What is the GDPR?
The GDPR is a European law on the protection of personal data. Implemented on May 25, 2018, it regulates, among other things, the collection, use and sharing of users' personal data by European companies (like ours).
You'll find a lot more details here: https://gdpr.eu/what-is-gdpr/
Why this document?
To make sure you can exercise your rights, we need to explain clearly (without legalese) and concisely what data we collect, what we do with it, and what rights you can apply.
Personal data collected and their use
Identity and access
When your account is created on Rbean, we collect your first name, last name, and email address to identify you and create a unique username. This information is displayed on the Rbean interface and we may use your email to communicate with you (by default, most email communication is disabled).
You may (depending on your course configuration) have the option of uploading an avatar photo. This photo will be displayed on the Rbean interface.
When you log in or when you have been logged in for several hours, we store an entry in the database to say that you are still active. This entry contains security data (your ip) as well as statistical data (name of your OS and browser).
Rbean only uses a session cookie to keep your session open and to prevent security breaches (csrf breach). This session cookie is deleted when you log out of the site.
- Voluntary data
We also keep data that you voluntarily send us. For example, by responding to a survey or by sending us emails directly.
- When do we share your data?
Data accessible by the school or training center
Personal data filled in on the Rbean website can be accessed by the school/training center/company.
Some types of training courses use a Gitlab (if you are not taking a programming course, this does not concern you. If you are taking a programming course, you will know very quickly if Gitlab is used!). This Gitlab is an independently installed tool, but it too is administered by Rbean. Rbean will share your personal data with this tool to create an account for you.
- Conservation period
We keep the data for a maximum of 3 years after your last activity. An email will be sent to you a few weeks before the deletion of your data to warn you.
Where is the data stored?
The servers are hosted by Digital Ocean (https://www.digitalocean.com/legal/gdpr-faq/). They are physically located in Amsterdam.
Daily backups are made and stored (heavily encrypted) at Dropbox.
How is my data secured?
All communications between your browser and the site are secured by HTTPS. This means that they are encrypted between your computer and our machines: if someone intercepts them, they cannot understand them.
Daily backups are made. These backups are heavily encrypted before being stored in the cloud. If anyone other than Rbean accesses the files, they cannot read them.
Most of the data in our databases is not encrypted. Only the password and some unique identifiers are encrypted.
What are my rights as a Rbean user?
Rights of knowledge and access
At any time, you can request access to the personal data stored about you. In the case of Rbean, most of the information is available in the student profile. If not, please contact us!
You can change your personal data at any time, with the exception of your unique identifier (username). These personal details are usually editable by your mentors/teachers/course managers. If not, please contact us!
At any time, you can delete your personal data (which may mean deleting your account). They are generally deletable by your mentors/teachers/course managers. If not, please contact us!
At any time, you can export your data in a digital format to import it back into another tool. If you don't have a button on your profile that allows you to do this independently, contact us!
Your personal data is never used by Rbean to discriminate against you. All manual or automatic actions taken by the platform never take into account your personal data.
Other rights under the GDPR
You can exercise all of your rights under the GDPR. If the action is not possible automatically, contact us!
To exercise one of the above rights or for any additional information, you can contact us at firstname.lastname@example.org. We will try to answer your request as soon as possible.
Version v1.0 - 18/03/2021