Health Service 360 – Data Security

Health Service 360 takes the security of your information seriously. The following describes the measures we have in place to safeguard your data and also the responsibilities that end users have to ensure that their own security is maintained:

Physical Security

Health Service 360 is hosted on a dedicated enterprise level server at a European data centre operated by Rackspace. Details of the physical, electrical and electronic security measures can be found on their website.

The entire data repository is backed up daily and stored at a second data centre – also in Europe. We do not store any data outside of the EU.

Access Control

Health Service 360 does not have any general public facing access to its applications. The only access for users is via a logon which can only be activated via a verified email address.

Access to system administration functions is only available to our own staff on an “as necessary” basis.

We monitor industry best practice for web applications of this nature and endeavour to ensure that we comply with the appropriate state of the art guidelines at all times.

Completed reports can only be accessed by logging into the system and downloading – we do not send potentially confidential information out by email. Once a report has been downloaded it is the customer’s responsibility to keep it secure.

Questionnaires can only be accessed via an encoded and encrypted link in the invitation email they have been sent. Questionnaires cannot be accessed after the report has been generated without referring directly to our helpdesk.

We do not share email addresses or any other user information with any third party not directly involved in the operation and maintenance of the system.

We are registered under the Data Protection Act as a bureau. Our registration number is Z9927886.

All data entered into our system is on the understanding that it is confidential and we will not divulge any such information to any person who did not enter it in the first place, save for in the form of completed reports.

End user responsibilities

We expect users to keep their usernames and passwords secure and to change them immediately if they suspect that they may have fallen into the wrong hands.

We expect users to provide correct email addresses to us and to ensure that any emails sent by us are not blocked by email gateways or spam filters.

We expect end users to be responsible for the security of their own email systems and mailboxes.

General Data Protection Regulation (GDPR)

We comply with the requirements of the General Data Protection Regulation (GDPR). More details can be found in our Data Processing Agreement

Sub-processor

A sub-processor is a third party data processor engaged by The Braver Group Ltd, including entities from within the group, who has or potentially will have access to or process Service Data (which may contain Personal Data). Further information can be found in the data processing agreement

The Braver Group Ltd uses the following sub-processors to provide infrastructure and services to assist it in providing the The Braver Group Ltd Services. All of our sub-processors have been checked for GDPR compliance.

 

Entity

Purpose

Location

Third Eye Resolutions Appraisal 360 feedback platform United Kingdom
Amazon Web Services, Inc Amazon Web Services (AWS) provides the primary infrastructure used by the Processor to host Service Data submitted to the Services United Kingdom
Rackspace Ltd Rackspace provides the primary infrastructure used by the Processor to host Service Data submitted to the Services United Kingdom
Stripe Credit card payment handling United States
Postmark Postmark is an email sending service the Processor relies on as a service provider for sending emails from the Service operated by Wildbit Inc. United Kingdom
Google Support email and website usage analysis United States
InfusionSoft CRM and email system United States
Wiley DiSC Profiling United States