Rix EasySurvey, University of East London
Data protection, privacy and security overview for customers
We have developed this overview for our customers, providing information about the policies and practices we have implemented to keep their data safe and secure. In addition, this information describes our approach to software reliability and stability.
Contact information
Rix Inclusive Research Docklands Campus, University of East London, 4-6 University Way, London E16 2RD
+44 (0) 208 223 7561 rixadmin@uel.ac.uk
Technical information
Where is the application and data from surveys held?
All the application and user data is held in our IONOS UK-based data centre in Gosport, Southampton, England.
Is my data safe in the data centres?
No method of transmission over the internet is 100% secure. However, the following international standards and features are incorporated into our data storage solution.
ISO 9001, ISO 27001, ISO 22301 and PCI DSS compliant
24 hour manned security, CCTV and intruder alarms
Internal and external CCTV systems
Security breach alarms
How is data backed up?
We complete a daily data and application back up. This is stored in an encrypted state in the Google EU region. Therefore, the data is backed up in different geographical locations using separate data centre partners, IONOS and Google. No data is transferred outside of the EU or United Kingdom.
Data protection
GDPR and General Data Protection
Rix EasySurvey meets all of the GDPR and General data protection requirements in full. You, the customer, own your user and voter data in EasySurvey. Rix acts as the data processor. You, the customer, are the data controller.
Rix EasySurvey supports all GDPR data subject rights, including the right to access, rectification, erasure, data portability, restriction of processing, and objection. Requests should be submitted via rixadmin@uel.ac.uk.
Subprocessors
Our sub processors are:
IONOS hosting
Google back up services
We can confirm that:
Due diligence is conducted.
Data processing agreements are in place.
Data remains under customer control.
Access to data
The fundamental approach to controlling access to data is the principle of least privilege (PoLP), meaning the Rix team only have access to the data they need to perform their job duties.
Access permission changes are confirmed, recorded and audited by change control policy and countersigned by our Directors.
Access controls are reviewed monthly to confirm appropriate access has been assigned.
Our Rix team will not access your data without your permission.
Security
Access to all systems is through two step authentication. For remote server access this is exclusively invoked through the Microsoft Authenticator service. This provides one of the highest levels of multifactor security available.
Partitioning data
The software is installed on its own account partition on the server, and no traversal is possible between accounts. The customer’s data is stored in its own database with unique credentials, meaning that no unauthorised access to data is possible. Customer data is not physically separated on a separate server; however, if this is a requirement for a customer, we are able to provide this service for an additional fee.
Updates
The software is regularly updated to ensure it has the latest security patches. Proactive updates ensure the system uses the latest frameworks and underlying libraries.
Monitoring
The software has proactive third-party monitoring as well as anti-virus, firewall and security check facilities. The server is periodically checked to ensure the latest settings and features meet current security requirements.
Email communication
Rix (University of East London) uses Microsoft Outlook online for email services. Email data is encrypted at rest and in transit.
Monitoring suspicious behaviour
The development team use a combination of strategies to safeguard server access, these include; restricting access to specified geographical IPs, time-based access, notification of last log in and multifactor authorisation.
Closing your Rix EasySurvey account
We will delete all of your account data, images, video, surveys and survey responses when you close your account. The easiest way to do this is by emailing us at rixadmin@uel.ac.uk using the email associated with your account.
Data retention policy
We retain customer data for 90 days following account inactivity or termination unless otherwise agreed. During this period, customers may export their survey data using the Excel download feature within the software. After this window, data is permanently deleted from both active and backup storage.
Cookie and tracking policy
We do not track users activities in the software. Cookies are only used for authentication and log in services. These services are essential for the delivery of our service to you.
Application and environment security
Annual independent penetration testing is carried out to assess and strengthen system security. Identified vulnerabilities are triaged and remediated in line with industry best practices.
People
Cyber security training
All staff are required to attend data protection and security training annually provided by the University of East London. Training is updated annually and a compulsory requirement for all employees.
Reporting a cyber or data breach
Annual training includes the revision of a process to report a data breach.
Privacy and data breach planning
University of East London, Rix have a plan for multiple scenarios involving a privacy or data breech. These are reviewed annually or after a significant incident or near miss. All data breaches will be communicated to the Information Commissioners Office (ICO). A redacted version of the plan is available on request.
The plan and it’s implementation, review and development give the University of East London, Rix a very high level of confidence that the response to an incident will be effective.
Data Protection Officer
Requests should be submitted via rixadmin@uel.ac.uk addressed to our Data Protection team.
Last update: 6.6.25
Can't find what you're looking for?