GDPR Compliance
GDPR Compliance
Overview
Cambridge School of English. (“We”) is owner and operator of “CambridgeSchool.online”, our website with integrated webshop, virtual class platform (where we do use among others the plugin “BigBlueButton”) and LMS (Learning Management System). We do provide also on our rented servers, located within the Europe Union, the hosting for our platform where we do provide our services to private individuals, commercial organizations and public institutions as well as to their employees. Our goal is to enable remote students to have a high quality online learning experience.
We take the privacy of your personal information very seriously.
Together with our Privacy Policy (to be found here: https://cambridgeschool.online/privacy-cookies-policy/), this document will help you better understand the personal information we collect, why we collect it, how we use it, and how we protect it. In full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), which comes into effect May 25, 2018, this document also explains the various rights of the data subject, including the right of access and the right to erasure (aka “the right to be forgotten”).
The website itself together with our webshop, the virtual class room platform and LMS is hosted by our chosen server provider within the European Union, where all the data are collected and stored.
Cambridge School of English is the “Data Controller”.
You or your company as our client either accepted our Terms of Use, Privacy Policy and GDPR directly (when you initially logged into the LMS) or were asked to accept by us. In accordance with these terms of use and consistent with our Privacy Policy, you gave the our website, our webshop, our virtual class platform, our LMS and us permission to collect, use and share your personal information.
Our webshop
We are using the WordPress plugin Woocommerce or similar ones, and internationally recognized payment providers, like Paypal and further ones.
Personal data collected and stored are needed to process any purchasing transactions, but also to send to you goods purchased via the website, and supply to you services purchased via the website, to send statements, documents, certificates and invoices to you, and collect payments from you.
Data collected are as following:
- Full name
- Address and Delivery address, if applicable
- Credit card information
- Billing information
- Courses and products purchased
- Additional information, which you do share with us while the purchasing process
- IP address
This information is used to complete the purchase transaction.
Our virtual class platform
Our virtual class platform (using the plugin “BigBlueButton”) is a web conferencing system designed for online learning. It enables students and instructors to collaborate in real-time. This collaboration includes sharing one or more of audio, video, slides, chat, screen, emojis, and responding to polls.
The collaboration may also be recorded.
Grant of Consent
The majority of users access our virtual class rooms through our website, which is based on a WordPress CMS system and/or a learning management system (LMS) implemented within our website. We collectively refer to these systems as a “Front End”.
Our Collection and Use of Your Personal Information
We capture personal information when you login to our virtual class platform and when you share information during a live session (such as an online class). Furthermore, if the session is recorded, then personal information may also appear in the subsequent recording (such as your chat messages).
What happens when you login?
When you login to our virtual class platform and LMS through our website, we receive (at minimum) two pieces of information: your name and/or an ID (this is a unique identifier internal to the reporting and documentation of the online lessons and LMS usage). Additionally we also can might publish in the protected class profile the contact data (like mail and/or phone contact) for internal administration and organization of the lessons, as well as further lesson and reporting related information for our students and clients).
We also receive additional information during the join process, which may include:
- a URL back to the website/Front End (this enables the virtual class platform to return you back to the Front End after you log out);
- the associated course ID/name (this is usually embedded in the Logout URL); and
- your IP address, browser, and OS in our web server logs.
We use this additional data to provide you support (such as troubleshooting) and for creating usage reports that we make available to the clients and students on request.
What data do we receive when you participate in a meeting?
During a live meeting, you may exchange audio, video, slides, desktop, chat, and emoji icons, responses to polls, closed captioning, and whiteboard annotations, and other content during a session. We collectively refer to this content as “Meeting Data”.
Our client sends/receives Meeting Data to the server via encrypted channels (RTMPS, HTTPS, and DTLS).
Where do we store Meeting Data?
Not all Meeting Data is stored. Storage of the Meeting Data depends on whether (a) the meeting was recorded, and whether (b) the moderator (usually the instructor/teacher) marked any segments of the meeting for later processing into a recording for playback.
Generally speaking, there are two cases for the storage of Meeting Data:
Case 1: For an unrecorded meeting, we do not store any Meeting Data, except the Lesson related Data described further down in regards of the Support and Reporting purposes, on our server after the meeting finishes.
Case 2: For a recorded meeting, we store the Meeting Data on our server for a defined and agreed period, after which it is automatically deleted.
The Meeting Statistics gives the instructor the ability to gauge and measure of participation in the class. This data includes:
- User Name
- isModerator (true/false)
- Number of times chatted
- Number of times talked
- Number of times shared emoji
- Number of times raised hand
- Response to polls
- Total time talking
- Total time in session
- Join date/time
- Leave date/time
For how long do we store Meeting Data?
For some customers, we may automatically delete their Meeting Data (and any associated recordings) within 7 or 14 days. For others, we delete their Meeting Data only upon request by the client .
Our meetings with customers, we delete all recordings and data associated with the customer latest within 5 years or earlier of the end of their contract with us.
How do we restrict access to Meeting Data?
For access to live meeting sessions, users can only login via the Front End or by invitation (a link and login data).
What information do we retain for support and reporting purposes and for how long?
As described above, we capture user metrics and logs during a session to better enable us to provide customer support and reporting. Our servers record metrics for each meeting and for each user in a meeting (“Support Data”).
This Data includes:
- Full Name or personal ID or mail address
- Browser
- Operating system
- Start and End time of the lessons (login and logout times)
- Length of time in session
- The user’s IP address
- # of times reconnected
We store all Support Data on servers located in the Europe Union.
How Do We Secure Our Infrastructure?
We adhere to a number of industry best practices for securing our infrastructure, which include:
- We restrict access to all servers containing personal information to only a few employees in the company, our IT and server suppliers.
- All servers are regularly updated with the latest recommended security patches.
- All electronic transactions you make to or services to receive from us will be encrypted using SSL technology.
- All employees are trained on our privacy policy.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and user details confidential. We will not ask you for your password.
How Can You Request Access to Your Personal Information?
We recommend you to first contact our company via the mail below and the client service manager in charge (if it comes to corporate clients and institutions).
You may request a full report on the personal information we hold for you by sending an e-mail to contact@cambridgeschool.online.
In the subject line, please indicate “Request for Personal Information”. In your email, please specify:
- Your full Name and ID
- Whether you are an individual or a representative of a company client
- If you are an individual and/or the representative of our company client, the name/ID, you or the person of your company, has used for login to our virtual class platform and/or LMS system, as well as the mail address used, when ordering the services
Please note that we will need to share your request with the IT and server supplier to verify and action it. We will endeavor to fulfil all access requests within 30 days of receipt.
How Can You Request Deletion of Your Personal Information?
We recommend you first contact our company via the mail below
You may request deletion of personal information by sending an e-mail to contact@cambridgeschool.online.
Use the subject “Request for Deletion”
In the subject line, please indicate “Request for Deletion”. In your email, please specify:
- Your full Name and ID of the person, who’s data to be deleted
- Whether you are an individual or a representative of a company or institutional client
Please note that we will need to share your request with the IT and server supplier to verify and action it. We will endeavor to fulfil all access requests within 30 days of receipt, except the data, which are legally required by law for i.e. accounting and tax reasons (i.e. invoicing) and other similar purposes.
How Can You Contact Us?
If you have any questions about this document or our support for GDPR or about our Privacy Policy, please contact us directly at contact@cambridgeschool.online.
Last Updated: October 27, 2020