GDPR at Rosterfy
Rosterfy’s policies and procedures for data protection align to meet the standards and requirements of the GDPR.This includes transparency with regard to the use of data as well as the protection of data collected by Rosterfy through our third party servers.
We help large scale and international events to manage their volunteers
Since the GDPR was introduced in 2018, Rosterfy has been continually reviewing and updating our internal data collections and storage processes to ensure that our processes align.
Volunteer programs require data collection so naturally there are a lot of questions about GDPR including Rosterfy’s approach. We’ve highlighted some answers for you below.
Data Protection & Security - Rosterfy
Security features for more control, accountability and protection
Rosterfy has a documented set of policies and procedures that defines our approach to security as an organization. These are shared with all staff and reviewed and updated frequently to ensure our approach to security remains current.
To maintain the highest level of certifications and accreditations, we integrate and maintain the latest in innovative security and privacy technologies. As a Rosterfy customer, you are protected by our multi-tiered security measures and accredited procedures.
To provide world-class security, we ensure our platform meets key Information Security Management System (ISMS) standards. Rosterfy is certified against ISO27001 standards for Information Security compliance.
Rosterfy monitors our system using external and internal vulnerability scanning. We perform frequent audits and security assessments with independent and globally recognised security assessment firms.
Third Party Security
Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA).
AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.
FAQs about GDPR
How does Rosterfy handle my data?
Our clients are the owner of your data. Rosterfy only uses the provided data to provide the services of Rosterfy and data will never be used for advertising or marketing purposes.
- Volunteer/ Staff (Data Subject)
- Customer (Data Controller)
- Rosterfy (Data Processor)
How does Rosterfy comply with the GDPR policies?
Rosterfy will always endeavor to ensure that any personal data collected is relevant and up to date.
Rosterfy customers are responsible for ensuring that the data that you collect and enter on our system about your volunteers/staff is accurate and kept up to date. Data will never be edited and/or changed by Rosterfy. This is always at the discretion of the client. Self service functionality exists on Rosterfy to allow your volunteers and/or staff to keep their data up to date.
2. DATA MINIMISATION
Rosterfy will only ever collect data that is required and relevant to utilizing our product.
As owners of volunteer/staff data it is our clients who are responsible for ensuring that the data that you hold is limited to what is needed and relevant to your specific program.
3. LAWFULNESS, FAIRNESS & TRANSPARENCY
Rosterfy processes any collected personal data in a fair, lawful and transparent manner, inline with the GDPR.
Rosterfy will only ever process personal data entered on the system inline with our Terms & Conditions.
4. INTEGRITY & CONFIDENTIALITY
Rosterfy will process data that we collect in a manner consistent with GDPR policies that protects against modification or unlawful processing.
Our systems and policies ensure that we have the appropriate technical and organisational controls to safeguard the confidentiality of all collected data.
5. PURPOSE LIMITATIONS
Rosterfy only collects data for legitimate purposes. Data collected will only ever be used for purposes of which you have been made aware of and never for marketing or advertising purposes.
6. STORAGE LIMITATIONS
Rosterfy will only keep personal data that we collect for as long as it is required. Both clients and volunteers/staff themselves have the right to request erasure of data at any given point.
Based on agreements with customers, Rosterfy will retain data and will seek client approval before beginning any processes for deletion.
Rosterfy processes for data protection and compliance are documented and reviewed on a regular basis. All staff are trained on appropriate security measures to ensure compliance across the organization. As part of our Information Security Management System accreditation, Rosterfy ensures that every step of data protection and compliance has been considered.
Keen to learn more about Rosterfy?
Get in touch with our Sales representatives to learn more about our volunteer management solution.
There can be two forms of data erasure requests - from the customer or the individual of which the data is stored (i.e the volunteer and/or staff).
Customers (Data Controller). If you nominate to close your account or cancel your subscription with Rosterfy we will store your data for 30 days to allow you time to extract any data or renew your subscription. After this 30 day period, Rosterfy reserves the right to disable the account and proceed with deleting all data stored against your account.
Volunteer (Data Subject). If an applicant requests to have their data deleted, functionality exists in the application to remove all personal data associated with the applicant.