Data processing
As the virtual learning service of SOS Children's Villages, SOSvirtual manages the personal data of its users. These data are collected through a learning system and administered through its own database. The following sections provide relevant information on how data are managed and the commitments assumed by SOSvirtual when accessing, storing, processing and deleting the information collected.
Regulations
Data processing activity in SOSvirtual is governed by the General Data Protection Regulation (GDPR), corresponding to European Regulation 2016/679 of the Parliament and of the Council, dated 27 April 2016. This regulation establishes specific requirements for organisations regarding the protection of natural persons in relation to the processing (collection, storage and management) of personal data and the free movement of such data.
Why do we collect your data?
SOSvirtual collects personal data to provide a personalised and optimal experience for all users at each stage of the learning service. The analysis of these data enables continuous improvement actions that help achieve capacity development objectives and measure their impact within the organisation. The purposes of personal data processing by SOSvirtual are as follows:
- Registration and access to the learning platform: Managing access to the online course offer requires administering the registration of users who enter the learning environment.
- Tracking participation in online courses: Link participation results with each activity completed or not completed by a user.
- Certificate issuance: Issuing certificates for users who successfully complete courses, based on their personal identification data.
- Servicio de reportes: Generating general and detailed reports, such as participation lists, which are consulted by authorised staff, as described in the section “Who can access your data?”.
- Communication: Sending personalised and/or group messages related to learning processes and organisational communications.
What personal data do we collect?
- First and last name
- Organisational email address (or personal email for co-workers without an organisational account)
- Country
- City (optional)
- Entity (for example: National Association, International Office, other organisations)
- Work area
- Position
- Gender (optional)
- Date of birth (optional)
- Profile picture (optional)
- Name of the organisation (only collected from external SOS Children’s Villages audiences)
- Cross-border mentoring country (only collected from external SOS Children’s Villages audiences)
When do we collect your data?
SOS Children’s Villages co-workers
Although the SOSvirtual portal is public, most of its learning offer provides exclusive access to SOS Children's Villages co-workers. Names, surnames and organisational email addresses are automatically obtained from the SOS Children's Villages Active Directory when accounts are created. Except for the email address (used as a unique identifier), users can update their personal data at any time from their profiles.
Co-workers without organisational accounts
For co-workers who do not have institutional accounts but are linked to SOS Children's Villages, accounts are created through a standardised form that collects all the data mentioned above. This form is sent to SOSvirtual by authorised representatives of National Associations or other bodies such as the International Office.
External users (non-co-workers)
For external people not related to SOS Children's Villages, accounts are created through an online form that collects all the data mentioned. Once the form is submitted, the user receives their credentials to access the platform. The same data processing rules apply as for any user.
Data retention period
SOSvirtual keeps a historical record of completed courses and issued certificates for a period of three (3) years. After this period, the data will be securely deleted.
The personal data of external learners enrolled in the course “Voluntariado en SOS Children's Villages” will be anonymised after three years.
This data retention policy is aligned with applicable legal requirements and ensures that personal information is not kept longer than necessary.
Who can access your data?
- SOSvirtual team: Accesses and processes information from all SOSvirtual users for global and specific monitoring, as well as for preparing reports for other stakeholder groups.
- Learning and human resources staff: Accesses data from users belonging to their respective National Association or Region for monitoring learning plans and preparing reports.
- Facilitators/Tutors: They access data from participants in the courses they support in order to assist their learning process.
- Content or course owners: Teams that promote specific courses (for example, the Child Safeguarding course managed by the Child Safeguarding team) may access user data to evaluate the reach and impact of the course.
- Other authorised persons: Defined by the management of National Associations and Regional or International Offices.
Updating personal data by the user
SOSvirtual allows users to update their personal data at any time. To update information (for example, a spelling correction, a change of position or city of residence), follow these steps:
- Sign in to your account.
- Click your profile name in the upper-right corner.
- Select the Profile option.
- In the User details section, select Edit profile.
- Save the changes made.
Note: The only data that cannot be changed is the email address, as it works as the user’s unique identifier.
Contact with the data controllers
To exercise your rights—including the right to be informed, access, correct, delete, restrict processing, data portability, object to processing or not be subject to automated decisions—you can contact the people responsible for data processing at SOSvirtual by emailing [email protected].
Include documentation proving your identity (ID card or passport) and the following data: full name, type of request, address and the corresponding supporting information.
[email protected]More information
For more information about the applicable regulation, visit the following official sites:
- Official GDPR text - EUR-Lex
- GDPR information portal
April 2024