Introduction
In your platform, you can create a customized privacy policy for your users to accept when registering or logging into the platform. You can also create and assign specific privacy policies to specific domains, for those using Docebo’s Extended Enterprise app.
Furthermore, privacy policies can be versioned, so you can create a new version of the same policy when certain terms have been modified or updated. Your platform tracks all versions of the privacy policy, and whether each user has agreed to, rejected or not yet answered to each version of the privacy policy. As the Superadmin, you can create and view reports related to your privacy policy as well.
By default, the privacy policy is activated in new platforms, meaning that users will have to agree to the policy in order to access their platform. For those that were using the privacy policy functionality prior to April 24, 2018, please refer to the Questions and Answers article to learn how to navigate the transition to the new privacy policy functionality in your platform.
When requested to provide consent to the Privacy Policy, users can choose a language different from the one you selected for them, among the platform’s active languages. If the language they select while reading the policies is different from the language selected in their My Profile area, once they access the platform, the language will be reset to the language set in their My profile area.
This article outlines how to activate and manage the privacy policy if your platform uses the Extended Enterprise app. Customers not using this app and therefore are only using a single domain, can learn how to manage their privacy policy by referring to the article for single domains.
Terms & Conditions vs. Privacy Policy
Your platform has both a Privacy Policy and Terms & Conditions that Superadmins can configure and all learners must accept if they are activated. While the configuration process is nearly identical, consider them as two separate functionalities that serve two different purposes that can work together to ensure that your learners are provided with all of the legal and policy-related information before using the platform.
The Privacy Policy should cover the legal language on the data that you record (such as material viewed in the platform or the number of times a user attempts to take a test) and how you manage it.
On the other hand, Terms & Conditions should outline the rules and guidelines that learners should respect in order to use the learning platform (i.e. not uploading informal learning assets related to specific subjects). Terms & Conditions should primarily focus on Discover, Coach & Share and E-Commerce, so learners know which rules to follow when asking questions to Experts, uploading informal learning assets, writing comments on assets, and purchasing courses or learning plans in the platform.
When learners log into their learning platform for the first time, when they self-register into the platform for the first time, or when they log in again for the first time after you’ve updated the Privacy Policy or Terms & Conditions, they will always be prompted to accept the most recent version of the Privacy Policy or Terms & Conditions (or both, depending on what you’ve updated).
Checkboxes with links to both sets of content appear in the login or registration form, or just after logging into the platform, for those that had already accepted an older version of either one. Learners will also find a link to the Terms & Conditions in their shopping carts and on the Contribute page in their platforms.
Activating the Privacy Policy Globally for All Domains
In order to manage a privacy policy, log into your main domain as the Superadmin. Access the Admin Menu from the gear icon in the top right corner, then press the Advanced Settings item in the Settings section. Now, access the Users tab. In the Options section, flag the Privacy Policy MUST be accepted option and press Save.
The privacy policy is now activated for all of your subdomains. You can go into the settings of each subdomain to turn off the privacy policy for that subdomain. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.
If this option is not enabled, you are still able to access the Privacy Policy configuration area in your platform, and you can create and manage a privacy policy, but it will not appear to your users on the login or registration page of the platform. You may want to keep this option disabled as you draft your privacy policies per domain, then activate it after creating all of the policies for all subdomains in your platform.
Activating the Privacy Policy Locally for Subdomains
Whether you have activated the privacy policy globally from your main domain or not, you can locally activate or deactivate the privacy policy for a subdomain in the Extended Enterprise settings. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.
To manage the settings of an individual subdomain, access your Admin Menu, then press the Manage subitem in the Extended Enterprise section. On the main Extended Enterprise page, find the subdomain in the list, then press the gears icon to access its settings. Reach the Privacy Policy tab, then flag the option in the first section to Enable custom settings for this client. Now, you will see that the Privacy Policy section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can flag the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can flag the Assign a policy option.
If you flag the second option, use the Select a policy dropdown menu to assign a privacy policy for this domain. Alternatively, you can assign a privacy policy to this subdomain from the Privacy Policy management area of your platform. The assigned policy will be reflected in the interface of the Privacy Policy tab in the subdomain’s settings. Likewise, if you assign a policy to the client in the settings area for the subdomain, it will be reflected in the interface of the Privacy Policy management area of your platform. Press Save Changes once finished.
Upon assigning a privacy policy to a subdomain, all users in that subdomain must accept that privacy policy upon their next log into the platform.
Viewing and Managing All Privacy Policies
To view and manage all of the privacy policies that you’ve created, access your Admin Menu, then press the Privacy Policy item in the Settings section. Here, you will see a list of all of the policies that you’ve created and you can manage them as necessary.
In each policy’s row, you will see the policy name, ID code, to which Extended Enterprise clients the policy is assigned, the date of the last update to the policy, and the version of the policy. Hover your mouse over the policy’s row in the list to make the ellipsis icon appear, then press the icon to Edit or Delete the policy.
Anytime that you edit an existing privacy policy, keep in mind that a new version is created when you edit any field or content other than the title. If you update only the title of the policy, a new version is not created since that field is only visible to you as the Superadmin. Any other edit to any other field will automatically create a new version, and assigned users will have to accept the new version before accessing their platforms again. Learn more about creating privacy policy versions from the corresponding section in this article.
When you delete an existing privacy policy, the tracking history is deleted along with it, so you will not be able to access any history regarding the privacy policy from privacy policy reports. If you delete a privacy policy that is assigned to one or more clients of the Extended Enterprise, all of those clients will then be assigned to your platform’s default privacy policy, and the users of those subdomains will be asked to accept the default privacy policy upon their next login. You can also re-assign these clients to a new privacy policy.
Managing the Default Privacy Policy
By default, your platform has a blank default privacy policy that is pre-created for you. This default policy cannot be deleted. There is no content in the policy itself at first, so you need to edit it to populate content.
To edit the default policy for the first time, access the Privacy Policy management area from the Admin Menu, find the default policy in the list (it will be labeled accordingly), then press the ellipsis icon at the end of the policy’s row. Refer to the following section to learn about creating and managing the content of a privacy policy, as the process of editing the content of a policy is the same for all policies, including the default privacy policy. Every time you update the content of a privacy policy, a new version is created, so all users assigned to the default policy will have to re-accept the privacy policy. Refer to the following section regarding how to manage versions of your privacy policies.
By default, all users in all domains are assigned to the default privacy policy until you assign a new policy to a client. You cannot assign clients to the default policy, nor can you set a new policy that you create as the default policy. If you delete a privacy policy that has subdomains assigned to it, those subdomains will then be assigned to the default policy until you assign them to a new policy.
Creating a Privacy Policy and Managing Its Content
To create a new privacy policy, access the Admin Menu, then select the Privacy Policy item in the Settings section. On the main Privacy Policy page, press the plus button in the right corner. In the slideout panel, you need to first create the privacy policy in your platform’s default language. Provide a policy title and a title message (this is the acceptance message that your users will see). Then, press Create & Edit at the bottom of the panel.
On the next page, there are three tabs at the top: Settings, Preview and Versioning. When you first draft your privacy policy, all of your work will be done in the Settings tab. Find any later policy versions that you create in the Versioning tab. If you want to preview how your policy will look for learners before saving it as a new version, you can switch to the Preview tab at any time before pressing Save Changes.
In the Settings tab, begin in the Privacy Policy Content section. You need to create the privacy policy in your platform’s default language. Provide a policy name.
In the Header Message section, add an introductory message that appears above all of your policy and sub-policy text on the registration form for learners. Please note that this text can be no longer than 500 characters, and should serve as a brief introduction to what users will accept below the message in the form. It will be immediately visible during self-registration and can be used to summarize the most important information. Please note that this message is not mandatory, but suggested. Then provide a title message (this is the acceptance message that your users will see) and the text body of the policy.
In the text body, you can format and stylize the text as desired. Additionally, you can add PDF files into the body of the text by pressing the Attach Files button in the text formatting bar. Note that your platform does not track whether learners click on the link to the file or download the file, but the Versioning functionality in your platform ensures that the version of the file that is served to the end-user is always the right historical one.
Once you’ve completed all of the required fields, you can press Save Changes to publish this version of the privacy policy for your users. If you need to add any policy extensions or sub-policies to the privacy policy, move to the Sub-Policy section before saving your changes.
Creating and Managing Sub-Policies
If you need to add any sub-policies or additional acceptance messages to a privacy policy, press the Add New button in the Sub-policy section when creating or editing the privacy policy. This option is useful if you need users to accept additional options when accepting the privacy policy, such as allowing user data to be viewed by a third party system or subscribing to newsletters. Then, insert the sub-policy acceptance message into the corresponding text field and flag whether it’s mandatory or not. If you set a sub-policy to be mandatory, users will not be able to access their platforms until they’ve accepted the sub-policy.
Repeat this process for up the three sub-policies per privacy policy. To delete a sub-policy, simply press the X icon in it’s row. When you’re finished, press Save Changes.
Creating a Privacy Policy in Multiple Languages
When creating or updating a privacy policy, you can create the same version of the policy in multiple languages using the multi-language selector tool. Learn more about this tool.
Please note that when you’re creating or editing a policy in the platform’s default language, the default language fields are mandatory. However, when adding content in a language that is not the default language, the fields are not mandatory. Therefore, if you do not populate a field in one of the additional languages, that field will appear to users in the default language instead of appearing blank. For example, if your default language is English, you must fill out every field of the privacy policy in English. If you then create content of the same policy in French but you do not fill out the acceptance message, learners with their platforms set in French will see the acceptance message of their privacy policy in English.
Any time that any field of the privacy policy is updated in any language, a new version is created. Versioning for a privacy policy is at a global language level, not localized to individual languages. Therefore, you cannot have a privacy policy with 3 versions in English and 7 versions in French.
Once you update any fields and press Save Changes, a new version is created for all languages. Therefore, when you are updating the privacy policy, be sure to update it in all necessary languages before pressing Save Changes. Refer to the following section to learn more about versioning.
Updating a Privacy Policy and Managing Versions
Once you’ve created a privacy policy, any of the fields can be updated, which will automatically create a new version of the policy. All versions can be found in the Versioning tab. Any time a new version is created and published, all users must re-accept the privacy policy upon the next log into the platform.
Versions are at global language level. If you update a policy in any language, a new version is created for all languages. Users will have to re-accept the policy, regardless of their platform language. Therefore, if you’re managing a policy that is published in multiple languages, you should update any necessary fields in ALL languages before pressing Save Changes and creating a new version.
In the Versioning tab of a policy, use the sliding bar in the area at the top of the page to see all of the available versions and switch between which version you want to view. For each currently viewed version, you will see the version name, who published that version and the date and time of publication.
Below, you will see the full privacy policy version, including all acceptance messages, title, and text. To change the language in which you’re viewing the version, use the Language dropdown menu in the top right corner of the policy.
Assigning and Unassigning Policies to Subdomains
You can assign privacy policies to specific subdomains, meaning that one domain can have a different privacy policy than a different domain. This is useful if your subdomains are populated by branches that are divided by users in different offices, countries, regions, etc. and therefore need to agree to different policies in order to use the platform.
After you’ve created the privacy policy, find it in the list of all policies on the main Privacy Policy Management page. In the Extended Enterprise Clients column for each policy, you will see how many domains have been assigned to that privacy policy. To manage which clients are assigned to that policy, press the item in that column and then select the Assigned to tab.
Remember that you cannot assign any clients to the default policy, as this serves as the fallback policy in case any clients are not assigned to a specific policy.
You can also access this area by pressing the ellipsis icon in a policy’s row, then pressing the Edit item from the dropdown menu. In the Assigned To tab, press the global plus button in the top right corner to assign domains to the policy. In the slideout panel, flag the clients that you want to assign to this privacy policy. By assigning these clients to this policy, all users in these subdomains must accept this privacy policy upon their next log into the platform.
Refer to the Assigned Policy column in the panel to see which policy is currently assigned to a specific client. By assigning a new policy to the client, users in that subdomain will have to accept the newly assigned privacy policy before accessing their platforms. Once you’ve selected the clients, press Confirm.
To unassign subdomains from a policy, access the Assigned To tab for the policy and press the global plus icon in the top right corner. In the slideout panel, unflag the clients that you want to unassign from the policy. Alternatively, you can flag the subdomains in the list in the policy’s Assigned To tab, then press the Choose Action button at the bottom of the page, and select the option to unassign those domains from the policy.
Please note that upon saving these changes, these clients will be assigned to the default policy until you manually assign them to a new policy. Remember that even if you change the privacy policy assignment for a subdomain, all data for a user’s privacy policy interactions will be tracked by the platform and can be viewed in the reports area.
Privacy Policies for the Learners of the Extended Enterprise
If users are assigned to subdomains of the Extended Enterprise, they will have to accept the policy of each subdomain before accessing that subdomain. This is necessary also if the privacy policy for each subdomain is the same. As a Superadmin, you will have to accept every privacy policy assigned to each client of the Extended Enterprise, including the default policy, before accessing any subdomain.
Note on the Text Editor
Please note the text editor embedded in the platform is Froala, refer to the Froala Knowledge Base for further information on its usage. Also remember that the rendering of the output of WYSIWYG editors may be slightly different from the input, depending on the CSS rules applied.