We were told data stays in CB for 1 year past the end of our contract? Can we change this if we wanted to?
Yes. One year is the default time frame chosen by Click Boarding in order to, at a minimum, meet GDPR requirements. Changes to this time frame are possible but would need to be worked into your contract/MSA.
What would the process look like if a new hire requested to have their information deleted?
Per GDPR requirements, if a candidate were to submit a GDPR data deletion request to Click Boarding, we would immediately contact the affected client (data controller), alerting them to the claim, and requesting their permission to delete the data. Once permission is granted by the client, the data in question would be shredded/anonymized accordingly.
Can we get an audit log for any changes made to access levels?
Click Boarding does not log changes to user access levels within the platform.
Is Click Boarding regularly patched for security issues?
The Click Boarding platform is built on Microsoft Azure’s cloud platform in a PaaS model whereby the underlying Infrastructure is entirely managed, and by extension automatically patched, by Microsoft itself. In addition, all Click Boarding employee’s workstations, even ones not used to access the platform, are configured to automatically install security patches within a reasonable amount of time after they’re released.
Is the Personal Data Encrypted?
All personal data that touches the Click Boarding platform is encrypted in transit using a minimum of TLS 1.2, and at rest using AES 265 at both the data layer (DB level encryption) and the hardware layer (BitLocker on all physical hard drives).
Comments
0 comments
Please sign in to leave a comment.