Privacy policy.

SECURITY INFRASTRUCTURE

Customer Data is stored and processed in a Microsoft Azure data centre located in the Netherlands with appropriate physical, technological, and administrative controls enacted to ensure appropriate access of Customer Data.

DATA ENCRYPTION

Foresoft Corporation encrypts the data over the wire via 256-bit (SHA2) TLS certificate, TLS 1.0, 1.1 and 1.2. Database is encrypted via AES256. File attachments are also encrypted via AES256.

DATA BACKUPS AND DISASTER RECOVERY

Foresoft Corporation backs up the data on an hourly basis. Since the data in the database is encrypted, backups are encrypted as well. Backup files and server logs are copied to a secure disaster recovery facility where they are kept for 6 months before being permanently deleted. Foresoft Corporation doesn’t utilise any type of removable media for backup storage, all backup files are stored on secure servers.

PERSONNEL ACCESS

A small team of operations personnel have administrative access to the infrastructure where Foresoft Corporation is hosted. Additionally, Foresoft Corporation developers occasionally require a read-only access to the database metadata to troubleshoot problems. Foresoft Corporation support personnel does not have access to customer databases unless they are invited or authorized by a customer.

All Foresoft Corporation employees sign confidentiality agreements before gaining access to the code and data. Everyone at Foresoft Corporation is trained and made aware of security concerns and best practices for their systems. Remote access to servers is established via company VPN and limited to workers who need access for their day to day work. All access events are logged for all accounts by IP address.

A very small number of Event Command Staff have direct access to the setup functions and customer data as this is required to ensure smooth and continuous operation of the service. All Event Command Staff with access to the data have signed confidentiality agreements and have a background in event management and the emergency services so understand the need for confidentiality and sensitivity around this data.

INCIDENT RESPONSE

Once Foresoft Corporation becomes aware of any suspected or confirmed data breach, Foresoft Corporation will notify all affected customers via e-mail within 72 hours.

PERSONALLY IDENTIFIABLE INFORMATION

When a user registers a new account with the service, the system asks for first and last name, e-mail address, password, locale and time zone information. Name helps to personalize your experience. E-mail address is used as a unique user identifier and for communication with the user. Locale and time zone information is used by the system to present numbers and dates in an appropriate format.

Due to various data integrity constraints user account cannot be deleted, but it can be cleared from any personally identifiable information upon request. Users of the service can contact the Provider via support@event-command.co.uk to request this.

SHARING OF INFORMATION

We’ll never pass your personal information to third parties, other than Foresoft Corporation, and we won’t use your name in marketing statements without your permission either.

Foresoft Corporation uses cookies for authentication, keeping certain user preferences and tracking user movements around the site. No cookies, however, contain personally identifiable information.

LAW ENFORCEMENT

The Provider and Foresoft Corporation won’t hand your data over to law enforcement unless requested by a court order. We will reject data requests from local and federal law enforcement without a court order. And, unless we’re legally prevented from it, we’ll always inform you when we receive such requests.

DATA RETENTION/DELETION

You are responsible for all data inputted into the service. As part of our commitment to auditing and accountability, you cannot delete most data directly within the service. At the end of your event, the Provider will send you an export of all of your data via a dropbox link. This exported data will be retained for 30 days before being deleted. All data within the system will be deleted within 7 days of the end of your event, however, since Foresoft Corporation backups are kept for 6 months, it may take up to 6 months for their data to be completely purged from Foresoft Corporation backup systems.

BACKUPS

All types of data deleted from online databases (from individual records to whole databases) will reside in system backups for 6 months. It will not be restored back to production systems, except for in certain rare instances such as the need to recover from a natural disaster or serious security breach. In such cases, some of deleted data instances may be restored from backups, but Foresoft Corporation will immediately take all necessary steps to honour the initial request to delete and erase the primary instance of the data again.

BUSINESS CONTINUITY

Both the Provider and ForeSoft Corporation generate a strong and stable revenue, don’t rely on any financing and are 100% debt-free.

INTELLECTUAL PROPERTY

Your data is considered by the provider and Foresoft Corporation as your intellectual property. The provider and Foresoft Corporation protects customers’ intellectual property and never shares it with other customers.