IT Security and Data Protection
Eurekos takes great pride in protecting your personal data because it's the foundation for your trust in us as your LMS provider.
Whether it’s about organizational procedures or technical security measures we will always be in the safe zone.
- Eurekos and the EU General Data Protection Regulation (GDPR)
- Certificates and Procedures
- Platform Security
- Server Security
- Our commitment to data privacy
- Personal Data and Privacy by Design
Eurekos and EU General Data Protection Regulation (GDPR)
Eurekos is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We take full responsibility for making sure that both we and all our sub-contractors adhere to GDPR in order to secure your personal data. All sub-contractors have signed either an EU Model Clause Agreement or are part of the EU-US Privacy Shield Agreement, if based outside the EU/EEA.
Certificates and Procedures
In order to ensure the best security for your personal data we have chosen a hosting provider certified by global standards in accordance with ISO27001:2013. This certification is provided upon request.
Eurekos made the decision to continuously invest in providing our clients with all information necessary to demonstrate compliance with the obligations laid down in GDPR by getting an ISAE 3000 declaration on our personal data protection processes and security setup. We provide this to our clients on a yearly basis.
The Eurekos commitment to ensuring compliance with the GDPR has led to the use of external software that ensures strong security with our own processes and obligations. In addition to this, we make sure that every employee regularly receives training in our internal GDPR compliance setup. In addition, only authorized personnel have access to data for support and/or advising purposes.
Platform Security Features
At Eurekos we have implemented numerous security features to ensure that unauthorized access or alteration of the platform is prevented.
The platform is designed so that every user has a role and allowed actions, so it’s only possible, as an example to alter the platform configuration for a very limited number of users. The same role and permission settings allow for us to continuously rectify and update personal data as required.
Advanced Password Authentication
We maintain strong password requirements that require the password to meet a certain combination to be valid. Furthermore, users are blocked after a number of failed attempts to login.
As an extra security measure, we have geolocation alerts that alert the user if their credentials are used to login from a position more than a configurable distance away from their last position. The same trigger also alerts the user if their credentials are used from a different device or browser than usual.
Two-Factor Authentication is of course also an option.
Single Sign On
Customers may use Single Sign On (SSO) which requires users to be authenticated via an identity provider. Other authentication tools or social login possibilities like Facebook, LinkedIn and Google can be used as well.
There are two different types of firewalls in use. The first is on the server side and the second is a third-party service provided by the hosting partner. Both firewalls only allow connections that are vital to the system, and in addition, they block unsuccessful login attempts and brute force attacks.
We have an antivirus and antimalware scanner checking the site proactively. On server level, all executables and script injections are prevented from input fields and files provided by users.
The connection between the end user and the platform are encrypted, making it harder to read the data that is transferred. The performance of the SSL web server has the A+ score, which is the highest level achievable.
Commitment to Data Privacy
As a data processor, following local regulations is only one component of our commitment to privacy.
Our mission is to treat you and your customers with the respect you deserve.
Data Processing Agreement
Our Data Processing Agreement (DPA) reflects the requirements of the GDPR.
Data Protection Officer
We have appointed a Data Protection Officer to oversee our ongoing compliance efforts.
Personal Data and Privacy by Design
Eurekos is responsible for hosting the personal data on your platform. The types of personal data depend on what you decide to place in it. All we require is the name and e-mail. A unique user id will also be generated. Besides this data, you can add phone number, address, location and more.
Privacy by Design
Eurekos continuously improves the LMS with “Privacy by Design” in mind alongside honoring our core idea of an LMS founded and driven by social and collaborated learning and sharing. We have ensured that even though a user is deleted from the platform, courses they might have produced will still be available and the author will be anonymous. This gives your users the right to be forgotten at any time.