Privacy and Cookie Statement
1. INTRODUCTION
This document describes the measures taken by the UNLOQ Campus to ensure appropriate levels of service, privacy and security. This privacy policy is based on the ICT security guidelines for web applications of the Dutch National Cyber Security Centre (NCSC). In addition, this privacy policy is created in accordance with the General Data Protection Regulation (GDPR) and other data privacy regulations of the Dutch Privacy Authority (Autoriteit Persoonsgegevens (AP)). UNLOQ Campus has the right to change this privacy policy. Changes will be published on this website.
2. WHO CAN SEE MY DATA?
Accessibility of data for different user roles. UNLOQ Campus users only have access to their own data and to data that has been specifically shared in the context of the coach-client relationship. UNLOQ Campus thus takes into account the possible professional secrecy of a coach. There are three different roles within UNLOQ Campus, with different levels of access. The roles within the application are the organisation manager, the coach and the client.
Organisation Manager: manages the organisation's account in UNLOQ Campus. They manage the profile information (such as name and e-mail address) of coaches and coachees. They do not have access to data and information that has been shared in the dialogue between coach and coachee.
Coaches only have access to their own personal data and to the personal data of their coaches that has been shared by the coachee.
Coachees only have access to their own personal data and the (personal) data that has been shared by the coach.
We only keep your data for as long as necessary. The coach's data will be kept for up to two years after the end of the coaching process. The coach's data will be kept for up to two years after the end of the contract. On request, UNLOQ Campus can delete all data from an account earlier. Similarly, coachees can easily delete their own account in UNLOQ Campus. In doing so, they also delete all personal data known to the UNLOQ Campus.
UNLOQ Campus employees ensure that other requests relating to privacy rights are handled correctly and in a timely manner.
For more information on privacy rights, please see the Privacy Policy.
The privacy rights are as follows
Right of inspection
Right of rectification
Right to be forgotten
Right to limit processing
Right to data transferability
Right to lodge a complaint
Notification e-mails in the UNLOQ Campus: E-mail is an insecure means of communication. Therefore, all e-mails sent by the UNLOQ Campus never contain confidential information. The emails you receive from the UNLOQ Campus are used as notification. Only after you have logged in to your UNLOQ Campus environment will you be able to see the actual message.
Sharing of data with third parties: Data is not sold to third parties. Data is only transferred to third parties if this is necessary for the execution of our agreement between UNLOQ Campus and the customer or if we are obliged to do so by Dutch law. All parties with whom UNLOQ Campus collaborates adhere to at least the same security levels as we do. No data is transferred to parties responsible for the patriot act.
User statistics: As part of the secure UNLOQ Campus application (campus.unloq.org), we do not use Google Analytics or other trackers. This means that we do not analyze your behavior in the UNLOQ Campus secure environment (which other parties do to provide you with personalized advertisements based on your personal information). On our marketing website (unloq.org), we use Google Analytics and trackers so that we can share advertisements and information with people who may be interested in the UNLOQ Campus. Please see our privacy and cookies policy for more information on this.
3. OUR LOGIN PROTOCOL
Passwords: Users add their own passwords. Passwords have at least 8 characters, including a number and an upper case letter. This makes the password difficult for others to guess. If you forget your password, we will send you a unique link to your email address, which will allow you to set a new password. No passwords are sent by email. Passwords are encrypted in the database.
Two-factor authentication (2FA) by SMS codes or Authenticator: In addition to logging in with username and password, UNLOQ Campus offers the possibility to add a two-step verification. If the two-step verification is activated, you add an additional code after entering your username and password. You have received this code on your mobile phone. Your account is even more secure with two-step verification.
4. TECHNICAL CHECK AND HOSTING
Hosting provider : The IT hosting infrastructure of UNLOQ Campus is hosted by True Managed Hosting. True takes care of and manages the technical aspects of UNLOQ Campus, such as the infrastructure and data centres. True provides us with dedicated servers and continuously optimises the server environment.
Certificates: We chose True for its security. True is ISO 27001:2013 (information security), ISO 9001 (risk and quality management) and NEN 7510:2011 (information security in healthcare) certified and uses certified data centres located in the Netherlands. With these certifications, True adheres to the highest standards of information security.
Data centre location security: All data centres used by True meet the highest standards to prevent unauthorised physical access to servers, including biometric access controls, cameras, digital code locks and security personnel. Only authorised employees have access to the server location.
Control: True is certified for all aspects of the managed hosting service on a daily basis. The security and performance of the UNLOQ Campus servers and applications are monitored 24 hours a day, 7 days a week.
5. HOW TO ENSURE THE SECURITY OF THE UNLOQ CAMPUS?
Ruby on Rails. The UNLOQ Campus application is built using Ruby on Rails. Rails is a web application development framework written in the Ruby programming language. Rails has been in use for over 15 years and has an excellent track record for security.
Protection of data traffic: User information is only transported if it is locked and kept secure with Secure Sockets Layer (SSL) encryption. This means that the data cannot be read if someone intercepts it. Therefore, technical updates and enhancement/maintenance data are only transported if they are encrypted (via secure SSH connections). SSH is a cryptographic network protocol designed to protect data communication.
Audits: The IT systems and procedures of our partners are subject to audits. In addition, the UNLOQ campus is audited and certified according to ISO 27001.
Firewall: To protect the UNLOQ Campus from cyber-attacks, all servers on the UNLOQ Campus are equipped with a firewall based on Linux iptables. This means that the UNLOQ Campus checks all incoming network traffic and blocks it. Traffic can only pass if it has been classified as a trusted source for incoming HHTP and HTTP traffic. The firewall is instructed to block cyber traffic that aims at application unavailability (denial of service) or intentional application delay (traffic throttling).
Backups: Daily backups are made of the data placed in the application. Every night, a backup copy is transferred to an off-site backup server. This means that data that has been shared in UNLOQ Campus is not lost in case of a problem.
6. DEVELOPMENT AND MAINTENANCE
UNLOQ Campus is subject to continuous monitoring and development. When we develop the application or perform a security update, we do so in a secure manner. Our maintenance and development is done through a DTAP (Development, Testing, Acceptance and Production) street. This means that all updates and new functions are first placed on a test server, where they are thoroughly tested and verified by authorised persons. Only after their approval is the update or new feature placed on an acceptance and production server. In this way, we can detect security problems or critical issues in good time. The actual modification of the application is only carried out when we are sure that it will not lead to security or availability problems of the application.
7. WHAT CAN BE DONE?
At the UNLOQ Campus, we do everything in our power to keep data as secure as possible. As a user of UNLOQ Campus, you can also take certain steps to work as safely as possible. Here we give you some tips:
Passwords: Naturally, you want to avoid that someone else has access to your account. Therefore, keep your password safe and never share it with others. Make sure that the password is not easy to guess. We also recommend that you do not log in automatically (i.e. let your browser remember your password) because if you lose your computer, smartphone or laptop, someone else can automatically log in to your profile and access all your information!
Two-factor authentication (2FA): We recommend that you use two-factor authentication in your profile (see section 3).
Know your rights.
- If you are a coach, inform your coachees of their privacy rights. UNLOQ Campus already does this when the coachee logs in to UNLOQ Campus for the first time. If you do this as well, you can be sure that your coachee knows his/her rights.
- Are you being coached? Ask yourself if you have been properly informed. If not, contact your coach and ask questions.
Do not collect unnecessary data. As a coach, you should always ask yourself if you are collecting more data than you need for this trajectory. Keep the amount of data you collect to a minimum, to minimise the risk of privacy issues.
Contact details
If you have any questions or requests regarding your privacy and our cookie policy, please contact us by email at support@unloq.org.