We take the security of your data very seriously and have a number of security measures in place to protect your Culture Segments TagTool data from unauthorised access, modification or destruction. These measures are described below.
Parties involved in delivering Culture Segments TagTool
Culture Segments TagTool is managed by Morris Hargreaves McIntyre (“MHM”).
Si Novi (“Si Novi”) provide support and development for TagTool, https://sinovi.uk/.
Culture Segments TagTool is hosted by Amazon Web Services (“AWS”) in the Republic of Ireland. This brings with it all of the industry leading security built into the AWS infrastructure. See https://aws.amazon.com/security/ and https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf for more information of AWS security.
Culture Segments TagTool data collection methods
This is a summary of the different ways Culture Segments TagTool can be used. We will use this terminology to refer to each of the data collection methods in the rest of this document.
Checkout – Ask people to answer the Golden Questions during their booking process or immediately after via the booking confirmation email. The unique link will write the data tags back into your CRM system.
Enrich – Email existing CRM contacts with a link to the Golden Questions. The unique link will write the data tags back into your CRM system.
Capture – Post the link anywhere you like, on Facebook, in your newsletter, asking people to complete the Golden Questions. Download tagged data.
Append – Add the Golden Questions to any questionnaire anywhere you like. Upload the responses and download tagged data.
Personal Data
Culture Segments TagTool stores the following Personal Data for each of the data collection methods.
Checkout and Enrich – Customer ID. This is used to write data generated by the tag tool survey back to your CRM system.
Capture – Name and email address.
Append – No data is stored.
Encryption
All data and backups are encrypted at rest using AES 256. Si Novi manage the encryption keys. AWS has no access to unencrypted data.
When using the Culture Segments TagTool portal all data is encrypted in transit using HTTPS.
Data encryption in transit between Culture Segments TagTool and your CRM system is usually encrypted using HTTPS, but this is dependent on how it has been configured. To check please contact your MHM project manager.
Culture Segments TagTool portal user passwords are salted and hashed using bcrypt. This is a one-way process and means nobody will ever be able to see the password you use to access Culture Segments TagTool portal.
Names and email addresses obtained using the Capture function have an additional layer of encryption which means they are not visible to Si Novi when accessing the back end of the Culture Segments TagTool system.
Backup
Backups are made every 24 hours and retained for 7 days.
Access Control
Culture Segments TagTool portal
Clients access Culture Segments TagTool via the portal. Access is controlled by client admins.
MHM can only access Culture Segments TagTool via the portal and have no access to Personal Data in Culture Segments TagTool unless set up as a user in the client’s portal. This can be done if needed by a client admin or by an MHM admin with permission from a client.
Passwords must have a minimum of 8 characters and are checked against a list of commonly used passwords which can’t be used (e.g. ‘password’).
Culture Segments TagTool back-end
Si Novi have access to the back-end of the Culture Segments TagTool system via AWS.
No user accounts are shared and are all identifiable to named individuals.
Multi-factor authentication is used along with minimum password complexity and IP allow listing to restrict access to specific IP addresses only.
Logs
Logs are kept of Capture data exports (user, date and time) and changes made to a user (date and time created and date and time last updated).
Logs are kept of all user actions and API calls with AWS CloudTrail https://aws.amazon.com/cloudtrail/
Other
Culture Segments TagTool portal users are logged out when the browser window is closed or after 24 hours of inactivity.
Architecture
The main application is hosted on AWS using an Elastic Beanstalk. The server that runs the crons to send data to your CRM is a separate EC2 server, also on AWS. The database is an AWS RDS stack. All are within a VPC for security.
