Privacy Policy: Questions & Answers

Get some answers related to privacy policy management

Last Updated

January 16th, 2019

Reading Time

9 min

User Level

Introduction

In your LMS, you can create a customized privacy policy for your users to accept when registering or logging into the platform. You can also create and assign specific privacy policies to specific domains, for those using Docebo’s Multidomain app. This feature is available on both the 6.9 and 7.0 themes.

Furthermore, privacy policies can be versioned, so you can create a new version of the same policy when certain terms have been modified or updated. Your LMS tracks all versions of the privacy policy, and whether each user has agreed to, rejected or not yet answered to each version of the privacy policy. As the Superadmin, you can create and view reports related to your privacy policy as well (feature coming soon).

Refer to the questions and answers below to learn how to best navigate the transition between the old and new privacy policy management in your LMS.

Terms & Conditions vs. Privacy Policy

Your platform has both a Privacy Policy and Terms & Conditions that Superadmins can configure and all learners must accept if they are activated. While the configuration process is nearly identical, consider them as two separate functionalities that serve two different purposes that can work together to ensure that your learners are provided with all of the legal and policy-related information before using the platform.

The Privacy Policy should cover the legal language on the data that you record (such as material viewed in the platform or the number of times a user attempts to take a test) and how you manage it.

On the other hand, Terms & Conditions should outline the rules and guidelines that learners should respect in order to use the learning platform (i.e. not uploading informal learning assets related to specific subjects). Terms & Conditions should primarily focus on Coach & Share and E-Commerce, so learners know which rules to follow when asking questions to Experts, uploading informal learning assets, writing comments on assets, and purchasing courses or learning plans in the platform.

When learners log into their learning platform for the first time, when they self-register into the platform for the first time, or when they login again for the first time after you’ve updated the Privacy Policy or Terms & Conditions, they will always be prompted to accept the most recent version of the Privacy Policy or Terms & Conditions (or both, depending on what you’ve updated).

Checkboxes with links to both sets of content appear in the login or registration form, or just after logging into the platform, for those that had already accepted an older version of either one. Learners will also find a link to the Terms & Conditions in their shopping carts and on the Contribute page in their platforms.

Questions & Answers

Who can create and manage privacy policies?

All Superadmins in your platform are able to view, edit and manage all privacy policies. Power Users and regular users have no editing or managing permissions related to privacy policies.

Who must accept the privacy policy?

If you’ve enabled the option in your platform’s Advanced Settings area that the privacy policy must be accepted, ALL users will be prompted to accept the privacy policy upon their next log into the platform if they have not already done so. Additionally, any new users that are created via self-registration, quick registration, via SSO or user provisioning, or by the Admin (manually, via CSV, or otherwise) must accept the privacy policy upon completing their registration or logging into the platform for the first time.

What happens if a user rejects the privacy policy?

If a user does not accept the privacy policy, he or she will not be able to access his or her platform. If a user originally accepts the privacy policy then later revokes the acceptance in his or her profile management area of the platform, they will be warned to proceed, and upon confirming, will be immediately logged out of the LMS and will not be able to regain access until re-accepting the privacy policy.

Who can see the privacy policies that I create?

All Superadmins can see any privacy policies, including all versions of the policies in the platform when logged into a Superadmin account. All users will be able to view the privacy policy upon its publication when they are prompted to accept it on the login page of their platforms, or from the corresponding section in their profile area once logged into the platform.

For those using Docebo’s Multidomain app and therefore have set up different subdomains for users to access, you can assign specific privacy policies to specific Multidomain clients, meaning that users in a subdomain assigned to Policy A will only see Policy A, and users in a subdomain assigned to Policy B will only see Policy B. Alternatively, if you as the Superadmin have not assigned a specific policy to any client, those clients will see your platform’s default policy. Refer to this document to learn more about managing privacy policies for your subdomains.

Can I track who accepts or does not accept the privacy policy?

Yes, there is a dedicated report in your LMS related to privacy policies, the Privacy Policy Dashboard. Here, you can view the acceptance status of every user in every branch of your platform, percentages of who has accepted, rejected or not answered a privacy policy, the timing in which a user has answered a privacy policy, and other details related to users interacting with their privacy policies. This dashboard can be viewed globally for all branches and locally per branch, in case you have assigned specific policies to specific subdomains belonging to a branch.

Can I create multiple versions or update my privacy policy?

Once you’ve created a privacy policy, any of the fields can be updated later, which will automatically create a new version of the policy. All versions can be tracked and viewed when managing that privacy policy. Any time a new version is created and published, all users must re-accept the privacy policy upon the next log into the platform.

Versions are at global language level. If you update a policy in any language, a new version is created for all languages. Users will have to re-accept the policy, regardless of their platform language. Therefore, if you’re managing a policy that is published in multiple languages, you should update any necessary fields in ALL languages before pressing save and publishing the new version.

Can I create privacy policies for each domain that I’ve created using the Multidomain app?

When the Multidomain app is active in your platform, you can easily create multiple privacy policies and assign them to individual or multiple clients, so users in the branches assigned to those subdomains must accept that specific privacy policy.

Can I create multiple acceptance criteria for my privacy policy?

Yes, you can create different acceptance messages for your privacy policy, called sub-policies in your LMS. These additional acceptance messages can be flagged as mandatory or not. Mandatory sub-policies must be accepted along with the primary acceptance message before users can access their platforms. Each privacy policy can have up to three sub-policies in addition to the primary acceptance message.

What happens to my old privacy policy?

Previously, a language key (module: privacy_tos/phrase: Write here your privacy policy) in your platform’s Localization Tool was used to manage the privacy policy. When the new privacy policy management functionality is released in your platform, any content from any translations of that key will be automatically applied to the body your privacy policy in the new area of the platform if you modified that language key. This is done in any language, so your translations of the old key in all languages will be applied to the new policy. If you did not modify any translations in any language for the old language key, then a simple default text will be provided to you, and you MUST modify it yourself.

For example, if you’ve edited the translation of the key in your localization tool in English, German, Italian and Finnish, the new privacy policy will automatically have those exact translations in those languages already. You can now manage multi-language privacy policies using Docebo’s multi-language selector tool.

For those using the Multidomain app and therefore have the possibility to create multiple privacy policies, the content from the old language key will still be applied in all languages to your platform’s default privacy policy.

After the privacy policy is released in your platform from April 24th to April 26th, 2018, the old key in your platform’s localization tool will still be available, but it will no longer be functional. This means that even if you modify the translations of that key in any language, it will not modify the text of your privacy policy. You should use the new Privacy Policy Management area of your platform to modify your privacy policy. Upon the next weekly release, on May 1st and 2nd, 2018, these keys will no longer be available in your localization tool:

privacy policy

Does Docebo provide a default privacy policy?

At this time, Docebo does not provide a default privacy policy text, sub-policies or acceptance messages. At this time, Docebo does not provide a default privacy policy text, sub-policies or acceptance messages. Rather, there is a simple text with no actual policy oragreement content, and the text must be modified by you as the Superadmin.

What is the best way to manage the transition between the old privacy policy and the new privacy policy feature?

Keeping in mind that the new Privacy Policy Management feature will be added to your platform by default and cannot be removed, we recommend using the new tool to your advantage. Please note that Docebo will not change any of your previously configured settings. If the Privacy Policy MUST be accepted option is enabled in your platform’s Advanced Settings area, it will still be enabled upon the release of this new feature. If the option was disabled, it will remain disabled until you manually enable it. Thus, no immediate configuration is necessary and users should not be blocked from using their platforms.

However, if you’ve enabled this option and you’ve been using the language key in the localization tool to manage the privacy policy, you should take a look at the new Privacy Policy Management area of your platform and familiarize yourself with how to configure the policy moving forward. Refer to this documentation if you’re using a single domain, and this documentation if you’re using the Multidomain app.

What happens if I activate or deactivate the Multidomain App after configuring my privacy policy?

If you’ve created multiple privacy policies in your platform and assigned those policies to various clients while the Multidomain app is active in your platform, and then you deactivate the app for any reason, the default privacy policy will then become your only privacy policy for your one domain. No content or versions for the default policy will be removed.

All users that were in branches assigned to subdomains will now be assigned to only the single domain, and they will be prompted to accept their newly assigned privacy policy (the default policy) upon the next login. Previous tracking per user is not lost, so you can still view acceptance data related to when the Multidomain app was active in the Privacy Policy dashboard.

What if I switch users between branches that are assigned to subdomains with specific privacy policies?

If for any reason you move users from one branch to another, and the branches are assigned to different Multidomain clients, the moved users will be prompted to accept the new privacy policy of the new subdomain upon their next log into the platform, and they will not be able to access their platforms until they’ve accepted the new privacy policy. This is necessary also if the privacy policy for each subdomain is the same.

What if I have users in branches that are assigned to multiple subdomains?

If users are assigned to multiple subdomains, they will have to accept the policy of each subdomain before accessing that subdomain. This is necessary also if the privacy policy for each subdomain is the same. As a Superadmin, you will have to accept every privacy policy assigned to each Multidomain client, including the default policy, before accessing any subdomain.

How can I comply with the new European GDPR privacy regulations using my LMS privacy policy?

Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice. Docebo’s privacy policy feature allows Data controllers:

– To include all of the information required by the GDPR in their privacy notices and to apply the relevant best practices. You can easily define and maintain security policies that details your organization’s personal data-handling practices in a concise, transparent, intelligible way. Additionally, the policy is easily accessible, should be written in clear and plain language, and can be translated in the user’s own language.

– To provide an effective way to define and maintain policies and procedures for obtaining valid consent in accordance with the GDPR.

Can I create individual privacy policies for my users in different countries?

The only way to create individual privacy policies for users in different countries is by creating your organizational chart to divide users into branches per country, assigning those branches to a specific Multidomain client, then creating a privacy policy for each client and assigning that policy to the corresponding client.

What happens to my APIs if the privacy policy hasn’t been accepted?

The new privacy policy changes affect only the platform’s interface. All APIs won’t be blocked if the user hasn’t accepted the privacy policy.

Can I view the Privacy Policy when I access my platform’s login page from Docebo’s Go.Learn mobile app?

Privacy Policies can be viewed and accepted via the login page of the Go.Learn app for all learners. Please note that learners will be blocked from accessing their platforms in the app if they do not accept the Terms & Conditions.