
- What information is
collected.
- The purpose of all
processing to be performed on the user’s data
- The identity of the
data controller and contact information
- List of rights
- The period the data
is stored
- The mechanism for
withdrawing consent
- The mechanism for
requesting corrections, or erasures of personal data
- The mechanism for
requesting a record of all personal data
- List of third parties that data will be
shared with (This includes integrations such as LTI, portfolios,
plagiarism, repositories, authentication etc.) including the privacy
policy for each.
- Whether the
personal data will be used for any automated decision-making process,
including the significance and details of the process (e.g. analytics).
Introduction
ORMS’ iLearn is the Virtual Learning Environment (VLE) used at https://iLearn.orms247.co.uk. It is based on the Moodle ‘Course Management System’ (http://www.moodle.org), a free open source software package designed using sound pedagogical principles, to help educators create effective online learning communities. Moodle is distributed under the GNU General Public License.
ORMS’ iLearn provides a range of features for the delivery, support, administration and participation in teaching and learning activities. The features include content delivery and collaboration between tutors and learners, such as:
- Content
creation or upload;
- Discussion
forums and chat rooms;
- Messaging
tools;
- Assignments;
- Quizzes;
and
- Monitoring
of users’ online activity.
Privacy and personal data
At ORMS we take your privacy very seriously. In order to provide access to the service we must collect and store some personal information about you.
Minors
Children under 16 years of age are not permitted to access the services provided by https://iLearn.orms247.co.uk. By agreeing to this privacy policy, you are also agreeing that you are 16 years of age or older.
What is collected?
When you register to use this Site, we will grant access to this Site. As part of the registration process you will be required to provide us with personal information, comprising:
- your name and contact information, including
email address.
- information regarding your personal or
professional interests, demographics, experiences with our products and
services and contact preferences.
The reason for collecting location details is to set the server time to your locality so that information is posted out to you at 18:00 in your location, rather than at 18:00 London time.
Additional profile information - optional
You can choose to add a description and a photo of yourself, more contact details and a telephone number. You can also add an additional name in a phonetic form.
If you are a company contact, we may add details of your Institution or Company and Department.
As you use the site, information about the users, courses, activities and resources you interact with will also be stored and linked to your profile information.
Users (students, staff and managers) are reminded that their use of the iLearn learning environment will be logged and that this information, along with other personal data about them contained within the system, will be used by their tutors to monitor their academic progress.
How is this information used?
This information is used as follows:
- to provide you access to the online
courses at https://iLearn.orms247.co.uk
- for internal record keeping
- to analyse patterns and trends of use, and
the uptake of educational courses and facilities provided on the https://iLearn.orms247.co.uk website.
Who can I contact?
The GDPR Data Protection Officer for ORMS is Lewis Moulding who may be contacted at gdpr.officer@orms247.co.uk
Who is my data shared with?
In order to provide access to learning content provided by https://iLearn.orms247.co.uk, we may share your basic profile information with the following services or providers:
- Data storage is through ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
- ICDSoft’s Privacy statement can be found here: https://www.icdsoft.com/en/privacy
- Your personal details will be created into a spreadsheet which is turned into a ‘CSV’ file for uploading into Moodle. A snapshot of Moodle to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These files are stored in a Dropbox directory.
- Dropbox’s Privacy statement can be found here: https://www.dropbox.com/privacy
- Portfolio services are provided through a linked portfolio platform using the Mahara application. This is accessed through a ‘Single Sign On’ (SSO) protocol used to link Moodle and Mahara together.
- Mahara has a detailed set of privacy statements here: http://manual.mahara.org/en/18.04/faq/privacy.htm
- Turnitin is a plagiarism prevention service that
allows tutors at ORMS to check student papers and written assignments for
originality against Internet sources, other student submissions, and academic
databases at the same time as students are electronically submitting them.
Turnitin provides tutors and students with an "Originality Report,"
which is a color-coded report matching student writing with matching sources
that used identical strings of words.
- The Turnitin service involves data transfer to the United States, by accepting this policy, you consent to that transfer.
- In meeting the requirements of Directive 95/46/EC to meet data protection requirements, organisations are free to inspect or audit Turnitin’s services any time;
- All student work and any associated personal information is encrypted and kept secure at all times.
- Students can keep their identity secret by using a pseudonym and by submitting papers in formats that contain little if any identifying metadata.
- Turnitin has a detailed set of privacy
statements here: https://go.turnitin.com/turnitin-and-gdpr
and https://guides.turnitin.com/Privacy_and_Security
- ORMS may disclose student’s personal data and sensitive personal data/special category data to external agencies to which it has obligations; for example for council tax, electoral registration, and visa and immigration purposes, and to other arms of central or local government, to the Robert Gordon University, to the Higher Education Funding Council for England, Higher Education Statistics Agency, Student Loans Company, Office of the Independent Adjudicator for Higher Education, Research Councils, and potentially other such organisations for defined purposes. It may also disclose information to examining bodies, external examiners, legal representatives, Police or security agencies, suppliers or service providers, survey and research organisations engaged by ORMS, and regulatory authorities such as HCPC.
- If students have unpaid debts to ORMS at the end of their course ORMS may, at its discretion, pass this information to debt collecting agencies in order to pursue the debt.
ORMS Ltd
will not transfer, disclose, sell, distribute or lease your personal
information to any other third parties unless we have your permission or are
required to do so by law. This process may involve sending personal information
to other countries, whose data protection laws may not be as extensive as in
the EU. However, we have carried out appropriate steps to ensure the same level
of protection for the processing carried out in these countries as within the
EU.
How long is my data stored?
Your personal data is stored as long as you are enrolled in one or more online courses at https://iLearn.orms247.co.uk. A snapshot of iLearn to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These snapshots will be stored offline.
How do I withdraw my consent for ORMS to store and process my personal data?
If you have previously consented to allow ORMS to store and process your personal data in accordance with this privacy policy, and you wish to withdraw your consent, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.
You will no longer be able to access the services provided by https://iLearn.orms247.co.uk if your consent is withdrawn.
How do I request that my personal data is corrected or erased?
You may make corrections to your basic profile information by logging into https://iLearn.orms247.co.uk and editing your own profile.
If you have questions or would like any other data to be corrected or erased, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.
How do I request a record of all my personal data that has been collected?
You may request a record of all of the personal data relating to you that has been collected in accordance with this privacy policy. To do so, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.
Summary
If you use the Internet to carry out certain transactions with us, your computer will store small pieces of information, known as cookies. A cookie is a small text file that is stored temporarily by your browser and is used by the website you are visiting to remember you throughout your visit to that website.
By using and browsing our websites, you consent to cookies being used in accordance with our policy. If you do not consent, you must disable cookies or refrain from using the site.
Full policy
If you use the Internet to carry out certain transactions with us, your computer will store small pieces of information, known as cookies. A cookie is a small text file that is stored temporarily by your browser and is used by the website you are visiting to remember you throughout your visit to that website.
By using and browsing our websites, you consent to cookies being used in accordance with our policy. If you do not consent, you must disable cookies or refrain from using the site.
We use session (non-persistent) cookies to identify you when you log into iLearn/Moodle which is a password-protected site. This avoids the need for you to repeatedly enter your password as you navigate around the password-protected site. The cookies are deleted as soon as your session is ended, or after a period of inactivity.
By using these cookies we are able to examine and analyse, in an anonymous and aggregate way, how iLearn/Moodle is used in order that we can improve the layout, navigation and accessibility of the websites.
Links to other sites
We also link to external websites such as YouTube and Vimeo, to show videos and display image galleries, or refer to sources of information. These other web sites ARE NOT covered by this privacy statement. We do not monitor or control information collected once you enter any of these sites. For details of the treatment of your personally identifiable data collected from any of these web sites, please read their privacy policies or contact them.
Turning cookies on and off in your browser
You have a number of options when it comes to receiving cookies. You can set your browser to reject all cookies, allow only 'trusted' sites to send them, or accept only those cookies from websites you are currently using.
We recommend you don't block all cookies as parts of iLearn/Moodle won't work correctly without them and you may not be able to log in. If you would like instructions on how to delete your cookies, please click on the name of your internet browser below for instructions:
Internet Explorer | Mozilla Firefox | Google Chrome | Safari | Opera
Cookie | Purpose | Expires |
---|---|---|
MoodleSession | The session cookie, set by Moodle, is used to maintain a user’s login while they navigate through series of pages on the site. | At end of session |
MoodleSessionOrm | The session cookie, set by Moodle, is used to maintain a user’s login while they navigate through series of pages on the site. | At end of session |
MoodleSessionTest | The session cookie, set by Moodle, is used to check if the ‘MoodleSession’ cookie is being created. | At end of session |
MoodleID_ | Remembers username information for a defined period of time. It expires after 60 minutes of inactivity | 1 hour |
Orm_ | Remembers username information for a defined period of time. It expires after 60 minutes of inactivity |
1 hour |
Summary
This privacy notice tells you how we, Outreach Rescue Medic Skills (‘ORMS’) Ltd, will collect and use your personal data to provide education services which allows you as a student to create a private space online, using courses and activities, all optimised for collaborative learning.
We use Moodle software, which is free and open source, and which is hosted by ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
Full policy
This privacy notice tells you how we, Outreach Rescue Medic Skills (‘ORMS’) Ltd, will collect and use your personal data to provide education services which allows you as a student to create a private space online, using courses and activities, all optimised for collaborative learning.
We use Moodle software, which is free and open source, and which is hosted by ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
ORMS has a Data Protection Officer and you can contact them if you have queries:
Contact details of the Data Protection Officer
Data Protection Officer / GDPR Owner contact details |
|
Contact Name: |
Outreach GDPR Officer |
Address line 1: |
The Outreach Organisation Ltd |
Address line 2: |
Tan-y-Bwlch Centre |
Address line 3: |
Llanllechid |
Address line 4: |
Gwynedd LL57 3HY Wales (UK) |
Email: |
|
Personal data
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Why does ORMS Ltd need to collect and store personal data?
In order for us to provide you with educational services through the Moodle/iLearn environment we need to collect personal data for correspondence purposes and/or to allow us to provide you our service. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose. ORMS Ltd. is a company which values its user’s data protection and privacy rights and we have no interest in collecting data beyond what we need to make the information work for you.
If you are going to be contacted by us for marketing purposes, we will not rely solely on this notice, but will always seek an additional confirmation from you that it’s OK to do that.
Will ORMS Ltd share my personal data with anyone else?
We may pass your personal data on to third-party service providers contracted to ORMS Ltd in the course of dealing with you. We do this because there are some services, such as a video conferencing facility, which will not work unless we are able to make these transfers. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to deliver the service they provide on our- and of course, your-behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with ORMS Ltd’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, or if it is necessary to comply with an employment contract, unless we are legally required to do otherwise. If you would like an up-to-date register of all our third-party service providers, please contact gdpr.officer@orms247.co.uk and we will be happy to provide it.
How will ORMS Ltd use the personal data it collects about me?
ORMS Ltd will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. ORMS Ltd maintains a register of its data processes which includes a record of the data retention policy for each type of data collected and is committed to only ever trying to process the minimum amount of data needed. ORMS Ltd is required to retain certain information in accordance with the Law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Can I find out the personal data that the organisation holds about me?
ORMS Ltd at your request, can confirm what information we hold about you and how it is processed. If ORMS Ltd does hold personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of our data protection officer in the EU, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of ORMS Ltd or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information. These will rely on measures approved by the EU Commission.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
ORMS Ltd accepts the following forms of ID when information on your personal data is requested:
- A colour copy of a Passport, driving licence or National ID Card
Data Policy
- Scope
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
- Responsibilities
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
- 2.1 Where ORMS Ltd is hosting a website on its own behalf, it is the Data Controller for all the data collected. Where ORMS Ltd is hosting someone else’s installation of the Moodle Platform (as with ORMS Ltd) it is the Data Processor for the Site Admin for that installation.
- 2.2 When ORMS Ltd is not hosting an installation of the Software Platform, it is neither the Data Controller or the Data Processor and those duties fall on the people or organisations who have installed and are hosting those installations.
Privacy notice
3.1 Who are we?
ORMS Ltd is a training company which allows educators to create a private space online, filled with courses and activities, all optimised for collaborative learning. We use Moodle software (which we refer to as ‘iLearn’ or ‘iLearn/Moodle’) is open source
We collect personal data relating to you for specific purposes, with the nature of the data collected depending on your interaction with ORMS Ltd. We are committed to transparency in this and have provided a very detailed breakdown of these processes in Annex 1 at the end of this document.
Our legal basis for processing for personal data:
1.1. Article 6.1(a), GDPR, Consent
1.2. Article 6.1(b), GDPR, Contract
1.3. Article 6.1(f), GDPR, Legitimate Interest
Any legitimate interests pursued by us, or third parties we use, are as follows:
1.4. Recruitment and Induction of new Candidates
1.5. Emergency Contacts for people who work with us, such as employees and Contractors for Health and Safety purposes.
1.6. Business Development
1.7. Providing login systems to users via their accounts
The special categories of personal data concerned are:
1.8. Biometric Data in the form of facial images
1.9. Any special categories of special personal data which any user volunteers while using the Moodle systems or any Moodle website- for example in a forum or submission
3.2 Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Where consent is required for ORMS Ltd to process both standard and sensitive types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used. Agreement with this Privacy Notice and its accompanying Terms and Conditions (as applicable) (and any Data Processing Agreements, if they apply to you) will be explicit consent and we will keep a copy of the records of that consent for audit purposes.
You may withdraw consent at any time by:
Please identify your role in relation to ORMS Ltd (if you
are a Contractor, Staff member, iLearn/Moodle Partner, End-user, Site Admin
etc.), and the data you wish to withdraw consent to be processed. Please
include a copy of a state-issued Photo ID, to confirm that you are the person
whose data is removed.
3.3 Disclosure
ORMS Ltd will pass on your personal data to certain third parties.
- Data storage is through ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
- ICDSoft’s Privacy statement can be found here: https://www.icdsoft.com/en/privacy
- Your personal details will be created into a spreadsheet which is turned into a ‘CSV’ file for uploading into Moodle. A snapshot of Moodle to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These files are stored in a Dropbox directory.
- Dropbox’s Privacy statement can be found here: https://www.dropbox.com/privacy
- Portfolio services are provided through a linked portfolio platform using the Mahara application. This is accessed through a ‘Single Sign On’ (SSO) protocol used to link Moodle and Mahara together.
- Mahara has a detailed set of privacy statements here: http://manual.mahara.org/en/18.04/faq/privacy.htm
- Turnitin is a plagiarism prevention service that allows tutors
at ORMS to check student papers and written assignments for originality
against Internet sources, other student submissions, and academic
databases at the same time as students are electronically submitting them.
Turnitin provides tutors and students with an "Originality
Report," which is a color-coded report matching student writing with
matching sources that used identical strings of words.
- The Turnitin service involves data transfer to the United States, by accepting this policy, you consent to that transfer.
- In meeting the requirements of Directive 95/46/EC to meet data protection requirements, organisations are free to inspect or audit Turnitin’s services any time;
- All student work and any associated personal information is encrypted and kept secure at all times.
- Students can keep their identity secret by using a pseudonym and by submitting papers in formats that contain little if any identifying metadata.
- Turnitin has a detailed set of privacy statements here: https://go.turnitin.com/turnitin-and-gdpr and https://guides.turnitin.com/Privacy_and_Security
- ORMS may disclose student’s personal data and sensitive personal data/special category data to external agencies to which it has obligations; for example for council tax, electoral registration, and visa and immigration purposes, and to other arms of central or local government, to the Robert Gordon University, to the Higher Education Funding Council for England, Higher Education Statistics Agency, Student Loans Company, Office of the Independent Adjudicator for Higher Education, Research Councils, and potentially other such organisations for defined purposes. It may also disclose information to examining bodies, external examiners, legal representatives, Police or security agencies, suppliers or service providers, survey and research organisations engaged by ORMS, and regulatory authorities such as HCPC.
- If students have unpaid debts to ORMS at the end of their course ORMS may, at its discretion, pass this information to debt collecting agencies in order to pursue the debt.
ORMS Ltd will not transfer, disclose, sell, distribute or lease your personal information to any other third parties unless we have your permission or are required to do so by law. This process may involve sending personal information to other countries, whose data protection laws may not be as extensive as in the EU. However, we have carried out appropriate steps to ensure the same level of protection for the processing carried out in these countries as within the EU.
3.4 Retention period
ORMS Ltd will processes different forms of personal data for as long as is necessary and proportionate for the purpose for which it has been supplied and will store the personal data for the shortest amount of time possible, considering legal and service requirements. For further details on the retention period for any particular type of data, please see our B5a Data Retention Policy [link]
3.5 Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
· Right of access – you have the right to request a copy of the information that we hold about you.
· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
· Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
· Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
· Right of portability – you have the right to have the data we hold about you transferred to another organisation.
· Right to object – you have the right to object to certain types of processing such as direct marketing.
· Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
· Right to judicial review: in the event that ORMS Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
Where ORMS Ltd is your Data Controller, you may make a request directly to the Data Protection Officer using the email address gdpr.officer@orms247.co.uk
Where ORMS Ltd is a Data Processor, and act on behalf of a data controller any requests received by ORMS Ltd will be passed on to the Data Controller.
Where ORMS Ltd are not involved with your data, such as where the Moodle platform has been self-hosted, you should address your requests to the data controllers of those sites. ORMS Ltd will have no access to your data.
3.6 Complaints
In the event that you wish to make a complaint about how your personal data is being processed by ORMS Ltd (or third parties as described in 3.3 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and ORMS Ltd’s Data Protection Officer, Technical Footprint Ltd.
If you wish to make a complaint about how your personal data has been processed by ORMS Ltd., you should contact your Moodle Site Admin or the Data Controller for your Moodle installation. (For example, if your university or school hosts their own Moodle site, they will be the Data Controller).
The details of Contacts for where ORMS Ltd are the Data Controller:
Supervisory authority contact details |
Data Protection Officer (DPO) / GDPR Owner contact details |
|
Contact Name: |
Information Commissioner's Office |
Outreach GDPR Officer |
Address line 1: |
2nd floor |
The Outreach Organisation Ltd |
Address line 2: |
Churchill House, Churchill way |
Tan-y-Bwlch Centre |
Address line 3: |
Cardiff |
Llanllechid |
Address line 4: |
CF10 2HH |
Gwynedd LL57 3HY Wales (UK) |
Email: |
||
Telephone: |
+44 29 2067 8400 |
+44 1248 601546 |
For the details of Contacts for where ORMS Ltd are not the Data Controller, look in your installation of Moodle to identify your Data Controller.
Annex 1