Nmbrs® will never use the data for purposes other than HR- and payroll related practice, and we are determined to make sure nobody else ever will. All customer data that requires storage is located in the Equinix datacenter with the highest levels of security and operational reliability. When data-sharing occurs with applications or tools that enhance our product, this happens in compliance with the EU Data Protection Act. That means that the shared information is very limited and does not expose any kind of personal sensitive data.
The new General Data Protection Regulation (GDPR) went live on May 25th, 2018. Obviously, this has implications for Nmbrs® and its services. Since the 1st of February, we have employed a compliance and risk officer, who is dedicated to rolling out this project. Of course, the compliance officer is registered at the Dutch Data Protection Authority and will make sure to inform all those involved as accurately as possible. Click on the 'Read More' button, if you want to know more about the GDPR and Nmbrs
We are committed to handle all data in our application carefully, safe, and confidentially. We process data exclusively in accordance with existing guidelines, restricted exclusively to HR- and payroll related practice. When using our application, one agrees with the use of his or her data as outlined in our privacy policy.
Data traffic to our servers is controlled 24/7 from a central control room. Within 30 minutes, Nmbrs® will respond to unauthorized attempts to access to the web service, irregular traffic or other attempts to subvert Nmbrs®. The Nmbrs® infrastructure is protected by a Firewall managed by hosting partners that continuously identify potential threats. Each server that is accessible from the Internet (web-servers) is also protected by an extra Operating System Firewall.
The client/Server communication is done with HTTPS, which guarantees data integrity and prevents data tampering. The Nmbrs® certificate uses a 2048 bit encryption. The HTTPS transport layers uses a standard TLS without fallback to SSLv2/SSlv3, which are disabled because of security reasons. Internet users are able to recognize the SSL-secured status by the lock icon before the website URL, and Extended Validation SSL-secured websites by the green address bar.
Nmbrs® offers a range of policies for password requirements, including options for periodical password resets and pin codes. Furthermore, Two-factor authentication provides an optional second authentication level. Nmbrs® does not store user's passwords itself in the database, but instead, a salted hash of the password. This prevents password stealing even with database access.
Every user has a whitelist with approved IP addresses to access the system. When users access the system from a new IP address an email is sent to verify the new IP. It is also possible to restrict access to Nmbrs® to a list of IP’s or IP ranges. This measure helps to to prevent third parties from entering Nmbrs® accounts from alien locations and devices.
We rely on external parties to verify our operational excellence, procedures and methodologies. Nmbrs® maintains a set of compliance certifications that provide independent verification of our quality.
Nmbrs® has produced an ISAE 3402 report. One of the purposes of this ISAE 3402 Type II report is to provide Nmbrs® customer with information to obtain an understanding of the design and implementation of controls implemented by Nmbrs®, which are relevant to the control of the user organisation’s internal processes for the purpose of the audit of their financial statements.
A number of legal documents is important to both us at Nmbrs®, as well as our customers, our prospects, and users of our application. To make it easy to find the information you’re looking for, we’ve assembled them here under one roof, provided with a quick rundown of the individual regulations.
A processor agreement concerns an agreement about confidentiality, security, privacy, data elimination and other obligations. If you are a (new) customers looking for our standard processor agreement, we have included this in our general terms and conditions. When you subscribe for a Free Trial and again when you give the order confirmation you agree to these conditions.
To be an online software means that online crime is a risk of our service. Cyber criminals may attempt to obtain sensitive information by accessing individual accounts or using our name and image. We believe that the most forceful weapon against this form of crime is shared knowledge. Therefore, we aim to provide all our users and partners with clear knowledge and instructions on how to deal with possible attempts to online crime.