The GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.
OnGuard Lone Safety uses industry leading technical and organisational controls in place to assure the highest level for security and compliance.
Appropriate safeguards can be provided for by model contract clauses. An adequate level of protection can be confirmed by adequacy decisions such as the ones that supports the EU-U.S. Privacy Shields. We contractually commit under our current data processing agreements to maintain a mechanism that facilitates transfers of personal data outside of the EU as required by the Data Protection Directive, and will offer a corresponding commitment from 25 May 2018, when the GDPR comes into force.
- OnGuard employs a dedicated security expert who implements all security controls
- We conducted Data Protection Impact Assessments (DPIA). Based on the results, we have put in place appropriate controls on data processing and management.
- We do not collect or process credit card information.
- Based on a legitimate need to help lone workers get the assistance they need in an emergency we do optionally collect personal medical information. This information is provided to first responders to assist them to provide proper care during an emergency, such as if the lone worker has allergies to a medication.
- Based on the DPIAs and internal audits, we have improved our data security methods and processes. This includes encrypting data at rest using AES-256, We have developed in-house tools for better governance and discovery of data plus aggregation of all system logs to identify any potential intrusions or anomalies.
- All data synchronized or transferred between mobile clients and servers is secured using 2048-bit encryption.
- Access to our web portal dispatch system is secured using strong password rules
- Data accessed via our web dispatch portal is secured using ECDSA 384
- Access to our servers by administrators is based on legitimate need for access and is secured by way of strong/multi-factor, non-shared authentication secrets at every login.
- When needed, breach notifications will be done according to our internal Privacy Incident Response policy. Customers will be notified of a breach within 72 hours after OnGuard becomes aware of it. For general incidents, we will notify users through our website and or system notifications. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address).
- Users that want a copy of their data we store in our system can contact our support directly to request a copy of that data or have it purged from our system altogether.