List of active policies

Name Type User consent
Privacy Notice Privacy policy All users



  • General personal information collected on our websites
  • Legal basis for the use of personal data on Moodle
  • Data held by the Moodle system
  • How the Moodle system uses your personal information
  • Where Moodle information comes from
  • Who has access to Moodle data
  • Where Moodle information is shared
  • Moodle data retention
  • How the Moodle Helpdesk uses your information
  • Other policies and notices
  • Further Information

Full policy

General personal information collected on our websites

When you visit the Winton Centre eLearning hub domain we hold certain information about you for service and security reasons. The eLearning service (Moodle) collects, holds and processes additional personal information in line with the following privacy notice:

The eLearning service (Moodle) also uses your data as set out below.

Legal basis for the use of personal data on Moodle

If you register with the eLearning service user (login to Moodle using a personal email address as a username) you will have given us your consent to store your personal data. Should you wish to withdraw your consent you should email

Data held by the Moodle system

Data held by Moodle includes your name, email address, username and course information. 

Moodle logs contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated, the address of the machine from which the access was made, the browser identification information and information about the referring web page. Logs are used to create summary statistics which may be made publicly available. Summary statistics do not include personal data.

Information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other Moodle-based activities is held within the Moodle system. 

Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded. 

Additional personal data may be held within individual courses, either within documents/resources uploaded to the course, or within activities within the course. Other than contributions to chat rooms and discussion forums which are submitted by individuals in a personal capacity, course maintainers are responsible for the information held about you that may be uploaded onto such courses.

How the Moodle system uses your personal information

Moodle records and uses your personal information to:

  • Provide you an account on, and identify you within, the eLearning system
  • Provide you access to courses/sites within the eLearning system
  • Provide you the ability to upload, amend and delete certain information within Moodle 
  • Provide you access to the information, resources and activities uploaded to Moodle
  • Control access to different parts of the system. 
  • Help support Moodle users
  • For system administration and bug tracking
  • Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded)
  • For producing usage statistics for management and planning purposes

Individual courses within Moodle may collect additional personal information in order to: 

  • Provide services to the users
  • Facilitate and support business processes
  • Support users in their use of Moodle

A non-exhausted list of examples of this may include: 

  • Booking information
  • User feedback
  • Data collection for the purposes of business processes
  • Contact information
  • Application information 
Where Moodle information comes from

For all users, Moodle records information supplied by the user. This includes information entered into your profile (such as telephone numbers, addresses and University related information, such as College, Department and Course).

As well as the information that you upload and submit to Moodle, Moodle also contains additional information.

For users who identify themselves through the non-Raven login mechanism (Friends users), Moodle uses information supplied by:

  • The Moodle user who creates the account.
  • Relevant University departmental systems and services.

Additional information maybe uploaded onto individual courses by users of the system.

Who has access to Moodle data

The Winton Centre for Risk and Evidence Communication eLearning support team has access to all information stored within Moodle for the purposes set out above.

All course administrators and maintainers have access to the personal information of the other users of that course.

Access to Moodle logs is restricted to the support team, with the exception of course-specific tracking data which is also made accessible to course maintainers where an appropriate course-specific privacy policy is in place.

Where Moodle information is shared

The Winton Centre does not share Moodle personal data with others.

Moodle data retention

Information and data uploaded to Moodle, including accounts, courses and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely.

Moodle data is backed up at a facility managed by UIS. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.

How eLearning support uses your information

If you approach us for help with a fault, issue, question or support, support staff will need to look at your data held on the system, including files in your personal areas and the Moodle courses to which you belong. We may need to perform any of the following:

  • In the process of providing support, answering  question, reproducing/investigating your issue/problem or when forming a response, staff may navigate and interact with Moodle using your account. To do this support staff may use a feature know as 'login-as' which allows them to take control of your account. The support staff do not add, edit or delete any data within Moodle when doing this, without your prior permission. They will never ask you to send your password as part of any support that we provide.
  • The support staff, when providing support to your query, may also duplicate your course or data and transfer it into another part of the system or one of our test systems. This is to allow us to carry out investigations, test solutions and provide you with support.
  • When providing support, the support staff never gives out your personal information, including usernames and passwords.
Other policies and notices

A full list of relevant policies and notices for Moodle can be found here:

Further Information

For more information about how we handle your personal information, and your rights under data protection legislation, please see


Moodle sets two cookies, MoodleSession and MOODLEID_

Full policy

Cookies are small files which sit on your computer and record specific interactions between you and this website, and in some cases, other websites. This information is sometimes shared with the University of Cambridge, and in other cases, third parties. Below is more detail about the cookies we use, what they record and who the information is shared with. You are of course free to disable cookies.

Further information can be found on the University’s cookies webpage.

In addition to the cookies listed on the cookies webpage, Moodle will set the following cookies:


This cookie provides continuity and maintains your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server


This cookie records the username you log in as when you visit the site, and allows the username field to be automatically filled in the next time you visit