This document outlines the information collected by RebelLMS, the conditions under which that information is stored, and the extent to which that information is retained.
RebelLMS is compliant with the Freedom of Information and Protection of Privacy Act (FOIPPA).
- RebelLMS – a proprietary web-based e-learning application with user login and tracking capabilities, created by and licensed from ETHOS Career Management Group Ltd., also referred to as “ETHOS”;
- Client – organization licensing RebelLMS from ETHOS;
- Participant – the end-user of the RebelLMS system, provided a user account of the user role “Participant” by the Client or by self-registration;
- User account – a unique email and password combination that identifies a specific individual to the system and authorizes the use of RebelLMS and access to information associated with the account;
- User role – a specific parameter applied to user accounts that authorizes specific capabilities and access within the system, including access to personal information.
What information is collected?
RebelLMS requires the following information in order to create a user account of any role:
- First name;
- Last name;
- Valid email address.
Additional parameters, including username, are arbitrary. Further information can be entered into the user profile at the user’s discretion.
Information is collected through the use of the system and may be connected to user accounts, including:
- Usage statistics, analytics data, and performance metrics including data collection by Google Analytics, New Relic, and additional usage collection tools utilized as a part of managing RebelLMS. This data is stored per IP address and does not identify individual users.
- Activities, page views, and actions;
- Course progression information and other course information such as quiz results, uploaded files, performance metrics, in-page actions, attention, and other data collected in completion of LMS material;
- Private messages, including attachments and metadata;
- Notes made by the user including metadata;
- Discussion forum data;
- User profile information;
- Attendance and attention per page;
- Other data generated through the use of the RebelLMS or submitted by the user at their own volition;
- Other information saved or uploaded to RebelLMS by either the Client or Participant.
Emails will be sent to the email address associated with each user account to provide administrative functions including password resets and transactional notifications. Additionally, ETHOS or the Client may choose to send emails to all users of RebelLMS to provide important updates or information. These emails are required for proper account functionality and platform engagement and can’t be disabled. To prevent these emails from being sent to you, please request your account’s deletion.
Information entered in the Guided Job Search Workshops may be transferred to other domains owned by ETHOS via SSL encrypted communications as part of workshop functionality. Data transmitted this way is not stored on the destination server and only takes place as part of document generation within Job Search Workshops. Such domains adhere to the same privacy and data integrity standards as our LMS systems outlined below.
How is information stored and accessed?
All LMS-related data and files are located exclusively within Canadian datacentres hosted by Digital Ocean in Toronto. LMS data is accessible only to logged-in users of the LMS system with specific user capabilities, and to RebelLMS development staff at ETHOS.
Users with the “Instructor”, “Facilitator”, “Group Leader”, or “Manager” user roles are limited to staff members and authorized third party contractors of the Client, and may be able to see all client information in the system, as outlined above. Users with the “ETHOS Administrator” user role are restricted to authorized employees of ETHOS and can see all client information in the system, as outlined above. All ETHOS staff with access to client information have completed BC Government privacy training and have signed non-disclosure agreements.
Backups of RebelLMS are taken mulitple times daily and contain all information found in RebelLMS at the time of the backup. Each backup is encrypted before being stored off-site and retained for 1 month.
How is information retained?
Information, as outlined above, is retained indefinitely, including by ETHOS, even after the conclusion of the RebelLMS contract with the Client. This information may be stored on ETHOS servers and retained in RebelLMS backups.
At any time you may request deletion of your user account. When a user of the role “Group Facilitator”, “Universal Facilitator”, “Manager”, or “ETHOS Administrator” deletes a user account from the system’s back-end administration interface, the majority of data related to the user will also be deleted permanently, with the following exceptions:
- Submitted form information;
- Uploaded files;
- Information visible to at least one other user, including but not limited to chat messages and discussion forum data;
- Other information volunteered by the user or generated through the use of RebelLMS;
- Analytics and usage information unrelated to course completion;
- SMTP logs and other records of automated emails sent to the email address associated with the account.