GPPR Provisions
Data Collection
- Noodle Factory collects only the necessary user data, which includes email address, first name (optional), last name (optional), and department/role (optional). No historic data is imported to Noodle Factory.
Data Processing and Purpose
- Noodle Factory does not use personal data for profiling purposes. User interactions with content are solely used to guide learners through different onboarding paths, ensuring minimal information is gathered for operational onboarding purposes.
Data Access and Retention
- Learners can only access personal data such as conversation logs and quiz submissions that they have created.
- System administrators, who are authorised personnel within the data exporter, may have access to learner data for administrative and support purposes.
- Noodle Factory will retain information stored on the Services for as long as the Customer's account is active. If the Customer terminates the contract or at the end of the contract, Noodle Factory will initiate the deletion of this information within 30 days.
Data Encryption
- All data within Noodle Factory is encrypted in transit using TLS v1.3 to ensure its security.
Security Audits
- All components of the product undergo periodic internal security audits, at a minimum of every 3 months, to maintain a robust security posture.
- External security audits are conducted once a year to assess and validate the effectiveness of Noodle Factory's security measures.
Data Recovery
- In case of data loss, Noodle Factory can recover the lost data from backups and/or audit logs.
Security Incident Reporting
- Security incidents must be reported to the Head of Engineering and CEO immediately.
- If a data breach affects external organisations, they will be informed promptly. The incident response process will include activities such as detection, analysis, containment, eradication, recovery, and post-incident procedures. The response process is considered complete when information confidentiality, integrity, and availability are restored to normal, and verification has been conducted.
Customer Data Ownership
- Customer data, limited to first name (optional), last name (optional), and email address, remains the property of the Customer.
- Noodle Factory does not share Customer Data with third parties. At the end of the contract, all customer data can be completely removed from the storage.
Data Export and Corrections
- All user data can be exported in CSV format and provided to the user upon request.
- Users can inform Noodle Factory of any inaccurate data that they want corrected on the platform.
User Account Deletion
- Noodle Factory will delete User Accounts and Stored Data in the Customer's account in a commercially reasonable period of time upon receipt of an Administrator's request prior to termination of the Services.
Data Processing Restrictions
- When a request is received to restrict further processing of data, the user account will be locked, and all user data will be hidden from the dashboard until further notice from the data subject.
Internal Governance
-
Noodle Factory is ISO27001 certified.
- As a SaaS platform, Noodle Factory hosts its services on Amazon Web Services (AWS) and Microsoft Azure, both of which are compliant with ISO/IEC 27001:2013.