LMS Privacy Notice
MRC Regulatory Support Centre Learning Management System privacy noticeThe MRC Regulatory Support Centre (referred to as ‘we’ or ‘our’) holds and uses personal data in order to support service delivery. This privacy notice specifically covers the personal data collected and held by our Learning Management System.
The MRC Regulatory Support Centre is part of UK Research and Innovation (UKRI). UKRI is the data controller for the personal data we hold and use. You can find further details about how your personal data is controlled in the UKRI privacy notice.
What personal data do we hold?
Our Learning Management System (LMS) collects and stores the details you provide at registration (e.g. your name, email address, place of work, MRC affiliation, etc). It also stores data about the courses that you have started or completed and your assessment scores, recording the progress you have made through each course as you take it. It links all of this data to your account and records the date of your activity.
This personal data is held on secure servers via our e-learning provider, BYG Systems. A copy is periodically downloaded to MRC secure servers to allow us to manage the service and report on numbers of users. Staff at the MRC Regulatory Support Centre can see all of these details, except your account password.
What do we use your data for?
- To record your assessment scores, and to produce a certificate.
- To track your progress through the course.
- To provide you with administrative help, if you have issues accessing the website.
- To measure usage and demand for the LMS as a whole and the individual e-learning courses, so we can report anonymous aggregate data (e.g. the number or percentage of individuals who have taken or passed a course).
Sharing your data with others
If you work in an MRC Institute, Unit or centre (MRC family), we may be asked to provide some of your personal data (i.e. name, course taken, date, pass/fail) if your Unit is undergoing an audit or inspection. We use both your registration details and email address to ascertain if you are part of the MRC family.
If you work in one of our overseas Units (e.g. in the Gambia or Uganda) we may transfer your personal data to these countries. We have not yet been asked to do this. If we are asked, we will meet the legal protections (or safeguards) when transferring your data outside of the UK.
If you are non-MRC family, we will not share your personal data with others.
How long do we hold your personal data?
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for. To determine how long we keep your personal data, we consider:
- the amount, nature and sensitivity of the personal data,
- the potential risk of harm from unauthorised disclosure of your personal data,
- the purposes for which we process your personal data, and
- whether we can achieve those purposes with anonymised data.
For example, we recognise that your e-learning account may be inactive for long periods of time as we don’t release new courses very often. Therefore, we will review accounts periodically (e.g. every 5 years in line with our funding cycle) and delete accounts if they have not been used for 5 years or more. We will retain anonymised data for longer. If you would like to delete your account, you can do so on request at any time by contacting firstname.lastname@example.org. We will remove all data that identifies you from our working systems, and we will keep anonymised data in order to monitor demand for this service.
What if I have a question?
Please contact email@example.com with any questions you may have.