Reflektive takes data security seriously. In order for your company to build trust with your employees and get the most out of the Reflektive platform, employee privacy and data must be secure and tamper-proof.
General Security Overview
Reflektive customers interact with Reflektive in the following ways:
- Connecting to Reflektive Web Servers
- Visiting the Reflektive Website
- Using the Reflektive Extension (Chrome, Safari, Firefox)
- Using the Reflektive Outlook (Windows/Mac) Plugin
For detailed information on how Reflektive handles data and security through these channels, please look through the following .pdf documents.
SOC 2 Type-1 Compliance
Creating a culture of engagement and satisfaction requires an unparalleled level of transparency and trust. Every day, employees rely on their employer to keep their personal information safe, and companies in turn rely on software providers to protect employee data. As human resources systems move to the cloud in order to facilitate HR processes, companies like Reflektive carry the burden of storing that information in the most secure way.
Customers have always relied on us to keep the data of their people — their most important asset — safe. With an increase in demand from enterprise clients and their distributed workforces, Reflektive achieved SOC 2 Type 1 compliance, a way to provide third-party approval of the way we manage information stored in the cloud.
Governed by the American Institute of CPAs (AICPA), the stringent SOC 2 security examination and compliance standards allow companies to rely on our scalable solution with confidence to support real-time feedback, agile goal alignment, employee engagement and performance management.
SOC 2 Type-2 Compliance
The SOC 2 Type-2 reports concern policies and procedures over a specified time period; for this more rigorous designation, systems must be evaluated for a minimum of six months.
SOC 2 Type II reports are the most comprehensive certification within the Systems and Organization Controls protocol. Businesses seeking a vendor such as an I.T. services provider will find SOC 2 Type II is the most useful certification when considering a possible service provider’s credentials.
For Reflektive's SOC 2 Type-2 report, please click here.
What is Privacy Shield?
Privacy Shield is a joint certification from the US Department of Commerce, European Commission, and Swiss Administration that affirms that Reflektive adheres to privacy practices that comply with EU data protection laws and Swiss data protection laws. This gives EU and Swiss companies confidence that they can allow Reflektive to store their data in US-based datacenters, and helps Reflektive avoid the cost and overhead of hosting data in the EU.
To learn more about Privacy Shield, review the links below.
Frequently Asked Questions on Privacy Shield:
- Is Reflektive Privacy Shield Certified?
Yes, Reflektive is certified as of August 18th, 2017. Certification lasts one year, at which point we will certainly act to re-certify.
- How did Reflektive become Privacy Shield Certified?
Privacy Shield compliance is granted via application to the US Department of Commerce. Reflektive provided evidence of data protection practices and committed publicly to follow those practices, and was then certified.
- How can I prove that Reflektive is Privacy Shield Certified?
Reflektive’s official listing as a Privacy Shield compliant company can be found here.
- Where does Privacy Shield apply?
Reflektive is certified for both the EU and Switzerland. The EU certification includes all nations in the EU at present. This should replace any need for Model Clauses going forward.
The General Data Protection Regulation (GDPR) is a new framework of data protection laws for the European Union. Organizations collecting personal data of EU residents must adequately ensure protection of that data under these laws. Essentially, any company that does business in the EU and captures any kind of personal data about any EU resident will have to be in compliance.
To learn more about GDPR, feel free to open the link below.
How are Reflektive Customers Impacted?
Any Reflektive Customer that has EU employees or does business with EU residents and enters any personal data about those persons into Reflektive becomes a “Data Exporter” under GDPR. Reflektive is in turn a “Data Processor” under the GDPR. As a Data Exporter using Reflektive, Customers must:
- Obtain EU resident consent to record and use personal data
- Set data retention periods
- Respond to resident requests for access to or deletion of personal data
- Ensure “Data Processor” vendor compliance with personal data protection
How will Reflektive Provide Support?
Reflektive is fully committed to protecting the personal data of its clients. Currently, Reflektive complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and Reflektive is underway and ahead of schedule on its GDPR Compliance program.
- Process Personal Data only in compliance with the GDPR
- Process Personal Data only as a Processor acting on behalf of such Client
- NOT process any Personal Data for Reflektive’s own purposes or of any third party
- Provide customers with a SOC 2 Type II data security environment
- Provide customers’ EU resident employees or customers with a “right to be forgotten” process
- Assist customers in responding to data access requests from individuals
- Use “Privacy by Design” principles for its data protection programs, processes and projects
- Prepare and offer Clients a Data Processing Agreement setting forth Reflektive’s GDPR compliance
In sum, Reflektive Customers can rest assured that Reflektive will comply with the GDPR as a Processor processing Personal Data of EU residents.
Print this Guide
Use this guide for reference or share it with your team by saving or printing this page. Right-click anywhere on this page to save or print.