The GDPR provides users that reside in the EU with certain rights, specifically the Right to be Forgotten, the Right to Object, the Right to Rectification, the Right to Access, and the Right to Data Portability. Each of these rights is meant to safeguard the personal information of EU citizens, and the YouTestMe GetCertified platform provides the tools necessary to allow our customers to be fully compliant with the GDPR requirements.
Below, we’ve summarized the key requirements for GDPR, and we’ve separated each point into different sections. The Customer refers to the Administrators of the platform and/or the body that purchased the YouTestMe GetCertified platform. The End-User refers to the end-users of the YouTestMe GetCertified platform, specifically the Student and Instructor roles. Finally, the Course of Action defines what we will do on our end to ensure your compliance.
- The Right to be Forgotten: Users have the right to have their personal information completely deleted from YouTestMe GetCertified.
- Customer: When the user’s profile is deleted, all information associated with the platform will be deleted immediately. Administrators and other roles with adequate permission are also able to delete the user profile on their platform, and by doing so, delete all information associated with that profile.
- End-User: End-users can contact any platform Administrator or other role with adequate permission to request the deletion of their profile.
- The Course of Action: When deletion is requested, the YouTestMe GetCertified platform will fully remove all relevant personal information about the deleted user.
- The Right to Object: Users have the right to object to their personal information being stored and/or processed.
- End-User: As part of our Terms and Conditions, we require that any end-user, added or self-registered to a platform be added with the legally collected information. We also provide Administrators with a feature that allows a Terms and Conditions message to be displayed upon the first sign-in, allowing explicit consent to be collected. If a user objects to receiving communications from the platform, they have the ability to disable all email notifications. Administrators also have the ability to turn email notifications off for their users and specify what information is collected. The user’s profile can be deactivated at any time by the Administrators or other roles with adequate permission. Inactive user profiles are not subjects to any data processing on the platform.
- The Course of Action: We provide a Terms and Conditions feature to allow our customers to present the relevant information to their users prior to them being signed into the platform for the first time. Additionally, when any user disables their email notifications, we ensure that no emails are sent to the user through the platform. By default, only the username, first name, last name and email of the user are required.
- The Right to Rectification: Users can correct any incorrect personal information regarding them.
- Customer: After purchasing the YouTestMe GetCertified platform, customers have full access to their own profile information and profile information of their users and can change all of the information.
- End-User: End-users with adequate permission can edit their profile at any time. End-users without adequate permission can contact any platform Administrator or other role with adequate permission to request the update of their profile.
- The Course of Action: We provide all the tools necessary to ensure that information is kept up-to-date.
- The Right to Access: Users have the right to know what information about them is being stored/processed.
- End-User: All personal data collected by the YouTestMe GetCertified platform is transparent to the user and any user can access it at any time. Each customer can collect additional data about end-users through the custom fields that the administrators may have specified for the end-users. All this data is displayed at the respective user profile page as well. In case end-users have specific questions about particular data that the domain administrator cannot provide, they may additionally contact us at firstname.lastname@example.org for any clarification or data they may need at any time. Information will be provided free of charge without undue delay and typically much sooner than the GDPR-prescribed deadline of one month after the respective request receipt.
- The Course of Action: We provide all the necessary tools and reports for users to quickly access all personal data. This includes single-user reports that display a user’s profile information and test reports, as well as all-user reports that show the same information about every user in the platform.
- The Right of Data Portability:: Users have the right to obtain and reuse their personal data for their own purposes across different services.
- Customer: After purchasing the YouTestMe GetCertified platform, customers can export any data stored in the YouTestMe GetCertified into XLS or PDF format. Also, other formats like CSV, XML, SCORM, are available for some types of data.
- End-User: Any end-user can export any data stored in the YouTestMe GetCertified into XLS or PDF format. Also, other formats like CSV, XML, SCORM, are available for some types of data.
- The Course of Action: We provide all the necessary tools for exporting any data stored in the YouTestMe platform.
While we value your privacy, there may be instances where we need to log into your platform where personal information is stored. This will only happen when a customer or technical support is required.
Great customer support is a cornerstone of our business philosophy and we access basic customer data such as names and emails to better personalize our approach and ensure the quickest resolution possible.
Similarly, when a technical issue is reported by an Administrator, our engineers will often need to access the platform to troubleshoot the issue. When doing so, we follow the principle of least access, meaning that the engineers are only permitted to view data that is directly related to the rectification of the reported issue.