GDPR compliance

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. We believe this presents a new opportunity for marketers to strengthen their brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — having privacy be a key part of the customer experience, through relevant privacy notices presented in context and choices that are on brand.

What is UniOne doing toward GDPR compliance?

UniOne already meets our obligations as a data processor and data controller. We have a strong foundation of certified security and privacy controls by design and will continue to make product enhancements.

#1 - A Strong Foundation of Security and Privacy Compliance

We’ve implemented a set of security processes and controls to help protect the data entrusted to us through the UniOne Privacy Policy. This helps us comply with several security and privacy standards, and regulations.

How we protect your data

We use hosting platforms in Europe, the US and Canada and provide 4 security levels:

Physical
  • All information is hosted on servers in certified data centers.

Access security
  • Data transfer via the SSL secure protocol (HTTPS secure protocol).
  • Certificated by Comodo, one of the leading certification centers.
  • All transmitted data is encrypted with a 128-bit key like in major banks or payment systems.

Network security
  • Switches and firewalls at each level to provide additional security
  • Data transmission between hosts via SSL connections.
  • Permanent monitoring of network security.

Personal Account security
  • Flexible setup of access rights by roles.
  • Setup of access to various functions: view contacts, download contacts, create messages, send emails.
  • Sending via API without uploading the client email database into UniOne.

#2 - Privacy by Design

Our mission is to help you responsibly unlock the power of data. UniOne has a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.”

#3 - Contract Terms

UniOne has updated our agreements with customers and vendors to account for GDPR requirements.

#4 - Awareness

We have a GDPR group which includes representatives from all departments within the company. We have raised awareness on the matter with all employees

#5 - Product and Process Innovation

UniOne is constantly listening to its customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs. We have created the office of Data Protection Officer to focus on providing the mandated requirements of the GDPR, and to allow the product to maintain the utmost standards to security and privacy of consumers.

#6 – Data breaches

We have procedures in place to detect, report and investigate a personal data breach. Everyone in the company knows what they need to do if they become aware of a data breach.

#7 – Data Transfers

The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Organisations transfer Personal Data originating in one country across borders when they transmit, send, view or access that data in or to a different country

We will only transfer Personal Data outside the EEA if one of the following conditions applies:

  • the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms;
  • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;
  • the Data Subject has provided explicit Сonsent to the proposed transfer after being informed of any potential risks; or
  • the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.