Privacy & Policy

Moodle Pty Ltd and its affiliated companies (“Moodle”, “we” or “us”), is the company at the heart of the open source Moodle Project: empowering educators to improve our world. This privacy notice sets out how Moodle collects and uses information about you when you use our products and services (“services”) and why we collect certain personal data. This notice also explains the choices that you can make about the way that we use your information. Your privacy protection is important to us. This is why we have adopted the following pivotal legislation: EU’s General Data Protection Regulation 2016/679 (“GDPR”), UK General Data Protection Regulation (“UK GDPR”) and the California Consumer Privacy Act 2018 (“CCPA”). This privacy notice relates to all personal data we process and addresses the legislation mentioned. ‘Personal data’, in this privacy notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Useful resources

We remain committed to building a secure LMS that protects the privacy and security of learners' and employees’ data. We provide all users with the tools to ensure that their data, information and operations are secure and protected. Privacy features embedded with Moodle LMS ensure that Moodle is GDPR compliant and adheres to local privacy legislation requirements. However, some responsibility for compliance and safety rests with the organisation that controls each Moodle installation. We encourage institutions and organisations to implement security measures for their Moodle installation and:

  • write multiple policy documents (including site policy for guests) so that they can be completely transparent with their learners, educators and anyone who visits their site on how they collect, use or disclose their data;
  • protect digital minors with age-of-consent checks and manage access for minors who require parental agreement to access their learning management system;
  • handle all data requests from learners and keep track of retention periods in a centralised place
  • enable users to easily request access or download their data, to see the policies they’ve agreed to and appoint a Privacy officer role to manage subject access/deletion requests from such users centrally.

We have also included some useful resources for your use in engaging with MoodleHQ:

  • Our standard Data Processing Agreement (DPA) that covers all of our products and services in a concise and comprehensive Schedule 1.
  • Cross Border Standard Contract Clauses (SCCs) that will allow us to contract with you to ensure protection of any personal data required to be transferred outside the EEA.
  • GDPR Questionnaire that may assist you in undertaking due diligence of Moodle's privacy practices when choosing a vendor that's right for you.

Why we collect your personal data

In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.

Our legal bases for controlling or processing personal data are:

  • Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to privacy@moodle.com;
  • Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
  • Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
  • Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:  (1).recruitment and induction of new employees, contractors and other people who work with us; (2).recruitment and induction of new employees, contractors and other people who work with us; (3).business development; or (4).providing login systems to users via their existing social media accounts.

Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.

The special categories of personal data (Article 9 of GDPR) we process are:

  • biometric data in the form of facial images, where you have uploaded and we store your profile picture;
  • health data in respect of employees, contractors and other people who work with us; and/or
  • health data in respect of employees, contractors and other people who work with us; and/or any special categories of special personal data which any user volunteers while using our services (for example in a forum or submission).

How we collect personal data

Moodle collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, including, without limitation, when you:

  • create an individual or corporate user account;
  • request support;
  • register for or participate in an online class, exam, certification, training, webcast or other event;
  • request information or materials;
  • participate in surveys or evaluations;
  • participate in promotions, contests or giveaways;
  • make a purchase through our shop or register products;
  • apply for employment;
  • submit questions or comments; or
  • submit content or posts on our forums or other interactive webpages.