GDPR, security & infrastructure

StreamTech takes data security extremely seriously. We are audited and certified to Cyber Essentials Plus.

Stream is wholly owned by StreamTech Ltd (StreamTech)  whose registered number is 11880786 and registered address is at 4-6 Kerry Hill, Horsforth, Leeds, West Yorkshire, LS18 4AY.

Data entered in Stream is stored securely, backed up and kept confidential and used only for legitimate business purposes including support etc:

• StreamTech and their subcontractors will not be processing personal data
• StreamTech will ensure that staff processing data observe confidentiality
• StreamTech will take appropriate measures to ensure security of processing.

StreamTech is identified as the Data Processor and we have appointed a DPO and they can be contacted on gdpr[@]go2stream.com.

StreamTech will retain client data as standard for 18-months or for six years if the Stream  Extended Data Retention option is taken.

We provide our customers with specific GDPR functionality to a nominated person within each customer organisation. The nominated person is then able to access dedicated utilities in Stream so that the organisation can respond to any personal data requests.

As part of our responsibilities for GDPR compliance, we ask that our customers comply with current legislation for collecting personal data and determine:

• Which items of personal data to collect; ie the content of the data
• The purpose(s) of collecting the data
• Which individuals to collect data about
• Whether to disclose the data and, if so,  to whom
• Whether subject access and other individuals’ right apply, ie. the application of exemptions
• How long to retain the data or whether to make non-routine amendments to the data.

Security & infrastructure

Stream has been designed and developed from the very start as a modern, multi-tenanted web-based application, which takes full advantage of the scalability, security and flexibility of cloud-based software. Stream has been built on the highly reliable IBM Power Systems platform.

Data is held in ISO 27001 certified data centres located in the United Kingdom and the EU. Each data centre has resilient internet connectivity, dual power supply, raided disks etc., meaning the likelihood of failure is low.

A second server is used to host a fully functioning version of the software as a data backup. This second server would be used in the unlikely case of a systems failure. In the case of a failure we have 24×7 maintenance cover.

Stream has firewalls which are supported, configured and maintained by external networking and security specialists.

Stream has been penetration tested with no issues. No other applications run on the production Stream server.

Accessing the Stream application requires an username and password.

We have implemented stringent security within Stream including salted and encrypted password protection together with defensive coding techniques.

Other than via the Stream application login, there is no access to the server from outside our network, i.e. no maintenance, direct database access, data extraction etc.

Limited authorised employees and no external personnel have access to the production server. All access is logged.

You can configure your Stream account so that each user has restricted access to the areas that they need to work in.