List of active policies

Name Type User consent
Moodle Learn Terms and Conditions Site policy All users
Moodle Learn Data Privacy Policy Site policy All users


Moodle Learn Terms and Conditions

Full policy

Moodle Learn Terms and Conditions 

Terms and Conditions 

Moodle is the University's Virtual Learning Environment (VLE). Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalised learning environments. Moodle provides us with a flexible tool-set to support both blended learning and online courses. Moodle delivers a powerful set of learner-centric tools and collaborative learning environments that empower both teaching and learning. The pedagogic design of Moodle includes a constructivist and social constructionist approach to education, emphasising that learners (and not just tutors) can contribute to the educational experience. Using these pedagogical principles, Moodle provides a flexible environment for learning communities. Because it is open-source, Moodle can be customised in any way and tailored to our institutional needs. Moodle is web-based and so can be accessed from anywhere in the world. With a default mobile-compatible interface and cross-browser compatibility, content on the Moodle platform is easily accessible and consistent across different web browsers and devices. York St John University (YSJU) provides these services subject to the Acceptable Use of IT Services. Further information and guidance for use can be found below. 

Purpose of the Site Policy 

The purpose of the Moodle VLE Site Policy is to specify user responsibilities and to promote the appropriate use of the York St John University (YSJU) VLE for the protection of all members of the University community. The Site Policy applies both within and out with University premises. 

Primary Use of Moodle 

Moodle is the only recognised VLE of the YSJU. It is provided by Innovation & Technology Services (ITS), managed and supported by Technology Enhanced Learning (TEL) and is endorsed by relevant committees and structures to support the delivery of teaching and learning across the University. 

Other Uses of Moodle 

Although the primary use of Moodle is to support the delivery of teaching and learning, the online tools and facilities in the system allow it to be used to support other activities, such as staff and volunteer training, research projects, administrative processes, committee business, and general secure file-sharing. However these are very much secondary uses of Moodle, not endorsed by the TEL or by ITS, and there may be other more suitable systems available.

Devolved Responsibility for Moodle

 Although hosted and maintained centrally, Moodle uses a devolved ownership model: Schools, Departments, and other offices are responsible for the management and administration of their own areas in Moodle and how those areas are used. It is the responsibility of local managers to ensure that Moodle is both appropriate and suitable for the purpose for which it is being used, and that its use complies with the University’s policies and guidelines. These policies include, but are not limited to, data protection, GDPR compliance, copyright, security, personal data considerations, access restrictions, and intellectual property rights. 


 • All users must register to use the University VLE

 • All registered users must agree to the Moodle VLE Site Policy and any other applicable University policies, including the Acceptable Use of IT Services Policy and the JANET Acceptable Use Policy. All University ITS policies are available at: The JANET Acceptable Use Policy can be found here: 

These Policies cover the whole period that the user is a member of the VLE community at YSJU. 

Your Responsibilities 

Users of the YSJU VLE must agree to: 

1. Not use the VLE for anything else other than for the purposes of teaching, learning and research. However, incidental personal use, for example via the Moodle social forums, is acceptable. 

2. Not use the VLE for personal commercial use, for example marketing. 

3. Not use the VLE for uploading, storing, viewing or transmitting any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive. 

4. Not upload private, confidential, or sensitive material unless this is authorised 

5. Not misrepresent the University or bring it into disrepute in any way through the use of the VLE. 

6. Be responsible for moderating discussion forums which they may have created. 

7. Always act in a professional manner. Be polite and courteous to others when using the VLE. The VLE is not to be used to libel, slander, or harass any other persons. 

8. Not plagiarise in submitted postings or assignments. 

9. Not breach the copyright of the University or any third party by copying from the VLE without authorisation. Copyright of the course materials and content of the VLE are owned or controlled by the University unless otherwise stated. Any copies of third-party materials will be clearly labelled with warnings about any copyright restrictions. 

10. Ensure that any copyright material reproduced and loaded onto Moodle conforms with the Copyright, Designs and Patents Act 1988 (as amended) ( or with any licence agreement held by the University, or has been made with the express permission of the rights holder. All reproductions must be fully acknowledged. Please click here for YSJU Library’s Policies on Copyright: Material not conforming to these requirements will be removed from Moodle. 

Your Responsibilities for VLE Security 

Users of the VLE must agree to the following: 

1. You must take all reasonable precautions to safeguard your username and password 

2. You must keep physical access to the VLE secure. For example, do not login to the VLE and then leave your computer unattended. 

3. You must not attempt to gain unauthorised access to any part of the VLE. 

4. You must not post material which contains viruses or other programs which may disrupt the University's systems. 

5. Understand that YSJU will not take responsibility for any loss of information, which has been posted on the VLE, once users cease to be formally associated with the University. 

Use of the VLE by Children and Young People

Unless otherwise stated this platform, and the courses contained within, are designed for an adult audience, and not for children and young people.

The use of the VLE by a child or young person is subject to the consent of their parent or carer. We advise parents or carers who permit their children to use the VLE that it is important that they communicate with their children about their safety online. Children and young people who are using the VLE should be made aware of the potential risks to them and of their obligation to comply with these Terms of Use when using Moodle.

We will do our best to assess any possible risks to children and young people from third parties when they use the VLE, and we will decide in each case whether it is appropriate to use moderation of the relevant service (including what kind of moderation to use) in the light of those risks.

Please view our Safeguarding charter and policy for more information: 


Certain activities will be regarded very seriously by the University and are subject to severe penalties for users, including suspension of use of the VLE. For staff such activities will be treated as gross misconduct under the Code of Conduct Policy ( and for students will be regarded as misconduct in the Student Discipline Policies (

These activities include deliberate interruption to the use of the VLE; gaining or attempting to gain unauthorised access to any part of the VLE or information stored therein; unauthorised disclosure of personal data; wilful or reckless infringement of any intellectual property rights of the University or third parties; and the viewing, transmitting or storing any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive. 

Support for VLE Users 

Support for VLE users is provided by local managers and centrally by ITS and TEL. Although the TEL team supports all Moodle users through the provision of training, online guides, and via the ITS Helpdesk, support for the delivery of teaching and learning will be prioritised. 

Changes to the VLE

The TEL team regularly make changes to the VLE to improve its security, stability, and usability. Requests for changes and improvements are accepted from across the University, and priority is given to those that improve its effectiveness as a tool to support the delivery of teaching and learning. Requests for changes that improve other uses of the system may also be considered, providing they do not affect this primary use. In addition, necessary changes may (rarely) be made that negatively impact one or more secondary uses, although such changes will be avoided if possible. 


The purpose and aims of Moodle and the policies governing its use are under constant review to ensure the system meets, and continues to meet, the University’s requirements for teaching and learning, as defined by the Learning and Teaching Strategy and the Digital Strategy. 

This document was last updated in June 2020.


Moodle Learn Data Privacy Policy

Full policy

Moodle Learn Data Privacy Policy

General Information Collected on our Websites

When you visit any of the websites within the York St John University domain we hold certain information about you for service and security reasons. For more information on this, please see

The University VLE (Moodle) also uses your data as set out below.


In order to use the VLE you must have 'cookies enabled' on your web browser. When you register with the VLE, you agree to allow certain information about you to be collected.

We collect your information by cookies. Cookies are small file structures used by the University VLE to 'request' information from the computer which you are using. This information is then returned to the VLE and stored. The types of information we collect may include usage statistics, for example when users last logged into the system, when they accessed certain activities, or when they uploaded content.

We use this information to help improve the VLE services by ensuring that the material and content of the courses match with the users' requirement and also to make sure users are not having problems with access. The usage statistics are visible to the VLE administrators and may be visible to course tutors and, where applicable, authorised users from your employer's organisation.

Legal Basis for the use of Personal Data in Moodle 

If you create an account and use this to access Moodle, our legal basis for using your personal information is in order to deliver our contractual obligations to you as a user of our service. 

Learners / External Users

If you access Moodle as a Guest or External user (i.e. login to Moodle using a personal email address), we use your personal information with your consent for administrative and educational purposes. By extension, on registration on the VLE, you are giving your permission to the University to process your personal data via the VLE. This is for the purposes of teaching, learning and research.

The VLE is hosted in the UK at York St John University. However, some aspects will be hosted by third parties under University contract. YSJU and contracted third parties will deal with your personal data in accordance with the principles set out in the General Data Protection Regulation (GDPR) as per YSJU Data Protection policies:

You always have the right to withdraw your consent and have your account permanently deleted. Should you wish to withdraw your consent you should email Technology Enhanced Learning at


How the University collects and uses your personal data to manage your employment relationship is set out in the University Privacy Notice, available at The VLE holds your name and University email address. Personal information which you may enter into your VLE profile, including your photograph, is provided by yourself.

Data Held by Moodle

Data held by Moodle includes your name, email address, username and your course/module enrolment information. 

Moodle logs contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated, the address of the machine from which the access was made, the browser identification information and information about the referring web page. Logs are used to create summary statistics which may be made publicly available. Summary statistics do not include personal data.

Information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources, assignment/file submissions, text matching scores and evidence of participation in other Moodle-based activities is held within the Moodle platform. 

Information and data related to users, including grades, feedback comments, scores, completion data, access rights and group membership is also recorded. 

Additional personal data may be held within individual courses, either within documents/resources uploaded to the course, or within activities within the course. Other than contributions to chat rooms and discussion forums which are submitted by individuals in a personal capacity, course maintainers are responsible for the information held about you that may be uploaded onto such courses.

How Moodle uses Your Personal Information

Moodle records and uses your personal information to:

·         Provide you an account on, and identify you within, the VLE (Moodle)

·         Provide you access to courses/modules within Moodle

·         Provide you the ability to upload, amend and delete certain information within Moodle 

·         Provide you access to the information, resources and activities uploaded to Moodle

·         Control access to different parts of the VLE

·         Help support Moodle users

·         For system administration and bug tracking

·         Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded)

·         For producing usage statistics for management and planning purposes

Individual courses within Moodle may collect additional personal information in order to: 

·         Provide services to users

·         Facilitate and support business processes

·         Support users in their use of Moodle

A non-exhausted list of examples of this may include: 

·         Booking information

·         User feedback

·         Data collection for the purposes of business processes

·         Contact information

·         Application information 

Where Moodle Information Comes From

For all users, Moodle records information supplied by the user. This includes information entered into your profile (such as telephone numbers, addresses and University related information, such as School, Department or Course).

For users who identify themselves through a local login mechanism (Guest users), Moodle uses information supplied by:

·         The Moodle user who creates the account.

·         Relevant University departmental systems and services.

Additional information maybe uploaded onto individual courses by users of the system.

Who has Access to Moodle Data

The Moodle Systems Administration function in Innovation & Technology Services (ITS) has access to all information stored within Moodle for the purposes set out above.

All course Administrators, Tutors and Managers have access to the personal information of the other users of that course.

Access to Moodle logs is restricted to authorised staff in ITS, with the exception of course-specific tracking data which is also accessible to course maintainers (Tutors/Managers).

Relevant subsets of this data may be passed to teams in ITS, Registry, or Academic Schools as part of any investigation into computer misuse, academic integrity, or other academic misconduct.

How the ITS Helpdesk Uses Your Information

If you approach the ITS Helpdesk for help with a fault, issue, question or support, Moodle support staff will need to look at your data held on the system, including files in your personal areas and the Moodle courses to which you belong. We may need to perform any of the following:

·         In the process of providing support, answering your helpdesk question, reproducing/investigating your issue/problem or when forming a response, ITS may navigate and interact with Moodle using your account. To do this we may use a feature know as 'login-as' which allows ITS to take control of your account. ITS does not add, edit or delete any data within Moodle when doing this, without your prior permission. We will never ask you to send your password to us as part of any support that we provide.

·         ITS, when providing support to your query, may also duplicate your course or data and transfer it into another part of the system or one of our test systems. This is to allow us to carry out investigations, test solutions and provide you with support.

·         When providing support, ITS never gives out your personal information, including usernames and passwords.

Moodle Data Retention

Information and data uploaded to Moodle, including accounts, courses and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely.

Moodle data is backed up at a facility managed by ITS. The backups are held for the purpose of reinstatement of the data, e.g. in the event of failure of a system component.

Please see the Data Retention Schedule below.

Other Policies and Notices

A full list of relevant policies and notices for Moodle can be found here: [Accessibility, Terms & Conditions].


Please note that the University reserves the right to remove, vary or amend any of the content which appears on the VLE at any time and without prior notice.

Please also note that the VLE may contain links to other websites outside the University's control and that the University is not responsible for the content or accessibility of these sites.

Further Information

For more information about how we handle your personal information, and your rights under data protection legislation, please see

This document was last updated in June 2020.


VLE Data Retention Schedule

Record Category

Examples of Record Category


Retention Period

Disposal Action



Added / Amended



Level of Restriction



Guest / External enrolment

User Account


Retain for 6 months after last login

Delete user account

Guest Moodle account was removed 6 months after last recorded login

Operational need



Moodle onsite



Assessed and non-assessed work

Forum contributions, quiz attempts, feedback submissions

Schools / SAU / Business Development & Knowledge Exchange

Retain until local account is deleted

Destroy at end of retention period


Operational need



Moodle onsite

Internal: Staff & Learner only


Course teaching and learning materials

Course handouts, reading lists

Schools / SAU / Business Development & Knowledge Exchange

Retain until all learners are unenrolled

Destroy at end of retention period

All learners have been removed from the course, and course is older than 12months, therefore course and all remaining content is deleted

Operational need



Moodle onsite

Internal: Staff & Learner only