List of active policies

Full policy

Change Log

In section …	We (removed / changed / added / …)	The statement:
Overview & Primary Use of Moodle	Clarified	Permitted and supported use cases of Moodle directly support active students in their studies.
Other uses of Moodle	Outlined	Non-educational use cases are currently permitted, though support and improvements will not normally be provided.
Devolved responsibility of Moodle	Clarified Clarified	Course owners are responsible for privacy policy and data retention at course level. For non-educational uses of Moodle, course owners may be at greater risk of non-compliance with university regulation, best-practice and cyber-security
Review	Updated	The purpose and aims of Moodle and the policies governing its use are under constant review to ensure the system meets, and continues to meet, the University’s requirements for teaching and learning, as outlined by the Blended Learning Service in the Guiding Principles & Priorities (link opens in new tab).

Overview

Moodle is an online Virtual Learning Environment (VLE) that offers file sharing, communication tools and other pedagogical resources to users, primarily for the purposes of supporting Education. Cambridge University provides these services subject to the University Terms and Conditions statement. Moodle is governed by the Education Portfolio, Educational Services and related University Educational Committees such as GBEC. Moodle is administered & supported by the Teaching, Learning & Assessment Systems & Services Team in UIS, in conjunction with the Blended Learning Services team in Educational Services. Further information and guidance for use can be found below.

These Terms and Conditions state the permitted and supported uses of Moodle, which includes those use cases that directly support active University of Cambridge students in their studies.

Primary Use of Moodle

Moodle is the main VLE of the University of Cambridge. It is provided by University Information Services (UIS) and endorsed by the Education Portfolio to support teaching and learning across the Collegiate University. Specifically, Moodle is designed, configured and supported to aid active students in their studies towards a qualification or certificate awarded by the University in line with the University’s Statutes and Ordinances.

Other Uses of Moodle

Currently, the system’s online tools and facilities are often used to support other activities, such as -but not limited to- Training & Compliance, Recruitment, Widening Participation, Committee support, Education Administration, appointment booking, project collaboration, and general secure file-sharing and storage.

However, these are very much secondary uses of Moodle, not endorsed by the Education Portfolio or UIS, and other more suitable systems may be available. Please consult UIS guidance to facilitate these decisions: Browse help by service category  (link opens in new tab) & Guidelines on University data security classifications (link opens in new tab).

Requests for improvements to Moodle to aid in these secondary uses will not be accepted. Due to changes to improve Educational uses of Moodle, aspects of Moodle critical to these secondary uses may be altered, or withdrawn, with very little notice.

The teams who administer Moodle will not normally:

• Provide improvements to Moodle to facilitate only non-educational use.
• Answer support and service requests related to non-educational use.
• Take non-educational use case into consideration when evaluating, and planning change, including changes to existing, or new, policies and procedures.

Devolved Responsibility for Moodle

Although hosted and maintained centrally, Cambridge Moodle uses a devolved ownership model: Departments, Colleges, Non-School Institutions and other offices are responsible for managing and administrating their own areas in Moodle and how those areas are used. It is the responsibility of local managers to ensure that Moodle is appropriate and suitable for the purpose for which it is being used, and that its use complies with the University’s policies and guidelines. These policies include, but are not limited to, data protection, data retention, GDPR compliance, copyright, security, personal data considerations, access restrictions, and intellectual property rights. To help with this, UIS have put together guidance which can be found under the 'About Moodle' navigation heading in Moodle (Raven/Moodle access required).

Course owners are responsible for setting up:

• A privacy notice if the course is used in such a way that personal (GDPR) data is uploaded to it.
• A data retention policy if they download backups of the course and store them offline, especially if these contain personal data added for the purpose of the course.

Users and course owners are responsible for backing up any data they uploaded or need to retain for periods exceeding the Moodle data retention period (e.g. course / activity completion reports; student papers; etc.).

Please note that, for non-educational uses of Moodle, course owners may be at greater risk of non-compliance with university regulation, best-practice and cyber-security.

Support for Moodle Users

Support for Moodle users is provided by local managers and centrally by the UIS Teaching, Learning & Assessment Systems Team (TLAS team). The TLAS team supports all Moodle users through classroom training, online guides, and the Moodle Helpdesk, for the delivery of teaching, learning and assessment.

Changes to Moodle

The TLAS team regularly changes Moodle to improve its security, stability, and usability. Requests for changes and improvements are accepted from across the Collegiate University, and priority is given to those that improve its effectiveness as a tool to support the delivery of teaching and learning.  In addition, necessary changes may (rarely) be made that negatively impact one or more secondary uses.

Review

The purpose and aims of Moodle and the policies governing its use are under constant review to ensure the system meets, and continues to meet, the University’s requirements for teaching and learning, as outlined by the Blended Learning Service in the Guiding Principles & Priorities (link opens in new tab).

Last review: 30^th September 2025.

If you have any comments or concerns, or need any help or support, please contact the Moodle Helpdesk on moodlehelp@uis.cam.ac.uk.

Full policy

Change Log

In section …	We (removed / changed / added / …)	The statement:
Who has access to Moodle data	Added	Course participants can view other course participants’ basic information. Moodle logs are accessible to authorised staff at our system support vendor.
Where Moodle Information is shared	Added	Course owners may configure connections to other systems, which may pass limited details and certain Moodle attributes to the other system.
Moodle Data Retention	Clarified Reiterated Updated	Course owners are responsible for the privacy policies of their own course / course backups.  The Moodle team do not restore data centrally other than in the event of a whole system failure. Links to further information about the Moodle Data Retention policy and the Data Request process.

General personal information collected on our websites

When you visit any of the websites within the University of Cambridge domain, we hold certain information about you for service and security reasons. For more information on this, please see the Privacy policy for the University of Cambridge (link opens in new tab). The University Virtual Learning Environment (VLE) Service (Moodle) collects, holds and processes additional personal information in line with the following privacy notice: University IT facilities and services privacy notice (link opens in new tab).

The University VLE Service (Moodle) also uses your data as set out below.

Legal basis for the use of personal data on Moodle

If you have a University account (formerly Raven) and use this to access Moodle, our Legal basis for using your personal information is in order to deliver our contractual obligations to you as a user of our service. 

If you only access Moodle as a Friends user (login to Moodle using a personal email address as a username), we use your personal information with your consent, as given by you to the user (usually a member of a department, college or non-school institution) who originally set your account up and added you to a Moodle course.

You always have the right to withdraw your consent. Should you wish to withdraw your consent you should email the Moodle Helpdesk on moodlehelp@uis.cam.ac.uk. Your account and data would then be deleted from the system in line with legal and policy requirements.

Data held by the Moodle system

Data held by Moodle includes your name, email address, username (CRSid or email address) and your University information, such as your College, Department and course information. 

Moodle logs contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated, the address of the machine from which the access was made, the browser identification information and information about the referring web page. Logs are used to create summary statistics which may be made publicly available. Summary statistics do not include personal data.

Information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other Moodle-based activities is held within the Moodle system. 

Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded.

Additional personal data may be held within individual courses, either within documents/resources uploaded to the course, or within activities within the course. Other than contributions to chat rooms and discussion forums which are submitted by individuals in a personal capacity, course maintainers are responsible for the information held about you that may be uploaded onto such courses, and such content is not covered by this Privacy Policy.

How the Moodle system uses your personal information

Moodle records and uses your personal information to:

• Provide you an account on, and identify you within, the VLE (Moodle) system.
• Provide you access to courses/sites within Moodle.
• Provide you the ability to upload, amend and delete certain information within Moodle. 
• Provide you access to the information, resources and activities uploaded to Moodle.
• Control access to different parts of the system. 
• Help support Moodle users.
• Carry out system administration and bug tracking.
• Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded).
• Produce usage statistics for management and planning purposes.

Individual courses within Moodle may collect additional personal information in order to: 

• Provide services to the users.
• Facilitate and support business processes.
• Support users in their use of Moodle.

A non-exhaustive list of examples of this may include: 

• Booking information.
• User feedback.
• Data collection for the purposes of business processes.
• Contact information.
• Application information. 

Where Moodle information comes from

For all users, Moodle records information supplied by the user. This includes information entered into your profile (such as telephone numbers, addresses and University-related information, such as College, Department and Course).

As well as the information that you upload and submit to Moodle, Moodle also contains additional information.

For users who identify themselves to the system with their CRSid (University Accounts, formerly Raven), Moodle uses information supplied by:

• The University directory Service (Lookup).
• The University authentication Service (formerly Raven).
• The University student records Service (CamSIS), via Lookup.
• The University central HR records Service (CHRIS), via Lookup.
• Relevant University departmental systems and services.

For users who identify themselves through the non-Raven login mechanism (Friends users), Moodle uses information supplied by:

• The Moodle user who creates the account.
• Relevant University departmental systems and services.

Additional information may be uploaded onto individual courses by users of the system.

Who has access to Moodle data

A course participant can view other course participants' basic information (such as name and email address) via the course participants page and the user profiles. Each user can edit their profile, including their email visibility settings. Users with elevated permissions may view more detailed information regarding course participants to support their use of the system.

All course administrators and maintainers have access to the personal information of the other course users.

The Moodle systems team at UIS has access to all information stored within Moodle for the purposes set out above.

Access to Moodle logs is restricted to authorised staff at UIS and at our system support vendor, except for course-specific tracking data which is also made accessible to course maintainers where an appropriate course-specific privacy policy is in place.

Relevant subsets of this data may be passed to computer security teams at the University Computing Service (e.g. CamCERT) as part of an investigation into computer misuse.

We work with a range of technology suppliers to help us provide the VLE. If we use services provided from outside the EEA, where European data protection law might not apply, our contracts with suppliers include provisions or other suitable mechanisms to ensure the protection of your personal data. For the purposes of technical support and service provision, Moodle data may be accessed by these 3^rd party service providers.

Where Moodle information is shared

Moodle shares your personal information with other systems within the University, as well as other Moodle instances (such as Archive Moodle).

Certain data may be shared with the Text Matching Service (Turnitin) and Lecture Capture Service (Panopto). For further information, please consult:

• Text Matching Service (Turnitin): Turnitin Data Privacy and Turnitin Services Privacy Policy
• Lecture Capture Service (Panopto): Panopto Video Platform Privacy Policy and Panopto Terms of Service

Some course owners may configure connections to other systems, such as the Leganto Library leading lists service. These connections, when accessing the course, or accessing the link, may pass details such as name, email address and certain Moodle attributes, to the other system.

Where Moodle data is stored

Moodle data is either stored within University of Cambridge data centres, or within third party cloud systems, where ‘cloud systems’ refers to data centres owned and operated by technology suppliers.

We work with a range of technology suppliers to help us provide the VLE. If we use services provided from outside the EEA, where European data protection law might not apply, our contracts with suppliers include provisions or other suitable mechanisms to ensure the protection of your personal data.

Moodle data retention

Information and data uploaded to Moodle, including accounts, courses and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely. Moodle data is either backed up at a facility managed by UIS, or within third party cloud systems, where ‘cloud systems’ refers to data centres owned and operated by technology suppliers. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.

Course owners are responsible for the privacy policies of their own course / course backups.

The Moodle team do not restore data centrally other than in the event of a whole system failure.

For further information about the Moodle Data Retention policy, please consult the Moodle Policies in the About Moodle drop-down menu after logging in to Moodle.

For further information about the Data Request process, please see Making a Subject Access Request (link opens in new tab).

How the Moodle Helpdesk uses your information

If you approach the Moodle Helpdesk (link opens in new tab) for help with a fault, issue, question or support, Moodle support staff will need to look at your data held on the system, including files in your personal areas and the Moodle courses to which you belong. We may need to perform any of the following:

• In the process of providing support, answering your Helpdesk question, reproducing/investigating your issue/problem or when forming a response, the Moodle helpdesk may navigate and interact with Moodle using your account. To do this, we may use a feature know as 'login-as' which allows the helpdesk to take control of your account. The Helpdesk does not add, edit or delete any data within Moodle when doing this, without your prior permission. We will never ask you to send your password to us as part of any support that we provide.
• The Helpdesk, when providing support to your query, may also duplicate your course or data and transfer it into another part of the system or one of our test systems. This is to allow us to carry out investigations, test solutions and provide you with support.
• When providing support, the Helpdesk never gives out your personal information, including usernames and passwords.

Other policies and notices

For a  full list of relevant policies and notices for Moodle, please consult the Moodle Policies in the About Moodle drop-down menu after logging in to Moodle.

Further Information

For more information about how we handle your personal information, and your rights under data protection legislation, please see the University of Cambridge Information Compliance page How we use your personal information (link opens in new tab).

Last review: 30^th September 2025.

If you have any comments or concerns, or need any help or support, please contact the Moodle Helpdesk on moodlehelp@uis.cam.ac.uk.

Full policy

Cookies are small files which sit on your computer and record specific interactions between you and this website, and in some cases, other websites. This information is sometimes shared with the University of Cambridge, and in other cases, third parties. Below is more detail about the cookies we use, what they record and who the information is shared with.

Further information can be found on the University’s cookies webpage (link opens in new tab).

In addition to the cookies listed on the cookies’ webpage, Moodle

• Will set the following cookies:

MoodleSession	This Strictly Necessary cookie provides continuity and maintains your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server).

• May set the following cookie:

MOODLEID_	This cookie records the username you log in as when you visit the site and allows the username field to be automatically filled in the next time you visit. Refusing this cookie means you will have to retype your username each time you log in.

Further cookies are set by the University’s external Moodle provider:

_pk_id.* and _pk_ses*	Used by the University of Cambridge and Catalyst IT Europe (Matomo Analytics service). We use Matomo to understand how users are navigating the Moodle LMS site and to observe patterns of activity during peak usage periods to better provision infrastructure resources. IP addresses are recorded. Cookie duration: 1 year. More information: Catalyst's privacy policy (link opens in new tab).

Last review:  30^th September 2025.

If you have any comments or concerns, or need any help or support, please contact the Moodle Helpdesk on moodlehelp@uis.cam.ac.uk.