We comply with the EU General Data Protection Regulation (EU 2016/679) (“GDPR”) and its fundamental principles. On this page you can find a summary of our internal compliance routines and our continuous work to secure GDPR compliance within Mentimeter.
Importantly, we only use processors to the extent necessary to enable us to provide the best services possible, and we never have and will never sell any personal data to third parties.
We are committed to ensuring that both our customers and users feel safe with respect to our processing of personal data. To that end, we have implemented technical, contractual, and organizational measures to ensure that any transfer of personal data of EU citizens outside of the EU is handled securely. Below is a non-exhaustive overview of the actions taken:
We use standard TLS >=1.2, ie. Encryption of data "in transit” is rated A+ by 3rd party vendor, SSL Labs. We encrypt all data "at rest" (including AES 256-bit encryption) and get powerful and automatic protection through our database provider.
To read more about our technical measures, please visit https://www.mentimeter.com/security-policy.
Hosting in the EU
Data at rest is hosted on physical servers in the EU (Ireland) as a default.
We do our very best to ensure that the data we process is securely handled, with our customers’ and users’ integrity in focus. For example, we have implemented appropriate technical and organizational measures to ensure we can assist our users and customers in fulfilling any obligations to respond to requests for exercising the data subject’s rights, in accordance with Chapter III of the GDPR.
Further, we are currently working towards an ISO 27001 certification to certify that our processes and systems meet the highest industry standards, as well as exploring the possibility of independently managed encryption keys.
We always conduct an in-depth assessment when onboarding new service providers. Our service providers must have sufficient technical and organizational security measures, comply with applicable laws, regulations, and security requirements, and sufficiently safeguard the integrity, security, and privacy of Mentimeter and its users’ and customers’ data.
Mentimeter hosts data with Heroku (platform as a service) and AWS (Amazon Web Services) (infrastructure as a service). Data at rest resides on AWS physical servers within the EU (Ireland) as a default for all customers. Data is replicated across multiple availability zones (within your hosting region) for redundancy and disaster recovery. We adhere to the following processes to secure customer data:
Every year, we conduct an organization-wide collective risk assessment to identify, evaluate, and manage risks within the business. The risk assessment includes controlling activities to ensure that the company has established a satisfactory level of compliance.
Our policy workflow minimizes information misuse, compromise, or loss, by;
We have data deletion procedures in place to ensure the shortest possible retention periods required to fulfill the purposes of collection. Data is deleted when it’s no longer required to fulfill the particular purpose of collection (unless a longer retention period is required by law).
We promise to accommodate your rights and assist you with any inquiries you may have with a swift response. To read more about how to exercise your rights, please visit Your Rights.
We are always available to answer any general questions and considerations that you might have concerning the above, please do not hesitate to contact us at firstname.lastname@example.org.