Easy Metrics compliance with European Union Privacy Laws
We at Easy Metrics take the security and privacy of our clients’ data very seriously. Even before the European Union passed the General Data Protection Regulation (GDPR), our policies and processes reflected our commitment to the privacy of all individuals involved, regardless of citizenship or location. To help clients with facilities in member countries covered by the GDPR, this document will summarize the policies and processes we use to ensure the privacy, integrity, and availability of our data. Compliance with the GDPR regulation requires the cooperation of Easy Metrics and all of our affected clients.
Basis for Data Processing
Easy Metrics is a Management Information System provider. We provide insight into the raw data collected by the systems in our clients’ environments using different forms of quantitative and qualitative analysis algorithms.
Data Protection Officer
Easy metrics employes a qualified Information Security Management team led by our information Security Manager, who serves as our Data Protection Officer. This position was created with the sole purpose of ensuring the confidentiality, integrity, and availability of all Easy Metrics’ services.
Policy on Sensitive Data
Easy Metrics has always had a strict policy to not collect more information than necessary to provide our services. We will not accept sensitive information such as Social Security/Government Identification Numbers, Home Address, Personal Email, or Biological Statistics (height, weight, age, race, sex, etc.). Furthermore, we support data Tokenization/Anonymization in the raw data.
Easy Metrics enters a contractual agreement to provide data analysis to assist organizations reach their management goals. To do this we need to collect data about the processes performed throughout the day by an individual. These process can be referred to by name, pseudonym, or anonymous token. To comply with Fair Acquisition, Clients should amend their employment agreement with a section related to the data collection performed within the organization, and any pieces which are provided to Easy Metrics. We are glad to answer any questions related to the methods used to collect. Please contact firstname.lastname@example.org
Pay Rate Data
The information Easy Metrics collects with regards to wages is at our client’s discretion. During setup clients may choose to use an individual’s actual pay rate, or an average pay rate for a group or process. This can be changed after initial setup within the Easy Metrics UI.
Policy on Data Access
Easy Metrics has a strict policy regarding which employees can access a client’s information, under what conditions, and for what purposes. Access to the system is logged and monitored. Any violation to this policy will be reported to the affected parties, as well as
Easy Metrics uses the most secure available communication method (chosen by our clients) to take raw data into our environment. Supported Methods are:
Cloud Storage file transfers
This method uses encrypted web requests (TLS via HTTPS) along with Asymmetric Encryption Keys to authenticate all requests. Requests are hashed and signed to protect them from modification in-transit. The data is stored in the United States, East region by default. Client’s may request a specific region during the implementation definition. Choosing a different region incurs a different cost. For information on selecting a specific region for storage or processing contact email@example.com
Secure File Transfer Protocol
In the event a facility is not able to use the Cloud Storage method above, Easy Metrics will connect to a Secure File Transfer Protocol (SFTP) server designated by the client. SFTP uses either Symmetric or Asymmetric Encryption (set by the server’s configuration files) to protect data in transit. Data is then transferred, by Easy Metrics, to our Cloud Storage platform. The default storage location is the United States, East region. Client’s may request a specific region during the implementation definition. Choosing a different region incurs a different cost. For information on selecting a specific region for storage or processing contact firstname.lastname@example.org
Email to Cloud Storage
One option we offer to help clients without the technical capability to support the previous interfaces is an automatic email interface. This interface allows data files to be sent to our Cloud Storage platform via specific unique email addressing. We recommend encrypting the emails with PGP encryption. However, we will support unencrypted emails if requested. It is imperative you use good data security procedures when choosing the Email to Cloud interface.
In addition to restricting the types of sensitive information and using secure communication methods, Easy Metrics restricts the use of client data to to two cases:
Processing in pursuit of client goals – We discuss with each client their needs and goals and formulate and individual plan for analysis. Data is only used to model the processes and procedures defined by our clients.
Processing in the pursuit of academic knowledge – As a technology leader, Easy Metrics strives to contribute to our industry with knowledge. From time to time we may publish an analytical white paper related to some data phenomenon. In these cases, all data will be anonymized. Data will not contain references to any recognizable feature of the underlying data such as internal codes, process names, categories, tiers, etc. In the event that Easy Metrics would like to use your data anonymously in our research, we will make a diligent effort to seek your approval prior to it’s inclusion.
Easy Metrics will never give, sell, or otherwise deliver your data to a third party unless legally compelled to do so. Easy Metrics’ agreement with our Cloud Service providers includes provisions to ensure Data Privacy and comply with all Data Steward requirements. Easy Metrics has vetted several Cloud Service providers and will work with the one that best suit our clients’ needs on a case-by-case basis.
Data Access and Verification
Any employee should have the right to verify the information Easy Metrics collects with regard to them is accurate and appropriate to the type of processing it is used for. Individuals with concerns about the data collected have two avenues for accessing the information stored in our systems regarding them. The first is to request a report of the data from their Labor Management Director. This person can pull a report directly from the Easy Metrics interface showing all the data related to that employee. The second option is to send a request directly to email@example.com
Once we identify and authenticate the requestor, Easy metrics will provide a report of the collected data for verification, along with a use case of any report which would have contained that data.