meta pixel

An ISO-Compliant Cloud-Based Video Training Platform

Security and Compliance are at the core of everything we do.

We DON’T sell your data. Our commitment to Data Security and Privacy is steadfast.

No coding, credit card, & upfront payment required

uQualio ISO-Compliant Cloud-Based Video Training Platform

A self-service, SaaS video eLearning platform that is fully SECURE by design.

At uQualio, your information is always in SAFE hands.

GDPR Compliance

Information Security

24/7 Infrastructure Monitoring

Supplier Service Delivery Management

Data Storage and Location

Network Security

Vulnerability Scanning

Backup Procedures

Payment Security

Data Privacy and Consents

User Account Security

GDPR Compliance

The uQualio video4learning solution stores sensitive information about customers, business connections, and contacts in compliance with the Danish Personal Data Law and Data Protection Act (DPA) regulations to ensure that every piece of information receives an appropriate level of protection in accordance with its nature and importance. uQualio’s GDPR compliance also entails the following:

  • All processes with personal data are identified, and responsibilities are defined and communicated.
  • All employees of uQualio must pass a compliance test of the uQualio IT-security policy, as well as a compliance test in the management of sensitive data.
  • The compliance test results are stored and can be obtained by the CPO for uQualio.
  • The development of the platform includes verification of data in the design.
  • If a uQualio employee creates new records with personal information, it must be communicated to the immediate superior along with a description of the content and purpose of the record.
  • Standard operating procedures related to GDPR will be used if a data breach occurs, a customer requests insight into processed data, or wishes to delete all data.
GDPR GDPR Compliance uQualio

Information Security Incident Management

To ensure a consistent and effective approach to the management of information security incidents, uQualio video4learning has established standard operating procedures (SOPs) for quick and effective resolution of information security incidents.

  • Established SOPs will be followed should a data breach occurs, whether it is discovered by an employee or reported from outside of uQualio.
  • In the event of data breach, the Danish supervisory authority (Datatilsynet) will be notified within 72 hours of the incident.
  • If we fail to notify the concerned authority within 72 hours, uQualio provides a “reasoned justification” for the delay.
  • The affected individual(s) will be notified of the incident without unnecessary delay.
  • uQualio documents all personal data breaches, including information on the facts related to the personal data breach, the effects of the breach, and the remedial actions taken.
  • The SOPs for data breach and data security are part of the uQualio’s Internal Compliance Program, which means that it is covered by 100% compliance and knowledge as soon as a person is employed by uQualio.
uQualio Information Security

24/7 Infrastructure Monitoring

As a secure education platform, uQualio has defined operating procedures for the correct and secure operations of the uQualio application and information processing facilities.

  • The operating procedures are developed by our IT specialists with responsibility for keeping the operations of uQualio in our cloud environment.
  • The uQualio’s infrastructure foundation is built on stable cloud platforms (Amazon Web Services and Microsoft Azure).
  • uQualio monitors the use of resources in all critical instances. We are notified via alerts in case something is out of the ordinary, thereby ensuring that the uQualio application is operational round the clock.
  • Our operating performance is analyzed and documented internally every quarter via a monthly report, containing usage, uptime, availability, incidents, and resolutions.
  • Any improvement and actions are handled, documented, and initiated via a ticket in our tracking system within the subarea “Compliance.”
uQualio 24/7 Infrastructure Monitoring

Supplier Service Delivery Management

uQualio, as a secure video training platform, has created a data processing log, which contains all the information about processed data and third-party suppliers.

  • uQualio stores all the information, including:
    • What parts of the uQualio video4learning platform use third-party software
    • Which data processor is being used for data processing
    • Who is handling the data processing
    • The data protection officer involved
    • The purpose of data processing
    • The categories of data being processed
    • If the data is transferred outside of EU
    • The duration of retention.

 

  • Supplier Compliance: uQualio constantly monitors supplier compliance.
    • We identify security measures and log once a compliance audit review of the supplier is done and decide when the next audit review needs to be performed.
    • This is done by gathering audit reports from the suppliers, performing supplier risk assessments, and reviewing the reports to find any conflict, while also ensuring that the suppliers are complying with all the clauses.
uQualio Supplier Service Delivery Management

Data Storage and Location

  • The physical storage location of customer data is currently on Amazon’s servers in Europe (Frankfurt, Germany).
  • In 2023/Q4 some of the data may move to Microsoft Azure (customers were notified in October 2023).
  • All encrypted data is stored on disks using at least AES 256-bit encryption.
uQualio Data StorageData Storage

Network Security

  • Access to the uQualio application is only possible with https, a secure connection.
  • All data exchanged between the uQualio’s servers and the user’s device is securely encrypted.
uQualio Network Security

Vulnerability Scanning

Vulnerability scanning and penetration testing have been performed with multiple external consultants.

Their reports are collected and prioritized along with the  ongoing development and maintenance of the application.

uQualio has established specific controls against malware:

  • All users must have active and approved antivirus software running on their machines.
  • Application servers come with antivirus and malware protection.
  • Virus scanning of customer documents once uploaded.
uQualio Vulnerability Scanning

Backup Procedures

For LMS data backup and recovery, uQualio follows the procedures below:

  • In order to protect against loss of data, uQualio has backup copies of information and software that are regularly tested according to our backup policy.
  • The uQualio backup process is handled on Amazon, where the database is located.
  • Backups are automatically taken every day with a retention period for up to 12 months.
  • Once a year, the uQualio team performs a full disaster recovery test with backup data.
  • This is documented in YouTrack as ‘Compliance’ task.
uQualio Backup Procedures

Payment Security

With the secure Stripe LMS payment gateway, uQualio ensures complete payment security.

  • uQualio does not store information that can process a payment on your credit card. All information is handled by our credit card processing partner Stripe.
  • Stripe is a certified PCI Service Provider Level 1 and follows all international rules and regulations to keep your credit card information safe.
  • For eCommerce enabled accounts, we set up a Stripe Connected account, so we can charge on behalf of our customers. We do not have access to the Stripe Connected Account.
uQualio Payment Security

Data Privacy and Consents

For ensuring privacy & protection of eLearning videos and other types of customer data, uQualio has the following policy in place:

  • The user data is safe with uQualio
  • uQualio follows EU regulations on GDPR
  • uQualio does not use your data for any purposes other than helping you get a better user experience
  • We do not sell your data to anyone.
uQualio Data Privacy and Consents

User Account Security

  • Users must sign in with a password of minimum 6 characters.
  • Unique username (id, email, or phone number) is needed.
  • uQualio doesn’t allow login using your Apple ID, or Facebook/Google account (we think their data use policy is not fair and transparent).
  • Changes to email or phone numbers are registered as user notifications.
  • Changes to passwords are registered as user activities.
  • User access can be blocked by uQualio.
  • Users can change the password from within the application.
  • An account is locked for a specific period after three unsuccessful login attempts.
uQualio User Account Security

Award-Winning Video Learning Platform!

Our contribution to making video eLearning easy and affordable has won us several awards.

Yet another reason to use our award-winning video eLearning platform for your next training project.

0 K+
Active usersHelped many amazing global companies
0 %
ROIOur platform is worth your while!