Mentorloop supports and encourages employees’ success through mentoring relationships; and is committed to every user’s rights and privacy. Back in April 2018, we made a promise to update our processes and policies in order to meet the requirements of new European legislation relating to these rights: the General Data Protection Regulation 2018. This article/white paper explains how Mentorloop have responded to the GDPR and the measures we have taken to be compliant.
To fulfil our commitment to understanding and implementing the guidelines, we commissioned an independent review of our practices and processes, which was carried out in conjunction with our Technology department.
In the spirit of ongoing transparency, we wanted to share with you our responses to thirteen of the most common questions we are asked about this topic.
As we expand our solution to facilitate mentoring relationships across the globe, it’s our responsibility to comply with the GDPR; regardless of whether the data is actually processed in the EU. Instead of having separate policies, we have chosen to make GDPR the baseline for all of our data policies no matter what country our mentors and mentees are in.
In Australia, we use Australian data centres. When it comes to storing the personal data of EU data subjects, we have chosen a solution that is certified by the European Commission as being adequate in order to comply with GDPR. Put simply, this means that we use Amazon Web Services’ UK-based data centre.
This question is often one of the initial points of discussion with a new client. And it can be confusing.
Although we process personal data on behalf of our clients, we also determine how the information is collected and the manner in which the processing is carried out. This makes us a Data Controller.
The short answer is: both.
We’ve always been committed to The Privacy Act in how we handle, use and manage personal information. GDPR includes some similar requirements. Both laws aim to foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected.
Mentorloop is a proprietary built platform and is used to collect and process the data we collect from users of the app.
We have adopted a ‘protection by design approach’ and as such, put in place physical, technical and organisational procedures and techniques to safeguard users’ information. These safeguards include measures such single-sign-on, which lets our customers dictate how the users authenticate; logical segregation of data and encryption of databases. We also ensure that only the data necessary for the specific purposes of delivering mentoring programs, is processed, used and stored.
We’ve made it clear and simple to understand exactly what users are agreeing to when joining a mentoring program. This means that people are able to give their consent via a form, with the purposes of data processing attached to that consent, so that it’s totally unambiguous.
Luckily, this has never been something we’ve denied users. However, what we’ve done as part of our work to follow the guidelines of the GDPR, is created and documented a clear process for it. So if any user makes this request, we have measures in place to ensure that we fulfil this swiftly and efficiently.
We take great care when selecting third parties to work with, ensuring that if they do hold personal data (which not all of our partners do) that they have committed to GDPR compliance themselves or are Certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks. We maintain a register of third party agreements.
Our employees have been authorised to process data and have undertaken training on the protection of personal data. Our Staff Information and Data Security Policy details their responsibilities to avoid data security breaches.
Yes. Mark Reid our CTO has been appointed as our Data Protection Officer.
No. Our policies and practices will remain the same irrespective of whether or not the UK retains the GDPR post-Brexit.
The need to offer innate confidentiality and privacy during mentoring relationships has always informed how we deal with users of our platform. This gives them the confidence to have the candid and open conversations necessary to empower them to fulfil their personal career goals. We’ll continue to ensure that we use that information fairly and correctly; protecting the personal information of our mentors and mentees in order to enable ongoing mentoring relationships around the globe.
If you’d like to know more, or have a question that you’d like answered, then please contact our Privacy Officer by emailing firstname.lastname@example.org