Personal data policy
This document outlines our commitment to your privacy, security and personal data.
We support the EU’s General Data Protection Regulations (GDPR). The nature of the products and services that we supply require us to collect and store some personally-identifiable information. For instance email addresses and billing details, or login details so your users can access the software that we host.
Generally, the data that we store is integral to the way our hosted software works.
You can at any time request an export, or deletion of your personal data.
Our software solutions
We offer support and hosting of the following software. These software solutions store user data. To read more about the types of data they collect, please follow the links below.
- Moodle - https://docs.moodle.org/35/en/GDPR
- Mahara - http://manual.mahara.org/en/18.04/faq/privacy.html
- WordPress - https://wordpress.org/news/2018/04/gdpr-compliance-tools-in-wordpress/
- BigBlueButton - https://blindsidenetworks.com/gdpr/
Our internal systems
To run our day to day business we use the following products.
Email marketing lists
- Our email marketing list retain basic information about you that you provide voluntarily such as name, email address and location. Every marketing email that we send includes links for you to update your personal data, or unsubscribe from these lists.
- Our support helpdesk records basic information about you to help respond to product enquiries, and offer support for existing clients. It also retains email messages sent to us. We are currently reviewing the software which powers this system.
- Applicable to enquiries, clients and suppliers, we store contact and payment information.
If you require a copy of your data from any of these systems, or wish to delete it “the right to be forgotten” please email us.
Your personal data
The main purpose for collecting and using your personal data is to provide you with hosted LMS solutions and related services. This may include the following;
- Contacting you for billing, training, or related services
- Supporting your use of the systems
- Making you aware of security updates or new features
You can opt-out of email marketing at any time (see “Our internal systems”) and depending on your location we may have required your explicit consent to send you these marketing communications. If you are unsure whether you have given your consent we suggest that you provide us with permissions again https://pukunui.com/newsletter/ to ensure that you continue to receive communications from us. Opting out does not affect your ability to receive support and maintenance for existing sites hosted with us.
About our servers
Our servers are top quality enterprise level hosted with Amazon Web Services (AWS) in Singapore and Sydney.
- We follow the best practices concerning the management and storage of data.
- Security is maintained by AWS - See: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
- Only yourselves and our Authorised Support Staff will have access to your data.
- Backups have been periodically tested.
- SLAs are in place for the uptime of Moodle.
- Help desk support SLA can be found at https://pukunui.com/sla-moodle-support/
In general we do not share data we collect about you to any third parties. In the event that we outsource a service to another company, the minimum amount of data will be provided to them to provide the service. For instance, Blindside Networks provides us with BigBlueButton hosting. This means that if you use Pukunui’s BBB Lite, or the full BBB provided on your hosted Moodle site, your webinar sessions will be run on Blindside Networks servers. You can read more about their data policies here https://blindsidenetworks.com/privacy/
We thank our happy customers for sharing their “success stories”. If you have consented to a testimonial on our site and would like us to edit or delete it, please contact us.
We use Google Analytics on https://pukunui.com/ to help us improve how you access relevant information. This includes things like tracking the length of time visitors spend on each page, the source of the traffic and the order of pages on our site they visit.
As a client of ours, what should you be doing?
If you haven’t already done so, you should review your GDPR, privacy and data protection policies.
Pukunui is a hosting provider and for maintenance, upgrades, support or troubleshooting will access your server, or sites you have hosted with us.
The personal data of your site users
Your data and the data you collect about your learners and staff is yours. As the site owner, you are responsible for your data. This is commonly referred to as the “data controller”.
If you have users that visit or use your site from the EU and UK we recommend that you look into your responsibilities and seek professional advice as to what you need to do to comply with the GDPR.
We do not knowingly collect data or information about children under the age of 13. By using our services you are responsible for collecting appropriate permissions and consent from all of your users.
If you believe you have children under the age of 13 using your site and you have not obtained proper consents please contact us so that we can delete the information.
Country specific regulations
Pukunui is continually reviewing our systems and policies to make sure that all personal data provided is handled in accordance with the relevant provisions for Hong Kong, Malaysia and Australia.