PRIVATE POLICY

About

This Privacy Policy governs the manner in which FINA collects, uses, maintains and discloses information collected from users (each, a “User”) of the https://learning.fina.org.website.

Who we are

The FEDERATION INTERNATIONALE DE NATATION, hereinafter known as FINA, is the world governing body for the sport of Aquatics.

Our website address is: https://learning.fina.org.

What personal data we collect and why we collect it

By default, we do not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users.

However, if the user is enrolled in a course or an exam, we collect information relating to its course and quiz performance. We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable).

We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

IThemes Privacy settings
This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

TO be completed by FINA if we use google analytics. See https://privacy.google.com/businesses/compliance

Who on our team has access?

Members of our team have access to the information you provide us. For example, both Administrators and Group Leaders can access:

Order information such as your enrolled courses, course progress and username / email address.

Any additional information added in your User Profile can also be visible to the administrator(s).

Who we share your data with

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

 

How long we retain your data

For users that register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Security logs are retained for 60 days.

 

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Please contact privacy@fina.org.

Where we send your data

Hosted information TO be completed by Future Learning

Your contact information

Person of contact: Romain Venard
Email address: dataprivacy@fina.org

Additional information

How we protect your data

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its users happens over an SSL secured communication channel and is encrypted and protected with digital signatures.

What data breach procedures we have in place

Banned users

Database Backups

One of the best ways to protect yourself from an attack is to have access to a database backup of your site. If something goes wrong, you can get your site back by restoring the database from a backup and replacing the files with fresh ones. Every 5 days we create a backup of your database for this purpose.

Local Brute Force Protection

The system prevents to try an unlimited number of password combinations to get into the site. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.

The number of login attempts a user has before their host or computer is locked out of the system is set to 5. The number of login attempts a user has before their username is locked out of the system is set to 10.

Network Brute Force Protection

Local brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally. Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to this site and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.

Strong Passwords Enforcement

We force users to use strong passwords as rated by the WordPress password meter.