Trust is a core value for Umbraco. You give us data if you use some of our products. Your trust is essential for us therefore we need to make sure that you trust us. For a start please have a look below and find why, what, when etc ref data controlling and processing.
What data, including personal data, do we have?
- We store data that you give us
- It can be name, your company name, telephone number, address, mail address and other data depending upon what transactions we have done together.
Why store data?
- Because we need them for e.g. accounting purposes.
- Because we need to send you a newsletter you have signed up for.
- Because you have requested a trial of a product
- You have bought a license
- You have bought a ticket for training
- You have applied for a job
When do we store and process data:
- We have an explicit legal reason (duty) to so or if we
- Have explicit consent from you or if we
- Have an explicit relevant purpose
We safeguard your data:
- We prevent that your personal data is unintentionally deleted, made public, or is exposed to anyone not legally allowed to access your data.
- We work on a “need to have” not “nice to have” basis
- We have made sure that your data is being treated in accordance with legislation.
- All our suppliers are GDPR compliant and we hold valid Data Processor Agreements with all.
- We do regular revisions of processes and data stored.
- We wash data on a regular basis removing data not relevant for legal and any other relevant purpose.
- We don’t share data.
- We have signed an SCC with our sub-processors placed in third countries (non-EU) to secure your data*.
*Data stored outside the EU was previously approved by the Authorities of Privacy Shield. Following the Schrems 2 judgement on the 16th of July 2020 Privacy Shield is invalid as transfer basis. For this reason, we have signed an SCC with our sub-processors placed in third countries (including US) which do not offer guarantees in ensuring an adequate level of protection essentially equivalent to the level of protection in the EU - to secure your data. The Schrems 2 judgement concluded that the US does not offer an essentially equivalent level of protection corresponding to the EU level of protection. In such case, it is necessary to implement supplementary measures. Exactly which supplementary measures are sufficient is not definitive at this point. The recommendations from the European Data Protection Board regarding supplementary measures are open for feedback until 21 December 2020. We are paying close attention to the European Data Protection Board’s decision on this matter and will co-operate with our other relevant sub-processors to ensure the necessary compliance.”
You can contact us at GDPR@umbraco.com if you have any questions as to the privacy of your data.