List of active policies

Name Type User consent
Cookies Other policy All users
Terms and conditions Site policy Authenticated users
Privacy notice Privacy policy Authenticated users
Copyright statement Other policy Authenticated users

Summary

Cookies are small files which sit on your computer and record specific interactions between you and this website, and in some cases, other websites. This information is sometimes shared with the University of Cambridge, and in other cases, third parties. Below is more detail about the cookies we use, what they record and who the information is shared with. You are of course free to disable cookies.

Further information can be found on the University’s cookies webpage.

Full policy


In addition to the cookies listed on the cookies webpage, the CJBS Digital Learning Platform (learn.jbs) will set the following cookies:

MDL_SSP_SessID: When Google authentication is used to login to the platform, this cookie is stored additionally to the session ID in the cookie above to store the specific login key that was provided by Google after authenticating.

Cookie Name Purpose Expiration
MoodleSession This cookie provides continuity and maintains your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server).
MoodleID This cookie records the username you log in as when you visit the site, and allows the username field to be automatically filled in the next time you visit. It is safe to refuse this cookie - you will just have to retype your username every time you log in.
MDL_SSP_AuthToken Used to remember you when you log in with an organisational account When you log out or close the browser this cookie is destroyed (in your browser and on the server).
MDL_SSP_SessID Used to remember you when you log in with an organisational account When you log out or close the browser this cookie is destroyed (in your browser and on the server).



Summary

Our VLE (‘Virtual Learning Environment’) system offers file sharing, communication tools and pedagogical resources to users. Cambridge Judge Business School provides these services subject to the University of Cambridge Terms and Conditions statement.

Full policy

These guidelines should be used in conjunction with the following University staff policies which can be found on the University website: 

Rules made by the Information Services Committee

Use and misuse of computing facilities

In the event of any conflict between these pages and any University Policy, the terms in the University policy will apply.



Summary

  • Introduction
  • Legal basis for the use of personal data on the VLE
  • Data held by the VLE system
  • How the VLE system uses your personal information
  • Where VLE information comes from
  • Who has access to VLE data?
  • Information and outside parties
  • VLE data retention
  • How the VLE support teams use your information
  • How can I access my personal information?
  • Changes to our privacy policy
  • Further Information

Full policy

Introduction

This policy relates to personal data as defined by the General Data Protection Regulation (GDPR)2018, held in connection with the operation of learn.jbs (the Cambridge Judge Business School’s VLE).  For the purpose of GDPR, the 'Data Controller' is Cambridge Judge Business School, and the point of contact for subject access is the Cambridge Judge Business School Data Protection Officer (Trumpington Street, Cambridge CB2 1AG, tel. +44 (0)1223 339700, email: data.protection@jbs.cam.ac.uk). 

The policy explains what information is held about individual people by the VLE, how it is gathered and how it is used. Details of the data held or logged are given in the appropriate section below. This information is used to help support VLE users, for system administration and bug tracking, and for producing usage statistics for management and planning purposes. 

Legal basis for the use of personal data on the VLE

By using the VLE, students agree that they understand how their personal data will be used by the system. Our Legal basis for using your personal information is in order to deliver our contractual obligations to you as a user of our service. 

We use your personal information with your consent, as given by you when you applied to join one of our courses and were provided with access to the VLE. You always have the right to withdraw your consent. Should you wish to withdraw your consent you can do so via https://www.jbs.cam.ac.uk/forms/consent/withdrawal-of-consent/

Data held by the VLE system

User-dependent system information

For users who identify themselves to the system with their CRSid, the VLE uses information supplied by the University lookup service. For users who identify themselves through the non-Raven login mechanism, the user's name and email address are retained. Information about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other VLE-based activities may be retained indefinitely. 

Course-specific tracking information

VLE logs contain detailed information about user activity within each course, including the date and time of when course-specific information was viewed and/or updated, the address of the machine from which the access was made, the browser identification information and information about the referring web page.    Access to VLE logs is restricted to authorised staff at CJBS, with the exception of course-specific tracking data which is also made accessible to course maintainers where an appropriate course-specific privacy policy is in place. These logs are currently held for 12 months, after the end of the academic year the logs will be deleted. CJBS does not guarantee to retain the information. Logs are used to create summary statistics which may be made publicly available.  Summary statistics do not include personal data.

How the VLE system uses your personal information

Moodle records and uses your personal information to:

  • Provide you an account on, and identify you within, the VLE (Moodle) system
  • Provide you access to courses/sites within Moodle
  • Provide you the ability to upload, amend and delete certain information within Moodle  
  • Provide you access to the information, resources and activities uploaded to Moodle
  • Control access to different parts of the system. 
  • Help support Moodle users
  • For system administration and bug tracking
  • Report on course, resource and activity access, activity completion, course completion and course data (such as grades, scores, submissions and content uploaded)
  • For producing usage statistics for management and planning purposes

Individual courses within Moodle may collect additional personal information in order to:  

  • Provide services to the users
  • Facilitate and support business processes
  • Support users in their use of Moodle

A non-exhausted list of examples of this may include: 

  • Booking information
  • User feedback
  • Data collection for the purposes of business processes
  • Contact information
  • Application information 

Where VLE information comes from

For all users, Moodle records information supplied by the user. This includes information entered into your profile (such as telephone numbers, addresses and University related information, such as College, Department and Course).

As well as the information that you upload and submit to Moodle, Moodle also contains additional information.

For users who identify themselves to the system with their CRSid (Raven users), Moodle uses information supplied by:

  • The University directory (Lookup) Service.
  • The University authentication (Raven) Service.
  • The University student records (CamSIS) Service.
  • The University central HR records (CHRIS) Service.
  • Relevant University departmental systems and services.

For users who identify themselves through the non-Raven login mechanism (Friends users), Moodle uses information supplied by:

  • The Moodle user who creates the account.
  • Relevant University departmental systems and services.

Additional information maybe uploaded onto individual courses by users of the system.

Who has access to VLE data?

The Digital Learning Team at CJBS has access to all information stored within Moodle for the purposes set out above.

All Course / Programme Administrators and maintainers have access to the personal information of the other users or Students of that course.

Access to Moodle logs is restricted to authorised staff at CJBS, with the exception of course-specific tracking data which is also made accessible to Course / Programme Administrators where an appropriate course-specific privacy policy is in place.

Relevant subsets of this data may be passed to computer security teams at the University Computing Service (e.g. CamCERT) as part of an investigation into computer misuse.

Information and outside parties

CJBS does not sell, trade, or otherwise transfer to outside parties any user’s personally identifiable information. This does not include trusted third parties who assist us in operating our systems, conducting our business, or servicing staff and students, so long as those parties agree to keep this information confidential. We may also release information when we believe release is appropriate to comply with the law, enforce our policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

VLE data retention

Information and data uploaded to the VLE, including accounts, courses and about contributions to courses, including contributions to chat rooms and discussion forums, ownership of resources and evidence of participation in other Moodle-based activities may be retained indefinitely.

VLE data is hosted and backed up in the cloud at a facility managed by Microsoft on behalf of CJBS. The backups are held for the purpose of reinstatement of the service, e.g. in the event of failure of a system component.  Daily backups are retained for 35 days, and weekly backups for 65 days. 

How the VLE support teams use your information

If you approach the Digital Learning Team for help with a fault, issue or question you implicitly grant permission to support staff to investigate that fault and to look at your data held on the VLE system, including files in your personal areas and the Moodle courses to which you belong. We may need to perform any of the following:

  • In the process of providing support, answering your helpdesk question, reproducing/investigating your issue/problem or when forming a response, the support teams may navigate and interact with Moodle using your account. To do this we may use a feature know as 'login-as' which allows us to temporarily take control of your account. We will not add, edit or delete any data within Moodle when doing this without your prior permission. We will never ask you to send your password to us as part of any support that we provide.
  • The Digital Learning Team, when providing support to your query, may also duplicate your course or data and transfer it into another part of the system or one of our test systems. This is to allow us to carry out investigations, test solutions and provide you with support.
  • When providing support, the Digital Learning Team never gives out your personal information, including usernames and passwords.

How can I access my personal information?

You have the right to access the personal information that is held about you by CJBS. Further details are published at  https://www.information-compliance.admin.cam.ac.uk/data-protection/subject-access-requestex.

You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information, or otherwise restrict our processing, or to object to processing (including the receipt of direct marketing) or to receive an electronic copy of the personal information you provided to us. 

Changes to our privacy policy

If we decide to change our privacy policy, we will post those changes on this document.  

Further Information

For more information about how we handle your personal information, and your rights under data protection legislation, please see https://www.jbs.cam.ac.uk/about-this-site/privacy-policy/ 



Summary

Using Moodle (the software on which our Digital Learning Platform - ‘CJBS Learn’ is built) to make materials available to students can raise copyright issues. A wide range of materials may be copied, uploaded and made available for instructional purposes but only in a manner consistent with copyright law, which gives legal protection to nearly all text, images, music and other material, whether purchased or found in a library or on the Internet or in other media.



Full policy

An overview of the general principles of copyright and further guidance on copyright matters commonly encountered at the University is provided by the Legal Services Office at the University copyright guidance webpages.