The application of the GDPR (General Data Protection Regulation) is an internal process of your training centre. It is not enough for you to use "GDPR-compliant" software: Each organization is accountable for the policy on the responsible collection and management of the personal data of its clients and students.
Digiforma is a medium that stores this type of data and, therefore, has the responsibility of applying the regulations as a subcontractor.
👉 We advise that you learn more about our operation on this page: The GDPR for training providers that use Digiforma
👩🏻💻 Personal data of users
User data can be consulted and edited from each user's Digiforma access account.
The data requested in a user's account are those legitimately necessary for the operation of the service. A user can export their account data and request that it be permanently deleted by contacting the data controller of Digiforma, through the email address rgpd@aworldforus.com .
🗂️ Data processing
In order to offer users the best possible customer service, the Digiforma team uses the Intercom system for communication via chat/ email with customers. This system respects the GDPR and only collects the minimum data necessary to perform the service (no data related to your clients or your training sessions).
The data of your clients and students are not subject to any data processing that is not related to your daily use of Digiforma. In no case are they transferred to other services.
❓Other questions... and technicalities
Can I delete personal data? If so, in what way (deletion, classification, duration, anonymization...)?
Each person responsible for processing the data must determine a consistent retention period for the data, which is justified with respect to the purpose of its processing. Therefore, an organization cannot retain personal data indefinitely, except in specific cases and limited to what is strictly necessary.
Data deletion (deletion): it is possible to delete the data entered in your Digiforma account at any time.
Data classification: Digiforma allows you to consult the creation date of each file in the database. Use filters to organize and clean your database according to the retention duration established by your centre.
Treatment limitation: you can anonymize learner data from their file in the database. This process allows you to preserve some data, such as financial history for example; The learner's name will be replaced by a code and any personal information (name, address, etc.) will be permanently destroyed.
Is there a record to prove who did what and when (an employee record, who created a review...)?
No.
Is it possible to customize the fields on the screen?
Yes, in part.
Can it be synchronized with an AD360 for authentication processes? Are there other types of synchronization with reference data?
No.
Can learners manage their personal data?
Not directly, they must contact the administrator or person in charge of the centre, who has access to Digiforma.
Is it possible to download personal data?
Personal data can be exported in Excel format. The use of APIs also allows programmatic accesses.
Is there user management by profile?
Yes.
What is the level of user authentication (login, passwords and other factors)?
Account data can only be accessed with a username and password.
Data encryption?
Databases are continuously protected by physical backups, and data is encrypted on disk in AES-256.
Where are Digiforma's servers located?
Digiforma's servers are located in Europe (Ireland) in the AWS data center through the web application hosting company Heroku (a subsidiary of Salesforce).
What is the routing encryption level (https)?
All data exchanges between the web browser and Digiforma servers are encrypted using the SSL protocol. The data center used by Digiforma has ISO 27001, SOC 1 and SOC 2/ SSAE 16/ ISAE 3402 certifications.
To learn more...