Security &
Compliance
ReloTalent is designed and built with data privacy, security and compliance at its core. We understand that the data you handle for your customers and their assignees is sensitive and must be processed with care by your chosen technology provider.
Our security system ensures data protection through features, controls, process and precautions. The security, confidentiality and integrity of our user data and application infrastructure are critical. With ReloTalent as your technology partner, you can rest assured that your data is in good hands.
Physical Security
ReloTalent's physical infrastructure is hosted and managed within Amazon Web Service’s (AWS) secure data centre in Frankfurt, Germany.
AWS continually manages risk and undergoes recurring assessments to ensure compliance with the top industry standards.
​
AWS’s data centre operations are accredited under:
-
ISO 27001
-
SOC 1 & SOC 2 / SSAE 16 / ISAE 3402
-
PCI Level 1
-
FISMA Moderate
-
Sarbanes-Oxley (SOX)
​
​
​
Application Security
Ensuring that ReloTalent is secure at the application layer is one of our highest priorities with data security having a significant impact on architecture design.
​
-
ReloTalent is a multi-tenant application with each tenant identified by a unique User ID.
-
All information is served at the application layer, with hardware and software firewalls to prevent any access to the database server directly.
-
All tenants are authenticated against their User ID, username and domain name.
-
User documents are stored securely on the file system with appropriate file permissions.
​
​
​
​
​
​
​
Network Security
As an online platform, gold standard network security essential for a completely secure environment.
​
-
Infrastructure ran on Virtual Private Cloud (VPC).
-
Separate internal DMZ and private subnets.
-
Load balancers on the border of the VPC, forwarding HTTPS traffic to the application servers.
-
AWS Security Groups configured to allow specific traffic between server ports and subnets.
-
Application and database servers only ever have the required ports for specific services open.
​
​
​
Data Security
Even with the correct physical, application and network security measures in place, strong data security is still essential. ReloTalent is committed to providing its clients with such a service.
​
-
Data encryption at rest and in transit.
-
All communications over the internet use HTTPS.
-
ReloTalent uses AWS's recommended cypher set for SSL handshake between the client and the server.
-
All user passwords are encrypted.
-
All data is encrypted when being transmitted over the internet between users and ReloTalent.
-
ReloTalent performs regular vulnerability scans to ensure your data is always safe and secure.
​
​
For more information on ReloTalent’s data security measures please visit our Data Security FAQs below or contact us.
Compliance
Compliance with international data protection and handling laws is essential for any business processing personal data, especially for those working across borders, such as in the global mobility industry.
As a relocation management platform built around security and compliance, ReloTalent has fully incorporated the Global Data Protection Regulation (GDPR) into the platform. Our GDPR-compliant solution provides you with complete data accountability; from initial assessment to ongoing monitoring and final deletion of non-essential personal data.
​
Your Compliance
We have worked hard to pack ReloTalent with features that ensure any work you complete through ReloTalent will be safe, secure, and compliant for both you and your customers.
​
-
Role-based access with data permissions.
-
Two-factor authentication of user accounts.
-
Active tracking of relocation and assignment tasks and actions.
-
Automatically generated audit trails.
-
Secure and specific sharing of assignee data.
Our Compliance
Besides only working with an ISO 27001 certified partner for our hosting needs, ReloTalent has been awarded with ISO 27001 certification as well.
​
ReloTalent also advises all of its clients to sign our Data Protection and Processing Agreement, which outlines our legal obligation to carry out all of our data processing activities safely and securely. This contract provides our clients with a legal guarantee that their information will be handled to the correct GDPR standards while on the platform.
​
​
​
Frequently Asked Questions
What is ReloTalent’s overall approach to data security?
ReloTalent fully understands the need for data privacy and security for our clients in the global mobility space. We are fully compliant with the General Data Protection Regulation (GDPR) and follow all of the necessary laws and regulations laid out by the European Union concerning data protection.
The GDPR represents the most robust stance on personal data protection in the world, and we, therefore, view this legislation as the global standard for information privacy and security.
We offer all our clients a Data Protection and Processing Agreement for both parties to agree to and sign. The document represents ReloTalent’s contractual commitment to treat our clients' data securely and in compliance with the GDPR.
​
​
What data storage does ReloTalent use?
ReloTalent’s physical infrastructure is hosted and managed within Amazon Web Service’s (AWS) secure data centres. AWS continually manages risk and undergoes recurring assessments to ensure compliance with the top industry standards. ReloTalent uses AWS' Frankfurt, Germany data centre for data storage.
​
​
Who has access to the data I upload to ReloTalent?
The only people who have access to the data uploaded into a client environment are those with a login for that environment. ReloTalent provides clients with role-based environments that give managers the ability to define and set the permissions for their team members. This function allows managers to ensure that their team members only have access to the information they need in their role.
Our Customer Success Managers are available to assist clients with regards to setting this feature in their ReloTalent environment.
​
​
Who owns the data I upload to ReloTalent?
ReloTalent clients retain full ownership of their data while it is in their environment.
​
What happens to my data if I leave ReloTalent?
If a client leaves ReloTalent, or ReloTalent ceases to trade, the client will have 30 days of free access to retrieve all of their information from the platform.
After this point, the complete erasure of all client data on our servers will take place.
​
Does ReloTalent sell user or client data?
ReloTalent does not sell any user or client data for marketing or any other purposes. This would be a violation of global data protection laws, including GDPR.
We will contact users who have opted in to our marketing communications about updates to ReloTalent or to let them know about upcoming developments related to the platform, although recipients can always opt out of receiving these communications at any time.
​