The GDPR (General Data Protection Regulation) is the most significant step in the regulation of private data in recent history, affecting every company that does business within the EU, the largest economy in the world. To help online school owners become and stay GDPR-compliant, LearnWorlds provides you with the GDPR-compliance Toolkit, the most comprehensive solution for detailed control over the Data Protection and GDPR-related settings of your school. Your school can either become fully compliant, or you can choose which options you want to enable (depending on your business model and whether you and your users are based in the EU or not).
Privacy - GDPR settings
Go to Settings → School Settings → Privacy/GDPR:Υou can set up whether the users will have the choice to opt-in to:
b. Marketing material
c. Email notification settings
d. Data access and deletion requests
Note: By clicking on each choice, you will be able to preview the functionality that you are selecting.
According to your business’s needs, you will be able to choose among the following:
1. No Data Privacy management: All users will be excluded from all 4 functionalities.
2. GDPR Compliance for all users: All functionalities will be applied to all users.
3. GDPR Compliance only for users browsing from within the EU: All functionalities will be applied only to EU school users.
4. Custom Data Privacy management: Control the GDPR functionalities that you prefer to have activated in your school for all users.
Let’s see now what your students will see when you have the above functionalities activated.
In case the users wish to accept specific cookies and not all of them, they can click on “Accept individual cookies” and choose the preferable cookies in the pop-up window.
When a user wants to change this cookies selection later, they can achieve that by navigating to their Profile → Edit → Privacy Settings. A pop-up window will appear and In the Privacy setting tab, they will be able to edit all the relevant cookies choices.
If this feature is activated, your learners will be able to choose whether they want to receive marketing mailing. This option will be available on their Sign Up Form:
or on the Email Grabbers:
- This setting can be edited by the users later, by navigating to their Profile Page → Edit and opening the Privacy settings tab under I want to receive news, tips, and other promotional material.
- In case you need to manually add a user, you can also select whether this user will receive emails from your school, by checking the "The user has given consent to receive emails from this school" checkbox in the "Add User" form. The new user and any user in your school can always change this option by navigating to their profile page, through the Privacy Settings Tab.
- In case the admin hasn’t added the user or the user hasn’t subscribed with the Marketing opt-in activated, then an alert will pop up upon their first Login and will prompt them to activate the relevant email notifications.
Email Notification Settings
Activate this option to allow the users to decide whether they will be receiving email notifications regarding their activity in the school.
Note: This setting can be edited by the users later, by navigating to their Profile Page → Edit and opening the Privacy settings tab under I want to receive email notifications about my activity in this school.
Data Access and Deletion requests
By activating this functionality you give your users the choice to navigate to their profile page (users can click on Edit and then Privacy Settings → Advanced Privacy Settings) and either request to have their data erased from school or ask for their data report.
- If a user wishes to no longer be a part of your business then they can click on Delete my account and forget me. That way they will be able to delete their personally identifiable information permanently and anonymize their history on this site. This is known as the “Right to be Forgotten”. Please remember that this doesn’t include any financial transactions completed on your website or other information legally required to be kept.
- Any user has the right to ask for a copy of the personal data undergoing processing in a readable form, which has to be delivered within a month after the request is applied by clicking on Personal data access request (a respective message will be sent to the email account that is stored in Settings → Notifications → Admin settings)
What happens when a user requests to be deleted and forgotten?
If you receive such a request you can navigate to the All users. page, hover your mouse over the right column of the user’s account name and select to:
- Anonymize the account: The user then will be suspended and his account details will be automatically replaced by an anonymous ID number. In case this anonymized user has posted in the community or has sent any messages, their posts or messages will be anonymized too.
- Delete the user: You can delete a user and at the same time make their posts and messages anonymized. In case a user is anonymized or suspended then you have to first unsuspend the account and then delete it through the user’s page.
Note: If the deleted user has a Stripe account then automatically it will be deleted in Stripe too and any active subscriptions or installments will be canceled.
Verifying a user’s GDPR preferences
- Users Page: All the GDPR preferences and activated settings related to each user can be found by navigating to Users → All users and opening their User Card.
In addition, this information can also be exported along with the rest of the user’s info in an xls/csv file
- Leads Page: The related to your leads GDPR information can be verified by navigating to Marketing →Leads from pages, under the columns OPT-IN and EU USER
- Integrations: When in a school the GDPR functionalities are set up, then the respective merge tags/custom fields are also created for the email marketing integrations (Mailchimp, Active Campaign, AWeber, or ConvertKit) and for Ζapier and Webhooks.