Full policy

Privacy Policy – Academy for Working Equids (AWE) Learning Management System (Moodle)
Last updated: 5 February 2026

1) Who we are

This Learning Management System (LMS) is operated by The Brooke Hospital for Animals (“Brooke”), which is the data controller for personal data processed through the AWE LMS.

The Brooke Hospital for Animals (“Brooke”)
2nd Floor, The Hallmark Building
52–56 Leadenhall Street
London, EC3A 2BJ
United Kingdom
Registered Charity in England and Wales (No. 1085760) and Scotland (No. SC050582)
Company Limited by Guarantee (No. 4119581)

Data protection contact:  DataProtection@thebrooke.org

2) What this policy covers

This Privacy Policy explains how we collect, use, store, share and protect your personal data when you use the Academy for Working Equids (AWE) LMS, which is built on the Moodle platform and hosted in the United Kingdom.

It applies when you access the LMS via:

• Website (through a web browser), and/or

• Mobile applications (our Branded Moodle App for iOS and Android).

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3) Information we collect

We collect the following categories of information:

A) Information you provide

• Name and email address

• Organisation, role, country/location and other profile fields you choose to provide

• Content you submit in the LMS (for example: forum posts, assignments, messages, feedback, uploaded files)

B) Learning and training records

• Course enrolments, progress, completion status, certificates

• Quiz and assessment attempts and results

• Participation records (for example: activity completion, attendance where used)

C) Technical and usage information

Website and app usage may generate technical information such as:

• IP address and approximate location derived from IP (where applicable)

• Browser/device type, operating system, app version

• Pages/screens viewed, dates/times of access, and time spent

• Log and security events (for example: login attempts, error logs)

4) How we use your information

We use your information to:

• Create and manage your LMS account and provide access to learning content

• Deliver training, track progress, and issue certificates/completions where applicable

• Communicate with you about LMS access, training updates, and essential service messages

• Support learners and administrators, including troubleshooting and responding to requests

• Maintain the security of the LMS and prevent misuse

• Improve the LMS and our mobile applications (see “Analytics” below)

5) Lawful bases for processing (UK GDPR)

We process personal data under one or more lawful bases depending on the activity:

• Contract: to provide access to learning services, manage accounts, and maintain learning records

• Legitimate interests: to operate, secure, and improve the LMS, and to administer training effectively

• Consent: where we ask for it (for example, mobile app analytics where required)

• Legal obligation: where we must comply with applicable laws and regulatory requirements

• Vital interests / public task: only where exceptionally relevant

6) Cookies (website)

The LMS website uses cookies that are necessary for core functionality, such as:

• Maintaining your logged-in session

• Security features and load balancing

• Remembering basic preferences (where used)

You can control cookies through your browser settings. If you disable necessary cookies, the LMS may not function correctly.

7) Mobile apps (iOS and Android)

We provide access to the LMS through a Branded Moodle App on iOS and Android.

App permissions

The app may request permissions only when needed for features you choose to use (for example, access to photos if you upload an image). You can control permissions in your device settings.

Push notifications (if enabled)

If push notifications are enabled, messages may be delivered using mobile notification services (for example, Apple or Google notification services) and Moodle’s notification infrastructure. Notification delivery may involve limited technical identifiers required to route messages to your device.

8) Mobile app analytics (Google Analytics for Firebase)

To improve the performance and user experience of our Branded Moodle App, we use Google Analytics for Firebase, provided by Google LLC.

Purpose

Firebase Analytics helps us understand (in aggregated form) how users interact with the app, which features are used, and where improvements are needed.

What data is collected

Firebase Analytics may collect information such as:

• App usage events (e.g., screen views, button taps)

• Session duration and frequency

• Device information (e.g., model, operating system version, language)

• Approximate location (e.g., country/region)

• App/device identifiers used for measurement and fraud prevention (for example, app instance identifiers)

We do not intentionally send direct identifiers such as your name or email address to Firebase Analytics.

Your choice / opt-out

Where required, we will ask for your consent for analytics collection. You can withdraw consent or opt out at any time via:

• the app’s privacy/analytics setting (where available), and/or

• your device privacy settings.

Opting out will not affect your ability to use core learning features.

International transfers

Firebase data may be processed outside the United Kingdom (including in the United States). Where personal data is transferred internationally, we use appropriate safeguards available under UK data protection law (for example, the UK International Data Transfer Agreement and/or the UK Addendum to EU Standard Contractual Clauses, as applicable).

9) Who can see your information (visibility within the LMS)

Depending on course settings:

• Your name (and potentially profile picture and selected profile fields) may be visible to other authenticated LMS users (e.g., learners, trainers, administrators).

• Content you post (forums, messages, submitted work where relevant) may be visible to course participants and staff according to how the course is configured.

You may be able to control some profile visibility settings in your LMS account preferences.

10) Sharing your data (processors and third parties)

We share personal data only where necessary to operate the LMS and provide training services, for example with:

• Hosting/IT service providers who operate or support the LMS on our behalf (acting as processors under contract)

• Third-party services integrated into the LMS where enabled for learning delivery (for example, embedded media or external learning tools). These providers may process data according to their own privacy policies.

We require service providers to protect your information and use it only to provide services to us.

11) Data storage, location and security

• Hosting location: LMS data is stored on servers located in the United Kingdom.

• Security: We use appropriate technical and organisational measures such as access controls, monitoring, malware protection, and encryption where appropriate.

No system is completely secure, but we take reasonable steps to protect your information.

12) Data retention

We keep personal data only as long as needed for the purposes described in this policy and to meet legal, audit, and safeguarding requirements.

Unless we need to keep it longer for a lawful reason, we retain training records and learning-related personal data for up to six (6) years from your last activity on the LMS, after which it may be deleted or anonymised.

You may request deletion earlier in some circumstances (see “Your rights” below). Deleting certain information may affect your ability to evidence training completion.

13) Your rights (UK GDPR)

You have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Request erasure in certain circumstances

• Restrict processing in certain circumstances

• Object to processing based on legitimate interests

• Data portability where applicable

You may be able to update some information directly in the LMS (for example, certain profile fields). For other requests, contact: DataProtection@thebrooke.org.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

 

14) Policy updates

We may update this Privacy Policy from time to time. The latest version will be posted in the LMS. Where appropriate, we will notify users through the LMS and/or require renewed acceptance.

 

15) Contact us

If you have questions or concerns about this Privacy Policy or how we handle personal data, contact: DataProtection@thebrooke.org

Full policy

Cookie Policy (Guest Visitors)

Website:https://awe.thebrooke.org/
Organisation: The Brooke Hospital for Animals (“Brooke”), 2nd Floor, The Hallmark Building, 52–56 Leadenhall Street, London, EC3A 2BJ, United Kingdom.

What cookies we use

When you browse awe.thebrooke.org as a guest (without logging in), we use one strictly necessary cookie:

• Cookie name: MoodleSession

• Domain: awe.thebrooke.org (first-party)

• Type: Session cookie (expires when you close your browser)

• Purpose: Keeps your visit working correctly (session continuity and secure navigation).

Consent

This cookie is essential for the site to function and does not require consent under UK/EU cookie rules. We do not use analytics or advertising cookies for guest browsing.

Managing cookies

You can control or delete cookies in your browser settings. Blocking essential cookies may affect how the website works.

Contact

Questions? Contact Brooke viahttps://www.thebrooke.org