List of active policies
|Digital safeguarding in relation to INASP Moodle||Other policy||All users|
Who is responsible for your data
INASP is responsible for the processing of your data when you engage with us directly or through our projects, programmes or other activities, including Moodle and AuthorAID and their associated websites and services. INASP will either process data as a data controller or as a data processor within the meaning of the Data Protection laws. INASP will be a data controller where you have submitted your data directly to us and we exercise control over how it is processed, for example when you register for our courses or activities. INASP will be a data processor when your data has been shared with us by another organisation acting as a data controller under an agreement by which we provide services to that organisation, and which specifies the particular purposes for which we may process your data. Where this is the case, we rely on the party sharing data with us to obtain and comply with all requisite permissions, consents or other legal bases for data sharing. In any event, your data will always be processed in accordance with this policy and the Data Protection laws.
Our registered office is The Old Music Hall, 106-108 Cowley Road, Oxford OX4 1JE, UK. We are registered as a company in England and Wales under company number 04919576 and charity number 1106349. We are registered with the Information Commissioner’s Office with number Z5289330.
What information do we collect about you?
Information may be collected from you in a variety of ways, including when you contact us, subscribe to or register for a service, course or activity, apply to work with us or otherwise engage with us in any way where your personal data is shared with us by you directly or through another data controller. Further data may be collected during your participation in a course or activities or through your other engagement with us in any capacity. This personal information may include, but is not limited to that outlined below:
When it is collected
Your name, email address, telephone number, address and gender.
When you contact us and register or subscribe for an account, course or activity or if this is done on your behalf, including our Moodle and AuthorAID platforms.
Further background information, for example, your academic background, professional background, country, institution.
When you fill in forms/surveys within a course or learning space you are enrolled in.
Communication we have with you.
(emails, forum posts, direct messages, messages in chat rooms, forms/surveys).
When you get in touch with us.
When you respond to our requests for information or feedback.
When you contact other website users on the online forums, through direct messaging, or in chat rooms.
Actions you have performed on a website along with the timestamp and your IP address, together with other information about your participation in a course or activity.
When you view resources, participate in activities, create / update any content, fill in forms/surveys.
When you update your profile or account information.
When you enrol in a course or leave a course.
Grades you have obtained.
When you complete graded activities in a course.
Further information about you including cookies, your location and how you use our webpages, mobile application, information about your interests and preferences.
When you use our digital systems and services.
When you accept our cookies placed on your device.
When you update your account information.
When you fill in forms on our website.
When you respond to our requests for feedback.
When you opt in to receiving messages from us.
Such additional information as may be relevant and necessary for our engagement with you in whatever capacity, such as payment details, personnel records and references.
When you apply to work with us or are employed or engaged by INASP as an employee or in the capacity of a contractor or freelancer or as a volunteer.
Sharing content and use of networks
When you post content (or send messages) on any of our platforms, any personal data that is included in that content may be viewed by other users and so you should always be careful about the information you choose to disclose. We reserve the right to view private messages sent using our platforms in order to protect the safety and welfare of users from abuse and to investigate reported incidents of abuse, bullying or other inappropriate or prohibited behaviour.
The AuthorAID website enables direct sharing of information displayed with your AuthorAID ID and photo, if you uploaded one, with other users and visitors. The AuthorAID website keeps track of content that you have disclosed but does not control that
disclosure and is not liable in any way for anyone's use or misuse of the information in the disclosure, so caution and judgement should always be used.
Cookies and passive data collection
INASP automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the pages you request.
and on users' browsers and hard drives, and may use them to provide tailored services to those users, as they become available.
IP addresses also help us to diagnose problems with our server, to administer the INASP website, and to otherwise provide our various services to users. IP addresses may be disclosed to a third party if we believe in good faith that the law or legal process
requires it, or to protect the rights or property of INASP, its users or the general public.
and online sessions
These essential cookies maintain your login from page to page and provides continuity.
Content management system cookie
This cookie is essential to be able to use members areas in our websites. It is only set when you log into the members area and is deleted when you log out.
This cookie provides anonymous statistical data to show usage trends. If you'd like to opt-out, please follow this link.
Users should be aware that other websites visited before or after visiting ours might place personally identifiable information within a User's URL during a visit to their website, and INASP has no control over such websites. Accordingly, some of this information may be logged by a subsequent website that collects URL information.
Why we collect your data and how we use it
Organisations are permitted to process personal data if they have a legal basis for doing so. We process data on the basis that either:
- Express and informed consent has been given by the person whose data is being processed or, in the case of a child who is too young to provide such consent, by their parent/guardian; and/or
- We have a legitimate interest in processing the data; and/or
- It is necessary in relation to a contract, agreement or ongoing arrangement for the provision of services which someone has entered into with us or because someone has asked for something to be done so they can enter into a contract, agreement or arrangement
with us; and/or
- We have a legal obligation to process the data.
Location and security of data
INASP websites are hosted on a secure server located in the UK. All data is stored on our database which is SSL encrypted. The server is protected by strong password controls and is monitored for unusual activity such as DDoS attacks and potential data breaches. Furthermore, regular software updates are applied to avoid software vulnerabilities, and daily backups are encrypted.
Please note that when using and interacting with networks, blogs and message boards, and personal data you disclose may be viewable by persons outside of the United Kingdom and the European Union and in jurisdictions that may not operate under the high
standards of data protection applicable in the UK and EU.
How long we keep your data
Your data will be kept only for as long as the purpose for which it was collected subsists, including for a reasonable period after the end of your participation in an activity, after which time it will be automatically deleted unless there is another legal basis for retaining the data for longer. On INASP's Moodle site, logs about user activity are automatically deleted after 365 days.
At any point you can request a copy of your personal data and/or to delete all your personal data, subject to any overriding legal basis for us retaining it. Such requests must be in writing and we will comply with your request within 30 days, once we have verified your identity. We may also keep a minimal amount of data on a suppression list so we know to avoid contacting you after you have asked us not to. See the section 'Your Rights' below.
How we protect your data
We have put in place appropriate technical and organisational measures to protect the data we process against unauthorised or unlawful processing and the accidental loss or destruction of or damage to data to ensure a level of security appropriate to:
- the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
- the nature of the data to be protected;
and we take reasonable steps to ensure compliance with these measures.
We may communicate with you by email. Email is not a fully secure means of communication, and we cannot guarantee our emails are free from viruses and other harmful effects, although we do our best to make them as secure as possible. The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping confidential any password you use to login to our website.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
Sharing your data
Except as stated in this policy, we will not sell, distribute or lease your personal information to third parties unless we have your permission or disclosure is required by law. In some instances, however, INASP may use trusted third parties to process
your information in order to keep your data secure and to allow us to provide services to you such as; secure data storage and back-up, messaging platforms to inform you about activities and programmes for which you are registered or which we believe
may be of interest to you or for administrative purposes such as the scheduling of events. These might include Google Groups, WhatsApp, Survey Monkey or similar services, and in all such cases such third parties are expected to comply with this policy
and the Data Protection laws and are explicitly prohibited from using your data for any other purpose. You should be aware that such external service providers will operate under their own privacy policies to which you should refer to understand why and
how your data is being processed and your rights. If you do not wish for your data to be used or shared in this way you can decline to use these services, but we may not be able to provide services to you to the full extent that would otherwise be the
Where we are acting in the capacity of a data processor (having received your data from another data controller in order for us to provide a service to it), we may share your data with that other data controller, such as information relating to your participation
in a course or activity.
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data subject to any overriding legal requirement for its retention. On INASP’s Moodle site, you can export and/or delete your personal data by initiating a request from the 'Privacy and policies' section of your user profile. We may keep certain limited data on a ‘suppression list’ so we know, if requested, not to contact you or process your data in future until further notice.
If you have any questions or concerns, or to exercise any of your rights, you can send an email to our data privacy officer at email@example.com or you can write to us at Data Protection, INASP, The Old Music Hall, 106-108 Cowley Road, Oxford OX4 1JE, UK. Certain requests about your data must be submitted in writing and we reserve the right to verify your identity before disclosing information to you.We will respond to Subject Access Requests within 30 days once we have verified your identity. There is no charge for most requests, but if your request is particularly onerous or repetitive, we may ask you to pay a reasonable administration fee.
You can obtain further information about Data Protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/your-data-matters/
This policy describes the following:
Online learners code of conduct
INASP Moodle data privacy and security
Online Learners Code of Conduct
Interacting with others
In many of INASP’s online courses, learners can interact with one another and with course facilitators. Many of our learners have found such interaction to be one of the most meaningful aspects of the course experience. To keep our learning environment safe and friendly for all, we ask you to follow the below rules if the course you are taking on INASP Moodle offers any opportunities for you to interact with others or share your views.
- You must not make any remarks that convey prejudice, discrimination, or bias against anyone based on their colour, religion, country of origin, country of residence, age, disability, native language, sexual orientation, gender identity or expression, personal appearance, political affiliation, marital status, education, field of study/research, family responsibilities, economic circumstances, or migration status.
- You must not make any remarks that might have the effect of flirting, bullying, or harassment of any kind.
- You must not advertise anything without providing context. This includes posting calls for papers from journals and conferences unless it is clearly related to an ongoing discussion in the course.
- You must not provide links to websites that may have illegal content, such as pirated software and unauthorised copies of articles or books. Uploading any such content directly on the forums is also forbidden.
- You must not discuss things unrelated to the topic of the course unless you use a specific forum that is meant for social/informal/off-topic discussion.
- You must not ask anyone to post their personal contact details (such as email or phone number) on a generic discussion forum. Check if there is a specific forum or database available for sharing contact details.
Violating any of these terms will result in a warning or even expulsion from the course or the INASP Moodle platform, depending on the severity of the incident.
If you are in doubt, check with your course moderator by posting a query on the technical support / technical queries forum in your course.
You may have opportunities in your course to share photos from your work, such as the ‘Capture Your Research’ competition in AuthorAID MOOCs.
- Any photo you upload must be in line with the guidelines for the activity.
- Check the activity guidelines to find out whether by sharing a photo you automatically allow INASP to post it on a public website (with, of course, an attribution to you).
- If the photo has been taken by someone else (for example, a colleague capturing a moment from your research), that person should have given you permission to use the photo as you please. Alternatively, if you wish to share a photo that is copyrighted by someone else, this photo should be under a CC-BY license, and you should attribute the author or source. In general, copyright issues related to photos you share are entirely your responsibility.
- It is your responsibility to make sure that the people who appear in your photo are not averse to having this photo shared in the public domain.
- Take extra care when sharing pictures that show vulnerable people or children. It is your responsibility to follow best practices in your discipline or field of study.
- If you receive any kind of ‘takedown request’ or any expression of concern from someone shown in a photo that you have shared with INASP and which INASP has already posted on a public website, you should forward this notice to INASP in a timely way. (You may send a message using the ‘Contact the privacy officer’ link in your user profile on INASP Moodle).
Submitting original work
If the course you are taking on INASP Moodle provides opportunities to submit your own work for assessment, this work must be original. That is, it must be your own work. If you are submitting work that is part of a team endeavour of which you are part, you should obtain permission from your team members to submit this work on INASP Moodle.
Further guidelines on originality, such as avoiding plagiarism and citing previous works, may be provided along with specific assignments or activities.
INASP Moodle Data Privacy and Security
Exercising control over your data and voicing concerns
- Whatever is on your user profile on INASP Moodle and whatever posts you make on any discussion forums can be seen only by others enrolled in the same course as yours. They will not be publicly visible on the internet and cannot be accessed by search engines.
- You can edit your user profile at any point.
- When you make a post on a discussion forum, you have up to 30 minutes to edit it or delete it. After that time period, you can no longer edit or delete your post by yourself. However, if you have a compelling reason to edit or delete your post later on, you may send a message using the ‘Contact the privacy officer’ link in your user profile.
- When you submit your original work in an assignment or activity, your work can be seen only by the course moderators and designated people such as writing facilitators or peer assessors, who are obliged to treat your work with confidentiality.
- You can at any point ask to receive a copy of your data on INASP Moodle or even ask for all your data to be deleted. You can also contact the privacy officer with general requests related to data protection. Access your user profile to initiate these requests – you will see a section called ‘Privacy and policies’ in your profile.
How INASP secures user data
At the core of our technology-enhanced learning (TEL) work is the INASP Moodle website, on which our online courses are developed and delivered. INASP Moodle is built with the MoodleTM LMS, an open-source application. INASP Moodle is hosted on a secure web server. INASP and our IT vendor have full control over this web server. All the data on this server, including user-generated data, is held securely.
Only INASP staff and associates involved in our TEL practice can download user data at the site level from INASP Moodle. All of them adhere to organisational guidelines on keeping data secure and confidential. When we have external organisations sponsoring an online course, staff from these organisations may have access to the user data pertaining to the cohort they have sponsored.
User-generated data on third-party applications
INASP may occasionally make use of third-party applications as part of the delivery of online courses. Examples of applications we have used are Padlet, Zoom, and FlipGrid.
- INASP will adhere to recommended practices for privacy and security when using these applications. As these applications have their own terms and conditions of use, INASP cannot assume complete responsibility for the privacy and security of user-generated data on third-party applications.
- If you need support to edit or remove any of your data on a third-party application used in conjunction with an INASP online course, please contact the moderator of that course, or send a message using the ‘Contact the privacy officer’ link in your user profile.
How INASP shares data from online courses
INASP staff and associates involved in our TEL practice analyse data from our online courses to understand what worked well and to identify areas of improvement. Much of this analysis is internal to the organisation, and parts of it may be shared publicly.
- Aggregate data without identifying information and anonymised posts or feedback from course participants may be shared on publicly available articles and via posts on social media.
- Photos, quotations, or feedback from participants that include identifying information are shared only after INASP obtains consent from the respective course participants.
INASP Safeguarding and Digital Safeguarding Policy
To learn more about digital safeguarding at the INASP organisational level, please see INASP Safeguarding & Digital Safeguarding Policy, available on the INASP website.