![commonplace-logo-horizontal-rgb.svg]](https://www.commonplace.is/hubfs/Imported%20images/commonplace-logo-horizontal-rgb.svg){kind=logo}
GDPR & information security
Information and data security at Commonplace
Commonplace is a digital engagement tool, online consultation platform and data driven insight solution designed for cities and places. Our Complete Service Definition (2020) is a good base to start.
GDPR compliance
You can read more information about how we comply with GDPR . This includes information on data Controllers and Processors, sub-processors and data retention.
Data Protection and information security
Commonplace is Cyber Essentials certified and ISO27001 compliant
Information flow
-
Commonplace is a tool for gathering feedback from the general public. Residents and others are made aware of the Commonplace website and invited to view it and respond to questions.
-
Data may also be inputted through face-to-face interviews and workshops using a built-in Survey Mode, and via paper forms, which use identical data formats to the online survey.
-
Respondent comments are visible on the open website, but are anonymous and subject to Commonplace's Terms and Conditions, which include removal of threatening or offensive comments (this is extremely rare).
- Assigned administrators have access to a data dashboard where they can see data on engagement and an aggregated demographic profile of participants. Raw data can be downloaded in CSV format but is redacted to ensure GDPR compliance.
Cloud hosting
Our websites are cloud hosted by Commonplace.
Our service is hosted with:
-
Amazon Web Services (AWS) located in London, UK.
-
Cloudinary for images.
-
SendGrid for e-mail relay
Security information:
-
AWS facilities comply with ISO 9001, ISO27001, ISO 27017 and ISO 27018 among others, see Amazon's Data Center Controls Compliance webpage for more information.
-
Cloudinary is ISO 27001, ISO 27017, ISO 27018 and ISO 27701 certified, please see their trust support statement here.
-
SendGrid uses various hosting facilities all with SOC type 2 reports, visit their security page for more information.
Information security
Do you have a formally documented and board level approved information security policy? Yes - Learn more about Our Information Management Policy.