Personal Data Management
Management of personal data and adherence to the European principles of the GDPR
Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) has been in force since 2019
EU Regulation 2016/679 (General Data Protection Regulation, GDPR) has been in force since 2019, which provides for a series of procedures to be analyzed and put into practice in order to be in compliance with the processing of personal data (for example, among these, the appointment of the Data Protection Officer (DPO) pursuant to art.37-39).
OC is able to produce the initial GDPR compliance document for e-learning platforms with and without virtual classroom, depending on the type of installation chosen.
Our data protection policy
OC Group takes an ethical, legal and professional approach to ensuring that the data it holds on behalf of clients complies with the principles of integrity, privacy and availability. OC Group complies with current European legislation.
We have created project documentation to help you with your GDPR compliance for your LMS, providing an overview of the regulation and helping you avoid some common GDPR mistakes.
GDPR compliance
Measures to achieve this include:
Continue to invest in our security infrastructure, technical and organizational measures, so that the level of security offered is appropriate to the risk.
Make sure you have appropriate contract terms in place.
Ensure that there are confidentiality terms in the contracts of our staff involved in the processing of personal data.
Ensure that OC Group data protection staff are easily reachable by email at info@old.oc-group.eu so that users can send questions, make complaints or exercise their rights.
Provide sufficient information about the OC Group service through the contractual agreement.
OC's security infrastructure
Protecting our customers' information and the privacy of their users is extremely important to us. As a cloud-based company entrusted with valuable customer data, we have set high standards for security. Our cloud infrastructure uses Amazon cloud servers (AWS) and S3 storage. AWS Amazon is an industry-leading cloud provider, highly certified for privacy and security, also offering a GDPR-compliant DPA.
To comply with data protection laws regarding international data transfer mechanisms, data transfers are subject to the latest versions of the Standard Contractual Clauses approved from time to time by the European Commission, as published in the Official Journal of the European Union.
OC Group does not use sub-processors who maintain structures or may carry out processing in countries not included in the list of countries for which the European Commission has explicitly stated the adequacy of personal data protection.
Right to access: Our privacy policy describes what data we collect and how we use it. If you have specific questions about particular data, you can contact us for any clarification or data you may need at any time.
Right to Rectification: You can access and update your OC account settings at any time to correct or complete your account information via your profile by selecting the “Personal Settings” item from your account menu at the top of the ILIAS LMS interface .
Right to Deletion: You may terminate your OC account at any time, in which case we will permanently delete your account and all data associated with it in accordance with OC's data retention policy.
Restriction of Processing: OC Group supports the right to request restriction of processing by providing the administrator to make any user “Inactive”.
Right to Object: If you object to OC email notifications, you can opt-out of them for yourself or any other end user of your domain by following the appropriate steps within ILIAS LMS. You can choose not to include your data in our marketing activities by removing yourself from mailing lists using the footer in the newsletters and marketing emails you receive.
Right to data portability: you can export your data at any time through the application administration panel; the process is quite simple. OC Group fully supports your right to receive your domain data in a structured, commonly used and machine-readable format. In particular, OC Group supports exporting to multiple formats in ILIAS LMS, including CSV, XLS and SCORM. Furthermore, we will be happy to export your account data to third parties at any time upon your request.
We fully understand that OC Group clients need our help to comply with the GDPR. You can set up appropriate service with OC staff for this matter.
OC Group allows its customers to explicitly request and record user consent for the use of the OC Group service. In particular, each domain administrator can set up a personalized "Terms of Service" page via the administration page which must be shown to each end user upon first access to the system.
No automated individual decision-making: OC Group fully respects the right of its users not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
All manipulations of personal data are inspired by principles of legality, fairness, transparency (use of Open Source software), maximum limitation of the purpose of manipulation, accuracy, integrity and confidentiality.
It is important to us to respect our commitments regarding privacy and data security. We are therefore happy to help you prepare for all the changes brought by the GDPR.
For more information on our GDPR management documents, contact the OC Manager at main@opencons.net
If you have any questions about how OC Group can help you with compliance or if you have privacy concerns, please contact us at:
info@oc-group.com or call us on +39 0464 076250
Have an idea?
Let’s get it done right!