Data privacy and compliance at SHAPE

At SHAPE, we have your trust at the heart of our service. We protect your data and align with data privacy laws at every step of our service.

Data Privacy

How SHAPE protects you

Security

Security

We have carefully designed information security practices and policies that ensure data security at all times. Microsoft Azure cloud technology provides a secure foundation across physical, infrastructure and operational systems. Only relevant personnel in SHAPE have access to customer data ensuring we act as a responsible data processor. Our standard operating procedures include regular personnel training, ongoing assessments and regular audits alongside robust documentation controls to prevent a data breach.

Technology

SHAPE employs state-of-the-art technology, allowing employees to confidently and securely answer survey questions and confidentially view their results. Microsoft Azure cloud technology ensures access to the latest, enterprise-grade security, practices and performance. For additional security, we employ data pseudonymisation and encryption technologies – both in transit and at rest. We fully document and control the use of algorithms and employ extensive test methodologies to ensure data accuracy and security.

Technology
Full Control

Full Control

SHAPE operates in a way that gives its users complete control. For our diverse reader populations, we operate a clear language policy. We empower you with rich knowledge and documentation to safely engage your employees about SHAPE. You and your employees always have the right to view and rectify data under Article 15 and 16 of GDPR (General Data Protection Legislation). We offer complete access to updated legal and contractual documents, including our Terms of Service, Privacy Policy and Master Services Agreement.

GDPR Compliance

Our goal remains ongoing compliance with GDPR, which we actively understand and align with. All data is owned by the employees who provide it, so they have complete control over what happens to it. SHAPE ensures continuous data anonymisation and collects explicit consent where options exist to waive anonymity. We operate clear and defined processes for data management, including account and data deletion under rules for the transfer of data internationally.

GDPR Compliance
Transparency and consent

Transparency and consent

SHAPE's communicates openly. We explicitly ask for consent and maintain records of it. We never share data without permission. Our Terms of Service and Privacy Policy are accessible at all times with a clear history of updates applied. Requests for data deletion are always honoured as part of the right to be forgotten. We operate an updated Frequency Asked Questions section to empower improved understanding of our service and the rights of our customers.

Policies

SHAPE's policies are in line with the UK Information Commissioner's Office (ICO), and regular privacy assessments are performed as part of our product development and audit processes. We also carry out regular data, system and security audits. We classify all data, which allows us to manage sensitive and personal data. All our business practices, including staff training, are documented in the form of detailed Standard Operating Procedures. We continuously review international regulations to ensure further compliance with country laws where we operate.

Policies

Change your SHAPE