GDPR, privacy, and security
dscout is fully compliant with GDPR. We take privacy and security incredibly seriously at dscout. We strive to make dscout the safest, most secure place for you to do your in-context qualitative research. GDPR (General Data Protection Regulation) is a strict new European data privacy standard, with which everyone handling European data had to comply by May 25, 2018. We’ve always had high privacy and data standards at dscout, but because we have clients working with European scouts, we’ve gone the extra mile to fully comply with these new standards.
Here’s what we’ve done and what we’re doing to keep everyone’s data safe:
Updated Scout Terms and Conditions
Data privacy drives our entire business model. We have updated and clarified our relationship with Scouts to make sure that everyone—not just European scouts—clearly understands that we’re paying for the data they provide us, and that we own it. We have also added additional legal protections for our customers. Take a look at our updated Scout Terms and Conditions.
Updated Scout Privacy Policy
We’ve updated our Scout Privacy Policy to clarify and strengthen the language in several ways. First, we’ve strengthened and clarified language about the way scouts can modify or delete their accounts, including sensitive information, while still preserving our rights to the data they have submitted. We’ve also made it clearer to scouts how their data can be used by our customers and by dscout. Every scout will be required to accept these new terms and privacy policy (using a third-party arms-length validation process through our partner, PactSafe) before using the dscout mobile app after May 25th, 2018.
Updated Researcher and Visitor Privacy Policy
We have updated the privacy policy under which you work with us on our website and research platform. We encourage you to read it here. The revised policy extends appropriate GDPR protections to you when you visit our website or work with us. For example, you can now easily delete your researcher account, remove personal information, or change your personal profile. The new policy went into effect May 25th, 2018 any time you use our website (dscout.com) or researcher platform (dscoutapp.com).
Updated Online Access Agreement
We have shortened, simplified, clarified, and updated our online Access Agreement, which replaces the Service Agreement. All customers are subject to the Access Agreement, unless we have negotiated a separate MSA or similar document. Please read the entire updated agreement before starting your next dscout mission. There are significant changes.
Data Processing Agreement (DPA) language is included. In GDPR terminology, both dscout and our customers are “data controllers,” so we wrote our DPA that way. You can find the new Agreement here. We can also sign our customers’ DPAs when we maintain a separate MSA. Please contact privacy@dscout.com with any questions.
Enhanced IT security
There’s no privacy without solid IT security. We’ve invested heavily to ensure nothing but the most secure data infrastructure:
- We’ve evaluated our technology partners to ensure they are compliant with GDPR and otherwise as secure as we are.
- We’ve upgraded our database hosting security on Heroku to the highest possible level (called Heroku Private Spaces), to keep our data even safer.
- We are HIPAA compliant and both HITRUST and ISO 27001 certified. Contact sales@dscout.com for more information.
- We subject ourselves to rigorous penetration testing by Cobalt, a world-class security leader. In fact, they wrote a case study about us! While no one can ever promise to prevent all hacking, we’re taking strong, commercially-reasonable methods to keep your data safe.
- We’ve appointed a Data Privacy Officer (DPO) to monitor and manage our IT security and privacy practices. You can reach the DPO by email at privacy@dscout.com.
- We have reviewed and strengthened nearly every security and privacy policy on our books. And we’re re-training everyone at dscout to ensure that everyone puts privacy and security first.