Privacy Policy

Who we are. This Moodle site (“Whitetree Learning (sandbox)”) is operated by Whitetree Group Limited (11365046) and Whitetree Resourcing Limited (11727311), One New Street, Wells, Somerset, BA5 2LA (“Whitetree”, “we”, “us”).
What we collect. Account and profile data (name, email, role), course participation (enrolments, activity completion, forum posts, messages), assessment data (submissions, grades, feedback), technical/log data (IP, device/browser, timestamps), and support requests.
Why we use it (lawful bases). To deliver courses and support you (contract/legitimate interests), keep the service secure and reliable (legitimate interests), meet legal obligations, and, if enabled, provide optional integrations (e.g., video meetings, plagiarism checking, interactive content).
Cookies. Essential cookies are required for login and security; optional analytics cookies only run if enabled, see our Cookies Policy.
Sharing. We use trusted processors for hosting, email, and integrated learning tools (e.g., Zoom/Teams, Turnitin, H5P.com). We do not sell personal data.
Retention. Course/assessment data and logs are retained per our Data Registry and organisational policy, then deleted or anonymised.
Your rights. You can request access, rectification, erasure, restriction, portability, or object to certain processing.
Children. Where applicable we follow the UK digital age of consent (13) and may seek guardian consent for under-13s.
Contact. 📧info@whitetree.co.uk • 📮 One New Street, Wells, Somerset, BA5 2LA. You can also complain to the ICO (ico.org.uk).
Compliance. We comply with UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
Changes. We version this policy and will re-request consent if it changes materially.

1. Who we are and scope

This Moodle site (“Whitetree Learning (sandbox)”) is operated by Whitetree Group Limited (11365046) and Whitetree Resourcing Limited (11727311), One New Street, Wells, Somerset, BA5 2LA (“Whitetree”, “we”, “us”).
This policy explains how we handle personal data inside Moodle. It sits alongside our website Privacy and Cookies Policies; if you follow links to external services, their policies apply as well.

2. Our legal basis and compliance

We process personal data under the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025. Depending on the activity, we rely on:

  • Contract / steps to enter into a contract – provide you with courses, assessments, and support.
  • Legitimate interests – secure and improve the service; manage enrolments; quality assurance; prevent abuse.
  • Legal obligation – comply with law/regulators.
  • Consent – only for genuinely optional features (e.g., certain analytics or integrations if presented with a choice).

3. Data we collect in Moodle

  • Account & profile: name, email/username, role, cohort/group, optional profile fields you provide.
  • Course participation: enrolments, activity completion, attempts, forum posts, messages, attendance.
  • Assessment: submissions, grades, feedback, originality/plagiarism reports (if enabled).
  • Support: helpdesk tickets and communications with us.
  • Technical & logs: IP address, device/browser details, access times, error/audit logs, security events.
  • Cookies: session and security cookies; optional analytics cookies if enabled (see Cookies Policy).
    Please avoid uploading special category data unless explicitly requested for an agreed purpose.

4. Where data comes from

Directly from you; from your organisation (if they create your account or enrol you); from activity generated by your use of Moodle; and, where integrations are enabled, from/to those tools (see 6.).

5. How we use data (purposes)

  • Deliver courses, enrol users, track progress, provide feedback, and issue certificates.
  • Provide user support and service communications.
  • Secure, monitor, troubleshoot, and improve Moodle (including performance and capacity).
  • Meet legal/regulatory requirements and exercise/defend legal claims.
  • Run optional services (e.g., Zoom/Teams meetings, Turnitin, H5P.com), when enabled.

6. Sharing and processors

We use trusted processors that act on our instructions, such as:

  • Hosting and platform operations, email delivery, monitoring/backups.
  • Learning tools integrated with Moodle (examples: Zoom/Teams, H5P.com, others if enabled).
    We may disclose data to regulators or law enforcement where required by law. We do not sell personal data.

7. International transfers

If any processor stores data outside the UK, we use a lawful transfer mechanism (e.g., UK IDTA/Addendum, adequacy decision, or standard contractual clauses). Details are available on request.

8. Retention

We keep personal data only as long as needed for the purposes above and in line with our Data Registry and organisational policy. Typical examples:

  • Course/assessment records: 6 years after course end.
  • Activity and access logs: 12 months.
  • Backups: encrypted rolling backups kept for up to 90 days.
    When periods expire, data are deleted or anonymised via Moodle’s privacy tools. Some courses/regulations may require different periods.

9. Children and age of consent

This service is provided for employees, contractors and authorised adult learners. It is not directed at children. Accounts are issued by Whitetree; self-registration and guest access are not available. If you believe a child has obtained access, contact info@whitetree.co.uk and we will take appropriate steps.

10. Your rights

You have the right to access, rectify, erase, restrict, port, and object to certain processing.
How to act on your rights:

  • In Moodle: Profile → Privacy and policies → Data requests (for export/erasure), or
  • Contact us using the details below.
    We will respond within legal timeframes. You may complain to the ICO (ico.org.uk).

Export downloads remain available for 14 days.

11. Security

We use TLS encryption in transit, role-based access controls, least-privilege administration, audit logging, and vetted processors. You are responsible for keeping your credentials secure.

12. Cookies

Moodle uses essential session/security cookies and may use optional analytics cookies if enabled. See our Cookies Policy for details and how to control cookies.

13. Changes and versioning

We keep this policy under review and create a new version for material changes. Moodle will prompt you to review and accept new versions where required.

14. Contact

Whitetree (Data Protection):
📧info@whitetree.co.uk
📮 One New Street, Wells, Somerset, BA5 2LA
You can also complain to the Information Commissioner’s Office (ICO): ico.org.uk.

I agree to the Privacy Policy.
Back to top