The GDPR (General Data Protection Regulation) is the most significant step in the regulation of private data in recent history, affecting every company that does business within the EU, the largest economy in the world.
To help online school owners become and stay GDPR-compliant, LearnWorlds provides you with the GDPR-compliance Toolkit, the most comprehensive solution for detailed control over the Data Protection and GDPR-related settings of your school. With the GDPR-compliance Toolkit, your school can either become fully compliant, or you can choose which options you want to enable (depending on your business model and whether you and your users are based in the EU or not).
TABLE OF CONTENTS
- Privacy - GDPR settings
- What happens when a user requests to be deleted and forgotten?
- Verifying a user’s GDPR preferences
Privacy - GDPR settings
Navigate to Settings -> School Settings -> Privacy/GDPR:
Υou can set up whether the users will have the choice to opt-in to “Cookies”(a) and “Marketing material”(b) and to have access to email notification settings (c) and data access and deletion requests (d).
Note: By clicking on each choice, you will be able to preview the functionality that you are selecting.
According to your business’s needs, you will be able to choose among the following:
No Data Privacy management: All users will be excluded from all 4 functionalities.
GDPR Compliance for all users: All functionalities will be applied to all users.
GDPR Compliance only for users browsing from within the EU: All functionalities will be applied only to EU school users.
Custom Data Privacy management: Control the GDPR functionalities that you prefer to have activated in your school for all users.
Let’s see now what your students will see when you have the above functionalities activated.
On each page a message will pop up, prompting the users to accept the cookies by clicking on the “Got it!” button. Once clicked, the pop-up message will not appear again.
In case the users wish to accept specific cookies and not all of them, they can click on “Accept individual cookies” and choose the preferable cookies in the pop-up window.
Note: When a user wants to change this cookies selection later, they can achieve that by navigating to their profile page: Me-> Profile-> Edit. A pop-up window will appear and In the Privacy setting tab, they will be able to edit all the relevant cookies choices.
(b) Marketing opt-in for users
If this feature is activated, your learners will be able to choose whether they want to receive marketing mailing. This option will be available on their Sign Up Form:
or on Email Grabbers:
Note This setting can be edited by the users later, by navigating to their Profile Page -> Edit and opening the Privacy settings tab.
Note In case you need to manually add a user, you can also select whether this user will receive emails from your school, by checking the respective checkbox in the Add User form.
The new user and any user in your school can always change this option by navigating to their Profile page (and then clicking on “Edit”), through the Privacy Settings Tab.
Note: In case the admin hasn’t added the user or the user hasn’t subscribed with the Marketing opt-in activated, then an alert will pop up upon their first Login and will prompt them to activate the relevant email notifications
(c) Email Notification Settings
Activate this option to allow the users to decide whether they will be receiving email notifications regarding their activity or the school.
By activating this functionality you give your users the choice to navigate to their Profile page (click on Edit and then Privacy Settings -> Advanced Privacy Settings) and either request to have their data erased from school or ask for their data report.
1 If a learner wishes to no longer be a part of your business then they can click on “Delete my account and forget me”. That way they will be able to delete their personally identifiable information permanently and anonymize their history on this site. This is known as the “Right to be Forgotten”.Please remember that this doesn’t include any financial transactions completed on your website or other information legally required to be kept.
2 Any user has the right to ask for a copy of the personal data undergoing processing in a readable form, which has to be delivered within a month after the request applied by clicking on ”Personal data access request” (a respective message will be sent to the email account that is stored in Settings -> Notifications -> Admin settings)
What happens when a user requests to be deleted and forgotten?
If you receive such a request you can navigate to the All users. page, hover your mouse over the right column of the user’s account name and select to:
a. Anonymize the account
The user then will be suspended and his account details will be automatically replaced by an anonymous ID number. In case this anonymized user has posted in the community or has sent any messages, their posts or messages will be anonymized too.
b. Delete the user
You can delete a user and at the same time make their posts and messages anonymized.
In case a user is anonymized or suspended then you have to first unsuspend the account and then delete it through the user’s page.
Note: If the deleted user has a Stripe account then automatically it will be deleted in Stripe too and any active subscriptions or installments will be canceled.
Verifying a user’s GDPR preferences
All the GDPR preferences and activated settings related to each user can be found by navigating to Users -> All users and opening their User Card.
In addition, this information can also be exported along with the rest of the user’s info in an xls/csv file
The related to your leads GDPR information can be verified by navigating to Marketing -> Leads from pages, under the columns OPT-IN and EU USER
When in a school the GDPR functionalities are set up, then the respective merge tags/custom fields are also created for the email marketing integrations (Mailchimp, Active Campaign, AWeber, or ConvertKit) and for Ζapier and Webhooks.