GPDR
In preparation for the implementation of the GPDR, InTeach has implemented a series of actions to comply with the regulations. This article details these actions and explains InTeach’s obligations and yours as an InTeach customer.
We, InTeach, are “data processors” and you, our customers, are “data controllers”. These roles involve different mutual obligations.
What data is processed by InTeach ?
Before detailing the specificities of InTeach’s application of the GPDR, it seems important to summarize the data collected and processed by the platform.
We only collect personal data that is relevant to our services: name, first name, email address.
We collect statistics on the time spent in the application in order to have data to continuously improve our services and to inform our customers of the training times spent on InTeach by their learners.
We collect the results of the different pedagogical activities in order to be able to: * monitor the learner’s progress * improve the quality of training * enable administrators to monitor learner participation and progress
The data is neither sold nor given to third parties, and only accessible to administrators deploying the solution to the learners concerned. Data is securely stored on our servers in Europe.
Legal basis
In order to determine the obligations of each party, it is first necessary to identify the legal basis on which we can apply the DGPS. The legal basis here is the legitimate interest ( learn more about the legitimate interest ). This legal basis is in line with InTeach’s data processing. Indeed, InTeach’s use of data is a processing operation that users can reasonably expect and that has a low impact on privacy.
Tip: A good practice, recommended by the ICO, is for the data controller (you) to write a LIA (Legitimate Interest Assessment) detailing how, from the controller’s point of view, monitoring learners’ progress and engagement is legitimate. Click to download a LIA template or to learn more about the Legitimate Interest Assessment.
It is important to note that the legitimate interest does not require the consent of the end user to the processing of the data.
Individual rights
Platform users have individual rights ( learn more about individual rights )
The first of these rights is the right to be informed. In order to highlight this right, a new user is presented with a screen informing him/her of the data collected and the reasons why we collect them at the time of his/her first connection.
We propose a default text that you can modify when deploying a white label. The user has no choice but to indicate that he has read the information to continue (action that we record in the database to prove that he has been informed).
Users have other rights, including the right to access, modify and delete personal data. These rights can be exercised on request by email to hello@inteach.io.
Data Processing Agreement
Whenever a data controller outsources data processing to a data processor, as is the case when you use our services, it is necessary for both parties to sign a DPA (Data Processing Agreement). Learn more about the DPA .
When a “Corporate” or “Enterprise” contract is signed, the DPA is included as an annex to the overall contract.
When you subscribe to a “Free”, “Starter” or “Pro” subscription, you accept our generic PAD, which you can find here: InTeach DPA.
Documentation
As a data processor, we are required to document all our automated data processing activities. We maintain a record of our processing activities that can be provided to you upon request.
Advice: As a data controller, you too may also have a potential obligation to detail your personal data processing activities at company level. Don’t forget to mention the data collected from your learners when using InTeach!
Click here to learn more about the documentation.
Conclusion
You now know everything about the RGPD by InTeach. Feel free to contact us for more details or if you have any comments regarding this complex subject!