Data Privacy & Security FAQ

Where does evalyou8 store data?

Info Technology Supply Ltd, a company incorporated in England and Wales under number 2230502 whose registered office is at 2 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX, England, United Kingdom trading as evalyou8  and its authorised resellers who contract with a reseller's customer ("you") (together "evalyou8") stores its data in Microsoft Azure servers located in the European Union. This includes customers’ personal data and the data that is processed on behalf of customers.

 

Is there an option to have my data stored only within the USA or the UK?

evalyou8 does not currently support this option.

 

Has evalyou8 ever had to disclose data to UK/US or US authorities?

evalyou8 has not received any data access request from EU data protection regulators nor from the UK's Information Commissioner nor the US government under Section 702 of the Foreign Intelligence Surveillance Act or Executive Order 12333.

If such a request is received, evalyou8 will use reasonable efforts: (1) to have the governmental authority request such data directly from you; and (2) to notify you of the request promptly, unless prohibited under the applicable law of the requesting government authority.

 

Does evalyou8 sell or market the data to third parties in any way? Will you share my data without my consent?

No, evalyou8 does not sell or market your data to third parties. Authorised resellers with whom customers contract to buy the evalyou8 service will be supplied by you with personal data including for invoicing purposes. Data may be shared for essential services such as use of IT contractors or sub processors with carefully chosen third parties, but not for marketing purposes.

 

Does evalyou8 have a vetting process for its sub processors?

evalyou8 does vet sub processors. Any sub processors that become part of the service will undergo an internal legal and security review to assess how customer information is protected, from both privacy and security perspectives.

 

Will evalyou8 sign my company’s DPA?

No. We do not sign DPAs from other companies.

 

May I use evalyou8 with healthcare/medical data? And/or, will you sign my company’s BAA or similar such policy?

The use of regulated healthcare and medical data such as sensitive medical data under UK GDPR and in the USA like HIPAA is not supported on evalyou8. evalyou8 also does not as a matter of policy agree to sign USA or similar business associate agreements (BAAs) or equivalent agreements for handling protected health information (PHI) or other similar information.

 

What security certifications does evalyou8 have and/or where can I find more information about evalyou8’s security practices?

The creators of evalyou8 hold ISO 27001 certification with independent third-party auditors. See further on the evalyou8 website.