Data Protection & Security - Rosterfy

Rosterfy has a documented set of policies and procedures that defines our approach to security as an organization. These are shared with all staff and reviewed and updated frequently to ensure our approach to security remains current.

To maintain the highest level of certifications and accreditations, we integrate and maintain the latest in innovative security and privacy technologies. As a Rosterfy customer, you are protected by our multi-tiered security measures and accredited procedures.

Third Party Security

Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA).

AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.

FAQs about GDPR

How does Rosterfy handle my data?

Rosterfy acts as a data processor. We process data on your behalf, in accordance with our Privacy Policy and Terms and Conditions. 

Our clients are the owner of your data. Rosterfy only uses the provided data to provide the services of Rosterfy and data will never be used for advertising or marketing purposes.

• Volunteer/ Staff (Data Subject)
• Customer (Data Controller)
• Rosterfy (Data Processor)

How does Rosterfy comply with the GDPR policies?

1. ACCURACY

Rosterfy will always endeavor to ensure that any personal data collected is relevant and up to date. 

Rosterfy customers are responsible for ensuring that the data that you collect and enter on our system about your volunteers/staff is accurate and kept up to date. Data will never be edited and/or changed by Rosterfy. This is always at the discretion of the client. Self service functionality exists on Rosterfy to allow your volunteers and/or staff to keep their data up to date. 

2. DATA MINIMISATION

Rosterfy will only ever collect data that is required and relevant to utilizing our product. 

As owners of volunteer/staff data it is our clients who are responsible for ensuring that the data that you hold is limited to what is needed and relevant to your specific program.

3. LAWFULNESS, FAIRNESS & TRANSPARENCY

Rosterfy processes any collected personal data in a fair, lawful and transparent manner, inline with the GDPR.

Rosterfy will only ever process personal data entered on the system inline with our Terms & Conditions. 

4. INTEGRITY & CONFIDENTIALITY

Rosterfy will process data that we collect in a manner consistent with GDPR policies that protects against modification or unlawful processing. 

Our systems and policies ensure that we have the appropriate technical and organisational controls to safeguard the confidentiality of all collected data.

5. PURPOSE LIMITATIONS

Rosterfy only collects data for legitimate purposes. Data collected will only ever be used for purposes of which you have been made aware of and never for marketing or advertising purposes.

6. STORAGE LIMITATIONS

Rosterfy will only keep personal data that we collect for as long as it is required. Both clients and volunteers/staff themselves have the right to request erasure of data at any given point. 

Based on agreements with customers, Rosterfy will retain data and will seek client approval before beginning any processes for deletion.

7. ACCOUNTABILITY

Rosterfy processes for data protection and compliance are documented and reviewed on a regular basis. All staff are trained on appropriate security measures to ensure compliance across the organization. As part of our Information Security Management System accreditation, Rosterfy ensures that every step of data protection and compliance has been considered.