List of active policies

Name Type User consent
iLearn Site Policy Site policy All users
ORMS’ iLearn Site Policy Statement: General Data Protection Regulations 2018 Site policy All users
The Use of Cookies on iLearn/Moodle Privacy policy All users
Privacy Policy Privacy policy All users

Summary

Introduction

ORMS iLearn is the Virtual Learning Environment (VLE) used at http://iLearn.orms247.co.uk. It is based on the Moodle ‘Course Management System’ (http://www.moodle.org), a free open source software package designed using sound pedagogical principles, to help educators create effective online learning communities.  Moodle is distributed under the GNU General Public License.

Full policy

ORMS iLearn provides a range of features for the delivery, support, administration and participation in teaching and learning activities.  The features include content delivery and collaboration between tutors and learners, such as:

  • Content creation or upload;
  • Discussion forums and chat rooms;
  • Messaging tools;
  • Assignments;
  • Quizzes; and
  • Monitoring of users’ online activity.

The ORMS iLearn VLE is integrated with the ORMS Learner Records database to enable the creation of accounts for enrolled learners and their allocation to the appropriate study areas.  Other software and web services may also be linked to provide an integrated learning environment for staff and learners.  The ORMS iLearn VLE is defined as the ORMS implementation of the Moodle course management system and all other linked software tools for the support and delivery of teaching, learning and research at ORMS.  Hereafter it will be referred to as ‘The ORMS VLE’.

Purpose of the User Policy

The purpose of the ORMS iLearn VLE User Policy is to specify user responsibilities and to promote the appropriate use of the ORMS VLE for the protection of all members of the ORMS community.  The User Policy applies both within and outwith ORMS premises.

User Policy

Please note that users include ad hoc learners attending short courses with ORMS.

Registration

  • All users must register to use the ORMS VLE.
  • All registered users must agree to the ORMS iLearn VLE User Policy and the GDPR iLearn Site Policy and any other applicable ORMS policies.  All ORMS policies are available at http://intranet.orms247.co.uk
  • These Policies cover the whole period that the user is a member of the Moodle community at ORMS.
  • On registration, users must give their consent to ORMS’s processing of their personal data via the ORMS VLE and to acknowledge the ORMS’s Data Protection Statement.
Your Responsibilities

Users of the ORMS VLE must agree to:

  1. Not use the ORMS VLE for anything else other than for the purposes of teaching, learning and research. However, incidental personal use, for example via the Moodle social forums, is acceptable.
  2. Not use the ORMS VLE for personal commercial use, for example marketing.
  3. Not use the ORMS VLE for uploading, storing, viewing or transmitting any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.
  4. Not misrepresent ORMS or bring it into disrepute in any way through the use of the ORMS VLE.
  5. Be responsible for moderating discussion forums which they may have created.
  6. Always act in a professional manner. Be polite and courteous to others when using the ORMS VLE.  The ORMS VLE is not to be used to libel, slander, or harass any other persons.
  7. Not plagiarise in submitted postings or assignments.
  8. Not breach the copyright of the ORMS or any third party by copying from the ORMS VLE without authorisation. Copyright of the course materials and content of the ORMS VLE are owned or controlled by ORMS unless otherwise stated.  Any copies of third party materials will be clearly labelled with warnings about any copyright restrictions.

Your Responsibilities and Data Protection

Users of the ORMS VLE must agree to:

  1. Look after their own username and password.  Do not share your password or logon identity with anyone else and do not use the username and password of other users.
  2. Keep physical access to the ORMS VLE secure.  For example, do not login to the ORMS VLE and then leave your computer unattended.
  3. Not attempt to gain unauthorised access to any part of the ORMS VLE.
  4. Not post material which contains viruses or other programs which may disrupt the ORMS systems.
  5. Not upload private, confidential or sensitive material unless this is authorised.  For a further explanation of ‘sensitive personal data’ see Appendix 1 ‘Sensitive Personal Data’
  6. Keep their own data up-to-date and secure.
  7. Understand that ORMS will not take responsibility for any loss of information, which has been posted on the ORMS VLE, once users cease to be formally associated with the ORMS.

Enforcement

Certain activities will be regarded as gross misconduct by the ORMS, and are subject to severe penalties for users, including suspension of use of the ORMS VLE or termination of their studies with ORMS.

These activities include

  • deliberate interruption to the use of the ORMS VLE;
  • gaining or attempting to gain unauthorised access to any part of the ORMS VLE or information stored therein;
  • unauthorised disclosure of personal data;
  • wilful or reckless infringement of any intellectual property rights of ORMS or third parties; and
  • the viewing, transmitting or storing any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.

Where to find help?

If you have any queries about getting logged in, finding your modules or other issues, please contact the Helpdesk:

Tel: 01248 603012

Email: orms.helpdesk@orms247.co.uk


Summary

This site policy includes all of the following information in simple language:

  1. What information is collected.
  2. The purpose of all processing to be performed on the user’s data.
  3. The identity of the data controller and contact information
  4. List of rights
  5. The period the data is stored
  6. The mechanism for withdrawing consent
  7. The mechanism for requesting corrections, or erasures of personal data
  8. The mechanism for requesting a record of all personal data
  9. List of third parties that data will be shared with (This includes integrations such as LTI, portfolios, plagiarism, repositories, authentication etc.) including:
    1. The contact details of the data protection officer for each
    2. The privacy policy for each.
  10. Whether the personal data will be used for any automated decision-making process, including the significance and details of the process (e.g. analytics).

Full policy

ORMS’ iLearn Site Policy Statement: General Data Protection Regulations 2018

This site policy includes all of the following information in simple language: 

  1. What information is collected.
  2. The purpose of all processing to be performed on the user’s data
  3. The identity of the data controller and contact information
  4. List of rights
  5. The period the data is stored
  6. The mechanism for withdrawing consent
  7. The mechanism for requesting corrections, or erasures of personal data
  8. The mechanism for requesting a record of all personal data
  9. List of third parties that data will be shared with (This includes integrations such as LTI, portfolios, plagiarism, repositories, authentication etc.) including the privacy policy for each.
  10. Whether the personal data will be used for any automated decision-making process, including the significance and details of the process (e.g. analytics).

Introduction

ORMS’ iLearn is the Virtual Learning Environment (VLE) used at https://iLearn.orms247.co.uk. It is based on the Moodle ‘Course Management System’ (http://www.moodle.org), a free open source software package designed using sound pedagogical principles, to help educators create effective online learning communities.  Moodle is distributed under the GNU General Public License.

ORMS’ iLearn provides a range of features for the delivery, support, administration and participation in teaching and learning activities.  The features include content delivery and collaboration between tutors and learners, such as:

  • Content creation or upload;
  • Discussion forums and chat rooms;
  • Messaging tools;
  • Assignments;
  • Quizzes; and
  • Monitoring of users’ online activity.

Privacy and personal data

At ORMS we take your privacy very seriously. In order to provide access to the service we must collect and store some personal information about you.

Minors

Children under 16 years of age are not permitted to access the services provided by https://iLearn.orms247.co.uk. By agreeing to this privacy policy, you are also agreeing that you are 16 years of age or older.

What is collected?

When you register to use this Site, we will grant access to this Site. As part of the registration process you will be required to provide us with personal information, comprising:

  • your name and contact information, including email address.
  • information regarding your personal or professional interests, demographics, experiences with our products and services and contact preferences.

The reason for collecting location details is to set the server time to your locality so that information is posted out to you at 18:00 in your location, rather than at 18:00 London time.

Additional profile information - optional

You can choose to add a description and a photo of yourself, more contact details and a telephone number. You can also add an additional name in a phonetic form.

If you are a company contact, we may add details of your Institution or Company and Department.

As you use the site, information about the users, courses, activities and resources you interact with will also be stored and linked to your profile information.

Users (students, staff and managers) are reminded that their use of the iLearn learning environment will be logged and that this information, along with other personal data about them contained within the system, will be used by their tutors to monitor their academic progress.

How is this information used?

This information is used as follows:

Who can I contact?

The GDPR Data Protection Officer for ORMS is Lewis Moulding who may be contacted at gdpr.officer@orms247.co.uk

Who is my data shared with?

In order to provide access to learning content provided by https://iLearn.orms247.co.uk, we may share your basic profile information with the following services or providers:

  • Data storage is through ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
  • ICDSoft’s Privacy statement can be found here: https://www.icdsoft.com/en/privacy
  • Your personal details will be created into a spreadsheet which is turned into a ‘CSV’ file for uploading into Moodle. A snapshot of Moodle to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These files are stored in a Dropbox directory.
  • Dropbox’s Privacy statement can be found here: https://www.dropbox.com/privacy
  • Portfolio services are provided through a linked portfolio platform using the Mahara application. This is accessed through a ‘Single Sign On’ (SSO) protocol used to link Moodle and Mahara together.
  • Mahara has a detailed set of privacy statements here: http://manual.mahara.org/en/18.04/faq/privacy.htm
  • Turnitin is a plagiarism prevention service that allows tutors at ORMS to check student papers and written assignments for originality against Internet sources, other student submissions, and academic databases at the same time as students are electronically submitting them. Turnitin provides tutors and students with an "Originality Report," which is a color-coded report matching student writing with matching sources that used identical strings of words.
    • The Turnitin service involves data transfer to the United States, by accepting this policy, you consent to that transfer.
    • In meeting the requirements of Directive 95/46/EC to meet data protection requirements, organisations are free to inspect or audit Turnitin’s services any time;
    • All student work and any associated personal information is encrypted and kept secure at all times.
    • Students can keep their identity secret by using a pseudonym and by submitting papers in formats that contain little if any identifying metadata.
  • Turnitin has a detailed set of privacy statements here: https://go.turnitin.com/turnitin-and-gdpr and https://guides.turnitin.com/Privacy_and_Security

  • ORMS may disclose student’s personal data and sensitive personal data/special category data to external agencies to which it has obligations; for example for council tax, electoral registration, and visa and immigration purposes, and to other arms of central or local government, to the Robert Gordon University, to the Higher Education Funding Council for England, Higher Education Statistics Agency, Student Loans Company, Office of the Independent Adjudicator for Higher Education, Research Councils, and potentially other such organisations for defined purposes.  It may also disclose information to examining bodies, external examiners, legal representatives, Police or security agencies, suppliers or service providers, survey and research organisations engaged by ORMS, and regulatory authorities such as HCPC.
  • If students have unpaid debts to ORMS at the end of their course ORMS may, at its discretion, pass this information to debt collecting agencies in order to pursue the debt.

ORMS Ltd will not transfer, disclose, sell, distribute or lease your personal information to any other third parties unless we have your permission or are required to do so by law. This process may involve sending personal information to other countries, whose data protection laws may not be as extensive as in the EU. However, we have carried out appropriate steps to ensure the same level of protection for the processing carried out in these countries as within the EU.

How long is my data stored?

Your personal data is stored as long as you are enrolled in one or more online courses at https://iLearn.orms247.co.uk.  A snapshot of iLearn to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These snapshots will be stored offline.

How do I withdraw my consent for ORMS to store and process my personal data?

If you have previously consented to allow ORMS to store and process your personal data in accordance with this privacy policy, and you wish to withdraw your consent, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.

You will no longer be able to access the services provided by https://iLearn.orms247.co.uk if your consent is withdrawn.

How do I request that my personal data is corrected or erased?

You may make corrections to your basic profile information by logging into  https://iLearn.orms247.co.uk  and editing your own profile.

If you have questions or would like any other data to be corrected or erased, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.

How do I request a record of all my personal data that has been collected?

You may request a record of all of the personal data relating to you that has been collected in accordance with this privacy policy. To do so, please send an email to the data protection officer at gdpr.officer@orms247.co.uk.



Summary

If you use the Internet to carry out certain transactions with us, your computer will store small pieces of information, known as cookies. A cookie is a small text file that is stored temporarily by your browser and is used by the website you are visiting to remember you throughout your visit to that website.

By using and browsing our websites, you consent to cookies being used in accordance with our policy. If you do not consent, you must disable cookies or refrain from using the site.

This policy describes what cookies we collect as you use iLearn/Moodle

Full policy

If you use the Internet to carry out certain transactions with us, your computer will store small pieces of information, known as cookies. A cookie is a small text file that is stored temporarily by your browser and is used by the website you are visiting to remember you throughout your visit to that website.

By using and browsing our websites, you consent to cookies being used in accordance with our policy. If you do not consent, you must disable cookies or refrain from using the site.

We use session (non-persistent) cookies to identify you when you log into iLearn/Moodle which is a password-protected site. This avoids the need for you to repeatedly enter your password as you navigate around the password-protected site. The cookies are deleted as soon as your session is ended, or after a period of inactivity.

By using these cookies we are able to examine and analyse, in an anonymous and aggregate way, how iLearn/Moodle is used in order that we can improve the layout, navigation and accessibility of the websites.

Links to other sites

We also link to external websites such as YouTube and Vimeo, to show videos and display image galleries, or refer to sources of information. These other web sites ARE NOT covered by this privacy statement. We do not monitor or control information collected once you enter any of these sites. For details of the treatment of your personally identifiable data collected from any of these web sites, please read their privacy policies or contact them.

Turning cookies on and off in your browser

You have a number of options when it comes to receiving cookies. You can set your browser to reject all cookies, allow only 'trusted' sites to send them, or accept only those cookies from websites you are currently using.

We recommend you don't block all cookies as parts of iLearn/Moodle won't work correctly without them and you may not be able to log in. If you would like instructions on how to delete your cookies, please click on the name of your internet browser below for instructions:

Internet Explorer | Mozilla Firefox | Google Chrome | Safari | Opera


List of Cookies
Cookie Purpose Expires
MoodleSession The session cookie, set by Moodle, is used to maintain a user’s login while they navigate through series of pages on the site. At end of session
MoodleSessionOrm  The session cookie, set by Moodle, is used to maintain a user’s login while they navigate through series of pages on the site. At end of session
MoodleSessionTest The session cookie, set by Moodle, is used to check if the ‘MoodleSession’ cookie is being created. At end of session
MoodleID_ Remembers username information for a defined period of time. It expires after 60 minutes of inactivity  1 hour
Orm_ Remembers username information for a defined period of time. It expires after 60 minutes of inactivity
 1 hour


Summary

This privacy notice tells you how we, Outreach Rescue Medic Skills (‘ORMS’) Ltd, will collect and use your personal data to provide education services which allows you as a student to create a private space online, using courses and activities, all optimised for collaborative learning.

We use Moodle software, which is free and open source, and which is hosted by ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.

Full policy

This privacy notice tells you how we, Outreach Rescue Medic Skills (‘ORMS’) Ltd, will collect and use your personal data to provide education services which allows you as a student to create a private space online, using courses and activities, all optimised for collaborative learning.

We use Moodle software, which is free and open source, and which is hosted by ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.

ORMS has a Data Protection Officer and you can contact them if you have queries:

Contact details of the Data Protection Officer

Data Protection Officer / GDPR Owner contact details

Contact Name:

Outreach GDPR Officer

Address line 1:

The Outreach Organisation Ltd

Address line 2:

Tan-y-Bwlch Centre

Address line 3:

Llanllechid
Bangor

Address line 4:

Gwynedd LL57 3HY

Wales (UK)

Email:

gdpr.officer@orms247.co.uk

Personal data

Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Why does ORMS Ltd need to collect and store personal data?

In order for us to provide you with educational services through the Moodle/iLearn environment we need to collect personal data for correspondence purposes and/or to allow us to provide you our service. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose. ORMS Ltd. is a company which values its user’s data protection and privacy rights and we have no interest in collecting data beyond what we need to make the information work for you.

If you are going to be contacted by us for marketing purposes, we will not rely solely on this notice, but will always seek an additional confirmation from you that it’s OK to do that.

Will ORMS Ltd share my personal data with anyone else?

We may pass your personal data on to third-party service providers contracted to ORMS Ltd in the course of dealing with you. We do this because there are some services, such as a video conferencing facility, which will not work unless we are able to make these transfers. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to deliver the service they provide on our- and of course, your-behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with ORMS Ltd’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, or if it is necessary to comply with an employment contract, unless we are legally required to do otherwise. If you would like an up-to-date register of all our third-party service providers, please contact gdpr.officer@orms247.co.uk and we will be happy to provide it.

How will ORMS Ltd use the personal data it collects about me?

ORMS Ltd will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. ORMS Ltd maintains a register of its data processes which includes a record of the data retention policy for each type of data collected and is committed to only ever trying to process the minimum amount of data needed. ORMS Ltd is required to retain certain information in accordance with the Law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

Can I find out the personal data that the organisation holds about me?

ORMS Ltd at your request, can confirm what information we hold about you and how it is processed. If ORMS Ltd does hold personal data about you, you can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data.
  • Contact details of our data protection officer in the EU, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of ORMS Ltd or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information. These will rely on measures approved by the EU Commission.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

What forms of ID will I need to provide in order to access this?

ORMS Ltd accepts the following forms of ID when information on your personal data is requested:

  • A colour copy of a Passport, driving licence or National ID Card

Data Policy

  1. Scope

All data subjects whose personal data is collected, in line with the requirements of the GDPR.

  1. Responsibilities

All data subjects whose personal data is collected, in line with the requirements of the GDPR.

  • 2.1 Where ORMS Ltd is hosting a website on its own behalf, it is the Data Controller for all the data collected. Where ORMS Ltd is hosting someone else’s installation of the Moodle Platform (as with ORMS Ltd) it is the Data Processor for the Site Admin for that installation.
  • 2.2 When ORMS Ltd is not hosting an installation of the Software Platform, it is neither the Data Controller or the Data Processor and those duties fall on the people or organisations who have installed and are hosting those installations.

Privacy notice

3.1 Who are we?

ORMS Ltd is a training company which allows educators to create a private space online, filled with courses and activities, all optimised for collaborative learning. We use Moodle software (which we refer to as ‘iLearn’ or ‘iLearn/Moodle’) is open source

We collect personal data relating to you for specific purposes, with the nature of the data collected depending on your interaction with ORMS Ltd. We are committed to transparency in this and have provided a very detailed breakdown of these processes in Annex 1 at the end of this document.

Our legal basis for processing for personal data:

1.1.   Article 6.1(a), GDPR, Consent

1.2.   Article 6.1(b), GDPR, Contract

1.3.   Article 6.1(f), GDPR, Legitimate Interest

Any legitimate interests pursued by us, or third parties we use, are as follows:

1.4.   Recruitment and Induction of new Candidates

1.5.   Emergency Contacts for people who work with us, such as employees and Contractors for Health and Safety purposes.

1.6.   Business Development

1.7.   Providing login systems to users via their accounts

The special categories of personal data concerned are:

1.8.   Biometric Data in the form of facial images

1.9.   Any special categories of special personal data which any user volunteers while using the Moodle systems or any Moodle website- for example in a forum or submission

3.2 Consent

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Where consent is required for ORMS Ltd to process both standard and sensitive types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used. Agreement with this Privacy Notice and its accompanying Terms and Conditions (as applicable) (and any Data Processing Agreements, if they apply to you) will be explicit consent and we will keep a copy of the records of that consent for audit purposes.

You may withdraw consent at any time by:

Please identify your role in relation to ORMS Ltd (if you are a Contractor, Staff member, iLearn/Moodle Partner, End-user, Site Admin etc.), and the data you wish to withdraw consent to be processed. Please include a copy of a state-issued Photo ID, to confirm that you are the person whose data is removed.

3.3 Disclosure

ORMS Ltd will pass on your personal data to certain third parties.

  • Data storage is through ICDSoft who host the servers where the databases are located. Your data is hosted in the European Union.
  • ICDSoft’s Privacy statement can be found here: https://www.icdsoft.com/en/privacy
  • Your personal details will be created into a spreadsheet which is turned into a ‘CSV’ file for uploading into Moodle. A snapshot of Moodle to include individual course archives and a copy of the master MySQL database will be taken on or around 1st May annually and retained for 6 academic years. These files are stored in a Dropbox directory.
  • Dropbox’s Privacy statement can be found here: https://www.dropbox.com/privacy
  • Portfolio services are provided through a linked portfolio platform using the Mahara application. This is accessed through a ‘Single Sign On’ (SSO) protocol used to link Moodle and Mahara together.
  • Mahara has a detailed set of privacy statements here: http://manual.mahara.org/en/18.04/faq/privacy.htm
  • Turnitin is a plagiarism prevention service that allows tutors at ORMS to check student papers and written assignments for originality against Internet sources, other student submissions, and academic databases at the same time as students are electronically submitting them. Turnitin provides tutors and students with an "Originality Report," which is a color-coded report matching student writing with matching sources that used identical strings of words.
    • The Turnitin service involves data transfer to the United States, by accepting this policy, you consent to that transfer.
    • In meeting the requirements of Directive 95/46/EC to meet data protection requirements, organisations are free to inspect or audit Turnitin’s services any time;
    • All student work and any associated personal information is encrypted and kept secure at all times.
    • Students can keep their identity secret by using a pseudonym and by submitting papers in formats that contain little if any identifying metadata.
  • Turnitin has a detailed set of privacy statements here: https://go.turnitin.com/turnitin-and-gdpr and https://guides.turnitin.com/Privacy_and_Security
  • ORMS may disclose student’s personal data and sensitive personal data/special category data to external agencies to which it has obligations; for example for council tax, electoral registration, and visa and immigration purposes, and to other arms of central or local government, to the Robert Gordon University, to the Higher Education Funding Council for England, Higher Education Statistics Agency, Student Loans Company, Office of the Independent Adjudicator for Higher Education, Research Councils, and potentially other such organisations for defined purposes.  It may also disclose information to examining bodies, external examiners, legal representatives, Police or security agencies, suppliers or service providers, survey and research organisations engaged by ORMS, and regulatory authorities such as HCPC.
  • If students have unpaid debts to ORMS at the end of their course ORMS may, at its discretion, pass this information to debt collecting agencies in order to pursue the debt.

ORMS Ltd will not transfer, disclose, sell, distribute or lease your personal information to any other third parties unless we have your permission or are required to do so by law. This process may involve sending personal information to other countries, whose data protection laws may not be as extensive as in the EU. However, we have carried out appropriate steps to ensure the same level of protection for the processing carried out in these countries as within the EU.

3.4 Retention period

ORMS Ltd will processes different forms of personal data for as long as is necessary and proportionate for the purpose for which it has been supplied and will store the personal data for the shortest amount of time possible, considering legal and service requirements. For further details on the retention period for any particular type of data, please see our B5a Data Retention Policy [link]

3.5 Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

·         Right of access – you have the right to request a copy of the information that we hold about you.

·         Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

·         Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

·         Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

·         Right of portability – you have the right to have the data we hold about you transferred to another organisation.

·         Right to object – you have the right to object to certain types of processing such as direct marketing.

·         Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

·         Right to judicial review: in the event that ORMS Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.

Where ORMS Ltd is your Data Controller, you may make a request directly to the Data Protection Officer using the email address gdpr.officer@orms247.co.uk

Where ORMS Ltd is a Data Processor, and act on behalf of a data controller any requests received by ORMS Ltd will be passed on to the Data Controller.

Where ORMS Ltd are not involved with your data, such as where the Moodle platform has been self-hosted, you should address your requests to the data controllers of those sites. ORMS Ltd will have no access to your data.

3.6 Complaints

In the event that you wish to make a complaint about how your personal data is being processed by ORMS Ltd (or third parties as described in 3.3 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and ORMS Ltd’s Data Protection Officer, Technical Footprint Ltd.

If you wish to make a complaint about how your personal data has been processed by ORMS Ltd., you should contact your Moodle Site Admin or the Data Controller for your Moodle installation. (For example, if your university or school hosts their own Moodle site, they will be the Data Controller).

The details of Contacts for where ORMS Ltd are the Data Controller:

Supervisory authority contact details

Data Protection Officer (DPO) / GDPR Owner contact details

Contact Name:

Information Commissioner's Office

Outreach GDPR Officer

Address line 1:

2nd floor

The Outreach Organisation Ltd

Address line 2:

Churchill House, Churchill way

Tan-y-Bwlch Centre

Address line 3:

Cardiff

Llanllechid
Bangor

Address line 4:

CF10 2HH

Gwynedd LL57 3HY

Wales (UK)

Email:

wales@ico.org.uk

gdpr.officer@orms247.co.uk

Telephone:

+44 29 2067 8400

+44 1248 601546 

For the details of Contacts for where ORMS Ltd are not the Data Controller, look in your installation of Moodle to identify your Data Controller.

Annex 1

Purpose of processing

Categories of personal data

The source of the personal data

sending e newsletters to ilearn.orms247.co.uk users

email address, name

Data subject

Presentation admission process run by admissions / marketing department for ORMS events

email address, name, workplace, summary of applicable presentations

Data subject

Communicating marketing campaigns on Facebook

name, email address, location, job title, interests, any other Facebook categories used

Data subject

Communicating marketing campaigns on Twitter

name, email address, location, interests

Data subject

Recruitment

Name, Address, phone number, email, social media profile links, Photograph, educational and work history, interests

Candidate

Recruitment

Contact details

Candidate

On-boarding

Contact details, emergency contact details, drivers licence, passport, id documents, banking details, tax details, superannuation details, gender, qualifications, biometric data, date of birth

Employees

Health and Safety

Name, phone number, email, relationship with Employee

Employees

HR Records

Health Records

Employees

On-boarding

Contact details, emergency contact details, drivers licence, passport, ID documents, banking details, gender, qualifications, biometric data

Employees

On-boarding

Telephone number

Team Members

Performance

Performance information contact details

Managers/HR

Engagement

Contact details, job information, engagement information

Employees/HR

Letter of Offer

Name, address, phone number, email and remuneration details

Employees/HR

Confirmation of Information

Contact details, remuneration details, length of service, job information

Employees, HR

Exit interviews

Contact details, feelings about working at ORMS

Employees

On-boarding

Photograph

Employees

Interview

Answers to questions around previous job and skills

Moodle HR

Central code repository

contact details (name, surname, email, photo), activity and contribution

Data subject

Community education and feedback ORMS Ltd.

contact details (name, surname, email, photo), activity and contribution

Data subject

Mirror of central code repository

contact details (name, surname, email, photo), activity and contribution

Data subject

Conduct user studies, interviews, and surveys

Contact details, activity, contribution

Employee

Community engagement & recruitment for user studies

Contact details, activity, contribution

Data Subject, Employees

Paying wages to employees

Contact details (name, surname and email), Bank details, Tax details, sick leave, Annual Leave, salary, pension

Employee

Collecting fees payable by direct clients

Contact details (name, surname and email)

Client

Collecting fees payable by partners

Contact details (name of partner, email, name and surname of partner representative)

Partner

Receiving event registration fee

Contact details (name, surname, email of the participant, phone number, business name and address)

Attendee

Paying supplier invoices

Supplier details (name, surname, email, bank details)

Attendee, supplier

Individual’s Profile on iLearn site

Contact details

Data subject and data subject employer

Individual’s data on iLearn website

User and activity data

Data subject, Controller

Lead / Customer Information

Contact Details

Data Subject

Writing and storage of agreements/contracts/documentation with partners, and potential partners

Contact details

ORMS Partner / Applicant

General Business Documentation of meetings including attendees

Partner Organisation details, Partner details, Partner Employees

Controller

General Business Documentation

Partner Organisation details, Partner details

Controller

General Business Documentation

Partner Organisation details, Partner details

Controller

Log storing and searching for analysing and troubleshooting iLearn sites and signup/provisioning

Location, IP address

ORMS Ltd site admins and ORMS Ltd site users

Storing of historical logs – Moodle, web server, statistics

website name, location, IP address

ORMS Ltd site admins and ORMS Ltd site users

Facilitating the signup and control of the ORMS Ltd account

Name, email, location, telephone number

ORMS Ltd site admins

Primary provider for text messaging. Logs for text message sending

Phone numbers

ORMS Ltd site admins

Email processing (Moodle and signup)

email

ORMS Ltd site admins and ORMS Ltd site users

Backup text messaging service.

Phone numbers

ORMS Ltd site admins

News, Updates, Product tip emails subscriber lists (opt in)

Name, email

ORMS Ltd site admins

Email sent to site admins regarding their ORMS Ltd service

Name, email, financial data

ORMS Ltd site admins

Operational reporting on cloud servers and Moodle sites

Location, IP address, Moodle activity data

ORMS Ltd site admin

Recurring subscriptions and Payment

name, email, country

ORMS Ltd site admins

Billing engine and subscription management

contact details, country, website name

ORMS Ltd site users

Assignment submission document converter (when students submit assignments in various file formats, this process converts them into PDF file, so the teacher can grade and annotate the document)

could be any data submitted in the file

ORMS Ltd site users

Web conferencing feature for all ORMS Ltd sites

contact details, voice, audio, video, biometrics, IP address, location data

ORMS Ltd site users

Authentication, Design, development and tracking of Moodle code, profile published on Tracker site, notifications

Contact details, biometric (avatar)

Data subject

Authentication, profile published, notifications

Contact details, biometric (avatar), any details provided by user

Data subject

Authentication, notifications

Contact details, biometric (avatar)

Data subject

Statistics and error recording

IP Address, error logged messages potentially including usernames, and usage records

Website records

Business Development statistics generation

Data compiled from other listed data sources

Website records

Making and receiving phone calls

Call metadata including phone numbers and time & call duration

telephone records

Making and receiving phone calls

Call metadata

telephone records

Authentication, documents, usage, emails

Names, Addresses., emails, phone numbers, Health Records, Contact details, biometric (avatar), IP Address, document contents, email contents, usage records

Data Subjects, ORMS Ltd

Communication in and outside of company

Names, Addresses., emails, phone numbers, Health Records, Contact details, biometric (avatar), IP Address, document contents, email contents, usage records

Data Subjects, ORMS Ltd

Communication in and outside of company

Names, Addresses., emails, phone numbers, Health Records, Contact details, biometric (avatar), IP Address, document contents, email contents, usage records

Data Subjects, ORMS Ltd

Internal HR functions leave and communications

HQ personal staff information leave information, communications details

Data Subjects, ORMS Ltd

Partner billing, record keeping and communications

HQ authentication information contact details, ORMS partner contact details, client statistics & invoicing

Data Subjects, ORMS Ltd

Purchasing various services (domains, etc)

Profile data and credit card for ORMS Ltd Staff or Contractor

Data Subjects, ORMS Ltd

Licenses for software

Personal contact information, cloud stored work may have personal data in it

Data Subjects, ORMS Ltd

Notifications of critical ICT events

ORMS Ltd person information, possible data in alert if relevant to alerting

Data Subjects, ORMS Ltd

Authentication, subscribed marketing & security notifications, bounce records, read and open records, link click records

Personal contact information (Name & Email)

Data Subjects, ORMS Ltd

Billing & Purchasing

Billing information including name, addresses, order information

Data Subjects, ORMS Ltd

Authentication, document management & office license

Contact Details, IP addresses

Data Subjects, ORMS Ltd

Hosting corporate infrastructure

HQ Person information, all data covered by other register entries.

Data Subjects, ORMS Ltd

Legacy ticketing system

Contact details, biometric (avatar), any details provided by user

Data Subjects, ORMS Ltd

Ticketing System / Public Comms Hub

Contact details, biometric (avatar), any details provided by user

Data Subjects, ORMS Ltd

CRM for Services team

Contact details, contract details with partners, any other information related to partnership with ORMS Ltd

Data Subjects, ORMS Ltd

Monitoring

No personal data, just system level metrics

Data Subjects, ORMS Ltd

Authentication, Database/API query derived statistics

Contact details

Data Subjects, ORMS Ltd

Credential and secure information store

Username and passwords for cloud services, may contain other notes

Data Subjects, ORMS Ltd

Public site spam prevention

User contributed content (forum posts)

Data Subjects, ORMS Ltd

DNS and Denial of Service Protection (gradually being phased out)

Website usage and all passed traffic data

Data Subjects, ORMS Ltd

Voice and Video Meetings

ORMS Ltd Employee contact information and recorded video

Data Subjects, ORMS Ltd

Monitoring sites

Email address & Name for Authentication

Data Subjects, ORMS Ltd

Virus & Malware scanning for Windows Users

Email address, Name, Scan data from local computer

Data Subjects, ORMS Ltd

Moodle Staging Sites for internal use only

Any non-anonymised data from production instances for testing

Data Subjects, ORMS Ltd

Test specific features as part of development

Should be no personal data stored, however IP addresses and other data may end up in logs, Moodle will also display IP data in internal logs which is publicly available

Data Subjects, ORMS Ltd

Demo most recent version of software to the public

Should be no personal data stored, however IP addresses and other data may end up in logs, Moodle will also display IP data in internal logs which is publicly available

Data Subjects, ORMS Ltd

Statistics and Marketing Tracking

IP addresses and logs, site behaviour analytics

Data Subjects, ORMS Ltd

Ongoing testing of software

Logins for staff, possible other data as test cases

Data Subjects, ORMS Ltd

Distribution of software

Source code with names in it and Moodle profiles for HQ Staff and Contractors

Data Subjects, ORMS Ltd

Language translations for Moodle

Profile data

Data Subjects, ORMS Ltd

Moodle documentation repository

Profile data

Data Subjects, ORMS Ltd

Private Moodle Code Repository

Profile Data

Data Subjects, ORMS Ltd

Learning Moodle course

Profile data, course results

Data Subjects, ORMS Ltd

Public Moodle Code Repository

Profile data

Data Subjects, ORMS Ltd

Storage of documents and other communications

Free form storage of documents, so any personal data is possible

Data Subjects, ORMS Ltd

Service status notifications

User logins for HQ Staff

Data Subjects, ORMS Ltd

User login and other information

Login and other personal profile information

Data Subjects, ORMS Ltd

Course hosting service

Login and other personal profile information

Data Subjects, ORMS Ltd

Testing accessibility features in Moodle

Login and other personal profile information

Data Subjects, ORMS Ltd

Collaborative document/code editing

Open system with varied data as well as user IP addresses

Data Subjects, ORMS Ltd

Register of research related to Moodle

Published research documents, login details and profile

Data Subjects, ORMS Ltd

Hosting applications for Moodle

Login information

Data Subjects, ORMS Ltd

Legacy Moodle sites

Login information

Data Subjects, ORMS Ltd

Indexing for search purposes

Any data supplied over our sites network

Data Subjects, ORMS Ltd

Collection and processing of anonymized data from third parties

Anonymized data from other institutions as well as login/profile for ORMS Ltd employees and contractors

Data Subjects, ORMS Ltd

News and information for the Development community

Login and other personal profile information. Details of specific development project participants

Data Subjects, ORMS Ltd

Communication to Moodle community

Login and other personal profile information

Data Subjects, ORMS Ltd

Accounts for access to software and licensing

Login and other personal profile information

Data Subjects, ORMS Ltd