Privacy Policy and Cookies - i3S Training Moodle Platform

This Privacy Policy outlines how we, at i3S, manage your personal data when you use the i3S Training Moodle platform (https://training.i3s.up.pt/). This platform is operated with the Moodle Learning Management System (LMS), a software which is free and open source and is hosted by i3S. Moodle is our training/course management system and is available for participants in i3S courses, workshops and other training events.

1. Who is the controller of your personal data? 

The organization responsible for the processing of your personal data (i.e. the data controller according to the GDPR) that is collected by the i3S Training Moodle platform (https://training.i3s.up.pt/) is i3S - Instituto de Investigação e Inovação em Saúde da Universidade do Porto - Associação, located at Rua Alfredo Allen 208, 4200-135 Porto, Portugal.

2. Who can you contact regarding the processing of your personal data?

If you have any doubts regarding the processing of your personal data, you can contact our Data Protection Officer at any time by using the following contact details:

Email: dpo@i3s.up.pt

Address: i3S- Instituto de Investigação e Inovação em Saúde, Universidade do Porto

Data Protection Officer 

Rua Alfredo Allen, 208 

4200-135 Porto 

Portugal

Telephone: +351 226 074 900

3. Which personal data do we collect/are held by the Moodle system?

At i3S, we process various types of personal data which are needed for the management of Moodle LMS, mainly: name, email address, username, and if necessary or applicable: institutional information, courses enrolled, privileges (e.g.teacher, student), course data (e.g. tasks, participation, enrolment, exam questions, exam answers), information related to exams and assessments conducted using the i3S Moodle. 

In addition, Moodle records logs that contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated and the address of the machine from which the access was made.

Information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other Moodle-based activities is also held within the Moodle system. Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded. 

Additional personal data may be held within individual courses, either within documents and/or resources uploaded to the course, or within activities within the course. Other than contributions to chat rooms and discussion forums which are submitted by individuals in a personal capacity, course maintainers are responsible for the information held about you that may be uploaded onto such courses.

Users may add further information on their profile page (location, interests, profile picture). It is also possible to add a description in the user profile. Sometimes you may be required to fill in a questionnaire evaluating the course. The responses to these surveys are always anonymous. Exceptions to this will be notified and justified to the participant.  Participation in feedback surveys are always voluntary. Please keep in mind that we, at i3S, will never require you to submit any sensitive personal data (e.g. health data, genetic data, biometric data) to use the platform. We would like to remind you that you should never share sensitive data on the i3S Moodle platform. 

4. What are the purposes for collecting your data? 

We, at i3S, process your personal data, within the context of the i3S Moodle platform, for the following purposes: 

• Participants (Moodle student role): the personal data is processed to provide participants with online course materials, a digital learning environment, and a space to hold online discussions with their peers. 

• Lecturers: the personal data is processed so that lecturers can provide participants with online course materials and a digital learning environment. 

• General i3S staff: the personal data is processed to give access to the i3S training catalogue (life-long learning for i3S staff), to allow them to register to courses and to provide them with online course materials.

In addition, individual and identified courses within Moodle may use personal information in order to monitor i3S staff training activities, for producing usage statistics for management and planning purposes and to collect user feedback.

We may also need to use personal information to help support i3S Moodle users and for system administration and bug tracking purposes.  

5. Where does the i3S Moodle Training platform information come from?

For all users, Moodle records information are supplied by the user or by the relevant i3S departmental systems and services. This includes information entered into your profile (such as email addresses). As well as the information that you upload and submit to Moodle (such as educational related information - University, Laboratory and/or Course)

Additional information may be uploaded onto individual courses by users of the system.

6. On which legal basis does i3S process your personal data? 

The lawful basis we rely on for processing your personal data is elaboration of a contract, your consent, a legal requirement and/or our legitimate interest, under article 6 (1)(b), (a), (c) and (f) of the EU GDPR (respectively). For instance, to organize Training courses we rely on the elaboration of a contract as lawful basis to process data or on our legitimate interest to provide and manage training courses for our employees. 

7. Where is the i3S Moodle Training platform data stored?

i3S Moodle data is stored within i3S data centres. Your personal data will not be transferred outside the European Union.

8. Security of your personal data 

The processing of your personal data is carried out through the Moodle Learning Management System for the purposes mentioned above. The i3S implements technical and organisational measures to ensure the security of the personal data in compliance with the GDPR. Information and operations are secured by requiring users to login before accessing any information. Therefore, remember that users’ passwords must meet complexity requirements and must be reset regularly to prevent any unauthorised access to Moodle. In addition, i3S has set up user roles in Moodle for its staff, teachers, and students, which are constantly under review. Each role has specific permissions to access, delete or modify the data. 

The i3S Moodle is backed up in order to prevent any data loss. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.

9. How long do we keep your personal data? 

Moodle accounts are retained for as long as your account is active. Information and data uploaded to Moodle, including accounts, courses and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely. Nevertheless, whenever possible, i3S has the policy to keep user’s information and users licenses active within a 3-4 months after course completion (this data retention interval will be clarified by the course responsible within the course context).

10. Who can access your personal data? 

Participants (student role): Participants data (name, username, email and, when available, photograph, city and country) can be viewed by lecturers, other students (from the same course) and platform administrators. In addition, lecturers and administrators can also access log data of participants.

Lecturers (teacher role): participants can view your name and surname in the platform, your contributions and check your profile. 

System managers have access to all data in order to administer and manage the Moodle site (e.g. file management, upgrade the site, integrations). Indeed, if you approach the Moodle Helpdesk (moodle@i3s.up.pt) for help with a fault, issue, question or support, Moodle support staff may need to look at your data held on the system, including files in your personal areas and the Moodle courses to which you belong. When providing support, the helpdesk never gives out your personal information, including usernames and passwords.

11. What about Cookies? 

Cookies are small files which sit on your computer and record specific interactions between you and this website, and in some cases, other websites. When you access the i3S Training Moodle platform, it will set the following cookie: MoodleSession - This cookie provides continuity and maintains your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server). You are always free to disable cookies if you so wish.

12. What are your rights regarding the processing of your personal data?

You have the right to access and rectify your personal data. In certain cases (in accordance with the conditions set out by the General Data Protection Regulation (Regulation (EU) 2016/679)), you will also have the right to object to the way in which your data is used, to withdraw a given consent, to request that your data be deleted, to ask to restrict certain aspects of the processing of your data and to retrieve your data to forward it to a third party (right to data portability).

If you wish to exercise your rights, you should contact the i3S’s Data Protection Officer by email at dpo@i3s.up.pt or by post at the address provided above. 

12. How can you lodge a complaint? 

If you consider that the Processing of Personal Data relating to you infringes the GDPR, you have the right to file a complaint about our use of your information to Comissão Nacional de Proteção de Dados, our competent national supervisory authority, at https://www.cnpd.pt.

This page was last updated in February 21, 2024.