top of page
brandmark-design (7).jpg

Privacy Statement

Read the full statement here

SECURITY

Browsers and Devices

The survey can be viewed and completed using the following platforms/browsers:

  • Windows and Mac computers with the latest versions of Chrome, Safari, Firefox, Microsoft Edge, and Opera browsers.

  • Tablets: iPads running iOS 10+ and Android tablets running 4.4+.

  • Smartphones: iPhones running iOS 10+, Android smartphones running 4.4+, Opera Mini (latest version) and IE Mobile (latest version).
     

We usually support at least two previous versions of all popular browsers and platforms. On unsupported versions or devices, anyone trying to access the survey will see a message apologizing and pointing them to a page where they can update their browser.

SECURITY

Network Security

All our environments are hosted in a Virtual Private Cloud (VPC) in Amazon Web Services. Our production networks are separated between public and internal services. No inbound internet traffic is allowed on the private subnets, and all application servers only reside in private subnets without public IP addresses. Only Amazon managed and maintained load balancers have ingress access to the application internal servers. Tight security groups control inbound and outbound access to the servers.


Firewalls, Intrusion Detection Systems, Web Application Firewalls, and other security state of the art perimetral controls are installed at the edge locations to provide an additional layer of internal and external network security. In short, all the networks we use are as secure as we can manage. Access to our servers we use is strictly limited, and no outside traffic is permitted on them.

DATA PROTECTION

Once your information enters the system, it’s secured with multiple levels of encryption and access controls. We encrypt your data in-transit (end-to-end, including within the virtual private cloud at AWS) using secure TLS cryptographic protocols (TLS 1.2) and Advanced Encryption Standard (AES) is used with a 256-bit key to encrypt data at rest including the backups of the information.


All workstations and devices are fully encrypted to guarantee the confidentiality of the information they contain. Access to data is restricted based on role: only the minimum authorized employees have access to data. Every single access to the repositories of information is audited and controlled. Access is revoked immediately upon employee termination.


In addition to general obligations to comply with Applicable Laws, data protection and privacy legislation; we utilise adequate organisational and technical measures so as to safeguard Personal Information from loss, destruction and/or unauthorised access.

ACCESS TO INFORMATION

IMPACT do not outsource its feedback programmes; therefore, your information and feedback will be restricted to the account manager only and will not be circulated further, apart from in a summary report for leaders of your firm, which will not have any names or other such details

DATA RETENTION

Data is retained for as long as necessary in respect of the purposes for which it was collected and according to the applicable laws. In addition, by law, we are obliged to keep some data for indefinite periods of time. However, in the event you would like your data to be completely removed from the platform, you can request us to delete your data at any time through our standardized process and procedure.

CONFIDENTIALITY

IMPACT is bound by confidentiality terms and conditions as part of our engagement; therefore, we commit to keep all personal information and feedback strictly confidential and its use will be to perform our obligations under the engagement only.
We shall not disclose Confidential Information to any Person other than an Authorised Recipient and even then, only on a strictly ‘need to know’ basis. We confirm that our authorised recipients (including our own Personnel) are aware of, and fully comply with, its confidentiality obligations.

bottom of page