As a centralized workforce management solution, uTRAC decreases the need for disparate systems giving businesses one solution for securely hosting and managing employee data. Our protection framework backed by industry recognised accreditation gives our customiers peace of mind that their company data is secure and that they have the control they need for managing sensitive data adequately.
SOC 2 Certified
uTRAC is committed to maintaining SOC 2 certification in accordance with the American Institute of Certified Public Accountants (AICPA). uTRAC is audited independently by by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide.
uTRAC As Data Controllers
For businesses that subscribe to use uTRAC for the provision of our Workforce Management or Applicant Management solutions, we are your data controllers. From the moment customer data is captured, we adhere to the strictest management of that data. In running our business, we utilize some 3rd party data processors (CRM's and Business Analytical tools) but only for the management of customer's business and contact information and never for processing our customer's employee data. All 3rd party data processors adhere to uTRAC's strict internal privacy policies which are guided by regulations and industry standards.
All customers can be provided with all held data and that data can be deleted upon 'right to be forgotten' requests where there is no legitimate requirement for us to hold that data.
Payment Processing
uTRAC does not hold any credit/debit card details used for processing online subscription payments. These payments are processed through Stripe.
uTRAC & Your Employee Data
Businesses looking to utilize uTRAC as a processor of their employee data can rest easy that the uTRAC cloud infrastructure and security team is dedicated to the protection of that data. Keeping our customer’s data is the most important aspect of what we do and uTRAC’s security is fundamental to our business.
Please review our Terms of Service for more information about uTRAC’s Data Security Policies.
Where Is Your Data Hosted?
All data uploaded to uTRAC is hosted by Digital Ocean cloud hosting with our platform running from 3 facilities.
London, UK
uTRAC customers based in the United Kingdom have their data hosted in Digital Ocean servers located in their London data centre.
Amsterdam, Netherlands
uTRAC customers based in the European Union have their data hosted in Digital Ocean servers located in their Amsterdam data centre.
New York, USA
uTRAC customers based anywhere else in the world have their data hosted in Digital Ocean servers located in their New York data centre.
How Accessible Is Your Data?
uTRAC data is hosted in the cloud, allowing businesses to access relevant data on any device anywhere in the world where there is internet. As with all web-based technology, uTRAC cannot guarantee 100% availability however uTRAC has a total uptime of 99.9% (based on the last 365 days) and service availability can be reviewed via utraconline.statuspage.io.
uTRAC has a total uptime of 99.9%
Redundancies
uTRAC has implemented several systems and processes to ensure consistent service levels so that our clients can access their employee data when required. Our business is proud and committed to maintaining our 99.9% uptime status and rely upon formal response plans designed to mitigate risks and ensure quick recovery times.
Backups
Customer data is backed up every 4 hours while uTRAC runs parallel servers in the event of primary server failure.
Monitoring
Scripted monitors check memory levels and server heartbeats with automated alerting and corrective procedures.
Updates
uTRAC relies on automated rollout and rollback processes to safely update our various platforms efficiently.
In the rare occurrence of an incident, uTRAC will endeavour to communicate the current resolution status to our customers via utraconline.statuspage.io. All Incidents are followed by formal postmortems by our security team resulting in analysis and corrective actions.
Who Can Access Your Data?
The uTRAC platform is designed so that the controllers of our hosted data (our customers) are enabled to control levels of access and monitor changes to that data. Similarly, access may be given to employees to view and edit their related personal and sensitive data.
Our customers are responsible for the data they upload to uTRAC and that data is not shared to third parties. In the event of service suspension, uTRAC customers may export all data and expunge that data from uTRAC servers.
uTRAC Support
As part of our service, uTRAC support agents are available to users of uTRAC to assist with the use and operation of the uTRAC platform. All support agents are trained in data security and uTRAC management enforces strict data management policies to ensure personal data remains secured from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording and destruction.
How Secure Is Your Data?
As well as implementing strict policies for internally maintaining the integrity of customer data, uTRAC employs a variety of methods to maintain security from external actors.
Application Security
Infrastructure Security
Database Security
uTRAC & GDPR
The GDPR is part of the EU Data Protection Regulation aiming to standardize and strengthen the rights of European citizens to data privacy. From May 25 2018, every organization holding data of any EU citizen will be obliged to meet new standards of transparency, security and accountability.
We recommend that all clients familiarize themselves with GDPR Legislation and its definition of Personal Data and ensure that they have implemented the requisite steps in ensuring that their internal data policies are compliant.
Are You GDPR Ready?
Download our GDPR checklist.
uTRAC is compliant as a cloud service provider that processes the employee data uploaded by its EU/EEA customers.
| Data Protection Officer | uTRAC have appointed Data Protection Officer. In this role, our DPO will be performing regular internal audits to ensure that uTRAC’s Privacy Policies is fully implemented and adhered to. Please contact compliance@utraconline.com if you have any queries. |
| Data Processing Agreement | uTRAC's standard data processing agreement for EU/EEA customers is applied through our software terms of service. |
| Security Policies, Training & Enforcement | uTRAC enforces strict data policies throughout its businesses with rigorous training and monitoring. |
| Risk Impact Assessments | uTRAC implements a 'privacy by design' approach to developing our platform which includes extensive risk assessment to each product change. |
| Website Auditing | uTRAC's commercial website (utraconline.com) is hosted separately to the uTRAC cloud platform and has been audited to ensure cookies and visitor tracking used to improve user experience adheres to GDPR. Website Privacy Policy |
| Data Separation | All personal data uploaded by EU/EEA clients is not transferred outside of uTRAC's EU based servers. |
| 3rd Parties | uTRAC does not share any employee data uploaded by clients with any 3rd parties. |
| Encryption in Transit | All data transferred to/from uTRAC is encrypted using 256b enterprise level SSL encryption. |
| Encryption at Rest | Sensitive data remains hidden through pseudonymisation and asynchronous encryption when appropriate. |
| Testing | uTRAC regularly scans for endpoint vulnerabilities and runs penetration tests to maintain data integrity. |
| Breach Monitoring & Notifications | uTRAC utilize alarms and redundancies to monitor breaches. Customers will be notified the exact details of any data breach without delay, where feasible. |
| Consent, Transparency & 'Right to Be Forgotten' | Employees may review and amend their personal data through the uTRAC platform while uTRAC enables its clients to request privacy policy 'opt-ins' from employees. uTRAC can also quickly assist with any requests made by employees to our clients for data amendment, review, or erasure. |
uTRAC Updates Related to GDPR
In accordance to GDPR, we will soon be rolling out updated Terms of Service and Privacy Polices which will require all user acceptance prior to logging into the uTRAC platform. By agreeing to these updates, users of our platform will be entering into a new agreement of consent with us that will satisfy the requirements of GDPR in the scope of how uTRAC is utilized as a data processor and how we act as a data controller.
Similarly, we will be rolling out new functionality in the uTRAC platform for our clients to better guarantee compliance to GDPR in how they manage the data of current and future employees.
Staff Opt-In Tool
The uTRAC Staff Opt-In Tool will allow employers to communicate any changes to their employment contracts and privacy policies. Employees will be able to opt-in to any changes giving their employers and auditable tool to easily prove adequate consent was given for the holding and management of their employee data.
This tool is available on request and our team will be on-hand to assist any clients wishing to communicate data policy consent forms to their staff.
Unsubscribe Tracking
Customers that utilize uTRAC mail servers will now include unsubscribe links in the footer of outgoing emails from their uTRAC accounts. uTRAC will automatically prevent any emails being sent to individuals that unsubscribe from receiving future emails and notify our customers of each unsubscription.
The contents of this page are limited to general information and not detailed analyses of law or legal advice and are not intended to address specific legal queries arising in any particular set of circumstances.