relotalent_logo_white.png

Security And Compliance

ReloTalent is designed and built with data privacy, security and compliance at its core.

We understand that the data you handle for your customers and their assignees is sensitive and must be processed with care by your chosen technology provider.

 

Our security system ensures data protection through features, controls, process and precautions. The security, confidentiality and integrity of our user data and application infrastructure are critical.

 

With ReloTalent as your technology partner, you can rest assured that your data is in good hands.

At ReloTalent, we understand the importance of data privacy for everyone, especially in the complex and fast-changing global mobility industry.

Security

Physical Security

ReloTalent's physical infrastructure is hosted and managed within Amazon Web Service’s (AWS) secure data centre in Frankfurt, Germany.
 
AWS continually manages risk and undergoes recurring assessments to ensure compliance with the top industry standards.
AWS’s data centre operations are accredited under:
  • ISO 27001
  • SOC 1 & SOC 2 / SSAE 16 / ISAE 3402
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Network Security

As an online platform, gold standard network security essential for a completely secure environment.

  • Infrastructure ran on Virtual Private Cloud (VPC).

  • Separate internal DMZ and private subnets.

  • Load balancers on the border of the VPC, forwarding HTTPS traffic to the application servers.

  • AWS Security Groups configured to allow specific traffic between server ports and subnets. 

  • Application and database servers only ever have the required ports for specific services open.

For more information on ReloTalent’s data security measures please visit our Data Security FAQs below or contact us.

Application Security

Ensuring that ReloTalent is secure at the application layer is one of our highest priorities with data security having a significant impact on architecture design.
  • ReloTalent is a multi-tenant application with each tenant identified by a unique User ID.

  • All information is served at the application layer, with hardware and software firewalls to prevent any access to the database server directly.

  • All tenants are authenticated against their User ID, username and domain name.

  • User documents are stored securely on the file system with appropriate file permissions.

Data Security

Even with the correct physical, application and network security measures in place, strong data security is still essential. ReloTalent is committed to providing its clients with such a service.
  • Data encryption at rest and in transit.

  • All communications over the internet use HTTPS.

  • ReloTalent uses AWS's recommended cypher set for SSL handshake between the client and the server. 

  • All user passwords are encrypted.

  • All data is encrypted when being transmitted over the internet between users and ReloTalent.

  • ReloTalent performs regular vulnerability scans to ensure your data is always safe and secure.

Compliance

Compliance with international data protection and handling laws is essential for any business processing personal data, especially for those working across borders, such as in the global mobility industry.

 

As a relocation management platform built around security and compliance, ReloTalent has fully incorporated the Global Data Protection Regulation (GDPR) into the platform. Our GDPR-compliant solution provides you with complete data accountability; from initial assessment to ongoing monitoring and final deletion of non-essential personal data.

Your Compliance

We have worked hard to pack ReloTalent with features that ensure any work you complete through ReloTalent will be safe, secure, and compliant for both you and your customers.
  • Role-based access with data permissions.

  • Two-factor authentication of user accounts.

  • Active tracking of relocation and assignment tasks and actions.

  • Automatically generated audit trails.

  • Secure and specific sharing of assignee data. 

In addition, we offer our clients a personalised GDPR Onboarding. These sessions help you to ensure your compliance both in and outside of the ReloTalent platform.

Our Compliance

Besides only working with an ISO 27001 certified partner for our hosting needs, ReloTalent has integrated many of the core principles and processes of ISO 27001 into its operations.

ReloTalent also advises all of its clients to sign our Data Protection and Processing Agreement, which outlines our legal obligation to carry out all of our data processing activities safely and securely. This contract provides our clients with a legal guarantee that their information will be handled to the correct GDPR standards while on the platform.

A copy of ReloTalent’s Data Protection and Processing Agreement can be downloaded below.

Frequently Asked Questions

What is ReloTalent’s overall approach to data security?

ReloTalent fully understands the need for data privacy and security for our clients in the global mobility space. We are fully compliant with the General Data Protection Regulation (GDPR) and follow all of the necessary laws and regulations laid out by the European Union concerning data protection.

The GDPR represents the most robust stance on personal data protection in the world, and we, therefore, view this legislation as the global standard for information privacy and security.

We offer all our clients a Data Protection and Processing Agreement for both parties to agree to and sign. The document represents ReloTalent’s contractual commitment to treat our clients' data securely and in compliance with the GDPR.

What data storage does ReloTalent use?

ReloTalent’s physical infrastructure is hosted and managed within Amazon Web Service’s (AWS) secure data centres. AWS continually manages risk and undergoes recurring assessments to ensure compliance with the top industry standards. ReloTalent uses AWS' Frankfurt, Germany data centre for data storage.

Who has access to the data I upload to ReloTalent?

The only people who have access to the data uploaded into a client environment are those with a login for that environment. ReloTalent provides clients with role-based environments that give managers the ability to define and set the permissions for their team members. This function allows managers to ensure that their team members only have access to the information they need in their role.

Our Customer Success Managers are available to assist clients with regards to setting this feature in their ReloTalent environment.

Frequently Asked Questions

What is ReloTalent’s overall approach to data security?

ReloTalent fully understands the need for data privacy and security for our clients in the global mobility space. We are fully compliant with the General Data Protection Regulation (GDPR) and follow all of the necessary laws and regulations laid out by the European Union concerning data protection.

The GDPR represents the most robust stance on personal data protection in the world, and we, therefore, view this legislation as the global standard for information privacy and security.

We offer all our clients a Data Protection and Processing Agreement for both parties to agree to and sign. The document represents ReloTalent’s contractual commitment to treat our clients' data securely and in compliance with the GDPR.

What data storage does ReloTalent use?

ReloTalent’s physical infrastructure is hosted and managed within Amazon Web Service’s (AWS) secure data centres. AWS continually manages risk and undergoes recurring assessments to ensure compliance with the top industry standards. ReloTalent uses AWS' Frankfurt, Germany data centre for data storage.

Who has access to the data I upload to ReloTalent?

The only people who have access to the data uploaded into a client environment are those with a login for that environment. ReloTalent provides clients with role-based environments that give managers the ability to define and set the permissions for their team members. This function allows managers to ensure that their team members only have access to the information they need in their role.

Our Customer Success Managers are available to assist clients with regards to setting this feature in their ReloTalent environment.

Who owns the data I upload to ReloTalent?

ReloTalent clients retain full ownership of their data while it is in their environment.

What happens to my data if I leave ReloTalent?

If a client leaves ReloTalent, or ReloTalent ceases to trade, the client will have 30 days of free access to retrieve all of their information from the platform.

After this point, the complete erasure of all client data on our servers will take place.

Does ReloTalent sell user or client data?

ReloTalent does not sell any user or client data for marketing or any other purposes. This would be a violation of global data protection laws, including GDPR.

We will contact users who have opted in to our marketing communications about updates to ReloTalent or to let them know about upcoming developments related to the platform, although recipients can always opt out of receiving these communications at any time.

Does ReloTalent provide a compliant solution for US-based businesses?

ReloTalent’s data storage and computing provider, AWS, is fully certified under the EU-US Privacy Shield. As such, we provide US clients with compliant handling of their assignees’ personal data without having to change the way they use or interact with ReloTalent.

With this certification in place US-based businesses can safely upload their data to ReloTalent as they would to any US business, without the fear of breaking any US compliance or data privacy laws.

 

Try ReloTalent for free

No credit card required

  • LinkedIn - White Circle
  • Facebook - White Circle
  • YouTube - White Circle
Blogicon.png

Our mission

Efficiency

Support

Quality

Features

Relocation management

Immigration management

Destination services

Company

Member of

WorldwideERC.png
logo-eura2.png
Artboard 5.png

© 2019 ReloTalent - All rights reserved