- How is employee data processed?
- Does Protect data get handled differently if employees register through the mobile app vs the iPad kiosk?
- Is Protect GDPR compliant?
- Will any third party organizations or individuals (e.g., vendors, business partners) have access to Protect data?
- Who has access to Protect data?
How is employee data processed?
If you choose to ask questions about your employees’ health using Envoy Protect, their responses are kept private to them. Responses to Protect questions will be transmitted over secure channels to Envoy’s servers for processing and removed no more than 24 hours later—we do not retain employee responses to the screening questions.
Your team will not have access to employees’ responses in any form, whether through a dashboard, report, or otherwise. To help your team keep your workplace safe, administrators can see if an employee was approved or denied entry based on their responses. Whether an employee was approved or denied entry is stored on Envoy’s databases unless deleted.
Does Protect data get handled differently if employees register through the mobile app vs the iPad kiosk?
No, employees' responses to your Protect health questionnaire are wiped within 24 hours for Employee Registration flows whether they register through the mobile app or the kiosk. In practice, we queue the data for deletion immediately after use, but in rare failure scenarios, we have other processes that will ensure deletion within 24 hours.
Is Protect GDPR compliant?
Envoy does not store the data from our Protect product that pertains to the self-certification questions. Protect only ingests employee information which is taken from the employee directory, not from the visitor log, as such, GDPR regulations are not applicable.
Will any third party organizations or individuals (e.g., vendors, business partners) have access to Protect data?
For our Envoy Protect product, the answers to employee registration questions used during screening are not stored. No subcontractors have direct access to customer data. During the processing of some requests, we send select requisite information to some vendors. For example, in order to send an SMS notification Envoy uses a vendor, which in the course of sending the message will receive a name and phone number specific to that event. Envoy ensures its vendors/subcontractors provide sufficient safeguards for private data before engaging them, and reviews vendor security every year.
Who has access to Protect data?
We are committed to limiting access to the data items collected as part of the Envoy Protect. No admin roles or customers will have access to the employee screening data in any form, whether through a dashboard, report, or otherwise. Admins will be able to view the approved/denied state of employees that have registered to come onsite both for upcoming visits and historically.