The GDPR will come into effect on the 25th of May, 2018. In this article, we aim to answer any questions you may have regarding the GDPR and One.com. When new information becomes available, we will update this page.
- What is the GDPR?
- What constitutes personal data?
- When is One.com acting as data controller?
- When is One.com acting as data processor?
- Processing personal data on One.com’s systems
- Where is my data stored?
As a customer, you have entrusted One.com with your personal data. We want to thank you for your trust in us, and assure you that we will handle your personal data responsibly and will comply with applicable regulations.
Together with our legal advisors, we have carefully analysed the GDPR regulation. We are in the process of updating our privacy policies and practices, to make sure your privacy is protected in the best way possible.
As soon as it becomes available, we will provide further information on our updated privacy policies and our data processing agreement (DPA).
What is the GDPR?
The 'General Data Protection Directive' (GDPR) is an EU regulation that addresses the processing and free movement of personal data. It consists of data protection principles and requirements which must be adhered to when personal data is processed.
The purpose of the GDPR is to have the same data protection laws accross all EU member states and to give its citizens more control over how and when their data is used, even if they are in a different country.
Although the GDPR is an EU regulation, any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation.
What constitutes personal data?
Personal data refers to any information that relates to an 'identifiable living individual', or a real person. This includes name, address, phone number, social security number, photos, credit card and health information.
When is One.com acting as data controller?
One.com acts as data controller for you as our customer, and for any personal information you provide upon registering to our service. We have the responsibility as data controller for this information.
When is One.com acting as data processor?
If you store personal information on our servers One.com will act as data processor for this information. As our customer, you are the data controller for this data and will need a Data Protection Agreement (DPA) with us.
We will provide you with a DPA which has been created together with our legal partners. The DPA will apply to all our customers. Together with our updated privacy policies, this will be the foundation you need when processing personal data on our systems.
Processing personal data on One.com’s systems
One.com offers its customers a Data Processing Agreement (DPA), governing the relationship between the customer (acting as data controller) and One.com (acting as a data processor). The DPA facilitates One.com’s customers compliance with their obligations under EU data protection law. The DPA complies with GDPR and is effective from May 25, 2018.
It is important for you to know, that if you process personal information you are a data controller and if you use One.com’s systems to process data you have specific legal obligations under GDPR.
Some main guidelines you should follow regarding GDPR:
- Make sure to check up on your responsibilities as a data controller.
- Don't process personal information you don't need, and if possible avoid processing extra sensitive data.
- Assure that any information you process is collected on a legal basis.
- Use encrypted protocols for web, mail and file transfers.
- Keep applications up-to-date.
- Restrict access to data.
- Don't store data any longer than needed, considering operations, financial and legal requirements.
Processing data means, for example, that your business collects, stores, records, organises, structures or deletes personal data using One.com’s systems. That data can be located in emails, web content, database content, etc.
It doesn't matter if you are using tools that we provide, like Website Builder, or if you upload the data yourself.
We don't monitor data you have stored on your web space or in e-mails. It is your own responsibility to comply with the GDPR and to check if you need a DPA with us.
The GDPR does not apply to the processing of personal data if it is done by a natural individual for purely personal or household activity. For example, if you only use One.com for your personal e-mail address and address book.
Where is my data stored?
All data of customers residing in the European Union is hosted in our datacenters in Denmark within the European Union.