Data privacy and compliance at SHAPE
At SHAPE, we have your trust at the heart of our service. We protect your data and align with data privacy laws at every step of our service.
How SHAPE protects you
We have carefully designed information security practices and policies that ensure data security at all times. Microsoft Azure cloud technology provides a secure foundation across physical, infrastructure and operational systems. Only relevant personnel in SHAPE have access to customer data ensuring we act as a responsible data processor. Our standard operating procedures include regular personnel training, ongoing assessments and regular audits alongside robust documentation controls to prevent a data breach.
SHAPE employs state-of-the-art technology, allowing employees to confidently and securely answer survey questions and confidentially view their results. Microsoft Azure cloud technology ensures access to the latest, enterprise-grade security, practices and performance. For additional security, we employ data pseudonymisation and encryption technologies – both in transit and at rest. We fully document and control the use of algorithms and employ extensive test methodologies to ensure data accuracy and security.
Our goal remains ongoing compliance with GDPR, which we actively understand and align with. All data is owned by the employees who provide it, so they have complete control over what happens to it. SHAPE ensures continuous data anonymisation and collects explicit consent where options exist to waive anonymity. We operate clear and defined processes for data management, including account and data deletion under rules for the transfer of data internationally.
Transparency and consent
SHAPE's policies are in line with the UK Information Commissioner's Office (ICO), and regular privacy assessments are performed as part of our product development and audit processes. We also carry out regular data, system and security audits. We classify all data, which allows us to manage sensitive and personal data. All our business practices, including staff training, are documented in the form of detailed Standard Operating Procedures. We continuously review international regulations to ensure further compliance with country laws where we operate.