The Health and Safety Authority uses its e-learning site https://hsalearing.ie to collect data on courses, learner activity, geographical and business locations, requests for technical support, and to periodically survey visitors to the site. The site also hosts a Digital Badges platform https://badges.hsalearning.ie that is linked to our Choose Safety programme – see details below.
This policy applies specifically to the Authority’s elearning portal https://hsalearning.ie and provides you with information about:
- what personal data we collect
- how we use your data
- who we share your data with
- how long we hold onto your data for
- how we ensure your privacy is maintained, and
- your legal rights relating to your personal data.
The Health and Safety Authority (HSA) issue digital badges to students in post-primary schools, or Further Education institutions in the Republic of Ireland that participate in the HSA Choose Safety Programme. Badges are issued from https://badges.hsalearning.ie
What personal data we collect from you on this site
When you enrol on a course at hsalearning.ie, we collect the following data: your name, your county, the country you are in and your email address. When you complete a course, we retain your scores and certificates of completion.
Enovation Ltd. administrators and nominated staff from the Authority’s Education Unit have access to your personal data in line with the service you signed up to be provided with. Access to your account is based on a user name and password which are retained by you and the password can be changed at any time by you. It is important that you protect this information. If your password has been compromised for any reason you should change it immediately and contact firstname.lastname@example.org if you require any assistance with this.
When a teacher registers to award digital badges at http://badges.hsalearning.ie, we collect the following data: school name, school address, teacher’s name, teacher/school’s email address, teacher’s contact number, the estimated number of students doing the Choose Safety programme, and whether a teacher is currently delivering the programme to his/her students or intends to.
Once registered, teachers can award digital badges to their students for completing modules of the Choose Safety programme. In order to do this student email addresses are required to be logged.
From time to time teachers may request assistance from staff of the Authority’s Education Unit who can log the email addresses on their behalf. To submit a request contact email@example.com
Teachers must ensure that consent has been obtained before any student email addresses are logged on the Digital Badges platform or sent to the Authority’s Education Unit to be logged on their behalf.
Children and Young People
The vast majority of the courses on https://hsalearning.ie are intended for adult learners. The primary school courses are intended for teachers to deliver in a classroom setting. The post-primary course ‘Get Safe Work Safe’ is suitable for delivery by teachers/further education institutions in a classroom setting. From time to time teachers/further education institutions may register a group to take the ‘Get Safe Work Safe’ course. Where this occurs the teacher/tutor must ensure they have obtained consent to register their students. When using the ‘Group Manager’ facility the only personal information that teachers/tutors will log are email addresses. This enables students to take the course in their own time under their teacher’s/tutor’s supervision.
When using the Digital Badges platform https://badges.hsalearning.ie the only personal information that teachers will log in relation to their students are their email addresses. Teachers must ensure that they have obtained consent to log this information.
We will take action to delete any data that comes to our attention, which may have been logged without consent. A request to remove information that may have been collected can also be made by emailing firstname.lastname@example.org
What personal data does this website collect using cookies?
Our learning management system (LMS) is a secure Moodle based system available at https://hsalearning.ie. This site uses two types of cookies:
1. MoodleSession: This is an essential cookie, which, after login, maintains your login information—username and password—as you navigate through https://hsalearning.ie. We use the session cookie to track your progress through the site, allowing us to maintain the security and integrity of the data being used. If you have chosen to disable session cookies on your browser you will not be able to access the courses. This cookie is destroyed upon logout.
2. MoodleID: This cookie is for the purpose of convenience only. It remembers your username within the browser. It is safe to refuse this cookie, which can be done by allowing the Remember username checkbox to remain unchecked in the Login box at the https://hsalearning.ie homepage.
This information also applies to our Digital Badges platform https://badges.hsalearning.ie hosted on https://hsalearning.ie
For general web browsing no personal information is revealed to us, although certain statistical information is available to us via our internet service provider. This information may include:
- The logical address of the server you are using
- The top level domain name from which you access the Internet (for example, .i.e., com, .org etc.)
- The type of browser you are using
- The date and time you access our site
- The Internet address used to link to our site
Some of the above information is used to create summary statistics that allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally, help us to make our site more user friendly
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. This to ensure that the service is available when you want it and fast.
For further details on the cookies set by Google Analytics, please refer to the Google Code website.
How we use your data
All of the personal data we collect from you on this site is collected and retained in order to facilitate setting up your elearning account, track your course progress, and retain your results and any certificates awarded in order to give you a complete and up to date record of your learning. Learners have access to all courses taken and certificates under their User Profile. A user name and password is required in order to set up your account. This allows you to create and secure your account login details. Your data is not used to contact you between taking courses unless you specifically opt in to receive further information from the Authority in relation to new courses or HSA activities.
Personal data collected on the Digital Badges platform is collected and retained to facilitate setting up your Digital Badges registration account and to retain results of awards. Your username and password will allow you to continue to award badges to your students.
Who we share your data with
Your data is processed by Enovation Ltd., who are contracted by the Authority to set up and maintain the Authority’s elearning platform. A data processing agreement is in place between the Authority and Enovation Ltd. Your data is processed as directed by the Authority in line with our commitment to you regarding your privacy. Technical support queries will also be handled by Enovation in line with our data processing agreement. If you wish to see the relevant section of the agreement please email your request to email@example.com.
Technical support for all of the online courses is available by emailing your query to firstname.lastname@example.org General non-technical queries relating to the online courses should be emailed to email@example.com
Support for Digital Badges is available by emailing your query to firstname.lastname@example.org
Your name, email address, organisation, and contact telephone/mobile number is logged in order for us to respond to your query.
How long we hold your data for
The Authority will only retain data collected on this site for as long as necessary to fulfil the legal and business functions for which it was collected in the first instance.
Therefore, we will retain your data as long as you wish to retain an account with hsalearning.ie and a record of your learning. If you wish you close your account and delete your data, please send an email outlining your requirements to email@example.com.
How we ensure your privacy is maintained
We will take all steps we deem to be reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.
While we take these steps to maintain the security of your data, you should be aware of the many data security risks that exist and take appropriate care to help safeguard your information. The nature of the internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is at your own risk. We store information you provide to us on secure servers and deploy appropriate technical and organisational security measures in the storage and disclosure of your personal data to try to prevent unauthorised access or loss.
Hsalearning.ie is hosted in a secure environment. The Technical and Physical security measures used to ensure your privacy is maintained are:
Technical security measures
Access control and authentication
- An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
- The use of common user accounts is avoided. In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
- When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to personal data only to those who require it for achieving the Processor’s processing purposes.
- Where authentication mechanisms are based on passwords, Processor requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
- The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.
Logging and monitoring
Log files are activated for each system/application used for the processing of personal data. They include all types of access to data (view, modification, deletion).
Security of data at rest
- Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
- Database and applications servers only process the personal data that are actually needed to process in order to achieve its processing purposes.
- Users are not allowed to deactivate or bypass security settings.
- Antivirus software and detection signatures are updated regularly.
- Users do not have the rights to install unauthorized software applications.
- The system has session timeouts when the user has not been active for a certain time period.
- Critical security updates released by the operating system provider are installed regularly.
- Whenever access is performed through the Internet, communication is encrypted using cryptographic protocols.
- Traffic to and from the IT system is monitored and controlled through Firewalls and/or Intrusion Detection Systems.
- Backup and data restore procedures are defined, documented and clearly linked to roles and responsibilities.
- Backups are given an appropriate level of physical and environmental protection consistent with the standards applied on the originating data.
- Execution of backups is monitored to ensure completeness.
- Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
- Mobile devices that are allowed to access the information system are pre-registered and pre-authorised.
Application lifecycle security
During the development lifecycle, best practice, state of the art and well acknowledged secure development practices or standards are followed.
Software-based overwriting will be performed on media prior to their disposal or physical destruction will be performed.
Shredding of paper and portable media used to store personal data is carried out.
The physical perimeter of the IT system infrastructure is not accessible by non-authorised personnel. Appropriate technical measures and organisational measures are set in place to protect security areas and their access points against entry by unauthorised persons.
Your legal rights relating to your data
You have the following rights in relation to data collected on this site:
- the right to ask what personal data that we hold about you at any time
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge, and
- the right to have any personal data about you deleted.
If you wish to exercise any of the above rights, please email your request to our data protection officer at firstname.lastname@example.org