Privacy

1.1 Welcome to DOT Scorecard®. DOT Scorecard® is a group diversity of thought evaluation software (and associated website) provided by DOT Scorecard®, Coligo Consulting Limited (“us” or “we”) at http://www.dotscorecard.com (“DOT Scorecard®”). This privacy policy (“Privacy Policy”) was last updated on August 3, 2021.
‍
1.2 You may be reading this Privacy Policy because you have received a request from DOT Scorecard® on behalf of one of our Clients and would like to know more about how your personal information is being used.
‍
1.3 We do our best to protect your privacy and to treat your personal information as required by all applicable privacy laws. We want to make sure that you understand how your personal information is used, so please read this Privacy Policy carefully.
‍
1.4 For legal purposes, our Clients are the controllers of the personal information they provide to us because they control the purposes and means of processing your personal information. We process the personal information as they direct. Please refer to our Client’s privacy policy or notice for more information about how they collect and use your information, how to exercise any rights you may have with respect to your data, the purposes and legal bases for their collection of your data, or other questions about the way in which they process personal information. To the extent you contact us about these issues, we may pass your questions and requests to our Clients to allow them to respond.
 

1.5 Choice: You have the opportunity to choose whether your personal information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. 

  2.1 Our Clients provide us with information relating to their group members, which may include their names, email addresses, roles and group joining date (“Participant Information”). Clients provide Participant Information directly to us. We then automatically send survey request emails on behalf of that Client to the email addresses that it has provided to us. We only use Participant Information for the purpose of communicating with you on behalf of that Client (e.g., to conduct an evaluation of group diversity of thought).
‍
2.2 Our Clients are solely responsible for ensuring that their provision of Participant Information to us complies with all applicable privacy or data protection laws and agreements that they have entered into. 

‍
2.3 Our Clients have committed not to provide information about their Participants who are under the age of 16, and we do not knowingly collect personal information from persons under the age of 16. If you believe we have collected such information, please contact us and we will promptly delete it.

  3.1 We will not share individual participant response information with a Client or other party. The Client will not usually be able to personally attribute to you any response you provide.
‍
3.2 We may use group findings for our own analytical and commercial purposes (for example, industry benchmarking), but this data will be anonymized so that it does not identify you or your group personally.
‍
3.3 We will securely store Participant Information and your responses for as long as permitted by applicable law. We have enacted safeguards to protect your information from unintended disclosure, but, because no data security program is perfect, we cannot eliminate all risk of unauthorized access of your personal information.
 

3.4 DOT Scorecard® complies with orders and subpoenas from courts and government agencies acting within the scope of their jurisdiction for information in our possession.
‍
3.5 DOT Scorecard® also passively collects “Usage Information,” which includes the IP address or other device identifiers; the type of browser, device, and operating system a user employs; the URL that referred users to our website; how and when users interact with our website; and other similar information. In particular, we collect information about the manner in which our website is used and the devices on which the services are used and to collect data to improve the performance and features of our website. If we combine Usage Information with Personal Information, we will treat the combined data as Personal Information. The Usage Information we access, collect, and/or monitor can include location data, such as geographic information regarding the location of the accessing device. Location data may help us understand where our platforms are being used. Location data, however, is only displayed and shared in accordance with the privacy settings in each user’s device or browser software.

4.1 Browser or 'web' cookies are small text files that are sent by a website  and stored on your computer's hard drive. Cookies are generally used to  improve your experience of a website and to track site usage. Coligo Consulting may use this data to target advertising which might be of interest to  you.

4.2 In some cases we may also collect your personal information through  the use of cookies. When you access our website, we may send a "cookie"  (which is a small summary file containing a unique ID number) to your  computer.

4.3 We also use cookies to measure traffic patterns, to determine which  areas of our websites have been visited, and to measure transaction  patterns in the aggregate. We use this to research our users' habits so  that we can improve our online products and services.
 

4.4 If you do not wish to receive cookies, you can set your browser so that  your computer does not accept them although you may experience a loss of  functionality as a result. We may also log IP addresses (the electronic  addresses of computers connected to the internet) to analyse trends,  administer the website, track user movements, and gather broad  demographic information.

4.5 Most web browsers allow some control of most cookies through the  browser settings. To find out more about cookies, including how to see  what cookies have been set and how to manage and delete them, visit www.aboutcookies.orgor www.allaboutcookies.org.

4.6 We may also collect anonymous data (which is not personal  information) relating to your activity on our websites (including IP  addresses) via cookies, or we may collect information from you in  response to surveys. We generally use this information to report  statistics, analyse trends, administer our services, diagnose problems  and target and improve the quality of our products and services. To the  extent this information constitutes personal information we treat it in  accordance with our obligations under this Privacy Policy.

We may amend or update this Privacy Policy from time to time, with or without notice to you. By providing feedback about a Client, you agree to be bound by the Privacy Policy that is in effect at that time. Revised versions will be effective immediately once posted on our website.

If you have any questions about this Privacy Policy or the privacy-related practices of DOT Scorecard®, please contact us at service@dotscorecard.com. 

Information about privacy issues in New Zealand and protecting your privacy, visit the New Zealand Privacy Commissioner’s website: www.privacy.org.nz

High-level summary:

• DOT      Scorecard® has strong application, network and infrastructure-level      security controls in place to ensure your data is safely stored and      processed.
• DOT      Scorecard® serves multiple tenants from the same application codebase, but      uses effective isolation techniques to keep tenant data separate.
• DOT      Scorecard® observes New Zealand privacy laws, which are broadly compatible      with many other jurisdictions (for example, we support the rights of      access and rectification for data subjects).
• DOT      Scorecard® is hosted on AWS, in multiple regions, using VPC.

You'll find more information on each of these points in the detailed chapters documents below.

DOT Scorecard®’s products are hosted with the world’s leading data centre provider, Amazon Web Services (AWS). Access to these datacenters is strictly controlled and monitored by 24x7 on-site security staff, biometric scanning and video surveillance. AWS maintains multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

All services (databases, application servers, web servers, etc.) that make up the DOT Scorecard® system are highly-available. We use a combination of clustering (e.g. Elasticsearch), load-balancing (e.g. HTTP), and replication (e.g. MySQL) in order to ensure that there are no single points of failure in the system. 

The entire configuration of all of our infrastructure is captured in version control, so we have a full record of every change made to the infrastructure. It also allows us to ensure all our servers have the same, appropriate configuration, and that they are all kept up to date with the latest changes (we have CI/CD pipelines for our infrastructure codebases too). We use a "cattle not pets" approach to infrastructure; any server can be completely replaced with another (or a new one) very easily. This allows us to rapidly provision new infrastructure when necessary; server instances can be built and torn down within minutes as needed to size the infrastructure appropriately and respond to customer needs. This makes our service more resilient to failures, and more reliable for the end user. 

All of DOT Scorecard®'s production servers are up to date with the latest security patches from their upstream operating system vendors. Security patches are applied immediately, as they become available upstream; they are installed automatically and don't require human intervention to be applied. We also regularly install non-security update patches, but those are not applied immediately without supervision, and are instead tested before being rolled-out cluster-wide.

Our main way of administering our servers is via tools that operate over SSH. To keep such SSH connections secure:

• DOT Scorecard® servers have remote password authentication disabled - only key-based authentication is allowed.
• Login as root is disabled to force attackers to guess an account name as well as a password.
• None of the servers that process customer data are directly or externally accessible; all access to production machines is via a gateway.

DOT Scorecard® has an on-call engineer available during business hours. In the event of degraded performance or a similar issue, the on-call engineer will update DOT Scorecard®'s status page with details of the investigation and fix.

While our unattended patching system keeps our software packages up to date with security fixes, we also run Amazon Inspector regularly. This both checks for packages that have vulnerabilities (providing a double-check of our patching systems), and also checks for common misconfigurations. The rulesets we use with Amazon Inspector are:

• CVE 1.1
  • Checks for vulnerable software installed on systems.
• Security      Best Practices 1
  • DOT Scorecard® servers have remote password authentication disabled - only key-based authentication is allowed.
  • Login as root is disabled to force attackers to guess an account name as well as a password.
  • None of the servers that process customer data are directly or externally accessible; all access to production       machines is via a gateway.
• Runtime      Behaviour Analysis 1.0
  • Checks e.g. for insecure ports in use, DEP use, etc.

We fix any issues these rulesets reveal with a severity higher than informational.

We make use of Amazon GuardDuty to detect abnormal or suspicious use of our systems that may indicate an intrusion by attackers. GuardDuty monitors network flows, administrative events and DNS lookups throughout our production systems. It identifies suspected attackers through integrated threat intelligence feeds and uses machine learning to detect anomalies.

We use AWS EC2 Security Groups extensively, with fine-grained groups and rules. For example, each individual network protocol/service (e.g. MySQL or Elasticsearch) is placed in a separate security group, and only other groups that need access to that resource are given access. (i.e. we follow the principle of least privilege carefully when configuring network access). We also ensure that no services are directly available to access, from outside the network, on any host. Instead, we do one of a few possible things:

• For public services, place the service behind a load balancer and web application firewall.
• For services that don't need to be public, restrict the service to a known set of IP addresses used by the DOT Scorecard® operations team.
  • Only services with strong authentication (usually based on OAuth from some other provider, e.g. Github) are opened to the set of IP addresses in this way.

Backups are stored in AWS S3 with full redundancy and versioning enabled.