List of active policies

Name	Type	User consent
Cookies Policy	Third parties policy	Authenticated users
Terms of Service	Site policy	All users
Privacy Notice	Privacy policy	All users

Cookies Policy

Summary

I agree to the Conversaid's Cookies Policy adopted from Moodle

Full policy

Cookies Policy

Effective: 28 April 2022

Moodle Pty Ltd uses cookies on its websites (collectively the “Sites”). This Cookies Policy explains what cookies are, how Moodle uses cookies, how third-parties we partner with may use cookies on the Sites, and your choices regarding cookies. Please read this Cookies Policy in conjunction with our Privacy Notice which sets out additional details on how Moodle uses personally identifiable information and your various rights.

What are cookies

Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Site or a third-party to recognize you and make your next visit easier and the Site more useful to you. Essentially, cookies are a user’s identification card for the Moodle servers. Web beacons are small graphic files linked to our servers that allow us to track your use of our Site and related functionalities. Cookies and web beacons allow us to serve you better and more efficiently, and to personalise your experience on our Site.

Cookies can be “persistent” or “session” cookies.

How Moodle uses cookies

When you use and access the Site, Moodle may place a number of cookies files in your web browser.

Moodle uses or may use cookies and/or web beacons to help us determine and identify repeat visitors, the type of content and sites to which a user of our Sites links, the length of time each user spends at any particular area of our Sites, and the specific functionalities that users choose to use. To the extent that cookies data constitutes personally identifiable information, we process such data on the basis of your consent.

We use both session and persistent cookies on across our various Sites and we use different types of cookies to run such Sites:

Essential cookies. Necessary for the operation of the Site(s). We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer Site features.
Analytical/performance cookies. Allow us to recognize and count the number of visitors and see how visitors move around the Site(s) when using it. This helps us improve the way the Site(s) work.
Functionality cookies. Used to recognise you when you return to the Site(s). This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
Targeting cookies. Record your visit to the Site(s), the pages you have visited, and the links you have followed. We will use this information to make the Site(s) and the more relevant to your interests. We may also share this information with third parties for this purpose.

To view a list of Moodle cookies, please view our Cookies table.

Third-party cookies

In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Sites and refine marketing efforts.

Tracking cookies. Follow on-site behaviour and tie it to other metrics allowing better understanding of usage habits.
Optimization cookies. Allow real-time tracking of user conversion from different marketing channels to evaluate their effectiveness.
Partner cookies. Provide marketing conversion metrics to our partners so they can optimise their paid marketing efforts.

To view a list of third-party cookies that we use, please refer to our Cookies table.

What are your choices regarding cookies

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use some or all of the features we offer. You may not be able to log in, store your preferences, and some of our pages might not display properly.

Cookies Table

The tables below list the internal and third-party cookies we use. As the names, numbers, and purposes of these cookies may change over time, this page may be updated to reflect those changes.

Moodle Academy & MEC Cookies:

Host Name	Cookie Name	Purpose		Expiration	More Information
Moodle Academy & MEC	MoodleSession	You must allow this cookie into your browser to provide continuity and maintain your login from page to page.		Session
Moodle Academy & MEC	MOODLEID	It remembers your username within the browser. This means when you return to this site the username field on the login page will be already filled out for you.		1 month	It is safe to refuse this cookie – you will just have to retype your username every time you log in.

Moodle.com Cookies:

Host Name	Cookie Name	Purpose	Expiration
Google Analytics	_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 Years
	_gat	Used by Google Analytics to throttle request rate.	Session
	_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	Session
	_gcl_au	Used by Google AdSense for experimenting with advertisement efficiency across web sites using their services. First party cookie for “Conversion Linker” functionality – takes information in ad clicks and stores it in a first-party cookie so that conversions can be attributed outside the landing page.	3 Months
Intercom	intercom-device-id	Used by Intercom Chatbot to identify repeat user sessions and stored variables.	1 Year

MoodleCloud Cookies:

Host Name	Cookie Name	Purpose	More Information
MoodleCloud	EU_COOKIE_LAW_CONSENT	Tracking. Remember that the user has accepted the cookie policy.
	PHPSESSID	Essential. Required to keep current user authentified to the portal.
	subdomain_username	Functionality. Pre-fills the last username used by the user when login.
[site].moodlecloud.com [site].moodle.school	MoodleSession[site]	Essential. Required to keep current user authenticated with Moodle and keep session alive.
Google Analytics	All cookies starting with _ga: _ga, _gid, _gat_mcglobal, _gat_mcregion, etc.	Analytical. Distinguish users, throttle request rate, etc.	https://www.google.com/policies/privacy/ and https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage To opt out, visit http://tools.google.com/dlpage/gaoptout
Google Analytics	All cookies starting with __utm	Analytical. Distinguish users, throttle request rate, etc.

MoodleNet Cookies:

Host Name	Cookie Name	Purpose	Expiration
Google Analytics	_ga	Used to distinguish users.	2 years
	_gid	Used to distinguish users.	24 hours
	_gat	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.	1 minute
	AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	30 seconds to 1 year
	_gac_	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.	90 days

Terms of Service

Summary

I agree to the Terms of Service

Full policy

You must not post, upload, publish, submit or transmit any content that:

infringes, misappropriates or violates any third party intellectual property rights, publicity rights or privacy laws;
is fraudulent, false, misleading or deceptive;
denigrates Moodle or Conversaid's Services;
violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability;
is defamatory, obscene, pornographic, vulgar, offensive, promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group;
is violent or threatening or promotes violence or actions that are threatening to any other person; or
promotes illegal or harmful activities or substances.

Please refer to the full Terms of Service if you would like to review the text.

Privacy Notice

Summary

I agree to the Conversaid's Privacy Notice adopted from Moodle

Full policy

Privacy Notice

Last updated: May 2023

Moodle Pty Ltd and its affiliated companies (“Moodle”, “we” or “us”), is the company at the heart of the open source Moodle Project: empowering educators to improve our world. This privacy notice sets out how Moodle collects and uses information about you when you use our products and services (“services”) and why we collect certain personal data. This notice also explains the choices that you can make about the way that we use your information.

Your privacy protection is important to us. This is why we have adopted the following pivotal legislation: EU’s General Data Protection Regulation 2016/679 (“GDPR”), UK General Data Protection Regulation (“UK GDPR”) and the California Consumer Privacy Act 2018 (“CCPA”). This privacy notice relates to all personal data we process and addresses the legislation mentioned.

‘Personal data’, in this privacy notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Useful resources

We remain committed to building a secure LMS that protects the privacy and security of learners' and employees’ data. We provide all users with the tools to ensure that their data, information and operations are secure and protected. Privacy features embedded with Moodle LMS ensure that Moodle is GDPR compliant and adheres to local privacy legislation requirements. However, some responsibility for compliance and safety rests with the organisation that controls each Moodle installation. We encourage institutions and organisations to implement security measures for their Moodle installation and:

write multiple policy documents (including site policy for guests) so that they can be completely transparent with their learners, educators and anyone who visits their site on how they collect, use or disclose their data;
protect digital minors with age-of-consent checks and manage access for minors who require parental agreement to access their learning management system;
handle all data requests from learners and keep track of retention periods in a centralised place; and
enable users to easily request access or download their data, to see the policies they’ve agreed to and appoint a Privacy officer role to manage subject access/deletion requests from such users centrally.

We have also included some useful resources for your use in engaging with MoodleHQ:

Our standard Data Processing Agreement (DPA) that covers all of our products and services in a concise and comprehensive Schedule 1.
Cross Border Standard Contract Clauses (SCCs) that will allow us to contract with you to ensure protection of any personal data required to be transferred outside the EEA.
GDPR Questionnaire that may assist you in undertaking due diligence of Moodle's privacy practices when choosing a vendor that's right for you.

Why we collect your personal data

In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.

Our legal bases for controlling or processing personal data are:

Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to privacy@moodle.com;
Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
- recruitment and induction of new employees, contractors and other people who work with us;
- emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
- business development; or
- providing login systems to users via their existing social media accounts.

Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.

The special categories of personal data (Article 9 of GDPR) we process are:

biometric data in the form of facial images, where you have uploaded and we store your profile picture;
health data in respect of employees, contractors and other people who work with us; and/or
any special categories of special personal data which any user volunteers while using our services (for example in a forum or submission).

If we need to pass on special category personal data (see Article 9 of GDPR) to a third party, we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above.

If you would like more details please refer to our Register of GDPR Information.

How we collect personal data

Moodle collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, including, without limitation, when you:

create an individual or corporate user account;
request support;
register for or participate in an online class, exam, certification, training, webcast or other event;
request information or materials;
participate in surveys or evaluations;
participate in promotions, contests or giveaways;
make a purchase through our shop or register products;
apply for employment;
submit questions or comments; or
submit content or posts on our forums or other interactive webpages.

How we use personal data

We may need to pass your personal data on to third-party service providers contracted to Moodle in the course of dealing with you. We do this because there are services, such as our video conferencing facility, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.

We seek to enter into Data Processing Agreements with our third party service providers to ensure they only process your data as instructed by us. If you obtain products or services directly from us on behalf of others we will ensure you enter into a Data Processing Agreement (DPA) with us. You will also need to enter into a DPA with your students/employees/customers when using our systems.

How we store personal data

We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organisational and technical safeguards for all personal data we hold. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business sector requirements and agreed practices. Personal data can be held in addition to these periods depending on individual business needs.

We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.

Marketing

We have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavour to seek your consent appropriately. Moodle does not sell data, and has no intentions in doing so in the future.

Your rights when we process your personal data

At any point while we are in possession of or we process your personal data, you have the following rights:

right to withdraw consent;
right of access;
right of rectification;
right to erasure;
right of data portability;
right to restrict processing;
right to object;
right to object to automated processing, including profiling;
right to know;
right to opt out of the sale of your personal information, although we do not sell your data;
right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why;
right to be free of discrimination if you exercise your rights;
notification of data breaches; and/or
the right to lodge a complaint with a supervisory authority.

Where we are your Data Controller, please make your request directly to the Data Protection Officer at dpo@moodle.com. We will always respond within one month.

However, if we are processing your data on behalf of your Data Controller (your service provider) you should contact them directly.

Privacy notices of other websites

This privacy notice outlines how we manage your personal data. If the website you are using is not hosted by us or you click on a link to another website, we encourage you to read their privacy notice.

Where we are not involved with your personal data, such as where the Moodle software has been self-hosted, you should address your requests to the Data Controller of the website since we have no access to your personal data.

Children and Personal Data

Here at Moodle we understand the importance of protecting the personal data of children under the age of 16. It is not our intention to collect personal data from a child. If you believe that a child has disclosed personal data or that we hold personal information about a child, please email us at privacy@moodle.com.

Verification

Before we action a personal data request we need to verify your identity. We accept a request made through your personal Moodle account while you are logged in. We sometimes require additional information such as a colour copy of your passport, driving licence or national ID card.

Amendments to our Privacy Notice

Moodle updates our privacy notice when necessary or in response to:

feedback from our community, customers, relevant authority, industry or other stakeholders;
changes in our products or services; and/or
data processing or policy changes.

The “last updated” date at the top of this privacy notice reflects when the most recent changes were made. We encourage you to periodically review this privacy notice for any amendments.

How to contact the appropriate authorities

If you have questions or wish to lodge a complaint about how your personal data is being processed by us (or third parties as described above), or how your complaint has been handled, you have the right to contact a supervisory authority and also our Data Protection Officer, Data Compliance Europe Ltd.

Register of GDPR Information

If you would like more details about the types of information we process, please refer to our Register of GDPR Information.