Introduction
In your platform, you can create a customized privacy policy for your users to accept when registering or logging into the platform. You can also create and assign specific privacy policies to specific domains, for those using Docebo’s Extended Enterprise app.
Furthermore, privacy policies can be versioned, so you can create a new version of the same policy when certain terms have been modified or updated. Your platform tracks all versions of the privacy policy, and whether each user has agreed to, rejected or not yet answered each version of the privacy policy. As the Superadmin, you can create and view reports related to your privacy policy as well (feature coming soon).
Terms & Conditions vs. Privacy Policy
Your platform has both a Privacy Policy and Terms & Conditions that Superadmins can configure and all learners must accept if they are activated. While the configuration process is nearly identical, consider them as two separate functionalities that serve two different purposes that can work together to ensure that your learners are provided with all of the legal and policy-related information before using the platform.
The Privacy Policy should cover the legal language on the data that you record (such as material viewed in the platform or the number of times a user attempts to take a test) and how you manage it.
On the other hand, the Terms & Conditions should outline the rules and guidelines that learners should respect in order to use the learning platform (such as not uploading informal learning assets related to specific subjects). Terms & Conditions should primarily focus on Discover, Coach & Share and E-Commerce, so learners know which rules to follow when asking questions to Experts, uploading informal learning assets, writing comments on assets, and purchasing courses or learning plans in the platform.
When learners log into their learning platform for the first time, when they self-register into the platform for the first time, or when they log in again for the first time after you have updated the Privacy Policy or Terms & Conditions, they will always be prompted to accept the most recent version of the Privacy Policy or Terms & Conditions (or both, depending on what you’ve updated).
Checkboxes with links to both sets of content appear in the login or registration form, or just after logging into the platform, for those that had already accepted an older version of either one. Learners will also find a link to the Terms & Conditions in their shopping carts and on the Contribute page in their platforms.
Questions & Answers
Who can create and manage privacy policies?
All Superadmins in your platform are able to view, edit and manage all privacy policies. Power Users and regular users have no editing or managing permissions related to privacy policies.
Who must accept the privacy policy?
If you’ve enabled the option in your platform’s Advanced Settings area that the privacy policy must be accepted, ALL users will be prompted to accept the privacy policy upon their next log into the platform if they have not already done so. Additionally, any new users that are created via self-registration, quick registration, via SSO or user provisioning, or by the Superadmin (manually, via CSV, or otherwise) must accept the privacy policy upon completing their registration or logging into the platform for the first time.
What happens if a user rejects the privacy policy?
If a user does not accept the privacy policy, he or she will not be able to access his or her platform. If a user originally accepts the privacy policy then later revokes the acceptance in his or her profile management area of the platform, they will be warned to proceed, and upon confirming, will be immediately logged out of the platform and will not be able to regain access until re-accepting the privacy policy.
Who can see the privacy policies that I create?
All Superadmins can see any privacy policies, including all versions of the policies in the platform when logged into a Superadmin account. All users will be able to view the privacy policy upon its publication when they are prompted to accept it on the login page of their platforms, or from the corresponding section in their profile area once logged into the platform.
For those using Docebo’s Extended Enterprise app and therefore have set up different subdomains for users to access, you can assign specific privacy policies to specific Extended Enterprise clients, meaning that users in a subdomain assigned to Policy A will only see Policy A, and users in a subdomain assigned to Policy B will only see Policy B. Alternatively, if you as the Superadmin have not assigned a specific policy to any client, those clients will see your platform’s default policy. Learn more about managing privacy policies for your subdomains.
Can I track who accepts or does not accept the privacy policy?
Yes, there is a dedicated report in your platform related to privacy policies, the Privacy Policy Dashboard. Here, you can view the acceptance status of every user in every branch of your platform, percentages of who has accepted, rejected or not answered a privacy policy, the timing in which a user has answered a privacy policy, and other details related to users interacting with their privacy policies. This dashboard can be viewed globally for all branches and locally per branch, in case you have assigned specific policies to specific subdomains belonging to a branch.
Can I create multiple versions or update my privacy policy?
Once you’ve created a privacy policy, any of the fields can be updated later, which will automatically create a new version of the policy. All versions can be tracked and viewed when managing that privacy policy. Any time a new version is created and published, all users must re-accept the privacy policy upon next logging into the platform.
Versions are at global language level. If you update a policy in any language, a new version is created for all languages. Users will have to re-accept the policy, regardless of their platform language. Therefore, if you’re managing a policy that is published in multiple languages, you should update any necessary fields in ALL languages before saving and publishing the new version.
Can I create privacy policies for each domain that I’ve created using the Extended Enterprise app?
When the Extended Enterprise app is active in your platform, you can easily create multiple privacy policies and assign them to individual or multiple clients, so users in the branches assigned to those subdomains must accept that specific privacy policy.
Can I create multiple acceptance criteria for my privacy policy?
Yes, you can create different acceptance messages for your privacy policy, called sub-policies in your platform. These additional acceptance messages can be flagged as mandatory or not. Mandatory sub-policies must be accepted along with the primary acceptance message before users can access their platforms. Each privacy policy can have up to three sub-policies in addition to the primary acceptance message.
Does Docebo provide a default privacy policy?
At this time, Docebo does not provide a default privacy policy text, sub-policies or acceptance messages. Rather, there is a simple text with no actual policy or agreement content, and the text must be modified by you as the Superadmin.
What happens if I activate or deactivate the Extended Enterprise App after configuring my privacy policy?
If you’ve created multiple privacy policies in your platform and assigned those policies to various clients while the Extended Enterprise app is active in your platform, and then you deactivate the app for any reason, the default privacy policy will then become your only privacy policy for your one domain. No content or versions for the default policy will be removed.
All users that were in branches assigned to subdomains will now be assigned to only the single domain, and they will be prompted to accept their newly assigned privacy policy (the default policy) upon the next login. Previous tracking per user is not lost, so you can still view acceptance data related to when the Extended Enterprise app was active in the Privacy Policy dashboard.
What if I switch users between branches that are assigned to subdomains with specific privacy policies?
If for any reason you move users from one branch to another, and the branches are assigned to different Extended Enterprise clients, the moved users will be prompted to accept the new privacy policy of the new subdomain upon their next log into the platform, and they will not be able to access their platforms until they’ve accepted the new privacy policy. This is necessary also if the privacy policy for each subdomain is the same.
What if I have users in branches that are assigned to multiple subdomains?
If users are assigned to multiple subdomains, they will have to accept the policy of each subdomain before accessing that subdomain. This is necessary also if the privacy policy for each subdomain is the same. As a Superadmin, you will have to accept every privacy policy assigned to each Extended Enterprise client, including the default policy, before accessing any subdomain.
How can I comply with the new European GDPR privacy regulations using my platform privacy policy?
Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice. Docebo’s privacy policy feature allows Data controllers:
- To include all of the information required by the GDPR in their privacy notices and to apply the relevant best practices. You can easily define and maintain security policies that details your organization’s personal data-handling practices in a concise, transparent, and intelligible way. Additionally, the policy is easily accessible, should be written in clear and plain language, and can be translated into the user’s own language.
- To provide an effective way to define and maintain policies and procedures for obtaining valid consent in accordance with the GDPR.
Can I create individual privacy policies for my users in different countries?
The only way to create individual privacy policies for users in different countries is by creating your organizational chart to divide users into branches per country, assigning those branches to a specific Extended Enterprise client, then creating a privacy policy for each client and assigning that policy to the corresponding client.
What happens to my APIs if the privacy policy hasn’t been accepted?
The privacy policy changes affect only the platform’s interface. All APIs won’t be blocked if the user hasn’t accepted the privacy policy.
Can I view the Privacy Policy when I access my platform’s login page from Docebo’s Go.Learn mobile app?
Privacy Policies can be viewed and accepted via the login page of the Go.Learn app for all learners. Please note that learners will be blocked from accessing their platforms in the app if they do not accept the Terms & Conditions.