Appraisal360 degree feedback system – Data Security

Appraisal360 takes the security of your information seriously. The following describes the measures we have in place to safeguard your data and also the responsibilities that end users have to ensure that their own security is maintained:

Physical Security

Appraisal360 is hosted on a dedicated enterprise level server at a European data centre operated by Rackspace. Details of the physical, electrical and electronic security measures can be found on their website.

The entire data repository is backed up daily and stored at a second data centre – also in Europe. We do not store any data outside of the EU.

Access Control

Appraisal360 does not have any general public facing access to its applications. The only access for users is via a logon which can only be activated via a verified email address.

Access to system administration functions is only available to our own staff on an “as necessary” basis.

We monitor industry best practice for web applications of this nature and endeavour to ensure that we comply with appropriate state of the art guidelines at all times.

Completed reports can only be accessed by logging into the system and downloading – we do not send potentially confidential information out by email. Once a report has been downloaded it is the customer’s responsibility to keep it secure.

Questionnaires can only be accessed via an encoded and encrypted link in the invitation email they have been sent. Questionnaires cannot be accessed after the report has been generated without referring directly to our helpdesk.

We do not share email addresses or any other user information with any third party not directly involved in the operation and maintenance of the system.

We are registered under the Data Protection Act as a bureau. Our registration number is Z9927886.

All data entered onto our system is on the understanding that it is confidential and we will not divulge any such information to any person who did not enter it in the first place, save for in the form of completed reports.

End user responsibilities

We expect users to keep their usernames and passwords secure and to change them immediately if they suspect that they may have fallen into the wrong hands.

We expect users to provide correct email addresses to us and to ensure that any emails sent by us are not blocked by email gateways or spam filters.

We expect end users to be responsible for the security of their own email systems and mailboxes.

General Data Protection Regulation (GDPR)

We comply with the requirements of the General Data Protection Regulation (GDPR). More details can be found in our Data Processing Agreement.

You can find a list of our data sub-processors here.