Nfield is a data collection solution offered by NIPO to the organization you work for. Nfield is hosted on the Microsoft Azure cloud. Nfield is setup in such a way that neither NIPO nor Microsoft does know anything about you: we do not know who you are, what your username is, what your password is or what you do on this website. This information is all managed by the company you work for. But because we host the tools your company works with, we think it is important that you know how we protect the data about you in our platform.
First of all, any data about your Nfield account is only stored in Nfield. It is not stored outside the Nfield system by NIPO or Microsoft. Information about your Nfield account and your Nfield usage is only available to users in your organization who have an Nfield domain administrator role. These domain administrators control what personal information is stored about you in Nfield. Nfield allows storing your username, your real name, your email address and your telephone.
Each time you work in the Nfield you need to sign in. The password you use is not stored in Nfield. Instead we store a secret key that can be generated only with the correct combination of the domain name, your username and your password. This way your password can never be compromised by our system.
When you work with the Nfield Manager website or the Nfield API the communication is SSL encrypted. This means that your actions are safeguarded from people that might be tapping your internet line (but it is of course not safe from the people standing behind you).
When you work on Nfield your activities are automatically logged by the Nfield system. In this log we store almost every action a user does in the system. The log is available only to users in your organization who have an Nfield domain administrator role. It is there to allow the domain administrators to back-track why certain errors occur. When your account is deleted from the domain, the domain administrator will no longer know that you did an action; they will only be able to see that a deleted user did an action.
When your account is deleted in the Nfield domain, our software immediately deletes all personally identifiable information stored in the system and only an anonymous reference will remain for data integrity purposes. Because Nfield is backed up for no more than 4 days, any personal information about you that was deleted from a domain will be deleted fully from the Nfield servers after 4 days.
And finally, when the organization you work for cancels their contract for Nfield services we delete the domain and all data contained in it, including user accounts, usage logs and respondent data, after a 30 day period.
We do not have access to your personal information and thus cannot share it with other parties. Your personally identifiable information may however be shared with other parties by the organization you work for.