In this article, we aim to answer any questions you may have regarding the GDPR and one.com. When new information becomes available, we will update this page.
- What is the GDPR?
- What constitutes personal data?
- When is one.com acting as data controller?
- When is one.com acting as data processor?
- Processing personal data on one.com’s systems
- Where is my data stored?
As a customer, you have entrusted one.com with your personal data. We want to thank you for your trust in us, and assure you that we will handle your personal data responsibly and will comply with applicable regulations.
We have also formulated a Data Processing Agreement. You need this if you are handling customer data yourself on your web space. The data processing agreement is already covered under the webhosting contract you have with us, and doesn't require any further action on your part.
What is the GDPR?
The 'General Data Protection Directive' (GDPR) is an EU regulation that addresses the processing and free movement of personal data. It consists of data protection principles and requirements which must be adhered to when personal data is processed.
The purpose of the GDPR is to have the same data protection laws across all EU member states and to give its citizens more control over how and when their data is used, even if they are in a different country.
Although the GDPR is an EU regulation, any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation.
What constitutes personal data?
Personal data refers to any information that relates to an 'identifiable living individual', or a real person. This includes name, address, phone number, social security number, photos, credit card and health information.
When is one.com acting as data controller?
one.com acts as data controller for you as our customer, and for any personal information you provide upon registering to our service. We have the responsibility as data controller for this information.
When is one.com acting as data processor?
If you store personal information on our servers one.com will act as data processor for this information. As our customer, you are the data controller for this data and will need a Data Processing Agreement (DPA) with us.
Processing personal data on one.com’s systems
one.com offers its customers a Data Processing Agreement (DPA), governing the relationship between the customer (acting as data controller) and one.com (acting as a data processor). The DPA facilitates one.com’s customers compliance with their obligations under EU data protection law.
It is important for you to know, that if you process personal information you are a data controller and if you use one.com’s systems to process data you have specific legal obligations under GDPR.
Some main guidelines you should follow regarding GDPR:
- Make sure to check up on your responsibilities as a data controller.
- Don't process personal information you don't need, and if possible avoid processing extra sensitive data.
- Assure that any information you process is collected on a legal basis.
- Use encrypted protocols for web, mail and file transfers.
- Keep applications up-to-date.
- Restrict access to data.
- Don't store data any longer than needed, considering operations, financial and legal requirements.
Processing data means, for example, that your business collects, stores, records, organises, structures or deletes personal data using one.com’s systems. That data can be located in emails, web content, database content, etc.
It doesn't matter if you are using tools that we provide, like Website Builder, or if you upload the data yourself.
We don't monitor data you have stored on your web space or in e-mails. It is your own responsibility to comply with the GDPR and to check if you need a DPA with us.
The GDPR does not apply to the processing of personal data if it is done by a natural individual for purely personal or household activity. For example, if you only use one.com for your personal e-mail address and address book.
Where is my data stored?
All data of customers residing in the European Union is hosted in our datacenters in Denmark within the European Union.