UniOne already meets our obligations as a data processor and data controller. We have a strong foundation of certified security and privacy controls by design and will continue to make product enhancements.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. We believe this presents a new opportunity for marketers to strengthen their brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — having privacy be a key part of the customer experience, through relevant privacy notices presented in context and choices that are on brand.
What is UniOne doing toward GDPR compliance?
#1 - A Strong Foundation of Security and Privacy Compliance
How we protect your data
We use hosting platforms in Western Europe, Russia, the US and Canada and provide 4 security levels:Physical
- All information is hosted on servers in certified data centers.
- Data transfer via the SSL secure protocol (HTTPS secure protocol).
- Certificated by Comodo, one of the leading certification centers.
- All transmitted data is encrypted with a 128-bit key like in major banks or payment systems.
- Switches and firewalls at each level to provide additional security
- Data transmission between hosts via SSL connections.
- Permanent monitoring of network security.
Personal Account security
- Flexible setup of access rights by roles.
- Setup of access to various functions: view contacts, download contacts, create messages, send emails.
- Sending via API without uploading the client email database into UniOne.
#2 - Privacy by Design
Our mission is to help you responsibly unlock the power of data. UniOne has a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.”
#3 - Contract Terms
UniOne has updated our agreements with customers and vendors to account for GDPR requirements.
#4 - Awareness
We have a GDPR group which includes representatives from all departments within the company. We have raised awareness on the matter with all employees
#5 - Product and Process Innovation
UniOne is constantly listening to its customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs. We have created the office of Data Protection Officer to focus on providing the mandated requirements of the GDPR, and to allow the product to maintain the utmost standards to security and privacy of consumers.
#6 – Data breaches
We have procedures in place to detect, report and investigate a personal data breach. Everyone in the company knows what they need to do if they become aware of a data breach.
#7 – Data Transfers
The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Organisations transfer Personal Data originating in one country across borders when they transmit, send, view or access that data in or to a different country
We will only transfer Personal Data outside the EEA if one of the following conditions applies:
- the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms;
- appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;
- the Data Subject has provided explicit Сonsent to the proposed transfer after being informed of any potential risks; or
- the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.