PETMA™ Programme Privacy, GDPR & Use of Moodle

1. Purpose of this Addendum

This addendum updates and supplements the existing GDPR and Data Protection Policy to explicitly reflect the delivery of the PETMA™ Programme, including the use of online learning platforms (notably Moodle), blended delivery models, portfolio-based assessment, mentorship, and national Train‑the‑Trainer (TTT) governance arrangements. It should be read alongside the main policy and forms part of NIIDS’ GDPR‑compliant, privacy‑by‑design framework.

2. Scope of PETMA™ Data Processing

In addition to existing organisational processing activities, NIIDS processes personal data in connection with the PETMA™ Programme, including:

• Registration and enrolment of learners and trainers
• Delivery of online learning modules (Modules 1–6)
• Portfolio submission, assessment, and verification
• Mentorship and trainer development records
• Face‑to‑face attendance, assessment and authorisation records
• Programme governance, quality assurance and audit

3. Use of Moodle (Learning Management System)

NIIDS uses Moodle as the primary Learning Management System (LMS) for delivery of the PETMA™ Programme.

Moodle is used to:

• Provide secure access to online learning content (Modules 1–6)
• Manage learner and trainer accounts and authentication
• Facilitate submission of portfolio evidence and assignments
• Apply access controls, sequencing rules, and progression gates
• Support assessment, feedback, and verification processes
• Maintain an auditable record of programme participation and completion

Moodle access is role‑based and restricted according to user status (e.g. learner, trainer‑in‑training, assessor, administrator). Users can only access data necessary for their role.

4. Categories of Personal Data Processed

In the context of PETMA™, NIIDS may process the following categories of personal data:

• Identification data (name, email address, organisational role)
• Professional information (role, qualifications, training history)
• Learning records (module completion, assessments, feedback)
• Portfolio content (written reflections, applied tasks, evidence of learning)
• Attendance and authorisation records
• Limited special category data where voluntarily disclosed within reflective learning tasks

NIIDS does not require the disclosure of sensitive personal data for participation in the programme. Where reflective content includes personal or sensitive information, processing is minimised and protected through strict access controls.

5. Lawful Basis for Processing

Personal data within the PETMA™ Programme is processed under the following lawful bases as defined by GDPR (Article 6):

• Performance of a contract: delivery of training, assessment and certification services
• Legal obligation: compliance with regulatory, audit and safeguarding requirements
• Legitimate interests: quality assurance, programme governance, and continuous improvement

Where special category data arises incidentally through reflective learning, processing is carried out in line with Article 9(2)(g) and appropriate safeguards.

6. Data Minimisation & Privacy by Design

NIIDS applies a privacy‑by‑design and data‑minimisation approach to the PETMA™ Programme:

• Only data necessary for learning, assessment and governance is collected
• Reflective tasks are structured to avoid unnecessary disclosure
• Access to portfolios and sensitive content is tightly restricted
• Learning materials and governance records are separated within systems

7. Data Retention

PETMA™ Programme data is retained in accordance with defined retention schedules, including:

• Learner and trainer records: retained for a defined period to support certification, audit and governance
• Portfolio evidence: retained only as long as required for assessment, verification and appeal windows
• Authorisation records: retained in line with programme governance and assurance requirements

Retention periods are reviewed regularly and documented in the NIIDS Data Retention Schedule.

8. Data Security

NIIDS implements appropriate technical and organisational measures to protect PETMA™ data, including:

• Secure hosting of Moodle with access controls and encryption
• Password‑protected user accounts and role‑based permissions
• Regular system updates, backups and security monitoring
• Restricted administrator access and audit trails

9. Data Protection Impact Assessments (DPIA)

NIIDS undertakes Data Protection Impact Assessments where required, including for large‑scale or systematic processing associated with national programmes such as PETMA™. DPIAs are reviewed and updated as programme delivery evolves.

10. Data Subject Rights

All participants in the PETMA™ Programme retain their rights under GDPR, including rights of access, rectification, erasure, restriction, and objection, subject to legal and contractual obligations. Requests are managed in accordance with the main policy.

This addendum confirms that the PETMA™ Programme, including the use of Moodle, is delivered in accordance with GDPR, Irish data protection legislation, and NIIDS’ commitment to ethical, proportionate and secure data processing.