This is an important question and, of course, the answer is YES. From owning, storing, transferring, accessing, backing up, monitoring, to testing and reviewing our security procedures, every aspect is covered to industry best practice standards and is legally compliant. All your security questions are answered above... but if you need clarifications to not hesitate to reach out to us.
All your data is stored using Amazon Web Services (AWS), one of the world’s leading cloud-based services. AWS is used by millions of businesses from AirBNB, to Capital One and Netflix. The data is stored in Ireland allowing you to meet European regulations as no data is transferred outside the EU and is physically secured by trained and audited Security staff around the clock, 365 days a year (see Amazon whitepaper on security).
Your data is transferred with high-grade TLS 1.2 (https) technology. This is industry standard technology, used by everybody from Google to the big banks. We limit the duration of Workelo sessions and will automatically log you out of Workelo after certain time, and we only use secure cookies (which don’t store any personal information locally).
We should look at 3 types of parties that can get access to your data:
You and your staff – your staff will have access to the data, using password and per data access credential that you will provide them. You can control who can view, edit, upload and download any information or document based on his/her role credentials.
Our staff – a small number of authorized Workelo personnel as defined in our security policy can access to your data. Any Workelo team member doing so will be performing specific (audited) tasks on your request via our support desk. Access to all sensitive data requires two-factor authentication by these personnel.
In some cases, based Your consent, data will be provided to 3rd party service providers for specific business purposes (e.g. getting quote for services).
Our data centers backup your data multiple times a day and your data is fully restorable within reasonable time in the unlikely event of a problem. However, we recommend that you will have a backup of your data to be update on periodic basis since we are not a backup service. We offer such ability through our scheduled reports.
We keep an audit log of all activity on system data, and in each User Card you will be able to see a log of all changes that have ever been made to that card. Viewing log changes can be viewed based on the viewer credential rights.
We maintain Security Policy that define the security tasks that we should perform periodically. Our site and API undergoes independent, ongoing third-party penetration testing, security scans, threat detection and black box assessment.
IF YOU’RE HOSTING MULTIPLE TENANTS WITHIN YOUR CLOUD INFRASTRUCTURE, WHAT SECURITY MEASURES PREVENT ONE CUSTOMER ACCESSING ANOTHER CUSTOMER’S DATA? IS OUR DATA SEGREGATED FROM OTHER CUSTOMERS?
Each piece of data stored is associated with a tenant ID. All access to data is enforced to use a tenant ID key. Data is logically divided. If the information is stored on disk then every client has its own folder, if data is stored on a database then access to the data is strictly enforced to use the tenant identifier so there is no leakage between clients.
On May 25, 2018, the GDPR will come into effect and replace existing national data protection laws in EU member states. The GDPR strengthens privacy rights of EU individuals and places additional requirements on businesses processing personal data of EU individuals.
At Workelo, trust is our #1 value and nothing is more important than the success of our customers and the protection of our customers’ data. Workelo welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and has worked from its 1rst version to respect the GDPR.
To whom does the GDPR apply? The scope of the GDPR is very broad. It applies to Workelo customers based in the EU as well as non-EU customers to the extent such customers offer goods and/or services to or track the behavior of EU individuals. The GDPR applies to all industries and sectors.
What does the GDPR aim to achieve? The dual aim of the GDPR is to: • update existing EU data protection laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex cross-border flows of personal data; and • replace the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What are some of the biggest changes resulting from the GDPR?
Importantly, the GDPR does not place any new restrictions on transfers of personal data outside the EU.
For more info, please have a look at the GDPR official text