GDPR – An Update On How We’ve Handled It

Mentorloop supports and encourages employees’ success through mentoring relationships; and is committed to every user’s rights and privacy. Back in April 2018, we made a promise to update our processes and policies in order to meet the requirements of new European legislation relating to these rights: the General Data Protection Regulation 2018. This article/white paper explains how Mentorloop have responded to the GDPR and the measures we have taken to be compliant.

To fulfil our commitment to understanding and implementing the guidelines, we commissioned an independent review of our practices and processes, which was carried out in conjunction with our Technology department.

In the spirit of ongoing transparency, we wanted to share with you our responses to fourteen of the most common questions we are asked about this topic.

1. Why does the GDPR apply to Mentorloop?

As we expand our solution to facilitate mentoring relationships across the globe, it’s our responsibility to comply with the GDPR; regardless of whether the data is actually processed in the EU. Instead of having separate policies, we have chosen to make GDPR the baseline for all of our data policies no matter what country our mentors and mentees are in.

2. Mentorloop is an Australian entity, so where is user data stored?

In Australia, we use Australian data centres. When it comes to storing the personal data of EU data subjects, we have chosen a solution that is certified by the European Commission as being adequate in order to comply with GDPR. Put simply, this means that we use Amazon Web Services’ UK-based data centre.

3. Are you a Data Processor or a Data Controller? And how did you decide that?

This question is often one of the initial points of discussion with a new client. And it can be confusing.

Although we process personal data on behalf of our clients, we also determine how the information is collected and the manner in which the processing is carried out. This makes us a Data Controller.

4. Do you follow GDPR or the Australian Privacy Principles?

The short answer is: both.

We’ve always been committed to The Privacy Act in how we handle, use and manage personal information. GDPR includes some similar requirements. Both laws aim to foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected.

5. What tools and technologies do you use to process the data that you collect?

Mentorloop is a proprietary built platform and is used to collect and process the data we collect from users of the app.

6. How does Mentorloop protect the personal data collected on the platform?

We have adopted a ‘protection by design’ approach and as such, put in place physical, technical and organisational procedures and techniques to safeguard users’ information. These safeguards include measures such as single-sign-on, which lets our customers dictate how the users authenticate; logical segregation of data and encryption of databases. We also ensure that only the data necessary for the specific purposes of delivering mentoring programs, is processed, used and stored.

7. How are you managing the consents and rights of users of the platform?

We’ve made it clear and simple to understand exactly what users are agreeing to when joining a mentoring program. This means that people are able to give their consent via a form, with the purposes of data processing attached to that consent, so that it’s totally unambiguous.

8. What documents can you share that support your adherence to GDPR?

We want to be absolutely clear about how we use the data that we collect. You can read our Privacy Policy which is published on our website. It’s written in plain English, making it clear how data is processed and (unlike most documents of its kind) is easy to understand. But please let us know if that’s not the case!

9. How are you ensuring users of the platform have the Right to be Forgotten?

Luckily, this has never been something we’ve denied users. However, what we’ve done as part of our work to follow the guidelines of the GDPR, is created and documented a clear process for it. So if any user makes this request, we have measures in place to ensure that we fulfil this swiftly and efficiently.

10. Are your third parties following the same standards?

We take great care when selecting third parties to work with, ensuring that if they do hold personal data (which not all of our partners do) that they have committed to GDPR compliance themselves or are Certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks. We maintain a register of third party agreements.

11. And what about your employees?

Our employees have been authorised to process data and have undertaken training on the protection of personal data. Our Staff Information and Data Security Policy details their responsibilities to avoid data security breaches.

12. Have you appointed a Data Protection Officer?

Yes. Tracy Powell, our VP of Engineering, has been appointed as our Data Protection Officer.

13. Will Brexit affect any of your policies and procedures?

No. Our policies and practices will remain the same irrespective of whether or not the UK retains the GDPR post-Brexit.

14. Do you support the new Standard Contractual Clauses (SCCs) from the European Commission?

On 4 June 2021, the European Commission issued modernised standard contractual clauses under the GDPR for data transfers from controllers or processors subject to the GDPR to controllers or processors not subject to the GDPR. For controllers and processors that are currently using previous sets of standard contractual clauses, a transition period of 18 months is provided.

Mentorloop is committed to the privacy of our customers and participants. In addition to our current security and privacy measures we have in place, we are working on implementing any changes required by these new SCCs.

The need to offer innate confidentiality and privacy during mentoring relationships has always informed how we deal with users of our platform. This gives them the confidence to have the candid and open conversations necessary to empower them to fulfil their personal career goals. We’ll continue to ensure that we use that information fairly and correctly; protecting the personal information of our mentors and mentees in order to enable ongoing mentoring relationships around the globe.

If you’d like to know more or have a question that you’d like answered, then please contact our Privacy Officer by emailing

0 0 votes
Article Rating

Em is our Marketing Manager at Mentorloop. That's a lot of 'm's! | She is passionate about crafting messages, crafternoons and craft beer.

Inline Feedbacks
View all comments