The General Data Protection Regulation (GDPR) is a set of security principles and protocols laid by the European Union to protect the data interests of European Citizens. GDPR aims to ensure that corporations inside or outside the European Union become more transparent about how they collect, handle and process personal user data of European Citizens. The primary goal of GDPR compliance is to eliminate security gaps when it comes to collecting data from the users and allow total data control back to the users.
When the GDPR comes into effect, most organizations that collect, maintain, or process EU residents’ personal data (regardless of the organization’s global location) will be required to implement certain procedures and safeguards for that data.
The California Consumer Privacy Act of and the California Privacy Rights Act (together “CCPA”) gives consumers more control over the personal data that organizations collect about them. Under CCPA, California consumers have rights including but not limited to: the right to know about what personal data a business collects about them and how it is used and shared; the right to delete personal data collected about them (with some exceptions); the right to opt-out of the sale of their personal data (if applicable); and the right to non-discrimination for exercising their privacy rights.
GDPR includes firm definitions for data “controllers” and data “processors.” When considering your privacy, we must take into account the fact that we operate under both conditions at different times.
A data controller collects personal data, which is defined very broadly and includes information such as a name or an email address. We are data controllers when it comes to our users’ account information.
But it also turns out that you, our users, are also data controllers! Every time you collect personal data in the form of a quiz, course, live chat, survey, etc., you become a data controller, and we become the “data processors.”
Data processors process personal data on behalf of the data controller. For example, you may enter your online course participants’ email address in our system so that you can invite them to take your course. We do not control that data - you do. But we do process that data through our system as a convenience to you.
To accommodate the fact that we are both data controllers and processors, we have been working hard for more than 12 months (and continue to work), toward GDPR requirements.
Our highest priority is keeping customer data secure. We are committed to delightful experiences both for our direct users and indirect users for whom our users create content (e.g. quizzes, online training courses, knowledge bases, etc.).
As soon as GDPR was announced in April of 2016, we began preparations for implementation. We're committed to taking advanced measures to support and continuously enhance the security of our systems, to ensure that we collect and process personal data in a manner compliant with GDPR or any similar legislation.
We are committed to helping our customers by protecting and respecting personal data, no matter where it comes from or where it flows. The Company complies with mandatory privacy laws worldwide. We have established long-standing security, data protection, and privacy programs.
We strive for transparency with our customers and partners. In that spirit, we want to share a few examples of what we have in place to prepare for the GDPR:
We’ve implemented a number of technical and organizational safeguards designed to protect the security and integrity of your personal data and any data you control in your account.
Our customers who are data controllers can easily access and manage their team members’ data. Specifically, these customers not only are able to directly access, update, modify, and delete data within our platform, but they also have the ability to export Organization member and guest information. As for your own personal data, you can always view the data we have collected and make changes from your account management section. You also retain the right to delete your account at any time, which will remove all of your data, and that of your users, from our system.
We share the GDPR’s commitment to transparency, fairness, and accountability which is why we have updated our Privacy Policy and Terms of Service. Please check them out and contact us if you have any questions!
We now offer EU customers with qualifying accounts our standard Data Processing Agreement. We understand that some of our customers prefer to have a written agreement as regards data processing and transfers, in addition to our terms of use and privacy policy. Request Data Processing Agreement
If you wish to receive a list of sub-processors who handles personal data for any of our company products please complete our form here. On completion of this form and entry of your details through our system, you will receive updates when we add any new sub-processors to this list.