Privacy and Security Policy

Overview

This privacy and security policy governs the collection, storage and use of personal information by Realworld Employee Surveys Ltd.

Realworld Employee Surveys Ltd is registered in England and Wales (registration number 05355041), whose registered office is at 44, Bridgewater Road, Berkhamsted, Herts, HP4 1JB.

We collect personal information through our company website and through provision of services through our survey platform. These services include:

We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate and is in accordance with applicable data protection laws.

Responsibilities

Everyone who works for or with Realworld Consulting Ltd has some responsibility for ensuring data is collected, stored, and handled appropriately. Everyone who handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. Failure to adhere to the requirements and stipulations of this (and all related) policies will be regarded as a breach of the organisation’s rules and may result in disciplinary action up to and including action for gross misconduct in the most serious or repeated cases.

The personal information we collect about you

Website Visitors

If you are browsing our website we will not collect any personal data.

Our blog posts allow visitors to post comments. When posting comments there is the option to enter your name and email address, but this is not mandatory.

If you contact us via the ‘Get in touch’ page on our website, we will collect your name and e mail address purely so that we may respond to your query. The consent provided can be removed at any time simply by replying to any email received and requesting that we stop sending further e mails.

If you are, or work for, a client of Realworld Employee Surveys Ltd, then we will collect the minimum amount of business specific personal data, usually your name, business role and business contact details to enable us to manage the business relationship.

Survey Platform Users

Realworld Employee Surveys’ principal business offering is the provision of employee surveys and 360 degree feedback. These services are provided under contract whereby Realworld Employee Surveys operates as a data processor with the client organisation acting as data controller. In all such cases, Realworld Employee Surveys will implement all necessary operational and technical risk reduction and security measures appropriate for the risk profile involved. Responsibility for determining the legal basis for processing this personal data lies with the data controller, with Realworld Employee Surveys operating on the direct instructions of the data controller.

We provide our client users with access to our survey platform. In order to set up this access we will collect users’ names and email addresses.

Where we are administering surveys or 360 degree feedback our clients will provide us with the names and email addresses for survey recipients. We will then load this information into our survey platform to enable us to send out survey invitations. Some of our surveys may also require us to collect additional work-related information about survey recipients such as work location, job role and other demographic data such as age, gender and ethnicity etc. The client will act as Data Controller and the data we collect will be specified by the client. We will act as Data Processor for the client.

How we share your personal information and who we share it with

 We will only disclose information when required to do so in order to comply with laws and legal proceedings. If we are required to respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. When we believe it is necessary to share information in order to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

International transfers

We do not transfer personal information that we collect from you to third parties located in countries that are outside of the UK or the European Economic Area. 

Cookies

Our company website will use cookies and store your IP addresses purely for the purposes of effectiveness monitoring and optimisation. All website visitors will be provided with the option to accept or reject cookies.

We use cookies, for example, to remember users’ settings (e.g. language preference) and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our webite may be limited.

Data Security

We employ comprehensive, reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal information we process. This includes organisational security (passwords and access controls), physical security (data centre protection) and IT security (encryption).  Please note that no transmission over the Internet can ever be guaranteed secure.  Consequently, please note that we cannot guarantee the security of any personal information that you transfer over the Internet to us.

privacy and security policy

We are accredited with CyberEssentials+, which provides a level of compliance with best practice data security as a business.

The technical overview of the security employed by our survey platform is as follows:

Private Virtual Cloud Environment

  • Solution Location:  Secura London1 Data Centre (Enfield)
  • Solution Overview:  Secura has built Skyron an advanced private cloud infrastructure within a multi-tenant environment. The solution includes:
  • a virtual machine environment including production web and database servers and virtual test machines
  • a SQL Availability Group Cluster for failover functionality
  • full onsite and offsite backups
  • a high-throughput, secure firewall

Credentials

  • High availability with automatic recovery from server failure
  • Ultra-secure facilities, that provide 100 per cent uptime
  • Guaranteed compute and storage performance levels
  • Certification:
    • BREEAM Good
    • ISO 9001:2008 – Quality Management
    • ISO 14001:2004 – Environmental Management
    • ISO 27001:2013 – Information Security Management
    • ISO 50001:2011 – Energy Management

General Hosting Details

  • Boundary protection is in place on all systems with a connection to an untrusted network
  • Data centre offers N+N redundancy on UPS, and N+1 on all other critical services
  • Timely patching is applied against known vulnerabilities
  • Systems are protected from malicious and mobile code
  • Software and hardware is locked down to restrict unnecessary services
  • Secura Managed Alert Logic Threat Management Intrusion Detection Service (IDS) and Alert Logic Log Manager / Review
  • Proactive patching solution with automated updates applied upon release
  • Pingdom alert monitoring for all sites and services

Physical Security

  • Secured 24x7x365 with full authentication & access policy control and the latest physical security measures.
  • 24/7/365 on-site security team
  • 3 metre high perimeter fence
  • Manned vehicle entry gate to site
  • Internal and External IP CCTV with complete site coverage
  • Full authentication & access policy control
  • Security bollards, biometric entry system

Firewall / Network Specification

  • Clustered Virtual Firewall Appliance
  • Private 10Gbps network diversely connected to multiple providers for a blended, resilient Internet feed.
  • Access to a variety of tier 1 and 2 connectivity providers
  • Diverse fibre entry points to the site
  • Interconnection with major European internet exchanges
  • Fully managed with 24×7 monitoring

Resilience:

  • The data centre infrastructure underpinning the Virtual Private Cloud platform includes some of the UK’s most advanced, secure facilities used by leading banks, cloud vendors, systems integrators and telecommunications companies.
  • These multi-million pound facilities offer resilient connectivity with no single points of failure and the very highest levels of security and safety accreditation.
  • There is a 10Gb/s network underpins this infrastructure, providing robust, high performance connectivity between their data centre sites across the UK, with diverse 10G fibre connections and resilient routing in each location.

Scalability

  • The Virtual Private Cloud hosting offers scalability and security, where hosting resources can be scaled up and down with just a few mouse clicks. CPU, RAM and server storage capacity can be added within minutes to shape cloud platforms around any given, changing businesses requirements utilising the latest VMware technology

Data Retention

We retain information (including personal information) for the minimum reasonable time period to allow us to provide our services and will delete it after that time except where we need to keep any personal information to comply with our legal obligations, resolve ongoing disputes, or enforce our agreements.

Your rights

You have certain rights in relation to your personal information. You have the right to request that we:

  • provide confirmation of any personal information we hold about you;
  • update any of your personal information which is out of date or incorrect;
  • delete any personal information which we are holding about you;
  • restrict the way that we process your personal information;
  • prevent the processing of your personal information for direct-marketing purposes;
  • provide your personal information to a third-party provider of services;
  • provide you with a copy of any personal information which we hold about you; or
  • consider any valid objections which you have to our use of your personal information.

We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances. 

If an exception applies, we will tell you this when responding to your request.  We may request you provide us with information necessary to confirm your identity before responding to any request you make. 

Third party sites

Our company website may contain links to other websites operated by third parties.  Please note that this policy applies only to the personal information that we collect through the website or our survey platform, and we cannot be responsible for personal information that third parties may collect, store and use through their website.  You should always read the privacy policy of each website you visit carefully.

Changes to this Policy

This policy was last updated in March 2019. 

Please check back regularly to keep informed of updates to this privacy policy. Where we make significant changes to this privacy policy, and we have your email address, we will send you a separate notification of the changes.