At Winningtemp, personal integrity is our top priority. We aim to ensure that our users feel secure when expressing thoughts and reflections about their work. To safeguard your integrity, we employ multiple measures to protect your data. Here's an overview of what happens behind the scenes:
- You respond to the questions sent out to the App or via your mail address
- When you hit the send button, your answer/data is encrypted and separated into two different data types
- Personal data is sent to our servers in Germany. Using finish based company Upcloud.
- Responses are sent to our servers in Ireland and the Netherlands hosted by Amazon AWS
- The owners of these servers are different
- When the data is delivered to the different servers, another layer of encryption is added
- When, and if, you look at your Insights, those are only visible to you and not visible to anyone else within your company
- When your manager sees the temperature data, they can only access aggregated team data, and not your data
- If your team has fewer users than the anonymity threshold (see below), no data will be visible to the manager
- When and if you leave your employer, all personal data will be erased
-
All personal data will be deleted 90 days after the contract period has ended and cannot be restored
Read more
Anonymity is crucial for Winningtemp, ensuring that no one can view individual responses to temperature questions.
The System administrator determines the anonymity level, and we strongly recommend setting it high. For instance, if your company configures the anonymity level to 5, a group must have a minimum of 5 unique responders before any temperature data is presented within that group. This means that if your group has fewer users than the anonymity level, no temperature data will be visible in the group. Instead, your responses will contribute to the overall organizational temperature.
This principle also applies to temperature data concerning gender, age, and answers per question. To display temperature data, there must be a minimum of 5 men and 5 women.
If you leave a comment in response to a question, your manager and the System administrator can read it, but they won't be able to see who wrote it. Winningtemp provides a feature that enables managers to respond to comments and ask any additional questions. The chat function is anonymous, and your manager will never know with whom they are conversing.
We use additional anonymisation measures to eliminate the possibility of comparing data between groups that are similar to each other (overlap). The anonymisation measures prevent the identification of individual respondents and are a part of our commitment to privacy and to creating a safe environment where employees can feel empowered to voice their concerns.
How does it work?
Responses from an employee that could be traced by comparing members and data in overlapping groups or segments will be hidden from the group or segment (and only shown in parent groups).
What does it mean that groups or segments overlap?
When comparing the members between a group and another group/segment you may wonder why the result is anonymised (hidden) if they are not that similar. The overlap is based on who can contribute to the result (aggregated results) and if the group has subgroups. The members in those subgroups could also contribute to the result.
Head over to the Contributors tab to see everyone who contributes to the group’s results.
How to resolve it
The suggestion below focuses on resolving overlapping groups but can also be applied to resolve overlapping segments.
- Move all the users in group 1 or 2 into a new or existing group (see example 1 below)
- You can also resolve the scenario above by adding, for example, at least one more unique person to group 1 or 2 (see example 2 below).
You can also maintain the current setup; just remember that some results will continue to be anonymised.
Useful resources
- Add a user to a group
- How to remove a user from a group
- How to rename a group
-
How to manage users in a Segment
Customers with integrations
As a default, you shouldn't make any changes in the group or organisation structure in Winningtemp as they will be overwritten by the integration. This can vary and depends on the type of integration you have.
Contact your Customer Success Manager for further assistance.
What happens with historical data if I make changes?
Historical data is not affected to avoid any anonymisation concerns. When moving one or several users to a new group, it won’t affect any previous results of the new group, nor will the historical results in the previous group change. The same goes for segments.
Important: This article covers anonymising group belongings. All comments are always anonymous and usernames will never be visible to a manager.
Working with comments is a great way to get insights about your team and their performance, but it's also crucial to always consider user privacy. Therefore, the text explaining which group the comment came from will be anonymised in certain scenarios. Anonymised comments (hidden) will be visible, but only for the System Administrator, at the highest point in the organizational hierarchy. Anonymisation can mean different things in different scenarios, so let's get to the bottom of it.
Let's take a look at three scenarios where the group affiliation will be anonymised:
1. The group doesn't meet the requirements for anonymity
Winningtemp anonymises the group affiliation from the manager if the group hasn't met the anonymity requirements. This means that, as standard, at least five unique users in the group have to respond to the survey mailing before a comment is visible. If there are just one, or two users, it could otherwise be easy for the manager to guess who the user is.
If your company wants to change the anonymity requirement, a System administrator can do it here: Settings page.
2. The user has no group
We anonymise the group affiliation for managers if the user isn't part of a group. The comment will be visible at the highest point in the organizational hierarchy, but only for the System administrator. To resolve this scenario, add the user to a group and the comments will be visible in the correct group. Keep in mind that the group needs to meet the requirements for anonymity mentioned in section 1.
Read more:
How to add a user to a group
3. The user is part of multiple groups that all show results (meets the anonymisation requirements)
This situation adds a bit more complexity. Let's look at an example:
- Mats works in Sweden and Norway.
- Sara works in Sweden and Denmark.
- Peter, Amanda, and Olivia work in Sweden.
- If Mats writes a comment on a temperature mailing, it would normally say that it's from a user from Sweden and Norway. This is something we want to avoid.
With that information, it could become easier for the group manager to figure out who the user is since he/she knows that it's a user who works with both these groups. In reality, it could be that Mats is the only one working like that.
How do we solve the scenario?
To resolve this, Winningtemp anonymises all group affiliations when users are in two or more groups that all show results (meets the requirements for anonymisation). In this case, it means that Mats comment will only include the comment and not the group affiliation.
Talk to your Customer Success Manager if you'd like guidance on how to structure the organizational hierarchy to best handle this situation.
Good to know
- Comments are always anonymous, as long as you don't write anything identifiable in the comment itself.
- It is not possible to reverse the anonymisation on a later occasion if the comment at one point has been anonymised.
Read more
We present the onboarding and offboarding results in batches based on the anonymity threshold to protect user anonymity. In other words, if the anonymity threshold is set to five, we present the temperature in batches of five. Even if the category already displays temperature, you will have to wait until you have five new answers before the new results are visible. All answers in the batch will have the same date to further maintain anonymity.
When can I see the results on a group level?
When the anonymity threshold is met within the same group, in this example, if five users in the same group answered the survey, you can see the results on a group level.
Will the results be visible at an organizational level?
If the anonymity threshold is met, but with users in different groups, the results will be visible on an organizational level instead. The same logic applies here; the results are presented in batches.
Your information is protected according to leading international standards
Winningtemp is ISO 27001 and ISO 27701 certified 🎉. We've always ensured that your data is safe, and now we have the certification to prove it! This means we comply with rigorous best practice standards to protect your information and keep your data private, developed by the best and brightest information security experts.
As your tech environment grows more complex and your organisation more interconnected — the direction of travel for almost every business — your data gets spread over more systems. That’s great for heaps of reasons (like being able to use Winningtemp to transform your employee experience and drive engagement, productivity, and retention 😉…) but it also means you need to engage with partners who meet international standards like ISO 27001 and ISO 27701 that will keep you and your customers safe.
- Manage data risks to protect against costs and damage
- Establish secure data transfer between your systems
- Ensure your tech stack works better together
- Comply with various data security legislation like GDPR
- Promote a culture of data security
- Protect your employees’ data – and maintain their trust
- Easier, faster IT sign-off for our tech ;)
Let’s dig into the details! 👇🏻
What is ISO?
The International Organization for Standardization (ISO) is an independent, non-governmental organisation that sets international standards across almost every element of technology and manufacturing. Nearly 25000 international standards, plus 100 more each month, actually.
ISO say, “an International Standard is a document containing practical information and best practice. It often describes an agreed way of doing something or a solution to a global problem.”
ISO standards exist to:
- Make products compatible
- Identify safety issues
- Share ideas, solutions, and best practices
For example, there’s a reason you can buy standard A4 size paper for your printer and trust it’ll work without faff: ISO 216. Or why your credit card always fits into the card machine effortlessly: ISO 7810.
With member bodies representing 167 countries and over 800 technical committees and sub-committees developing standards, ISO has a truly global reach. The ISO certifications are expert-led and developed from a non-profit, neutral perspective with no vested interests apart from the common good.
This brings us to our specific ISO certifications: ISO 27001 and its extension, ISO 27701.
What is ISO 27001?
If you’ve worked in the tech space this is probably familiar to you. It’s the ISO certification focussed on information security and essentially provides a framework to help organizations protect their information properly. And in this case, not just ours but yours.
The bad news:
46% of businesses report experiencing cyber-attacks in the last 12 months. Of those, 19% have lost money or data and 39% were negatively impacted, for example, with wider business disruption.
The good news:
Although the number of reported cyber-attacks has remained similar since 2017, the proportion of businesses experiencing impact has fallen by a fifth. ISO 27001 is a major part of this success story.
Gov.UK
To comply with ISO 27001, organisations create an Information Security Management System (ISMS) – system in the sense of ‘systematically’. It’s a “set of rules” around how we manage risk and protect information security.
What does protecting information mean?
ISO 27001 aims to protect information in three ways:
- Confidentiality. Only authorised people can access the information.
- Integrity. Only authorised people can change the information.
- Availability. Authorised people can access the information whenever they need to.
Those three things matter because they mean:
- Nobody unauthorised can access your information – like rogue organisations scraping employee data for recruitment purposes.
- Nobody unauthorised can change your information – like ex-employees retrospectively deleting data because of a personal grudge.
- The people who need data can access it – so your teams won’t be stuck twiddling their thumbs waiting for permissions they should have.
How did Winningtemp get ISO 27001 certification?
Gaining an ISO certification is a rigorous process, guided by an external accredited certification body – ours was LRQA. To achieve ISO 27001 certification, we worked with TransPrivacy to build a comprehensive risk management system to protect our and your information.
That essentially involved scrutinising everything that could go wrong, implementing appropriate safeguards to protect against those scenarios, and continually measuring the performance of those safeguards to ensure they’re always improving.
Next up, ISO 27701…
What is ISO 27701?
ISO 27701 is a data privacy extension to ISO 27001. It was specifically developed to support compliance with GDPR and other data privacy requirements in mind. Experts from the CNIL (the French data protection authority) actively contributed to this standard, with support from the European Data Protection Board.
Where ISO 27001 required us to create an ISMS, ISO 27701 requires a Privacy Information Management System – PIMS. ISO 27701 provides a framework for organisations to protect Personally Identifiable Information (PII) and represents state-of-the-art privacy protection.
What is PII/Personal data?
Personal data or PII is any information related to an identified or identifiable person – which could be as simple as a name, driving license, or medical records but could also include stuff like an IP address. It’s a broad term because it doesn’t only refer to direct identification – like someone’s name. It also means information can be classed as PII/personal data if in combination the information could identify an individual.
Why does protecting PII/personal data matter?
Protecting your people’s personal information is important because loss can cause substantial harm, like identity theft or fraud. It’s also a major breach of trust, which can have long-standing implications for employee engagement – the exact opposite of what we want to achieve!
How did Winningtemp get ISO 27701 certification?
Like ISO 27001, we worked with TransPrivacy to build a comprehensive system for keeping your personal information private.
The process was very similar. We evaluated the risks to personal information, outlined appropriate controls and safeguards to manage that risk, and now we measure the performance of those safeguards to ensure they’re always up to scratch.
Compliance with both ISO 27001 and ISO 27701 is an ongoing process, so it’s not something we set and forget. Rather, we’re continually involved and invested in keeping your information secure and data private.
When we work together, we handle lots of your data – that’s how we can have such a transformative impact on the employee experience. You need to trust we’re protecting that data properly, so your people can trust you’re protecting theirs. Our ISO 27001 and ISO 27001 certifications mean you know we have world-leading privacy protection.