Your data our commitment

---

Our team has worked for the last 10 years building value for organisations from data on participants, members and activities, covering over 17 million personal records and 500 million program and facility visits. Data security is our single most important priority at all times. We champion best practice, are proud of our achievements within this space, with our team publishing white papers and often hosting webinars to guide client partners as part of their own digital transformation journey. 

We provide the following 5 commitments to every partner organisation we collaborate with...

No delivery organisation ever sees or accesses another source organisation’s data unless explicitly permitted. No individual or organisation outside of ActiveXchange's immediate data team has access to data unless explicitly permitted. 

In addition, ActiveXchange is and will remain independently owned. We collaborate with a number of sector steering groups to guide our developments.

No personal data is ever used to contact an individual (ActiveXchange typically do not require or request contact data fields). Any personally identifiable data received is immediately anonymised, with the original data either deleted or hashed (one way encryption) to ensure it is never accessible.

Data while cloud based is always hosted locally within domestic data centers.

The administration or delivery body always remains the Data Owner and can request that data sharing is terminated and account deleted at any stage.

Before any data transfer is requested and activated we ensure we have the Data Owner organisation's written permission (Data Use Agreement) and this is provided to any third party system provider who is supporting the transfer.

ActiveXchange commits to supporting all partner organisations involved in the initiatives we manage to maximise the value of intelligence generated - if you do not benefit, we do not expect your data to be provided. 

This is of critical importance to ActiveXchange. Wherever possible data transfers are managed over a dedicated, secure, password protected FTP server (private online folder system) or a direct API transfer, working closely with your existing third party member management system. ActiveXchange uses the latest Microsoft database software to store data, utilising Microsoft's latest data security features with all data hosted in the country of origin. In addition, ActiveXchange monitor all database access, which includes the use of static IP access (databases can only be accessed from specific computers/ terminals) and the use of VPN protocols to ensure our internal approach to working with your data is always controlled and follows best practice. 

All accounts are password protected using Auth0's authentication system.

Our IT and Data Security Policy is regularly reviewed, we have an in-house experienced and qualified Chief Information Officer, and a Non-Executive Cyber Security Director to provide oversight on processes and data governance policies.

ActiveXchange's Service Level Agreement with technical data security information can be found here.