GDPR

Our Commitment to You and the Protection of Your Data

TalentLMS has an ethical, legal and professional duty to ensure the information it holds conforms to the principles of confidentiality, integrity, privacy and availability. In other words, the information that we are responsible for is safeguarded where necessary against inappropriate disclosure, is accurate, timely and attributable, and is available to those who should be able to access it. TalentLMS complies with standing national law and international regulation regarding privacy and security issues. We are currently running a GDPR compliance program internally so as to be fully compliant with GDPR when the new legislation comes into force (May 25, 2018).

Besides strengthening and standardizing user data privacy across the EU nations, GDPR imposes new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR-compliance, both for ourselves and for our customers.

Preparing for the GDPR

The GDPR’s updated requirements are significant and our team is working to bring TalentLMS in line before May 25, 2018. Measures to achieve this include:

  • Continuing to invest in our security infrastructure
  • Making sure we have the appropriate contractual terms in place. Ensuring we can support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing Addendum
  • Enhancing our policies, controls and product offerings, including new tools/product features for data portability and data management

We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and codes of conduct, and will adjust our plans accordingly. We’ll provide you with regular updates along the way by means of our newsletters or enhancements to this site, so that you’re always current.

Our Security Infrastructure

Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. Our cloud infrastructure utilizes Rackspace servers and AWS S3 storage, two industry leading cloud providers that are heavily certified in privacy and security. On top of that we have invested in building a robust privacy and security team, adhering to NIST recommendations and are in the process of enhancing our set of tools for detecting software vulnerabilities prior to production release, assessing our software and deployments, monitoring our infrastructure, protecting customer data, ensuring disaster recovery, business continuity and high availability. In accordance with GDPR requirements around security incident notifications, TalentLMS will continue to meet its obligations and offer contractual assurances.

Please visit our Privacy policy and Terms of Service, as well as our Security page, if you’d like to learn more about our privacy and security policies, procedures and features.

International Data Transfers: Privacy Shield and Contractual Terms

To comply with E.U. data protection laws around international data transfer mechanisms, we already take part in the transatlantic PrivacyShield program that ensures that data from EU customers are properly handled when located on US servers. You may find our entry for TalentLMS here.

TalentLMS will never employ subprocessors that retain facilities or may perform processing in countries that are not contained in the list of countries for which the European Commission has explicitly affirmed on the adequacy of the protection of personal data.

Data Portability Solutions and Data Management Tools

We fully understand that TalentLMS customers need help from our side in order for them to comply with the GDPR. And we’re happy to say that over the next few months, we’ll be building those tools and features to enhance TalentLMS so as to be fully compliant with the GDPR regulation. Information about the features and functionalities of these enhancements will be shared with you as it becomes available.

Compliance-related controls will enhance the existing tools for data exports with the new features required by GDPR, also fulfilling the TalentLMS obligations regarding data subjects’ rights.

Stay Updated

Fulfilling our privacy and data security commitments is important to us. So we’re glad to help you prepare for all the changes the GDPR brings. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how TalentLMS can help you with compliance, or you have any privacy-related concerns, please reach out by contacting us at: privacy (at) talentlms (dot) com.