1. How is server security in 1KA offline installation regulated?
1KA is an application that requires a server to operate. When installing 1KA on PCs (1KA offline), 1KA uses one of the free servers (UWAMP), which is a well-known and very well-documented application.
The 1KA installation is also well tested on this server, but problems may arise solely from additional security configurations that the user may have. This should then be addressed further (maybe in collaboration with the 1KA Help Centre). If users have some very advanced or specific security configurations and requirements, instead of UWAMP, we recommend installing a classic 1KA, where the user must, of course, take care of the entire server layout and configuration.
- More information about the UWAMP server: www.uwamp.com/en/
- Additional information on 1KA: https://www.1ka.si/d/en/about/general-description
Before using the 1KA application (general or any other installation), read the general terms of use of the tool: https://www.1ka.si/d/en/about/terms-of-use/general-terms.
2. How does the 1KA tool regulate compliance with GDPR laws and internal acts?
1KA installations installed on the servers of the University of Ljubljana are properly taken care of. More information on technical and other measures for survey editors is available here https://www.1ka.si/d/en/gdpr.
Advanced users can optionally sign a more or less customized data processing agreement (DPA) if they wish. The DPA is available in the 'My Surveys' directory, where all users have the 'GDPR' tab available, with a PDF version (LINK).
Of course, for your own installations, any additional server adjustments must be made by the user.
3. Does 1KA enable audit trail traceability?
The 1KA application allows complete traceability of all interventions in the 1KA application itself (e.g. who and when viewed the data, who and when modified it in the questionnaire or in the data, etc.). All of its installations also track the traceability of server-side interventions using the Linux Audit Daemon system installed on the server. It is configured to record, inter alia:
- any user login and elevation of user privileges on the system;
- any programs and terminal commands of any user (including system users such as web, cron, etc);
- access to (read, write) all subfolders on the file system by installing 1KA (1KA web root);
- accessing (reading, writing) files on file systems containing databases;
- in combination with the audit daemon, all SQL queries are logged in SQL log files.
Log data is securely and encrypted additively transmitted to a secondary server in another location (VPN, rSync via SSH) - deleting server files or their contents is not transmitted to another server.
The log files on the primary server are deleted daily, and on the secondary server, they are packaged daily in encrypted archives and kept for 30 days for security purposes.
4. Audit trail on your own installations and offline 1KA
In its own installations, traceability is the responsibility of the installer. In principle (and more theoretically, but practically this is very difficult), log-based changes can be made to track all changes and interventions in a specific 1KA survey, even if it was deleted in 1KA. However, a special "audit daemon" for server interventions is not installed on off-line 1KA and should be edited by the user if desired. You should know that the entire off-line installation of 1KA is only temporary, since after the survey is completed the data is exported and therefore it is the responsibility of the user to remove the entire installation afterwards, thus removing all traces.
The above applies to server-level audit trail (access to MySQL database, access to the server, etc.), depending on the server or the computer on which the application is located and not from the application itself. This must be provided by the user of his own installation or offline 1KA.
The audit trail at the application level itself (questionnaire changes, viewing and changing answers) is part of the application and works the same with offline versions.
5. Description of personal data processing within 1KA
Personal Data Controller - Registered users of the application who create and perform the online survey. As users process data on their own behalf, they are the controllers of personal data.
Organization - an FSD organization that acts as a contractor in relation to its managers. This allows managers to use 1ka and store information on servers.
Respondent - Individuals who solve a survey prepared and produced by a personal data controller.
The user of the web application can be anyone who registers on the site and accepts the general terms of use for the purpose of creating an online survey. The user is, according to the GDPR, a data controller who processes the data in the course of conducting an online survey for his or her own purposes. Anyone invited by the user to participate in the survey can answer the survey.
In his user profile, each manager has access to data from solved surveys that he has created through his profile. This information may also be accessed by any other registered user to whom the operator grants the rights. The user accounts are stored permanently on a server in Slovenia, along with the controller’s surveys.
The organization acts as a contracted processor and does not use data collected through 1KA for its own purposes. For controllers, the organization stores data on third-party servers and provides them with a tool for conducting surveys.
6. Who are the contracted processors of 1KA?
Data from application 1KA is stored on the server of the contracted processor of the organization (Telemach d.o.o.) in Slovenia.
The 1KA user agrees that the 1KA service may contract with the hosting subcontractors and other subcontractors that support the functionality of the 1KA service.
The relevant contract (between 1KA and the sub-processor) and the associated GDPR attachment may be annexed to the 1KA user at the explicit request.
7. How long are backups stored?
Daily backups of system events (log-ins) are saved.
Log data is securely and encrypted additively transmitted to a secondary server in another location (VPN, rSync via SSH) - deleting server files or their contents is not transmitted to another server.
The log files on the primary server are deleted daily, and on the secondary server, they are packaged daily in encrypted archives and kept for 30 days for security purposes. Monthly backups are stored at the DRC location for 6 months.
8. How is the process of deleting personal data from a backup performed? How are changes in the backups recorded?
Within the backup system, the system administrator opens the file to locate the appropriate respondent whose personal data is deleted. The file is modified and packed back to the archive as requested. Care must be taken not to damage the integrity of the backup.
In the case of an individual's request for the deletion of personal or survey data, in principle, the deletion shall be carried out only in the primary source. A log is kept for backups for any subsequent procedures into backups. It records who and when interfered with the backup.
Backup deletions are, in principle, only possible if a specific backup is restored. The responsible person in charge of a particular survey must, therefore, re-erase the restored backup copy.