Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won’t collect it. This approach has felt very much in line with the spirit of GDPR, and we’re fortunate that a lot of these data collection practices have been in place at Coursebox for some time. As such, you may see a few banners or forms requesting consent for us to collect personally-identifiable information for tracking or other purposes. We don’t deem this information necessary to provide Coursebox’s service to you, and we choose not to engage in activities and strategies that make this data relevant.
At any time, you may request your information to be exported and sent to you for review, and we promptly honour any requests by you to have your information deleted and forgotten.
Here is the progress on GDPR compliance:
We are auditing all areas of Coursebox to determine what personal data we collect and for what purpose. In a case where collecting personal data is not essential, we are removing that collection process.
We’re working with a legal consultant to ensure that our policy contains the proper language, that it’s easy to understand, and that it communicates clearly any instances of personal data collection.
We will add a cookie notice to all relevant pages in order to comply with the E-Privacy Directive. We do not collect personally-identifiable information with our cookies, but we do want to acknowledge the use of cookie technology on our website.
A user has the right to request that we delete all of their personal data. Users who wish to inquire about the right to be forgotten will be able to reach out to us at any time.
Access / Portability
A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can reach out to us at any time.
In Coursebox, if a user asks to change their information, we can do so upon request. If a user has a modification to make, they can reach out to us.
Data Protection Agreement
We are creating a legal agreement that users and external parties can receive from us, promising the protection all personally identifiable information that we collect and store.
Within Section 7 of our DPA, we commit to displaying a list of all current sub-processors in use by Coursebox. A sub-processor includes any third party that we share personally identifiable info with.
Here is that list:
AWS (Amazon SMPT)
Google (Analytics and Push)
Frequently asked questions about GDPR and Coursebox
Q: As a Super Administrator and license holder of a portal on Coursebox, how will the GDPR affect me?
A: If you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers. We advise you to consult a legal advisor to ensure you are compliant.
Q: Does the GDPR change how I can use Coursebox?
A: No. Coursebox’s features and functionality are unaffected by the GDPR.
Q: How does Coursebox collect data—by e-mail, electronic forms, activity tracking, etc.?
A: We primarily collect data when a user signs-up for Coursebox services. Where data tracking is enabled we make sure that we do not collect any personally identifiable information.
Last updated: April 17, 2018
Increased clarity on what sensitive information is collected and why
Increased clarity on the storage and duration of sensitive information
Last updated: April 17, 2018
Clarity on what types of content may be considered hate speech or threatening
Updated process for account suspension or removal