Our trust + transparency overview

How you and your customers will have more control over your data

The General Data Protection Regulation, GDPR, is Europe’s way of strengthening and unifying data protection for all individuals within the European Union. Here at Award Force, we want to offer consistent protection to citizens globally, which is why we have been working hard to ensure that every Award Force client has access to a transparent system that encourages all users to trust your program and to help you comply with the world's most stringent data protection laws yet. 

While the GDPR imposes requirements on organisations that may be stressful to fulfil, it’s also an exceptional law that Award Force fully supports. We should all be concerned with companies farming our data, using it for nefarious purposes and spamming us endlessly. This is an important step in the maturation of our digitally connected world. 

The following are steps we are taking to ensure compliance and keep your team, your judges and your entrants’ data safe:

Right to be forgotten

You will need to be able to permanently delete participant data (your judges/assessors + entrants/submitters) to comply with data protection and privacy regulations. Award Force will be ready with all the features to enable you to meet your obligations under the GDPR and delete data on request.

Data portability

Under GDPR, your program participants in the EU have the right to see all the of the data you hold about them, and that this data be in format that can taken elsewhere. We’re building a feature to make this easy for you— so that you can download a package of an individual user’s data to provide them, with minimal effort.

Data location

We’ve made the carefully considered decision to move the Award Force application, data storage and processing to data centres within the EU. Previously, your data was stored and processed within Australia. By moving platform data to the EU we can better protect you and your participant data under the most robust privacy laws to-date. 

Consent

We are working hard on a new feature to ensure that you are able to respect your participant wishes when they request only specific forms of contact through your Award Force platform. We will ensure you are well informed of it’s capabilities before GDPR arrives.

Accountability/transparency

Award Force has reviewed and revised all of our standard agreements for GDPR compliance, and will announce, in the coming days, updates to our Privacy Policy; Cookies Policy; Service Agreement; and Terms of Service. We will also be making available to those clients that need it (EU clients, or clients controlling data of individuals in the EU), a Data Protection Addendum addressing Article 28 of the GDPR (Processor terms). This addendum is our contractual commitment to Data Controllers, as a Data Processor, for the appropriate handling of your data under the requirements of GDPR.

Security

Award Force has always had an exceptional focus on security and nothing will change our stance here. We are now fully compliant with PCI-DSS and finalising our ISO 27001 accreditation. More data protection features include:

  • You have the opportunity to apply additional protections to specific fields containing personal data or sensitive data
  • Our infrastructure comes with replication, backup, and DR planning by default
  • Our technology stack leverages encryption in transit, encryption at rest, and advanced threat detection
  • Our application services implement identity, authentication, and user permissions
  • Our server security is top class, we manage our own secure Virtual Private Cloud (VPC), our application and data is never in a shared hosting environment, and can only be accessed by authorised users via SSH key-based authentication.

For more information on security, visit our security webpage here

quote-cochin.png

The GDPR is a really positive step for the protection of individuals’ personal data. Award Force fully supports and is committed to meeting and surpassing GDPR requirements and will continue to champion the rights of individuals to ensure the protection of their personal data. I would like to encourage our non-EU clients to consider embracing the GDPR too."
Founder and Managing Director of Award Force - Richard de Nys