GDPR, privacy, and security
dscout is fully compliant with GDPR. We take privacy and security incredibly seriously at dscout. We strive to make dscout the safest, most secure place for you to do your in-context qualitative research. GDPR (General Data Protection Regulation) is a strict new European data privacy standard, with which everyone handling European data had to comply by May 25, 2018. We’ve always had high privacy and data standards at dscout, but because we have clients working with European scouts, we’ve gone the extra mile to fully comply with these new standards.
Here’s what we’ve done and what we’re doing to keep everyone’s data safe:
Updated Scout Terms and Conditions
Data privacy drives our entire business model. We have updated and clarified our relationship with Scouts to make sure that everyone—not just European scouts—clearly understands that we’re paying for the data they provide us, and that we own it. We have also added additional legal protections for our customers. Take a look at our updated Scout Terms and Conditions.
Updated Online Access Agreement
We have shortened, simplified, clarified, and updated our online Access Agreement, which replaces the Service Agreement. All customers are subject to the Access Agreement, unless we have negotiated a separate MSA or similar document. Please read the entire updated agreement before starting your next dscout mission. There are significant changes.
Data Processing Agreement (DPA) language is included. In GDPR terminology, both dscout and our customers are “data controllers,” so we wrote our DPA that way. You can find the new Agreement here. We can also sign our customers’ DPAs when we maintain a separate MSA. Please contact firstname.lastname@example.org with any questions.
Enhanced IT security
There’s no privacy without solid IT security. We’ve invested heavily to ensure nothing but the most secure data infrastructure:
- We’ve evaluated our technology partners to ensure they are compliant with GDPR and otherwise as secure as we are.
- We’ve upgraded our database hosting security on Heroku to the highest possible level (called Heroku Private Spaces), to keep our data even safer.
- We’re becoming both ISO 27001 and HIPAA compliant, because these stringent standards also ensure we meet GDPR requirements. This also means we will be able to serve customers who need to research healthcare issues. Contact email@example.com for more information.
- We subject ourselves to rigorous penetration testing by Cobalt, a world-class security leader. In fact, they wrote a case study about us! While no one can ever promise to prevent all hacking, we’re taking strong, commercially-reasonable methods to keep your data safe.
- We’ve appointed a Data Privacy Officer (DPO) to monitor and manage our IT security and privacy practices. You can reach the DPO by email at firstname.lastname@example.org.