GDPR & Privacy
The General Data Protection Regulation (“GDPR”) is a legislation enacted by the European Union (“EU”) to enforce PII protection. GDPR applies to residents of the European Union (“Data subjects”), including UK residents, and affects any company that processes PII of EU residents.
E2open is the Processor of PII used in E2open’s applications and our Customers are the Controllers and owners of the data.
E2open’s GDPR Responsibilities as a Processor
As the data Processor for E2open’s Customer’s data, E2open will support the Controller and enable them to fulfill a data subject’s rights with respect to PII processed in E2open applications. All requests made directly to E2open by a Customer’s data subject will be validated, processed and fulfilled relating to the following by sending their requests to Privacy@E2open.com:
- Information about the purposes of processing the data subject’s PII;
- Information regarding the lawfulness of processing the data subject’s PII pursuant to Article 6 (1)(a);
- Accessing and correcting PII;
- Accessing and updating PII;
- Requests for erasure of PII
Transfer of Data
E2open does not share or transfer PII with any third-party organizations. E2open provides security and controls around data subject’s PII and will process PII within E2open internally on an as needed basis to provide the contracted services.
Collection and Use of Processing PII
E2open stores PII in its applications to authenticate, log and audit User activity to ensure system integrity and to remit rebates. All PII collected is solely used to provide the services as contracted between E2open and the Customer.
E2open also complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of PII transferred from the European Union to the United States. PII from the European Union and/or on EU citizens may be collected by E2open and may be stored and processed in the United States or any other country in which E2open maintain facilities.
E2open has implemented extensive security measures to help protect against the risk of loss, misuse and alteration of any information under E2open’s control including using encryption, limiting employee access, and using industry-standard controls such as firewalls and secure environments for PII.
E2open has deployed industry standard Customer authentication and User verification procedures to limit access to Customer and User information to only those participants that our Customers and Users authorize.