GDPR Compliance Processes Statement

GDPR Compliance Processes Statement

Making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations and to assist our customers to do likewise is an integral part of how we operate. Our customer relationships along with the trust they place in us, are at the very heart of our business, and are never taken for granted. We see GDPR as affording us yet another opportunity to continue our legacy of protecting their data. Outlined below are the key aspects of our GDPR compliance processes.

Data Security:

  • Access Control (Authentication and Authorization)
  • Data Encryption at rest and in transit
  • SOC 2 accredited Data Centres
  • Vulnerability Management
  • Incident Response and Recovery
  • Periodic security reviews and penetration testing
  • PCI DSS Compliant  

Security Incidents

Despite best practises and security standards, no service on the internet is impervious to risk of security incidents. However, we have security incident policies and procedures in place and frequently review these procedures. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers with all the information necessary for them to meet their own regulatory reporting obligations under GDPR. Customers can also monitor and understand user activity across their account such as evaluations deployed, the number of responses collected and more.

London Data Centre

In addition to the initiatives highlighted above, our data is hosted in the UK, London.

Data Minimisation and Accuracy of Your Data

Privacy by design and privacy by default are an intrinsic part of our product planning and development. One example of how we can help customers address their obligations under GDPR while using TrainingCheck is through user admin functions. Using these functions your account administrator can edit, export or delete any data collected from your customers and employees.

Data Privacy

Privacy by design and privacy by default are an intrinsic part of our product planning and development. One example of how we can help customers address their obligations under GDPR while using TrainingCheck is through the user admin functions. Using these functions your account administrator can edit, export or delete any data collected from your customers and employees.

Data Retention

We have company-wide data retention policies. Furthermore, we empower our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. For example, you can delete a single individual evaluation response from your account if required to do so, as long as you can identify the correct respondent. These features are readily accessible to all of our customers. We honour all deletions from an account, and after a short period of time, all account data which has been expunged by you is permanently deleted from our back-ups.

Sub-Processors

No SaaS provider is fully self-sufficient and so use of trusted third parties is essential to maintain our business. We only partner with industry-leading, fully GDPR compliant companies and are happy to provide specific details of this. For more information please contact us: support@trainingcheck.com