MANAGEMENT OF PERSONAL DATA
Management of personal data and adherence to the GDPR European principles
EU Regulation 2016/679 (General Data Protection Regulation, GDPR) has been in force since 2019,
EU Regulation 2016/679 (General Data Protection Regulation, GDPR) has been in force since 2019, which provides for a series of procedures to be analyzed and put into practice in order to be in compliance with the processing of personal data (for example, among these, the appointment of the Data Protection Officer (DPO) pursuant to art.37-39).
OC is able to produce the initial GDPR compliance document for e-learning platforms with and without virtual classroom, depending on the type of installation chosen.
Our Policy for the Protection of Your Data
OC Group has an ethical, legal and professional approach to ensure that the data it holds on customer behalf conforms to the principles of integrity, privacy and availability. OC Group complies with standing EU law and international regulation regarding privacy and security issues.
We have set up a project documentation to help you with your LMS compliance, providing an overview of the regulation and helping you avoid some common GDPR mistakes.
EU GDPR Compliance
The GDPR’s updated requirements are significant and our team has worked hard to ensure that OC Group fully meets them. Measures to achieve this include:
- Continuing to invest in our security infrastructure, technical and organizational measures, so that the level of security offered is appropriate to the risk.
- Making sure we have appropriate contractual terms in place.
- Ensuring that there are confidentiality terms at the contracts of our personnel that is involved in the processing personal data.
- Ensuring that the OC Group data privacy personnel is easily reachable through email at email@example.com so that users can drop questions, lodge complaints, or exercise their rights.
- Provide sufficient information regarding the OC Group service through the contract agreement.
The OC Security Infrastructure
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with customers’ valuable data, we’ve set high standards for security. Our cloud infrastructure utilizes Amazon cloud servers (AWS) and S3 storage. AWS Amazon is an industry leading cloud provider that is heavily certified in privacy and security, also offering GDPR-compliant DPA.
In accordance with GDPR requirements around security incident notifications, OC Group will continue to meet its obligations and offer contractual assurances.
International Data Transfers
To comply with E.U. data protection laws around international data transfer mechanisms, data transfers are subject to the latest versions of the Standard Contractual Clauses approved by the European Commission from time to time, as published in the Official Journal of the European Union.
OC Group does not employ subprocessors that retain facilities or may perform processing in countries that are not contained in the list of countries for which the European Commission has explicitly affirmed on the adequacy of the protection of personal data.
Right to Rectification: You may access and update your OC account settings at any time to correct or complete your account information through your profile by selecting the “Personal Setting” item from your account menu on the top of the ILIAS LMS interface.
Right to Erasure: You may terminate your OC account at any time, in which case we will permanently delete your account and all data associated with it according to the OC Group data retention policy.
Restriction of Processing: OC Group supports the right to request restriction of processing by providing to the administrator to render any user as “Inactive”.
Right to Object: If you object to OC email notifications, you may deactivate them for yourself – or any other end user of your domain – by following appropriate steps inside ILIAS LMS. You may opt out of inclusion of your data in our marketing by removing yourself from the mailing lists using the footer in the newsletters and marketing emails that you receive.
Right of Data Portability: You may export your data at any time through the administration panel of the application; the process is quite straightforward. OC Group fully supports the right to receive your domain’s data in a structured, commonly used and machine-readable format. In particular, OC Group by design supports exporting in multiple formats, including CSV, XLS and SCORM. Furthermore, we will be happy to export your account data to a third party at any time upon your request.
We fully understand that OC Group customers need help from our side in order for them to comply with the GDPR. An appropriate service can be setup with OC personnel for that topic.
OC Group enables its customers to explicitly ask for and record users’ consent for using the OC Group service. In particular, each domain administrator may set through administration page a custom “Terms of Service” page that is to be shown to each end user when he/she first logs in to the system.
It is necessary to accept this page in order to continue to the LMS, therefore this is a handy way of obtaining consent from the end users through OC Group.
Note that once an end user accepts to provide consent, this is also logged in and appears in the timing of the application, thus making it easy to use it for reporting or compliance purposes if needed. If the end users choose to withdraw consent for e-learning, this is essentially equivalent to the removal of the user from the service.
Regarding users who have been inserted in the system prior to the date consent was asked for, and without having opted in to the Terms, OC Group also enables the administrator to select these users that have not accepted the Terms of Service and mass delete them.
All manipulations of personal data are inspired by principles of legality, fairness, transparency (use of Open Source software), maximum limitation of the purpose of manipulation, accuracy, integrity and confidentiality.
No automated individual decision-making: OC Group by design fully respects the right of its users not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Fulfilling our privacy and data security commitments is important to us. So we’re glad to help you prepare for all the changes the GDPR brings.
For more information on our GDPR management documents, contact the OC Manager at firstname.lastname@example.org