- How are responses to my Protect registration questions processed?
- Does Protect data get handled differently if employees register through the mobile app vs the iPad kiosk?
- Is Protect GDPR compliant?
- Will any third party organizations or individuals (e.g., vendors, business partners) have access to Protect data?
- Who has access to Protect data?
How are responses to my Protect registration questions processed?
Employees' responses to your Protect registration questions are kept private to them by default. However, Global Admin can choose to retain all responses or responses to certain questions from the response options page in your dashboard. You can learn more about managing your response options here.
If you choose to discard responses, responses to Protect questions will be transmitted over secure channels to Envoy’s servers for processing and removed no more than 24 hours later. In practice, we queue the data for deletion immediately after use, but in rare failure scenarios, we have other processes that will ensure deletion within 24 hours.
To help your team keep your workplace safe, administrators can see if an employee was approved or denied entry based on their responses. This information is stored on Envoy’s databases unless the entry has been deleted.
Is Protect data handled differently if employees register through the mobile app vs the iPad kiosk?
No, if you choose to discard responses, responses to your Protect registration questions are wiped within 24 hours whether they register through the mobile app or the kiosk.
Is Envoy GDPR compliant?
Yes, Envoy services comply with the GDPR, along with other crucial compliance and regulation needs. According to the regulation, there are different roles for companies based on how a company interacts with user data. Envoy is considered a data processor because we process personal data on behalf of our customers, who are considered data controllers.
Can I use Envoy Protect and comply with GDPR?
Yes. The European Data Collection Board has stated that organizations may collect personal data to prevent the spread of COVID and that consent is not required. If companies want to take extra precautions to mitigate the risk of mishandling sensitive data, they can choose to purge the responses to their Protect registration questions.
Will any third party organizations or individuals (e.g., vendors, business partners) have access to Protect data?
No subcontractors have direct access to customer data. During the processing of some requests, we send select requisite information to some vendors. For example, Envoy works through a vendor to send SMS notifications to hosts. In the course of sending the message, the vendor will receive a name and phone number specific to that event.
Envoy ensures its vendors/subcontractors provide sufficient safeguards for private data before engaging them, and reviews vendor security every year.
Who has access to Protect data?
We are committed to limiting access to the data collected from your Protect registration questions. When you choose to discard responses, your admins will only be able to see if an employee was approved or denied entry based on rules you set in the product, not their response to your questions. This will appear as "Response discarded" in your visitor and invites logs, email notifications, and exports. When you choose to save responses, your admin will be able to see employees' responses to your questions in the places mentioned above.