WorkingWell recognises your right to privacy. We use security precautions to make sure any information we collect about you remains private and is in accordance with the General Data Protection Regulation (GDPR). Our Data Protection registration number is ZA026672.
Under GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard our data, and strict security standards to prevent any unauthorised access to it. We do not pass on your details to any third party unless you give us permission to do so.
Please note that by completing any of our online questionnaires, you are granting us permission to use the anonymised data for statistical analysis and general reporting of group data. However, please be assured that your personal data is completely private and confidential. Nobody within the client organisation will ever see your individual answers or results unless you have specifically given your consent by clicking through an Informed Consent at the start of the questionnaire. WorkingWell will not share any personally identifiable or private information submitted online with any third party.
Certain portions of our website may require you to sign in or create an account. Your private information (which may include your name, address, email address, and other information) is not shared with any individuals or organisations outside of WorkingWell unless you have authorised us to do so. All personal data provided by you will be treated strictly in accordance with the terms of GDPR. This means that confidentiality will be respected and that appropriate security measures will be taken to prevent unauthorised disclosure.
WEB BASED SOLUTIONS
WorkingWell understands that it is a privilege to have you as a user of our systems and is committed to protecting your personal information. Our security standards are in line with industry "best practices" to protect our systems and the information stored on our servers against loss, unauthorised access and misuse.
We appropriately manage our server environment and firewall infrastructure. Our security practices are reviewed on a regular basis and we routinely update our security technologies to ensure that your data is protected.
In addition, we use the following controls to safeguard your personal information:
1. Use of security controls to restrict access to databases housing personal information,
2. Use of encryption for sensitive personal information, such as user names and questionnaire responses and personal identifiers,
3. Restrict employee access to databases containing personal information and impose confidentiality requirements upon employees who do.
4. Use of a hardware firewall appliance which blocks access to unauthorised ports on the server. Stateful packet inspection, Application layer gateways and advanced DOS protection provide best of class network security protection from potentially malicious traffic.
5. Administrative access is restrictable to authorised management work stations based on IP address. Remote Desktop is used providing an encrypted administrative session to protect against man-in-the-middle or sniffing attacks.
Personal, Group and Aggregate Reporting
How we keep your personal information secure
Anonymised group and aggregate data is available to the client organisation and WorkingWell for group analysis and generation of management reports. The following measures are used as a means to protect the privacy of individual data within a group selected for analysis:
1. Exporting personal data for group analysis removes all identifiers required to access individual data.
2. The number of users in a selected group report must meet the minimum group size of at least 6.
Access to report generation is restricted to administrators designated by the client organisation and who have been granted express permissions to generate group reports within certain designated parameters as assigned by WorkingWell.
Passing information between your computer and the server
When you login to any WorkingWell web based solution, you start a private session between your browser and the server hosting your application.
For the period of time that you are actively involved in your session, you will be issued an application and language cookie. All personal information contained in HTTP headers sent between your browser and the server will be encrypted.
We treat any personal information that may be contained in cookies with the same level of confidentiality as other information you provide to us.
The whole process is strictly confidential and nobody within the client organisation will ever see your completed questionnaire or your individual results.
Individual data cannot be accessed by the client organisation and the only information they will receive will be the anonymised aggregate group reports and any suggestions for improvement that you have provided. WorkingWell will not share any personally identifiable or private information submitted online with any third party unless stated.
The profile data from your assessment sessions is stored on the server hosting your application. It is not provided to any other external party for any reason. There are no advertisers or other external commercial interests on any WorkingWell site, other than the client organisation offering this service to you.
All communications with the database server are via Secure Sockets (HTTPS).
Passing information from your profile to other parties
Links to other sites
WorkingWell sites may be linked from and linked back to a site maintained by your employer who has made the assessment systems available for your use. Your employer may have security systems in place to prevent access to other internet sites available to the public. It is the responsibility of your employer to control access to other sites on the Internet.
WorkingWell is not responsible or liable for the practices of such other sites, including the privacy practices of such sites. You should read the privacy policies of each site you visit to determine what information that site may be collecting, using or disclosing about you.
In some implementations of our products, the client organisation may offer incentives, external services or professional resources to support you in making positive changes that can reduce your risks and improve your health.
These offers may be based on your profile data and will be presented to you for your consideration in connection with your WorkingWell experience. Where such offers require you to provide your e-mail or other contact information, you can choose to accept or decline participation. Such offers are the sole responsibility of the client and are not provided by WorkingWell.