Security and Data Protection

Security and Data Protection

GDPR 2018 – We will be ready for you!

4 Different datacenters (more to come)

PCI DSS Level 1 Service Provider Compliance

All data in EU and managed by DreamApply

Automatic security testing and intrusion prevention

Your data is isolated from other universities

You decide who has access

Applicant Consent Enabled

DreamApply enables creating various conditions (consents)! Each consent will be displayed to the applicant as a checkbox to tick during the registration flow. These can be either mandatory or voluntary.

According to GDPR, it is required that you ask the applicants to accept certain terms and conditions, presented as tickboxes in the registration page. For instance, the data subject (i.e. applicant) must be able to specifically state that they agree to the university processing their personal data, while registering their account.

PCI DSS Level 1 Service Provider Compliance

Our new IT infrastructure is PCI DSS Level 1 Service Provider compliant.

That means that we have been scanned and audited by an approved third party to have the same level of protection/data security as top big banks.

Data never leaves DreamApply servers and stays in the EU at all times

We are not using any US-based (or any other 3rd party countries, for that matter) “cloud solutions” that would adversely affect the privacy of the data.

All our servers and data is located in Europe:

  • Strasbourg, France
  • Roubaix, France
  • Gravelines, France
  • Warsaw, Poland

Our servers are well protected

We are using the best practices and customs in the information technology field to protect and ensure an utmost security level at network edge and on our servers (automatic security tests, logging, monitoring, intrusion prevention, behavioral monitoring to block unauthorized attempts, etc)

Our Datacenters are certified ISO/IEC 27001 compliant and SOC 1 type II (SSAE 16 and ISAE 3402) and SOC 2 type II.

Physical access to our datacenters is also strictly monitored. To prevent any intrusions or hazards, every boundary is secured using barbed-wire fencing. Video surveillance and movement detection systems are also in continuous operation. Activity within the data centres and outside the buildings is monitored and recorded on secure servers, while the surveillance team are on site 24/7.

Ready for a Presentation?

Data is isolated from other clients

We go to great lengths to ensure that the data of different DreamApply clients is properly isolated and this isolation is resilient to intrusion or leaks, ensuring that there is no cross-contamination of data or one client’s data is never exposed to another client.

To this end, each DreamApply client is allocated a completely separate database, separate database credentials, and a separate storage container as well as isolated caching namespaces.

Therefore, even if there is a programming error that attempts to access a database in an unauthorized manner, it would be prevented, since the process is bootstrapped with a limited set of credentials.

We Backup Everything

In order to guard against accidental loss, destruction or damage to the data, we provide two levels of protection:

1) High availability of data

This means that during the operation of the service, technical measures are undertaken to ensure that the data will remain available during malfunctions. All data is always available from at least 4 separate availability zones, which means that in the event of failure in 1 availability zone, the service can continue operating without interruption.

Availability zones are completely separate from each other in terms of power, networking and physical access. This means that any failure in one availability zone should be independent from others and thus a failure in 2 or 3 zones is very unlikely.

2) Backups

Regular snapshot backups are taken each hour in case of operational errors and kept 31 days. We also keep a daily backup of all data pertaining to the service for 61 days.

Backups are stored and replicated on an isolated infrastructure from the production services (which stays entirely under DreamApply control).

Take a look for yourself at the
Best Recruitment System in Europe
About Us

DreamApply was launched in 2011 and is a specialised international student application management platform. We offer paperless modern solutions to more than 200 education instititutions in 25 countries.

DreamApply is purposefully personalised for all stakeholders involved in higher education internationalisation: students, administrative staff, management, academics, partners, agents and external governmental and non-governmental bodies.

Our Offices

Estonia:
Tatari 64, Tallinn 10134
Tel: +372 631 4625
Skype: dreamapply

Poland:
Ul. Narutowicza 34, 90-135 Łódź
Tel: +48 42 203 1007
Skype: dreamapply.polska