GDPR stands for General Data Protection Regulation. It is a data protection and security regulation written in EU law to protect all citizens in the European Union (EU) and European Economic Area (EU) from data breaches and misuse or exploitation of information. However, GDPR regulations should be applied worldwise, which means it protects any individual that has shared personal information or data with any organisation including outside the EU. Organisations that do not comply to the strict GDPR conditions will face severe penalties.
We ensure that you have full control over your personal information. Under GDPR laws, you have the right to withdraw and limit access to personal information and data.
We will not use any of your personal information or data without your consent. We also request for your consent in a clear and reliable manner.
As you trust us to use your data to administer your employee surveys, we make it our responsibility to keep your data safe and secure. This makes you GDPR compliant as well.
EngageRocket provides easy access to a variety of our resources and policy information to ensure that you are aware of how and why we use your personal information and data.
With the option of conducting confidential surveys, we ensure high data integrity and protect your employees by ensuring their personal information stays confidential.
Besides our compliance to GDPR, EngageRocket prioritises information security.
Customer data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Customers with multiple applications and databases are assigned separate databases and accounts per application to mitigate the risk of unauthorized access between applications.
Our framework is based on the ISO 27001 Information Security Standard and includes programs covering: Security of our Cloud Architecture, Policies and Processes, Access Control, Physical Security, Encryption, Security Monitoring and Incident Response, Business Continuity Security and People Security.
The Secure Sockets Layer (SSL) protocol is a web standard for building trusted environments to make transactions online. When our connections are secured via SSL, they can be validated to be transmitted securely and privately. Our website is protected with version 3 of SSL, with SHA-256 with RSA encryption. Our website also guarantees that all credit card transactions, data transfer and logins are private when transmitted over a SSL encryption.
We commissioned an external data security firm to perform a penetration test on our system.
Here at EngageRocket, we work with world's leading partners and technologies.
Our engineers use Heroku, a platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud. Heroku runs applications through their isolated environment and cannot interact with other applications or parts of the system to prevent security and stability issues.
EngageRocket uses Stripe for processing payment online. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. It is the most stringent level of certification in the payments industry.