How we’re preparing for GDPR
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
To what implications does GDPR have for organizations processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely.
Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
What data we are collecting from you?
- Identity information
- Contact information
- Profile information
- Feedback and correspondence
- Financial information
- Transaction information
- Usage information
- Marketing information
How we use your personal data?
(a) operate, maintain, administer and improve the services;
(b) process payments you make through the services, and send you related information, including purchase confirmations and invoices;
(c) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
(e) respond to your service-related requests, questions and feedback;
(f) monitor and analyze trends, usage, and activities in connection with our website, services and for marketing or advertising purposes;
(i) personalize our website and services, including by providing features or advertisements that match your interests and preferences; and
(j) for other purposes for which we obtain your consent.
You may be entitled to:
- opt out from processing of your personal Information for direct marketing purposes;
- request information regarding the processing of your personal Information, including to be provided with a copy of your personal data;
- request the correction and/or deletion of your personal Information, or object to the processing of your personal Information;
- request the restriction of the processing of your personal Information;
- request receipts or transmission to another organization, in a machine-readable form, of the personal Information that you have provided to us; and
- complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered as a result of unlawful processing of your personal Information.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Check out Security Page for more details.
List of Data Subprocessors
Welcome to OneSky’s Subprocessor repository page where we maintain a current list of Subprocessors authorized to process customer data for OneSky’s services. OneSky imposes data protection terms with each Subprocessor regarding their security controls and applicable regulations for the protection of personal data.
|Entity Name||Entity Location|
|Amazon Web Services, Inc.||USA|
|ChartMogul Ltd||United Kingdom|
|Xero Limited.||New Zealand|
What OneSky has prepared for GDPR?
- 2. Coordinate with our partners
All vendors are required to sign an EU Data Protection Agreement prior to working with us. This document addresses common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of the Personal Data with respect to the vendor’s Personal Data. Any vendor has the right to terminate its working relationship with us and request the deletion of Personal Data pertaining to them.
- 3. Educate OneSky employees
Our team is educated on changes related to GDPR and other data handling practices so all employees understand our security standards and commitment to privacy for our users.
- 4. Take security measures
We take a holistic, risk-based approach to security. This means the platform secures your data in transit and at rest, restricts and secures data access, and provides continuous incident monitoring.
- 5. Prepare Data Processing Agreements (DPAs)
Any third-party service providers that are utilized by us will only be given access to Your Account and Service Data as is reasonably necessary to provide the Service and will be subject to their implementing and maintaining compliance with appropriate technical and organizational security measures. Check out OneSky Data Sub-processor list for more information.
Our Data Processing Agreements have been updated. For more information on how customers can enter into it, contact OneSky at firstname.lastname@example.org.
- 6. Certify for International Data Transfers
Transfers of personal data outside the European Economic Area (EEA) are permitted as long as certain safeguards apply. Our customer DPA contains the EU Model Clauses, which are industry standard for data safety. This means that we agree to protect any data originating from the EEA in line with European data protection standards.
- 7. Prompt breach notifications
In line with our current policies, we will promptly inform you of any incidents involving your users’ personal data.
We look forward to continuing to build on our commitment to data security and privacy. If you have any questions about how GDPR affects you as a customer, our support team is happy to help.