Siteware values users’ privacy and information security of its clients. Therefore, by agreeing to use Siteware’s services and products with some of your sensitive information and personal data, you put trust in our team. In the same way, we return with commitment and responsibility.
Siteware is an IT company that provides specialized tools to simplify the management of corporate performance. We offer two products: STRATWs One and Valorae, both SaaS (Software as a Service) offers used worldwide by several corporations.
Here we are disclosing how data is treated into our software for the whole information life cycle: collect, process, retain, secure and manage; highlighting what can be considered as personal data by the strictest standards.
Our softwares is available only for corporations, our clients, and only for business purposes. Our client’s employees are “our users”. Personal data entrusted to us are tied with users’ professional activities only (see shared responsibility models).
As a SaaS provider, Siteware collects and processes data on behalf of organizations that hire us. In this model, our client is the “data controller” and Siteware acts as “data processor”, mainly through our offers.
If you (client or user) do not agree with the terms presented here, please do not use Siteware’s applications.
What you will find in this document:
What are Siteware’s main products?
Siteware’s main products are STRATWs One and Valorae. Both software enable the execution of strategic management and the monitoring of goals in order to improve business management (from C-level to the shop floor). These systems are distinguished from the perspective in which they approach the theme of management by results and for that reason they are grouped in different modules, as can be seen below:
Those modules are seamlessly integrated. The adoption of these tools is flexible. They share the same philosophy and a common core. Our clients usually start by using 2 or 3 STRATWs One or Valorae modules then gradually hire others.
What are Siteware’s other products?
Our product portfolio is constantly evolving, but in essence consists of legacy applications similar to STRATWs One and/or Valorae, which are derived from on-premises platforms, such as PortalSIM, or due acquisitions Siteware have made over time, such as the M3 Stratws.We are committed to maintaining those legacies systems, which work similarly to STRATWs One and Valorae. However, we recommend that our customers migrate to our premium SaaS offer by the time of contract renewal, guaranteeing exclusive features.
What information do Siteware products collect? How is it used and shared?
Basically, business performance data is collected, essentially to help company’s leaders to track corporate performance. It’s shared only into the organizations that contract us and through corporate formal communication channels (email, internal reports, dashboards, meetings, etc.).
Due to the nature and purpose of our products, most of the data is corporate. Typical Information are: goals, KPIs, tasks, performance, action plans and meeting minutes.
It is important that clients and users know that some personal data is handled into our software, mostly related to the user’s corporate roles and its accountability within business performance.
What may be considered personal data? How is it used and shared?
By strictest standards, “personal data” are any information that can be used to identify the “user”, directly or indirectly, alone or in conjunction with other information. This includes information such as corporate name and/or full name, email address, telephone number, address, device IDs, certain cookie identifiers, network identifiers and location identifiers.
Given the above definition, some information in our application is characterized as personal data. In the user’s profile, the following fields are required: name, user login and email. Other fields are optional (identities, telephone, mobile, birthday, marital status, gender, registration, management unit, leadership position, occupation, immediate superior, date of admission, function and photo). Optional fields are available only for Stratws One. Optional fields are available only on Stratws One.
Client system administrators can choose, when creating a user, whether or not to fill in the optional fields in the profile. Each user is free to change the fields of their profiles at any time by clicking on the avatar of their profile (upper right corner) and then on their name.
Apart from corporate IDs, Siteware application does not ask or store other sensitive personal information, such as credit card numbers. In its SaaS Premium version, the software enables the use of federated identity. In this case access is guaranteed by the client’s corporate directory, without the need for password storage.
When a Siteware application is utilized by a user, his activity is logged. This log is considered personal data by the most restrictive standards. See the example:
When the value of a KPI is manually changed in the system, the name of the user who made the change is recorded, reflecting the professional activities associated with its role. This answers commonly demanded logs (time and date + username + action + value). Example: at 09:30 AM on August 02, 2018 user X changes the KPI Y to the Z value.
There are other situations where users’ activities are also logged. They are: system access, tasks, file attachment, workflow, meetings, projects and other system objects. As in the previous example, this information is used for audit purposes.
The collection, use and sharing of information is related to performance management and may vary according to the modules used by customers. Check which Siteware application modules are being used by your company. Below are the most common features of each module and some typical audit logs from each one:
Corporate Performance (or Valorae Goals) brings together in one place the strategic, tactical and operational indicators, extracting the information from other systems or ERPs used in the company. Information can be fed automatically by interfaces or manually by defined users (generating logs). In this module it is possible to monitor in real time the result of the strategic planning, involving all the employees around the improvement of the results, regardless of the management model used.
Individual Performance (or Valorae) module assists in the development and retention of talents. With it, it is possible to evaluate the performance and remunerate employees by the result. It has the function of Program of Results (Variable Remuneration), Evaluation of Competences for the development of Individual Development Programs (IDP) and 9 Box Matrix.
Meeting Management (or Valorae meetings) module supports the entire life cycle of a meeting: from scheduling, defining the agenda, inviting participants, creating agreed tasks, and drawing up and approving the minutes. In line with the Getting Things Done (GTD) methodology, it allows the monitoring of defined tasks (creation and execution log).
Insights (only for STRATWS One) automates the in sight management process, which makes management transparent and focused on what really matters. Through presentations, panels or reports, it gathers the information from the indicators accompanied in the Corporate Performance module in order to share them with the whole team. This can include viewing results for internal LCD TVs in common areas (for Stratws One only). In this way, it is possible to increase engagement, productivity and improve the relationship between all areas of the company.
Improvement Opportunities (only for STRATWS One) leads to the analysis and solution of problems, causing the company to implement continuous process improvement through universal methodologies such as: PDCA, FCA, DMAIC, among others. In addition, this module provides support for obtaining and maintaining key certifications, grouping analyzes into Corrective Actions and Improvement Actions. Forms can be created in this module and tasks defined (changes are logged). Users access the tasks assigned to them, as well as approval flows (logged in).
Project Portfolio Management (only for STRATWS One) module allows monitoring the evolution of a project, change management, deliveries and their costs, as well as having a graphic and consolidated view of the status of the entire project portfolio. Projects can be created and timeline defined (change logged). Users access projects and schedules in the units assigned to them. Leadership and C-level executives can see the entire portfolio.
How is information accessed in Siteware’s applications? Who has access?
Once the user enters a valid user name and password into a web browser connected to the internet, a secure connection is established using HTTPS (Hypertext Transfer Protocol Secure). Clients can access company business units that have permissions granted by the system administrator.
Once the user enters a valid name and password, in a web browser, a secure connection is established using Hypertext Transfer Protocol Secure (HTTPS). After authentication, the user can access the business units of the company that are granted permission by the system administrator on the client.
Siteware applications can only be accessed by a valid corporate email / ID. The login can use the client’s single sign-on mechanism (in the SaaS cloud exclusive version with federated identity). Only authorized employees and contractors can access the system.
Siteware may eventually access the customer’s environment for support and maintenance purposes. Access is restricted to some support team members (for investigation of specific issues) and by product team members (for fixes and updates). Access is also restrained by Siteware’s role-based access controls. Both accesses are logged.
How is your information protected in Siteware’ application?
Siteware treats client and user’s information as confidential and adopts high security standards to protect customers’ data. We implement security measures across several layers.
Siteware applications provide world-class security technologies and all data is encrypted (in transit and at rest). In addition, our customers can contract: geographic database replication, web application firewall with DDoS protection, among other options. The software goes regularly through vulnerability analysis and invasion tests.
Siteware takes extra measures to protect client’s data from unauthorized or illegal processing, accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of data processing in our possession.
In case of any security breach on client’s environment, we will provide every legally-required disclosure. Security breach is understood as the possibility of information exposure that compromises confidentiality or integrity of your stored data. It is worth mentioning that all data exchange happens through a secure communication channel SSL encrypted with digital signatures.
For how long does Siteware’s applications retain information?
The information is retained in the software for an indefinite period of time, as long as the client has a contract with Siteware. In case of contract termination, the information remains available for download for 30 days. After this period, data will be backed up. Onward, the entire SaaS instance (application, database and storages) will be shut down and deleted. For security, this backup is retained for a year, then it is destroyed.
What other data collection tools Siteware’s applications uses?
Cookies used by Siteware solutions collect and encrypt application context information, such as the last business unit accessed by the web client application to improve company and user experience. Authentication cookies are also used to validate the secure connection.