Footdown Customer Data Processing

During the course of operating the Footdown platform, we process Customer Data. ‘Customer Data’ means all data uploaded to or stored on the Platform by our Client Customers; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to us as Footdown Ltd the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files).

Categories of data subject

Data subjects are Client Customers and their Employees, Members or Contributing Associates.

Types of Personal Data

We process all Employee participant names and contact email addresses as supplied by the Customer. There is an implied association to the Customer organisation and the results of the survey that a participant takes part in.

Purposes of processing

Personal data is used only to contact the individuals regarding the survey and the subsequent aggregation of their responses into results analyses to get to a set of totals.

On the direction of the Customer, we may segment personal data (individuals) into teams, business units, geographical locations or other segments as requested by the Customer for results aggregation purposes. The Customer may not request any Segment that is contrary to our Acceptable Use Policy (Schedule 1). Results remain anonymised.

Security measures for Personal Data

All data is stored on our database in an encrypted manner. We utilise a UK Based Tier 4 Data Centre – Pulsant in Maidenhead, UK.

We maintain a dedicated cloud server to which only we (and the hosting company) have access. We use appropriate server configuration, firewalls, access controls, malware and patch management. Our SQL Server is only accessible from the server itself.

We have database (column-level) encryption options that can be deployed on a client by client basis if requested (i.e. if the hosting company is not themselves seen as a trusted partner by the client). They are deployed selectively as the on-demand decryption of data can notably reduce performance in some areas of the application. This uses a master key, a certificate, and a high strength symmetric key with values kept securely known only to Footdown.

The accreditations of our current Hosting provider – Storm Internet Ltd – can be viewed here.

Sub-processors of Personal Data

If a Footdown Affiliate manages the Customer relationship directly, they have the same access to the personal data described above as the Provider and must adhere to our Terms and Conditions.