Data security & GDPR
Safeguarding the information contained in your employee records is our utmost priority. All data within the Breathe system is fortified with the highest level of data security protocols.
Our strong dedication to adhering to GDPR regulations underscores our belief in its crucial role in clarifying and upholding individual privacy rights.
If you are read this document, it signifies your dedicated concern for security. Such is my stance as well.
We acknowledge Breathe’s dual responsibility, both legal and ethical, to ensure adherence to data protection regulations and industry benchmarks. Rooted in our corporate values is the principle of consistently “doing the right thing,” transcending mere checkbox activities to bolster data security, scrutinising every facet with the aim of enhancing safety.
This course of action isn’t solely driven by ethics; it’s a savvy business choice. Our sustenance hinges on the assurance of your data’s security. Flourishing comes from our ceaseless pursuit of strategies to elevate its safety measures.
Our intention is for this document to comprehensively address standard security queries. Should you seek further clarity, our team is at your service our contact form in the menu above.
PeopleBunch employee access to network and data
Web servers are only accessible by PeopleBunch developers using SHH connection utilising both a secure key pair and restricted IP address. Each access attempt is centrally logged. Server instances are rotated regularly as part of our auto-scaling solution to prevent brute force attacks, and repeated attempts using incorrect credentials generate an alarm and lockout. Policies exist to replace access keys in the event of employees leaving or assets being misplaced or replaced. Access is restricted by policy to authorised staff on a need to know basis.
Front-end access
Access to client data through the front end of the application is restricted to support personnel who have obtained active positive permission (in the form of a tick box) from the client. Permission is granted through an administrative tool requiring two-factor authentication, and each access/access attempt is centrally logged. Access is restricted by policy to authorised staff.
Database access
Database access is given to development personnel in order to research support issues that require close examination or correction of the data. Access is programmatic in nature and restricted by policy to accounts that have given active permission for Breathe staff to work on their data. Access is restricted by IP address and by policy to authorised staff.