List of active policies

Name Type User consent
Tavistock & Portman Moodle Site Policy Site policy All users
Tavistock & Portman Moodle Privacy Policy Privacy policy All users
Tavistock & Portman Moodle Cookies Policy Other policy All users
Tavistock & Portman Moodle Third Party Policy Third parties policy All users

Summary

Purpose of the Site Policy

The purpose of this document is to:

  • specify user responsibilities;

  • promote the appropriate use of the Trust VLE for the protection of all members of the Trust community.

The Site Policy applies both within and external to Trust premises.

Please note that users include ad hoc learners attending short courses at the Trust.

Full policy

This policy has been created in line with the Trust’s general Privacy Notice https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/privacy-and-your-data.

Purpose of the Site Policy

The purpose of this document is to:

·       specify user responsibilities;

·       promote the appropriate use of the Trust VLE for the protection of all members of the Trust community.

The Site Policy applies both within and external to Trust premises.

Please note that users include ad hoc learners attending short courses at the Trust.

Trust platforms

·       Moodle is the Virtual Learning Environment (‘VLE’) used at the Tavistock and Portman NHS Foundation Trust (‘the Trust’). It is based on the open source Moodle platform (http://www.moodle.org). Moodle is distributed under the GNU General Public License. Our Moodle installation is externally hosted by Synergy Learning (https://synergy-learning.com/), a specialist elearning vendor with data centres based in the UK.

·       Turnitin is a third-party platform that sits within Moodle as a plugin. It offers text matching and feedback functionality on any and all assignments submitted through Moodle. It is hosted by TurnitinUK (http://www.turnitinuk.com), which has data centres based in the UK.

·       Shibboleth is the authentication platform that enables the creation of accounts for enrolled students and their allocation to the appropriate study areas within Moodle. The Trust’s Shibboleth platform is externally managed by Overt Software Solutions (https://www.overtsoftware.com), which has data centres based in the UK.

The education services full data platform map is as follows:

Platform map

Registration

All users must register to use the Trust’s VLE. There is no Guest Access.  

All registered Moodle users must agree to the Trust’s:

·       VLE Site Policy

·       VLE Privacy Policy

·       VLE Cookies Notice

·       VLE Third-party Notice

Other Trust policies may also be applicable, such as the IT Acceptable Use Policy.

These Policies cover the whole period that the user is a member of the Moodle community at the Trust.

On registration, users must give their consent to the Trust’s processing of their personal data via the VLE and to acknowledge the Trust’s Privacy Notice (https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/privacy-and-your-data ).

Use of Moodle

Users of the Trust VLE agree to the following:

a)       The Trust VLE must not be used for anything else other than for the purposes of training, education and research. However, incidental personal use, for example via the Moodle social forums, is acceptable.

b)      The Trust VLE must not be used for personal commercial use, for example marketing.

c)       The Trust VLE must not be used for uploading, storing, viewing or transmitting any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.

d)      Users must not misrepresent the Trust or bring it into disrepute in any way through the use of the Trust VLE.

e)      Users must be responsible for moderating discussion forums which they may have created.

f)        Users must always act in a professional manner. Be polite and courteous to others when using the Trust VLE and follow the established norms of netiquette (http://en.wikipedia.org/wiki/Etiquette_in_technology). The Trust VLE is not to be used to libel, slander, or harass any other persons.

g)       Users agree not to plagiarise in submitted postings or assignments.

h)      Users must not breach the copyright of the Trust or any third party by copying from the Trust VLE without authorisation. Copyright of the course materials and content of the Trust VLE are owned or controlled by the Trust unless otherwise stated. Any copies of third party materials will be clearly labelled with warnings about any copyright restrictions.

i)        Users must ensure that any copyright material reproduced and loaded onto Moodle conforms with the Copyright, Designs and Patents Act 1988 (as amended) (http://www.ipo.gov.uk/cdpact1988.pdf) or with any licence agreement held by the Trust, or has been made with the express permission of the rights holder. All reproductions must be fully acknowledged. Material not conforming to these requirements will be removed from Moodle.

Information governance and access

Users of the Trust VLE must agree to:

j)        Look after their own username and password. Do not share your password with anyone else and do not use the username and password of other users.

k)       Keep physical access to the Trust VLE secure. For example, do not login to the Trust VLE and then leave your computer unattended (please note, cookies stored on your computer will keep you logged on until you close your browser or clear your cache).

l)        Not attempt to gain unauthorised access to any part of the Trust VLE.

m)    Not post material which contains viruses or other programs which may disrupt the Trust’s systems.

n)      Not upload private, confidential or sensitive material unless this is authorised.

o)      Not upload or post patient identifiable data.

p)      Keep their own data up-to-date and secure.

q)      Understand that the Trust will not take responsibility for any loss of information, which has been posted on the Trust VLE, once users cease to be formally associated with the Trust.

r)        Understand that access to learning materials from previous years of study within the Trust VLE may be restricted.

Contact through Moodle

As a Moodle account holder, you will sometimes receive emailed postings to your registered email account. These course-related emailed postings will be generated in the forums by other students or your tutor.

You will also receive emailed postings from the site-wide forum. These postings usually concern upcoming events or changes that you need to be made aware.  You choose not to subscribe to these site wide postings through your preferences.

Enforcement

Certain activities will be regarded very seriously by the Trust and are subject to severe penalties for users, including suspension of use of the Trust VLE.

These activities include deliberate interruption to the use of the Trust VLE; gaining or attempting to gain unauthorised access to any part of the Trust VLE or information stored therein; unauthorised disclosure of personal data; wilful or reckless infringement of any intellectual property rights of the Trust or third parties; and the viewing, transmitting or storing any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.

Disclaimer

Please note that the Trust reserves the right to remove, vary or amend any of the content which appears on the Trust VLE at any time and without prior notice.

Please also note that the Trust VLE may contain links to other websites outside the Trust's control and that the Trust is not responsible for the content or accessibility of these sites.

Technology Enhanced Learning Unit

September 2021



Summary

Purpose of Privacy Policy

The purpose of this document is to:

  • provide clear information under the General Data Protection Regulation 2018 about how your data flows between Trust platforms;

  • provide clear, unambiguous information about your personal data.

Our legal basis for processing your data is legitimate Interest – to allow us to manage your educational experience with us.

Full policy

This policy has been created in line with the Trust’s general Privacy Notice https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/privacy-and-your-data.

Purpose of Privacy Policy

The purpose of this document is to:

·       provide clear information under the General Data Protection Regulation 2018 about how your data flows between Trust platforms;

·       provide clear, unambiguous information about your personal data.

Our legal basis for processing your data is legitimate Interest – to allow us to manage your educational experience with us.

Trust platforms

·       Moodle is the Virtual Learning Environment (‘VLE’) used at the Tavistock and Portman NHS Foundation Trust (‘the Trust’). It is based on the open source Moodle platform (http://www.moodle.org). Moodle is distributed under the GNU General Public License. Our Moodle installation is externally hosted by Synergy Learning (http://www.turnitinuk.com), a specialist elearning vendor with data centres based in the UK.

·       Turnitin is a third-party platform that sits within Moodle as a plugin. It offers text matching and feedback functionality on any and all assignments submitted through Moodle. It is hosted by TurnitinUK (http://www.turnitinuk.com), which has data centres based in the UK.

·       Shibboleth is the authentication platform that enables the creation of accounts for enrolled students and their allocation to the appropriate study areas within Moodle. The Trust’s Shibboleth platform is externally managed by Overt Software Solutions (https://www.overtsoftware.com), which has data centres based in the UK.

The education services full data platform map is as follows:

Platform map

Our responsibilities

The Trust and contracted third parties will deal with your personal data in accordance with the principles set out in the General Data Protection Regulation 2018.

Our legal basis for processing your data is legitimate Interest - to allow us to manage your educational experience with us.

Data we collect

When you log into Moodle, your username and password are authenticated against Shibboleth, which contains your first name, last name and email address. This personal data is carried into Moodle. During assessment, your essay submissions and marker feedback is saved. An originality report that identifies you is automatically generated in Turnitin. Standard internet log information such as IP address, browser version and the Moodle pages accessed are also collected.

How we secure your information

Your personal data is processed under the following parameters:

·       Your data is processed in the UK only;

·       We will not share your data with any non-specified outside organisations, for example for the purposes of marketing;

·       Your personal data (your account) will be deleted from Moodle and Turnitin by a specified time after your learning/teaching relationship with the Trust has ended. To do this, we delete your Moodle account, which removes your complete digital footprint in the platform. Account deletions occur during July and August each year;

·       Our platforms are role-based – this means access to your personal data by members of the Trust is based on need (e.g. only the relevant course teams and administration);

·       Assignments are removed from Moodle in August and January and are archived on a Trust secure network drive. These are retained in accordance with the Trust’s retention schedule, available on the Trust website: https://tavistockandportman.nhs.uk/documents/67/records-retention-schedule.pdf .

·       Only you and authorised persons (TEL, Course Administration, tutors, external examiners and Academic Quality) will have access to your assessment information.

·       Your data is retained on Turnitin as part of the assessment process. This is retained in accordance with the Trust’s retention schedule, available on the Trust website: https://tavistockandportman.nhs.uk/documents/67/records-retention-schedule.pdf.

  • We configure our systems and applications following industry best practice to help mitigate intrusion.
  • We have clear security and privacy policies and regularly perform security awareness and privacy training for all staff.
  • We maintain service level agreements (SLAs) with our third-party platform vendors. These include details of their security infrastructure, security scans and offsite backup policy.
  • All platform vendors are fully GDPR compliant. Please see the separate T&P VLE Third-party Notices.

Your data rights

Depending on the lawful basis and the personal data being processed, you have the following rights to your data:

  • The right to be informed: You can see clearly how we process your personal data and we will keep you informed if anything in this policy changes.
  • The right of access: You can request access to your data. We will respond to these requests within one month where the requests are not complex or numerous.
  • The right to rectification: You can request that your data be corrected (e.g. email address).
  • The right to erasure: You can request that your data be deleted. We will first explain the implications of this.
  • The right to data portability: You can request that your data be exported in a machine readable format to provide data portability.
  • The right to object: You can object to us processing your data by contacting telsupport@tavi-port.nhs.uk. Any consent given can be withdrawn at any time. The implications of this withdrawal for your relationship with the Trust will be clearly explained before proceeding.

Data Breach Reporting

Any data breaches involving a risk to data subjects’ rights and freedoms will be reported to the Information Commissioner’s Office and the individuals affected within 72 hours of the breach being discovered.

If you have any questions about this policy or if you believe your privacy is being compromised please speak to a member of the TEL unit or contact:

The Data Protection Officer,

The Tavistock and Portman NHS Foundation Trust,

120 Belsize Lane,

London NW3 5BA

Email: dpo@tavi-port.nhs.uk

Technology Enhanced Learning Unit

September 2021



Summary

Details of Moodle's use of cookies

Full policy

On registration, users must give their consent to the Trust’s processing of their personal data via the VLE and to acknowledge the Trust’s Privacy Notice (https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/privacy-and-your-data ).

In order to use the Trust VLE you must have 'cookies enabled' on your web browser.  Cookies are small file structures used by the Trust VLE to 'request' information from the computer which you are using.  This information is then returned to the Trust VLE and stored. The information may also be shared with third-parties for plugins we maintain within in Moodle (e.g. Turnitin UK).  

We use this information to help improve the Trust VLE services by ensuring that the material and content of the courses match with the users' requirement and to make sure users are not having problems with access. The usage statistics are visible to the Trust VLE administrators and may be visible to your course tutors and, where applicable, authorised users from your employer's organisation.

Moodle will set the following cookies:

MoodleSession

This cookie provides continuity and maintains your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server).

MOODLEID_

This cookie records the username you log in as when you visit the site and allows the username field to be automatically filled in the next time you visit.

 



Summary

Purpose of the Third-party Notice

The purpose of this document is to:

  • Identify third parties with whom your data may be shared;

  • Provide reassurance that your data is managed and retained by these third-parties in accordance with the General Data Protection Regulation 2018.

Our legal basis and that of our contracted third parties for processing your data is legitimate Interest – to allow us to manage your educational experience with us.

We maintain SLAs (service level agreements) with all our third-party vendors. All have been reviewed for GDPR compliance.

Full policy

This policy has been created in line with the Trust’s general Privacy Notice https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/privacy-and-your-data.

Purpose of the Third-party Notice

The purpose of this document is to:

·       Identify third parties with whom your data may be shared;

·       Provide reassurance that your data is managed and retained by these third-parties in accordance with the General Data Protection Regulation 2018.

Our legal basis and that of our contracted third parties for processing your data is legitimate Interest – to allow us to manage your educational experience with us.

We maintain SLAs (service level agreements) with all our third-party vendors. All have been reviewed for GDPR compliance. 

Third-party platforms

The following platforms are integrated within Moodle as plugins or are available through Moodle.

·       Turnitin sits within Moodle as a plugin. It offers text matching and feedback functionality on any and all assignments submitted through Moodle. It is hosted by TurnitinUK (http://www.turnitinuk.com), which has data centres based in the UK.

·       Vimeo is a video streaming service based in the United States. It hosts all our education and training videos, which are then streamed into Moodle using embed links (www.vimeo.com).

·       Box of Broadcasts is an on-demand TV and radio service for education. It is available only to holders of a current Shibboleth account (https://learningonscreen.ac.uk/ondemand). It is maintained by Learning OnScreen: The British Universities and Colleges Film and Video Council.

The education services full data platform map is as follows:

Platform map

Turnitin

1.       This is an external platform that provides instructors with the tools to prevent plagiarism, engage students in the writing process, and provide personalized feedback.

2.       Turnitin UK’s servers sits within the UK but outside Moodle. It is integrated seamlessly within Moodle assignments as a plugin.

3.       The TEL unit have access to the Trust’s Turnitin account and are responsible for ensuring data is managed in accordance with GDPR 2018.

4.       Turnitin retains the name of the student as well as any marks if GradeMark has been used.

5.       The TEL unit manages Turnitin in line with the Trust’s retention schedule, available on the Trust website: https://tavistockandportman.nhs.uk/documents/67/records-retention-schedule.pdf.

6.       Turnitin’s Privacy Policy is available here: https://guides.turnitin.com/Privacy_and_Security.

Vimeo

1.       This is an external platform that hosts the Trust-produced videos used on our online, blended and face to face courses.

2.       Vimeo is based in the United States. Videos streamed from Vimeo appear as embedded assets on a Moodle page.

3.       No personal data is collected when watching an embedded Vimeo video in Moodle. Anonymous general data relating to number of views and completions of the video is recorded.

4.       Vimeo’s Privacy Policy as it related to the EU/UK is available here: https://vimeo.com/privacy#intl_data_transfers_certain_user_rights.

Box of Broadcasts (BoB)

1.       This is an external platform that gives Shibboleth account holders access to thousands of hours of on-demand TV and radio.

2.       Authentication is via Shibboleth. Basic details (email address and first name) are retained on BoB as part of the authentication process.

3.       Users are able to make clips from recordings, which are retained on and streamed from BoB. The clips and full programmes can be embedded within Moodle pages.

4.       BoB’s Privacy Policy is available here: http://bufvc.ac.uk/aboutus/privacy/privacy-and-cookies-policy.

 

Technology Enhanced Learning Unit

September 2021