GDPR at Rosterfy

Rosterfy’s policies and procedures for data protection align to meet the standards and requirements of the GDPR.This includes transparency with regard to the use of data as well as the protection of data collected by Rosterfy through our third party servers.

We help large scale and international events to manage their volunteers

Dubai World Expo Logo
Birmingham Commonwealth Games 2022 Logo
Tampa Super Bowl Logo
COP26 Logo
T20 ICC Mens World Cup Logo
The World Games Logo
Miami Super Bowl LIV
European Championships
Atlanta Super Bowl
Democratic National Convention
GDPR Compliant

Our Commitment

Since the GDPR was introduced in 2018, Rosterfy has been continually reviewing and updating our internal data collections and storage processes to ensure that our processes align. 

Volunteer programs require data collection so naturally there are a lot of questions about GDPR including Rosterfy’s approach. We’ve highlighted some answers for you below.

Data Protection & Security - Rosterfy

Security features for more control, accountability and protection

Rosterfy has a documented set of policies and procedures that defines our approach to security as an organization. These are shared with all staff and reviewed and updated frequently to ensure our approach to security remains current.

To maintain the highest level of certifications and accreditations, we integrate and maintain the latest in innovative security and privacy technologies. As a Rosterfy customer, you are protected by our multi-tiered security measures and accredited procedures.

Portal Evet View (1080 × 1080 px) (2)
Product Spotlight Data Protection (2)

ISO27001 Certified

To provide world-class security, we ensure our platform meets key Information Security Management System (ISMS) standards. Rosterfy is certified against ISO27001 standards for Information Security compliance.

Rosterfy monitors our system using external and internal vulnerability scanning. We perform frequent audits and security assessments with independent and globally recognised security assessment firms.

Third Party Security

Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA).

AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.

Product Spotlight Data Protection

FAQs about GDPR

How does Rosterfy handle my data?

Rosterfy acts as a data processor. We process data on your behalf, in accordance with our Privacy Policy and Terms and Conditions. 

Our clients are the owner of your data. Rosterfy only uses the provided data to provide the services of Rosterfy and data will never be used for advertising or marketing purposes.

  • Volunteer/ Staff (Data Subject)
  • Customer (Data Controller)
  • Rosterfy (Data Processor)

How does Rosterfy comply with the GDPR policies?

1. ACCURACY

Rosterfy will always endeavor to ensure that any personal data collected is relevant and up to date. 

Rosterfy customers are responsible for ensuring that the data that you collect and enter on our system about your volunteers/staff is accurate and kept up to date. Data will never be edited and/or changed by Rosterfy. This is always at the discretion of the client. Self service functionality exists on Rosterfy to allow your volunteers and/or staff to keep their data up to date. 

2. DATA MINIMISATION

Rosterfy will only ever collect data that is required and relevant to utilizing our product. 

As owners of volunteer/staff data it is our clients who are responsible for ensuring that the data that you hold is limited to what is needed and relevant to your specific program.

3. LAWFULNESS, FAIRNESS & TRANSPARENCY

Rosterfy processes any collected personal data in a fair, lawful and transparent manner, inline with the GDPR.

Rosterfy will only ever process personal data entered on the system inline with our Terms & Conditions. 

4. INTEGRITY & CONFIDENTIALITY

Rosterfy will process data that we collect in a manner consistent with GDPR policies that protects against modification or unlawful processing. 

Our systems and policies ensure that we have the appropriate technical and organisational controls to safeguard the confidentiality of all collected data.

5. PURPOSE LIMITATIONS

Rosterfy only collects data for legitimate purposes. Data collected will only ever be used for purposes of which you have been made aware of and never for marketing or advertising purposes.

6. STORAGE LIMITATIONS

Rosterfy will only keep personal data that we collect for as long as it is required. Both clients and volunteers/staff themselves have the right to request erasure of data at any given point. 

Based on agreements with customers, Rosterfy will retain data and will seek client approval before beginning any processes for deletion.

7. ACCOUNTABILITY

Rosterfy processes for data protection and compliance are documented and reviewed on a regular basis. All staff are trained on appropriate security measures to ensure compliance across the organization. As part of our Information Security Management System accreditation, Rosterfy ensures that every step of data protection and compliance has been considered.

Keen to learn more about Rosterfy?

Get in touch with our Sales representatives to learn more about our volunteer management solution.

Additional FAQs

Where is my data stored?
Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA). AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.
Do you backup data?
Rosterfy data is backed up at regular intervals to disparate encrypted data storage solutions provided by Amazon Web Services. Backups are replicated to multiple AWS facilities within the customer’s region (APAC, USA or EU).
Will I be notified of any data breaches?
Under the GDPR, Rosterfy is required to report data breaches to the ICO within 72 hours. As part of our information security incident management procedure, appropriate communications will be made, including notifications to all affected parties.
How do you handle data erasure requests?

There can be two forms of data erasure requests - from the customer or the individual of which the data is stored (i.e the volunteer and/or staff).

Customers (Data Controller). If you nominate to close your account or cancel your subscription with Rosterfy we will store your data for 30 days to allow you time to extract any data or renew your subscription. After this 30 day period, Rosterfy reserves the right to disable the account and proceed with deleting all data stored against your account. 

Volunteer (Data Subject). If an applicant requests to have their data deleted, functionality exists in the application to remove all personal data associated with the applicant.