At CtrlSal, our mission is to help companies bring modern compensation to life. In support of this mission, it is critical our customers have confidence in the privacy and security of our products. We have designed CtrlSal products with advanced security technologies to keep the data you provide us safe and we have put in place mechanisms to allow CtrlSal and our customers to comply with applicable data protection laws.
We leverage industry-standard security solutions and practices. CtrlSal maintains a comprehensive set of IT controls to enable our products to meet compliance obligations and provide our customers with security solutions. Our IT controls include:
- Secure Facilities – The facilities that store your data includes multiple layers of physical security, such as 24-hour physical security, palm print, and RFID and ID identification systems.
- Perimeter Security – Our perimeter network infrastructure is protected by multiple levels of security. We use network segmentation, as well as Security Groups, Network Authentication, and Firewalls to restrict and protect our infrastructure.
- Limited Access to Customer Data – Only trained and authorized employees have access to any customer data loaded into our systems. Also, our corporate networks are restricted from accessing sensitive data. We use modern SSL and HTTPS encryption to protect customer data and communications between our customers and our products.
- Prevention of Unauthorized Access – Customers can only access CtrlSal products by providing an authenticated username and password combination. Only requests coming from an authenticated user on an HTTPS encrypted connection are allowed access to our servers.
Data Protection Laws
CtrlSal is committed to complying with applicable data protection laws, such as the European Union (“EU”) data protection laws set out in the General Data Protection Regulation (“GDPR”). GDPR became enforceable on May 25, 2018, and here at CtrlSal, we’ve been hard at work preparing for GDPR by putting in place measures to ensure that we and our customers comply with GDPR and other data protection requirements.