Managing Your LMS Privacy Policy: Multidomain

Learn how to manage privacy policies for all of your domains

Last Updated

March 1st, 2019

Reading Time

13 min

User Level

Introduction

In your LMS, you can create a customized privacy policy for your users to accept when registering or logging into the platform. You can also create and assign specific privacy policies to specific domains, for those using Docebo’s Multidomain app. This feature is available on both the 6.9 and 7.0 themes.

Furthermore, privacy policies can be versioned, so you can create a new version of the same policy when certain terms have been modified or updated. Your LMS tracks all versions of the privacy policy, and whether each user has agreed to, rejected or not yet answered to each version of the privacy policy. As the Superadmin, you can create and view reports related to your privacy policy as well.

By default, the privacy policy is activated in new platforms, meaning that users will have to agree to the policy in order to access their LMS. For those that were using the privacy policy functionality prior to April 24, 2018, please refer to this Q&A document to learn how to navigate the transition to the new privacy policy functionality in your platform.

This article outlines how to activate and manage the privacy policy if your LMS uses the Multidomain app. For customers not using this app and therefore are only using a single domain, refer to this article to learn how to manage your privacy policy.

Terms & Conditions vs. Privacy Policy

Your platform has both a Privacy Policy and Terms & Conditions that Superadmins can configure and all learners must accept if they are activated. While the configuration process is nearly identical, consider them as two separate functionalities that serve two different purposes that can work together to ensure that your learners are provided with all of the legal and policy-related information before using the platform.

The Privacy Policy should cover the legal language on the data that you record (such as material viewed in the platform or the number of times a user attempts to take a test) and how you manage it.

On the other hand, Terms & Conditions should outline the rules and guidelines that learners should respect in order to use the learning platform (i.e. not uploading informal learning assets related to specific subjects). Terms & Conditions should primarily focus on Coach & Share and E-Commerce, so learners know which rules to follow when asking questions to Experts, uploading informal learning assets, writing comments on assets, and purchasing courses or learning plans in the platform.

When learners log into their learning platform for the first time, when they self-register into the platform for the first time, or when they login again for the first time after you’ve updated the Privacy Policy or Terms & Conditions, they will always be prompted to accept the most recent version of the Privacy Policy or Terms & Conditions (or both, depending on what you’ve updated).

Checkboxes with links to both sets of content appear in the login or registration form, or just after logging into the platform, for those that had already accepted an older version of either one. Learners will also find a link to the Terms & Conditions in their shopping carts and on the Contribute page in their platforms.

Activating the Privacy Policy Globally for All Domains

In order to manage a privacy policy, log into your main domain as the Superadmin. Access the Admin Menu from the gear icon in the top right corner, then press the Advanced Settings item in the Settings section. Now, access the Users tab. In the Options section, flag the Privacy Policy MUST be accepted option and press Save Changes.

privacy policy activate global

The privacy policy is now activated for all of your subdomains. You can go into the settings of each subdomain to turn off the privacy policy for that subdomain. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.

Please Note: If this option is not enabled, you are still able to access the Privacy Policy configuration area in your platform, and you can create and manage a privacy policy, but it will not appear to your users on the login or registration page of the platform. You may want to keep this option disabled as you draft your privacy policies per domain, then activate it after creating all of the policies for all subdomains in your platform.

Activating the Privacy Policy Locally for Subdomains

Whether you have activated the privacy policy globally from your main domain or not, you can locally activate or deactivate the privacy policy for a subdomain in the Multidomain settings. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.

To manage the settings of an individual subdomain, access your Admin Menu, then press the Manage subitem in the Multidomain section. On the main Multidomain page, find the subdomain in the list, then press the gears icon to access its settings. Reach the Privacy Policy tab, then flag the option in the first section to Enable custom settings for this client.

privacy policy local activate

Now, you will see that the Privacy Policy section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can flag the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can flag the Assign a policy option.

If you flag the second option, use the Select a policy dropdown menu to assign a privacy policy for this multidomain. Alternatively, you can assign a privacy policy to this subdomain from the Privacy Policy management area of your platform. The assigned policy will be reflected in the interface of the Privacy Policy tab in the subdomain’s settings. Likewise, if you assign a policy to the client in the settings area for the subdomain, it will be reflected in the interface of the Privacy Policy management area of your LMS. Press Save Changes once finished.

Upon assigning a privacy policy to a subdomain, all users in that subdomain must accept that privacy policy upon their next log into the platform.

Viewing and Managing All Privacy Policies

To view and manage all of the privacy policies that you’ve created, access your Admin Menu, then press the Privacy Policy item in the Settings section. Here, you will see a list of all of the policies that you’ve created and you can manage them as necessary.

In each policy’s row, you will see the policy name, ID code, to which multidomain clients the policy is assigned, the date of the last update to the policy, and the version of the policy. Hover your mouse over the policy’s row in the list to make the ellipsis icon appear, then press the icon to Edit or Delete the policy.

privacy policy view all

Anytime that you edit an existing privacy policy, keep in mind that a new version is created when you edit field or content anything other than title. If you update only the title of the policy, a new version is not created since that field is only visible to you as the Superadmin. Any other edit to any other field will automatically create a new version, and assigned users will have to accept the new version before accessing their platforms again. Learn more about creating privacy policy versions from the corresponding section in this article.

When you delete an existing privacy policy, the tracking history is deleted along with it, so you will not be able to access any history regarding the privacy policy from privacy policy reports. If you delete a privacy policy that is assigned to one or more multidomain clients, all of those clients will then be assigned to your platform’s default privacy policy, and the users of those subdomains will be asked to accept the default privacy policy upon their next login. You can also re-assign these clients to a new privacy policy.

Managing the Default Privacy Policy

By default, your platform has a blank default privacy policy that is pre-created for you. This default policy cannot be deleted. There is no content in the policy itself at first, so you need to edit it to populate content.

To edit the default policy for the first time, access the Privacy Policy management area from the Admin Menu, find the default policy in the list (it will be labeled accordingly), then press the ellipsis icon at the end of the policy’s row. Refer to the section below to learn about creating and managing the content of a privacy policy, as the process of editing the content of a policy is the same for all policies, including the default privacy policy.

privacy policy view

Every time you update the content of a privacy policy, a new version is created, so all users assigned to the default policy will have to re-accept the privacy policy. Refer to the section below regarding how to manage versions of your privacy policies.

By default, all users in all domains are assigned to the default privacy policy until you assign a new policy to a client. You cannot assign clients to the default policy, nor can you set a new policy that you create as the default policy. If you delete a privacy policy that has subdomains assigned to it, those subdomains will then be assigned to the default policy until you assign them to a new policy.

Creating a Privacy Policy and Managing Its Content

To create a new privacy policy, access the Admin Menu, then select the Privacy Policy item in the Settings section. On the main Privacy Policy page, press the plus button in the right corner. In the slideout panel, you need to first create the privacy policy in your platform’s default language. Provide a policy title and a title message (this is the acceptance message that your users will see). Then, press Create & Edit at the bottom of the panel.

On the next page, there are three tabs at the top: Settings, Preview and Versioning. When you first draft your privacy policy, all of your work will be done in the Settings tab. Find any later policy versions that you create in the Versioning tab. If you want to preview how your policy will look for learners before saving it as a new version, you can switch to the Preview tab at any time before pressing Save Changes.

In the Settings tab, begin in the Header Message section to add an introductory message that appears above all of your policy and sub-policy text on the registration form for learners. Please note that this text can be no longer than 500 characters, and should serve as a brief introduction to what users will accept below the message in the form. It will be immediately visible during self-registration and can be used to summarize the most important information. Please note that this message is not mandatory, but suggested.

privacy policy create

Then, move to the Privacy Policy Content section. You need to create the privacy policy in your platform’s default language. Provide a policy title, a title message (this is the acceptance message that your users will see), and the text body of the policy.

In the text body, you can format and stylize the text as desired. Additionally, you can add PDF files into the body of the text by pressing the Attach Files button in the text formatting bar. Note that your LMS does not track whether learners click on the link to the file or download the file, but the Versioning functionality in your platform ensures that the version of the file that is served to the end user is always the right historical one.

Once you’ve completed all of the required fields, you can press Save Changes to publish this version of the privacy policy for your users. If you need to add any policy extensions or sub-policies to the privacy policy, move to the Sub-Policy section before saving your changes.

Creating and Managing Sub-Policies

If you need to add any sub-policies or additional acceptance messages to a privacy policy, press the Add Sub-policy button in the Sub-policy section when creating or editing the privacy policy. This option is useful if you need users to accept additional options when accepting the privacy policy, such as allowing user data to be viewed by a third party system or subscribing to newsletters.

privacy policy subpolicy

Then, insert the sub-policy acceptance message into the corresponding text field and flag whether it’s mandatory or not. If you set a sub-policy to be mandatory, users will not be able to access their platforms until they’ve accepted the sub-policy.

Repeat this process for up the three sub-policies per privacy policy. To delete a sub-policy, simply press the X icon in it’s row. When you’re finished, press Save Changes.

Creating a Privacy Policy in Multiple Languages

When creating or updating a privacy policy, you can create the same version of the policy in multiple languages using the multi-language selector tool. Refer to this article to learn how to use this tool.

Please note that when you’re creating or editing a policy in the platform’s default language, the default language fields are mandatory. However, when adding content in a language that is not the default language, the fields are not mandatory. Therefore, if you do not populate a field in one of the additional languages, that field will appear to users in the default language instead of appearing blank.

privacy policy multilanguage

For example, if your default language is English, you must fill out every field of the privacy policy in English. If you then create content of the same policy in French but you do not fill out the acceptance message, learners with their platforms set in French will see the acceptance message of their privacy policy in English.

Any time that any field of the privacy policy is updated in any language, a new version is created. Versioning for a privacy policy is at a global language level, not localized to individual languages. Therefore, you cannot have a privacy policy with 3 versions in English and 7 versions in French.

Once you update any fields and press Save Changes, a new version is created for all languages. Therefore, when you are updating the privacy policy, be sure to update it in all necessary languages before pressing Save Changes. Refer to the section below to learn more about versioning.

Updating a Privacy Policy and Managing Versions

Once you’ve created a privacy policy, any of the fields can be updated, which will automatically create a new version of the policy. All versions can be found in the Versioning tab. Any time a new version is created and published, all users must re-accept the privacy policy upon the next log into the platform.

Versions are at global language level. If you update a policy in any language, a new version is created for all languages. Users will have to re-accept the policy, regardless of their platform language. Therefore, if you’re managing a policy that is published in multiple languages, you should update any necessary fields in ALL languages before pressing Save Changes and creating a new version.

privacy policy versioning

In the Versioning tab when editing a policy, use the sliding bar in the area at the top of the page to see all of the available versions and switch between which version you want to view. For each currently viewed version, you will see the version name, who published that version and the date and time of publication.

Below, you will see the full privacy policy version, including all acceptance messages, title, and text. To change in which language you’re viewing the version, use the Language dropdown menu in the top right corner of the policy.

Assigning and Unassigning Policies to Subdomains

You can assign privacy policies to specific subdomains, meaning that one domain can have a different privacy policy than a different domain. This is useful if your subdomains are populated by branches that are divided by users in different offices, countries, regions, etc. and therefore need to agree to different terms and conditions in order to use the platform.

After you’ve created the privacy policy, find it in the list of all policies on the main Privacy Policy Management page. In the Multidomain Clients column for each policy, you will see how many domains have been assigned to that privacy policy. Press the item in that column to manage which clients are assigned to that policy. Please remember that you cannot assign any clients to the default policy, as this serves as the fallback policy in case any clients are not assigned to a specific policy.

When you press the icon in the Multidomain Clients row of the policy, you will be redirected to the Assigned To tab of that policy’s edit area. You can also access this area by pressing the ellipsis icon in a policy’s row, then pressing the Edit item from the dropdown menu.

privacy policy assign

In the Assigned To tab, press the global plus button in the top right corner to assign domains to the policy. In the slideout panel, flag the clients that you want to assign to this privacy policy. By assigning these clients to this policy, all users in these subdomains must accept this privacy policy upon their next log into the platform.

Refer to the Assigned Policy column in the panel to see which policy is currently assigned to a specific client. By assigned a new policy to the client, users in that subdomain will have to accept the newly assigned privacy policy before accessing their platforms. Once you’ve selected the clients, press Confirm.

To unassign subdomains from a policy, access the Assigned To tab for the policy and press the global plus icon in the top right corner. In the slideout panel, unflag the clients that you want to unassign from the policy. Alternatively, you can flag the subdomains in the list in the policy’s Assigned To tab, then press the ellipsis icon at the bottom of the page, and select the option to unassign those domains from the policy.

Please note that upon saving these changes, these clients will be assigned to the default policy until you manually assign them to a new policy. Remember that even if you change the privacy policy assignment for a subdomain, all data for a user’s privacy policy interactions will be tracked by the LMS and can be viewed in the reports area.

Privacy Policies for Learners

Once a privacy policy is published, all assigned users will have to accept all mandatory acceptance messages upon logging in or registering into the platform on the corresponding forms on the login page. The platform will not be accessible to a user that has not accepted all mandatory acceptance messages or sub-policy messages.

This applies to the first publication of the first version of a privacy policy, and any publication of a new version of the privacy policy in any language. This also applies if a subdomain has been assigned to a new privacy policy, or if a user has moved between branches that are assigned to different policies.

privacy policy learner

Once logged in, users can see more details related to their privacy policy and acceptance from their profile area. Press the menu icon in the top left corner of the page, then press the edit icon (pen button) in the slideout panel.

On the profile page, press the arrow icon in the Privacy Policy section to refer to the policies and sub-policies to which you have agreed in order to access and use your platform. You can flag or unflag any previously selected agreement statements, then press Save Changes. Please note that by unchecking the mandatory privacy policy settings (marked with an asterisk), you will not be able to access and use your LMS again. The agreement to the mandatory privacy policy is required to complete your registration and use your platform. To view the privacy policy again, press the View Privacy Policy button.

Please Note: If users are assigned to multiple subdomains, they will have to accept the policy of each subdomain before accessing that subdomain. This is necessary also if the privacy policy for each subdomain is the same. As a Superadmin, you will have to accept every privacy policy assigned to each Multidomain client, including the default policy, before accessing any subdomain.

Note on the Text Editor

Please note the the text editor embedded in the platform is Froala, refer to the Froala Knowledge Base for further information on its usage. Also remind that the rendering of the output of WYSIWYG editors may be slightly different from the input, depending on the CSS rules applied.