Axis LMS and GDPR Compliance
Learn about the tools in Axis LMS that help you comply with the GDPR
The European Union (EU) adopted the General Data Protection Regulation (“GDPR”, EU regulation 2016/679), which came to be on May 25, 2018, and is meant to protect and empower the data privacy of EU citizens and reshape how organizations that operate within the region approach user data privacy. The full text of the GDPR can be found here.
GDPR applies not only to organizations that operate within the EU, but will also affect companies that undertake “real and effective” business activity there. Any business that conducts data processing that offer goods or service (by payment, or for free) to EU citizens must comply with the requirements outlined in GDPR. If your company is based outside of the EU, but you control or process data from EU citizens, GDPR applies to you.
Atrixware has an ethical duty to ensure the information it holds conforms to the principles of confidentiality and privacy. The information that we are responsible for is safeguarded where necessary against inappropriate disclosure, and is available to those who should be able to access it.
We have successfully completed a GDPR compliance program internally (as a ‘Processor’).
Besides strengthening and standardizing user data privacy across the EU nations, GDPR imposes new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located.
Our Security Infrastructure
Protecting our customers’ information (your information) is extremely important to us. Our cloud infrastructure utilizes LiquidWeb servers and Amazon S3 storage, both are industry leading cloud providers that are heavily certified in privacy and security. All Axis LMS communications are encrypted using a highly secure version of SSL/TLS with strong ciphers, resulting in A+ security rating. Our cloud infrastructure utilizes LiquidWeb servers and AWS S3 storage, two industry leading cloud providers that are heavily certified in privacy and security.
Supporting your enhanced rights as data subjects
The rights of our Axis LMS clients (you) as data subjects are important to us. We are committed to supporting the new, enhanced under GDPR, data subject rights for all Axis LMS customers, regardless of their location or nationality.
Right to Rectification: You may access and update your Axis LMS account settings at any time from within the Axis LMS system, and/or update your account information by contacting Atrixware at any time to correct, amend or delete information that we hold about you.
Right to Erasure: We will permanently delete your account and all data associated with it if/when you are no longer a client. In particular, the termination of your administrator account will delete the system and all data, and backups are removed within 30 days.
Right to Object: You may opt out of inclusion in our marketing by removing yourself from the mailing lists using the footer in the newsletters and marketing emails that you receive.
Right of Data Portability: You may export your user and report data at any time through the administration panel of the Axis LMS. Axis LMS by design supports exporting to XLS.
Supporting your end users’ enhanced rights as data subjects and your role as ‘controller’
We understand that you may need help from our side in to comply with the GDPR. And we’re happy to say that we have built those tools and features to enhance Axis LMS so as to be fully compliant with the GDPR regulation regarding the support of the GDPR-enhanced data subject rights for your end users.
Right to Rectification: By default, end-users can access and update their information from their account.
Right to Erasure: Axis LMS supports various end user management tools, which include rendering a user inactive, or permanently deleting all data associated with them. These two complementary Axis LMS features allow our customers to fully comply with GDPR regarding their domains’ end users’ right to be forgotten-erased from Axis LMS.
Restriction of Processing: Axis LMS supports the right to restriction of processing by providing to the administrator to render any user as “Inactive”. This can also be done for large sets of users.
Right to Οbject: The case where the end user objects to processing for e-learning is covered in the “Right to Erasure” part. In case the user objects to Axis LMS email notifications, they can contact the Axis LMS administrator, who can exclude the respective user(s) from email notifications.
Right of Data Portability: Tools are available so admins can export user account and training information in XLS format.
Consent: Axis LMS enables its customers to explicitly ask for and record users’ consent for using the Axis LMS service in by enabling you to set a requirement that users “agree” to usage terms you define prior to using the system. This is also logged by the Axis LMS, thus making it easy to use it for reporting or compliance purposes if needed.
No automated individual decision-making: By default, Axis LMS respects the right of its users not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
DISCLAIMER: THE INFORMATION ON THIS PAGE IS NOT LEGAL ADVICE FOR YOU OR YOUR COMPANY TO USE IN COMPLYING WITH EU DATA PRIVACY LAWS LIKE THE GDPR. THE CONTENT ON THIS PAGE IS MEANT ONLY FOR EDUCATIONAL PURPOSES AND TO PROVIDE YOU WITH BACKGROUND INFORMATION TO HELP YOU BETTER UNDERSTAND ATRIXWARE’S EFFORTS TO COMPLY WITH THE REGULATION.
If you enjoyed this article please consider staying updated via RSS.