GDPR at Rosterfy
Rosterfy’s policies and procedures for data protection align to meet the standards and requirements of the GDPR. This includes transparency with regard to the use of data as well as the protection of data collected by Rosterfy through our third party servers.
Our commitment to keeping you compliant
Ever since the implementation of GDPR in 2018, Rosterfy has been committed to regularly reviewing and enhancing our internal data collection and storage procedures to ensure complete alignment with the regulations.
Given the necessity for data collection in volunteer programs, it’s only natural for numerous inquiries to arise regarding GDPR, including Rosterfy’s approach. To address these concerns, we’ve handpicked a few key answers for your convenience.
Data protection & security - Rosterfy
Rosterfy has a documented set of policies and procedures that defines our approach to security as an organization. These are shared with all staff and reviewed and updated frequently to ensure our approach to security remains current.
To maintain the highest level of certifications and accreditations, we integrate and maintain the latest in innovative security and privacy technologies. As a Rosterfy customer, you are protected by our multi-tiered security measures and accredited procedures.
ISO27001 certified
To provide world-class security, we ensure our platform meets key Information Security Management System (ISMS) standards. Rosterfy is certified against ISO27001 standards for Information Security compliance.
Rosterfy monitors our system using external and internal vulnerability scanning. We perform frequent audits and security assessments with independent and globally recognised security assessment firms.
Third party security
Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA).
AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.
FAQs about GDPR
Rosterfy acts as a data processor. We process data on your behalf, in accordance with our Privacy Policy and Terms and Conditions.
Our clients are the owner of your data. Rosterfy only uses the provided data to provide the services of Rosterfy and data will never be used for advertising or marketing purposes.
- Volunteer/ Staff (Data Subject)
- Customer (Data Controller)
- Rosterfy (Data Processor)
- ACCURACY
Rosterfy will always endeavor to ensure that any personal data collected is relevant and up to date.
Rosterfy customers are responsible for ensuring that the data that you collect and enter on our system about your volunteers/staff is accurate and kept up to date. Data will never be edited and/or changed by Rosterfy. This is always at the discretion of the client. Self service functionality exists on Rosterfy to allow your volunteers and/or staff to keep their data up to date.
- DATA MINIMISATION
Rosterfy will only ever collect data that is required and relevant to utilizing our product.
As owners of volunteer/staff data it is our clients who are responsible for ensuring that the data that you hold is limited to what is needed and relevant to your specific program.
- LAWFULNESS, FAIRNESS & TRANSPARENCY
Rosterfy processes any collected personal data in a fair, lawful and transparent manner, inline with the GDPR.
Rosterfy will only ever process personal data entered on the system inline with our Terms & Conditions.
- INTEGRITY & CONFIDENTIALITY
Rosterfy will process data that we collect in a manner consistent with GDPR policies that protects against modification or unlawful processing.
Our systems and policies ensure that we have the appropriate technical and organisational controls to safeguard the confidentiality of all collected data.
- PURPOSE LIMITATIONS
Rosterfy only collects data for legitimate purposes. Data collected will only ever be used for purposes of which you have been made aware of and never for marketing or advertising purposes.
- STORAGE LIMITATIONS
Rosterfy will only keep personal data that we collect for as long as it is required. Both clients and volunteers/staff themselves have the right to request erasure of data at any given point.
Based on agreements with customers, Rosterfy will retain data and will seek client approval before beginning any processes for deletion.
- ACCOUNTABILITY
Rosterfy processes for data protection and compliance are documented and reviewed on a regular basis. All staff are trained on appropriate security measures to ensure compliance across the organization. As part of our Information Security Management System accreditation, Rosterfy ensures that every step of data protection and compliance has been considered.
Ready to transform volunteer management
Book a short discovery call with our team to learn how Rosterfy can help you better connect with, manage, and inspire your volunteers.
