Data Protection and Privacy
We demonstrate our commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SSAE-18 SOC 2 Type 2. We also have strong data processing agreements that meet the requirements of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). e2open® complies with GDPR, CCPA and other applicable data processing regulations (eg. Canadian privacy law within the PIPEDA Act).
e2open has been reviewed and verified by TrustArc (formerly known as TRUSTe). e2open (and each of its affiliates) utilizes the Standard Contractual Clauses for the international transfer of data. e2open continues to voluntarily adhere to the EU/Swiss-US Privacy Shield Framework, which is a set of principles established by the American Department of Commerce, along with the European Union.
Privacy and security protections are built into our services and contracts to help in compliance with privacy legislation for our customers. Examples of these are:
- We enforce data protection features across all our software-as-a-service (SaaS) applications. We have analyzed data protection requirements and correlated them to existing controls or created new controls and systems to meet them.
- Have a data privacy team to oversee data protection activities and raise awareness
- Review current security and privacy processes in place and, where applicable, update contracts with third parties and customers to meet data protection requirements
- Conduct annual employee training and awareness to ensure continual compliance with new and existing data protection legislation
- Evaluate the portability and transferability of data to ensure that none of our applications store unique end-user content or data that end users do not already possess, such as pictures, stories and so on
- Define and implement Opt-In/Opt-out Standards for all systems and communications storing personal dataHave a data privacy team to oversee data protection activities and raise awareness
- Conduct background checks on all personnel (where permitted) and have a Corporate Code of Conduct and Operating Principle that must be observed
- Enhance data integrity and security, streamlining the processes for our cloud applications by implementing and continually improving data security actions such as:
- Encrypt, anonymize or delete user data.
- Perform data audits or assessments.
- Provide access controls.
- Identify personal data being collected or stored.
Some of our applications have a different level of personal data collection, usage, storage and disposal. We have defined the purview of personal data for each of these applications and document the various sources of data to provide a roadmap for compliance. We analyze how customer information is being processed, stored, retained and deleted.
- Regularly assess any third parties with whom we disclose personal data.
At this time, there are no third parties with whom we share our customers’ personal data except banks for the purpose of paying rebates.
- Have vetted policies and procedures in place to respond to data subjects when they exercise their rights.
- Continually refine processes for data breach notification activities.