UN Secretariat
Privacy Policy
Moodle Privacy Policy
General personal information collected on UNSSC’s Learning Management System
The United Nations System Staff College (UNSSC) uses a custom version of Moodle Workplace as its Learning Management System (LMS). UNSSC LMS collects, holds and processes personal data in line with the UNSSC’s Data Protection and Privacy Policy.UNSSC’s LMS also uses your personal data as set out below.
Legal basis for the use of personal data on UNSSC’s LMS
The legal basis for the processing of your data is your consent, unless another legal basis applies as described in the UNSSC’s Data Protection and Privacy Policy. UNSSC uses personal data to create your user profile in the LMS platform. In order to provide access to this service, we need to collect and store personal information about you, such as your first name, last name and a valid email address. These are the minimum requirements needed for you to use the platform for UNSSC to deliver the service. For instance, any badges and certificates you earn will display your name exactly as you entered it on UNSSC’s LMS.
Data held by UNSSC’s LMS
Personal Data held by UNSSC’s LMS includes your name, and email address, as well as your ID number (identification number used by UNSSC’s LMS to track your activity in its database) and username. It may contain other user contributed information.
User logs contain detailed information about your activity within each course, including the date and time of when course-specific information was viewed and/or updated, the IP address of the machine from which the access was made, the browser identification information and information about the referring web page. Logs are used to create summary statistics which may be made internally available. Summary statistics do not include personal data.
UNSSC’s LMS, and related database, contains information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other activities.
Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded.
How UNSSC collects personal data
Here below you can find some examples of the ways you interact with the UNSSC LMS, as well as the data collected throughout the process.
The UNSSC LMS collects personal data from you when you, for instance:
- create an individual or corporate user account;
- access the platform and enrol in a course and/or programme;
- participate in surveys or evaluations;
- submit content or posts on our forums or other interactive webpages;
- download badges and/or certificates.
How UNSSC uses your personal
information
The UNSSC records and uses your personal information to:
- Provide you with an account to access, and be identifiable within, UNSSC’s LMS;
- Provide you access to resources/sites within UNSSC’s LMS;
- Provide you with the ability to upload, amend and delete certain information within the LMS;
- Provide you with access to the information, resources and activities uploaded to the LMS;
- Control access to different parts of the system;
- Help support users in the platform;
- Perform proper system administration and bug tracking;
- Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded);
- Produce usage statistics for management and planning purposes;
Individual pages and/or activities within Moodle may collect additional personal information in order to improve the services offered to UNSSC platform users, as well as support them in their use of the platform.
Where your profile information comes from
For all users, UNSSC’s LMS records information supplied by the user in their profile page. This includes information entered by you (such as, city/town, picture, interests, telephone numbers, etc.) as well as your name, surname and email address that is entered by you upon registration to the course or programme. As a user, you are automatically assigned to a so-called “tenant”, depending on the learning activity you attend. Tenants are dedicated entities within the platform that allow UNSSC to better administer the learning activities currently present on the UNSSC platform. As separated entities within UNSSC’s learning infrastructure, they have their look and feel, structure, users, etc.
Who has access to the learning data
The UNSSC team has access to all information stored within the LMS for the purposes set out above.
All tenant and course administrators have access to the personal information of users in a course, including user logs.
Additional course-specific tracking data can be accessed by course teachers.
Relevant subsets of this data may be passed to the ICT team at the UNSSC as part of an investigation into computer misuse.
Data retention
Information and data uploaded to UNSSC’s LMS, including accounts, papers and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other activities are retained for as long as it is necessary and proportionate for the purpose for which it has been supplied for.
Moodle Workplace data is backed up at a facility managed by UNSSC’s ICT team. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.
Third-party
Service Integrated with UNSSC’s platform
UNSSC team may engage third-party service providers in the rendering of services connected with the implementation of its LMS and considered to be necessary for your learning experience.
For such services, personal data are shared with third party consistently with UNSSC’s data protection and privacy policy.
How tenant and course administrators use your information
An email address is required for the service to work correctly. UNSSC may send you follow-up emails after the course to ask for your evaluation and inform you of future training options, new course dates or other resources. You will always be able to opt out using the 'unsubscribe' link in the email.
Service desk available to users to help with access, question or support, needs access to your data held in the system, which may include your personal profile, related files and courses. We may need to perform any of the following:
- In the process of providing support, answering your service desk question, reproducing/investigating your issue/problem or when forming a response, tenant and course administrators may navigate and interact with the LMS using your account. To do this we may use a feature known as 'login-as' which allows the tenant and course administrators to impersonate your LMS login. No data will be added, edited or deleted. Should this be required, tenant and course administrators will immediately ask for your prior permission. This will never require you to send your password as part of any support to be provided.
- When providing support to your query, tenant and course administrators may also need to duplicate your course or data and transfer it into another part of the system or another test environment This is to allow us to carry out investigations, test solutions and provide you with support.
- If the tenant and course administrators are not able to provide a solution to your query, they may ask your permission to have your query solved by a third party. That will require making your profile information available to the third party. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. No data will be added, edited or deleted. Should this be required, tenant and course administrators will immediately ask for your prior permission. This will never require you to send your password as part of any support to be provided. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data.
How long is my data stored?
Your personal data is stored only for as long as it is needed. Certain information, such as your track record, needs to be retained for audit purposes and business sector requirements. We will process (collect, store and use) the information you provide in a manner compatible with UNSSC’s data protection and privacy policy. We will store and process personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied for.
Personal data processed on behalf of another UN Entity
The UNSSC may process your personal data on behalf of another UN Entity to provide LMS services to such Entity. In this case, the handling of your data will be determined by the UN Entity to which the UNSSC supplies its services. The UNSSC requires that the UN Entity that determines the processing of your data ensure an appropriate protection of personal data in accordance with their respective rules, policies and regulations in line with the Personal Data Protection and Privacy Principles adopted by the UN High-Level Committee on Management in 2018.