GDPR

What is the GDPR?

The GDPR is a European law on the protection of personal data. Implemented on May 25, 2018, it regulates, among other things, the collection, use and sharing of users' personal data by European companies (like ours).

You'll find a lot more details here: https://gdpr.eu/what-is-gdpr/

Why this document?

To make sure you can exercise your rights, we need to explain clearly (without legalese) and concisely what data we collect, what we do with it, and what rights you can apply.

Personal data collected and their use

  • Data

Identity and access

When your account is created on Rbean, we collect your first name, last name, and email address to identify you and create a unique username. This information is displayed on the Rbean interface and we may use your email to communicate with you (by default, most email communication is disabled).
You may (depending on your course configuration) have the option of uploading an avatar photo. This photo will be displayed on the Rbean interface.

Connection logs

When you log in or when you have been logged in for several hours, we store an entry in the database to say that you are still active. This entry contains security data (your ip) as well as statistical data (name of your OS and browser).

  • Cookies

Rbean only uses a session cookie to keep your session open and to prevent security breaches (csrf breach). This session cookie is deleted when you log out of the site.

  • Voluntary data

We also keep data that you voluntarily send us. For example, by responding to a survey or by sending us emails directly.

  • When do we share your data?

Data accessible by the school or training center

Personal data filled in on the Rbean website can be accessed by the school/training center/company.

Gitlab

Some types of training courses use a Gitlab (if you are not taking a programming course, this does not concern you. If you are taking a programming course, you will know very quickly if Gitlab is used!). This Gitlab is an independently installed tool, but it too is administered by Rbean. Rbean will share your personal data with this tool to create an account for you.

Youtube/Twitter/…

Rbean lets you post youtube videos, tweets, google drive documents, etc. These are external sites that are integrated into the Rbean interface. These sites probably use cookies to authenticate you and Rbean can't do anything about that.

  • Conservation period

We keep the data for a maximum of 3 years after your last activity. An email will be sent to you a few weeks before the deletion of your data to warn you.

Where is the data stored?

Servers

The servers are hosted by Digital Ocean (https://www.digitalocean.com/legal/gdpr-faq/). They are physically located in Amsterdam.

Backups

Daily backups are made and stored (heavily encrypted) at Dropbox.

How is my data secured?

TLS

All communications between your browser and the site are secured by HTTPS. This means that they are encrypted between your computer and our machines: if someone intercepts them, they cannot understand them.

Backup encryption

Daily backups are made. These backups are heavily encrypted before being stored in the cloud. If anyone other than Rbean accesses the files, they cannot read them.

Database encryption

Most of the data in our databases is not encrypted. Only the password and some unique identifiers are encrypted.

What are my rights as a Rbean user?

Rights of knowledge and access

At any time, you can request access to the personal data stored about you. In the case of Rbean, most of the information is available in the student profile. If not, please contact us!

Correction rights

You can change your personal data at any time, with the exception of your unique identifier (username). These personal details are usually editable by your mentors/teachers/course managers. If not, please contact us!

Deletion rights

At any time, you can delete your personal data (which may mean deleting your account). They are generally deletable by your mentors/teachers/course managers. If not, please contact us!

Portability rights

At any time, you can export your data in a digital format to import it back into another tool. If you don't have a button on your profile that allows you to do this independently, contact us!

Non-discrimination rights

Your personal data is never used by Rbean to discriminate against you. All manual or automatic actions taken by the platform never take into account your personal data.

Other rights under the GDPR

You can exercise all of your rights under the GDPR. If the action is not possible automatically, contact us!

Contact

To exercise one of the above rights or for any additional information, you can contact us at mathieu@rbean.io. We will try to answer your request as soon as possible.

Version v1.0 - 18/03/2021