At Cognitive Talent Solutions we take data privacy very seriously. These are some of the actions we take to ensure data privacy and full compliance with GDPR regulation:
IDENTITY AND ACCESS
- We implement our own authentication and authorization solution.
- The authentication and authorization module handles web requests before handing them off to your application code, and it denies unauthorized requests before they reach your code.
- We monitor access patterns to identify and mitigate potential threats.
Our virtual machines and data are isolated from undesirable traffic and users, yet we apply an additional shield:
- Our platform enforces HTTPS and minimum TLS 1.2 protocols. All unsecured requests are turned away before they reach our application code.
- We support access control via IP addresses restrictions.
- The communication between our application and any other cloud-based resource on MS Azuere within our control is secured and encrypted. This is also applicable to remote management tools like REST APIs.
DATA PROTECTION & PRIVACY
CTS takes data protection very seriously. Technology safeguards
such as encryption and operational processes about data destruction keep your data secure and protected from malicious activity:
- All our devices are encrypted as part of CTS security policy.
- We use encryption when transferring data between on-premise and cloud data storages.
- If you request data deletion or we leave Microsoft Azure, industry standards that call for overwriting storage resources before reuse, as well as physically disposing of decommissioned hardware are in place.
- You can specify the geographic areas where your data is stored—data can be replicated within a geographic area for redundancy.
- Users are given a direct line to our Data Protection (DP) Officer: For any organization to have a successful data collection process in place, they need to have a DP officer. This will be an authorized person with the knowledge of data and privacy issues. Details of our DP like office, name, email and contact information are available to our users.
- Users are informed about the data retention period for the survey data: The GDPR compliant surveys relations specify that all the organization looking for compliance, have to clarify the tenure for which respondent data will be retained. Under GDPR, every organization needs to have their own data retention rules. We provide our own language and data protection policy and so should every other organization and mention it clearly in their surveys.
- Users are asked for consent to collect data, and they are informed about the benefits that data collection report to them.
- Users can revoke and withdraw this consent at any timeby submitting a request to the data controller to have their personal information erased or to prevent further processing of that data.
- Users are granted access to the collected data: GDPR compliant surveys enforce the fact that every respondent should be able to read and also download their data in readable formats. We allow users to corresponding user metadata along with downloading it like IP address, information about browser and others. To make sure the download is also GDPR compliant, users can make the download in either PDF or JSON format.
- Restrictions in email communication analysis: When monitoring email communication, the only information captured is the email accounts of senders and recipients. This information is obtained by filtering the data provided by the email platform's API on our clients' premises, thus avoiding contact with sensitive information such as email content.
Protection from known and emerging threats requires constant vigilance, that’s why we have the following defenses in place:
- Integrated deployment systems manage security updates for Microsoft software with update management processes to your virtual machine.
- 24-hour threat management protects our infrastructure and platform against malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats.