Poodll takes customer concerns about their data seriously. This page is about the European GDPR (General Data Protection Regulation) but relates to Poodll's handling of data generally.
Moodle introduced new privacy tools in Moodle 3.5 and the same tools are available in Moodle 3.3 and 3.4 as plugins. These allow you to:
- Display required privacy statements to new users
- Request consent and log/report on consent received
- Document what user data a plugin is storing
- Manage and execute requests to delete or to export user data
Read more here: https://docs.moodle.org/en/GDPR
In order for the privacy tools to work, plugins must implement a new Privacy API. The latest version of all the Poodll plugins support the Privacy API. So you can export data, or delete data via Moodle's privacy tools.
Though Poodll recordings are initially sent to our Amazon S3 storage, they are removed after 24 hours and moved to Moodle. Ultimately the recordings are Moodle files and are managed by Moodle. The plugin/area they were uploaded to( e.g a forum, or a quiz) is responsible for them.
With the help of the Privacy tools in Moodle, it is possible to fulfill your reporting and other GDPR related responsibilities.
Some common questions we have received:
What information about users of the Poodll service do you store on your servers?
We do not store any personal information about students/teachers/users at all. There may be personal data contained within recordings. We do not know the content of the recordings. They are removed after 24 hours and no copies made.
Does our data leave Europe/USA/Canada/etc ?
We have Amazon AWS regions in North Virginia (USA), Tokyo (Japan), Dublin (Ireland) and Sydney (Australia). It is possible to keep all your data within one of those regions by selecting that region. If this is important to you please check this document.
Can we request access to a recording? Can we delete data from your servers?
Poodll has been designed to keep recordings as anonymous as possible. There is no way for us to identify the owner of an uploaded file. So it is not possible to match a user to their file(s), nor to authenticate a requester as the true owner of a recording. Requests for data export or deletion should be made via Moodle and the new Privacy tools.
Our document explaining what happens to your data and our policies is available here.
Our Poodll Software as a Service Terms of Service are here:
For those users in Europe our GDPR Data Processor Addendum to the Terms of Service is here. Contact us to request a version we both sign.