eloomi is 100% compliant with EU’s General Data Protection Regulation (GDPR).
Plus, we are audited and certified by Deloitte with ISAE 3402/3000/ISO27001 on hosting, IT security and change management processes.
Being a Software-as-a-Service, eloomi is handling customers’ personal data. We take this act of trust immensely serious. Consequently, we maintain and continuously invest in high security and data protection standards
The eloomi infrastructure has been certified and is being audited to meet the most stringent requirements globally:
Every employee in eloomi knows our IT Policy, get frequent training and has confidentiality clauses in their employment contracts.
Single Sign On
Customers may use Single Sign On (SSO) which requires users to be authenticated via an identity provider. Other authentication tools or social login possibilities like Facebook, LinkedIn & Google can be used as well.
eloomi handles personal data that is covered by the GDPR requirements. This data includes e.g. name, email, ID number and other unique identifiers.
No employees have access to confidential or personal data in applications and systems unless they are authorised personnel whose tasks and responsibilities require access.
Access permission including all temporary and durable access to IT tasks and job roles is the responsibility of and requires eloomi’s IT management approval.
Mandatory criteria for managing access rights and control via Access Control Lists comprise:
The access control is documented for all applications, it systems and environments giving access to sensitive information or personal data.
Users can be confident that their personal data has been backed up in accordance with GDPR principles of privacy by design and the right to be forgotten.
The right to be forgotten is a main pillar in GDPR. This principle, which makes it possible to identify the location of personal data – either all company data or individual user data – and to delete or anonymise it, is incorporated in all systems and processes.
It is possible to choose how long it will take before deleted users are anonymised. By default, deleted users are automatically anonymised after 72 months.
Another major change imposed by the GDPR is the audit logging. To make sure eloomi and our customers are compliant with the regulation our systems are logging who (users, admins, operators) are e.G. Viewing and editing which data and when. Unsuccessful user login attempts are also logged.
Audit logs are stored for 5 years in a safe place with restricted access.
IT security is one of our top priorities for our customers and we take pride in our security infrastructure.Â
Take a further look into our commitment and prioritisation of IT Security, infrastructure and compliance by viewing our audit reports and internal security policy.
If you need more information on privacy and data protection and how we maintain GDPR compliance, please get in touch with our data protection officer (dpo)
Let’s begin a conversation to learn how you can quickly onboard new employees and raise engagement rates
Deliver outstanding employee training to grow employees’ knowledge and skills. Upload content, create from scratch, or access off-the-shelf
Map the skills employees have, want, and need to flourish with targeted skills-based training that unlocks meaningful growth
Choose unlimited pre-made content from our library of expert-curated courses from top providers, with one affordable subscription
Access ebooks, guides and videos on the latest in L&D
Learn more and get inspired with industry insights
Meet eloomi, a true SaaS company changing people outcomes
Got a question? Get in touch with us here
Experience award-winning customer service with eloomi
Find help articles and answers to any product query
Make your workflow seamless with eloomi Integrations, API & SSO
Join our partner program and uncover new opportunities