Committed to Your Privacy and Protection
At E2open, we safeguard your privacy and maximize data protection. We do not collect and/or process users’ personal information beyond what is required for the functioning of E2open applications, technology platform and services.
We have demonstrated our commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SSAE-18 SOC 2 Type 2. We also have strong data processing agreements that were revised to meet the requirements of the General Data Protection Regulation (GDPR). We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework with respect to the transfer of data to the United States.
E2open GDPR Preparation
We are GDPR-compliant across all our software-as-a-service (SaaS) applications. We have analyzed GDPR requirements and correlated them to existing controls or created new controls and systems to meet them. Our efforts included the following:
Established a data privacy team to oversee GDPR activities and raise awareness
Conducted a GDPR Gap Assessment through an independent third party as well as a Privacy Impact Assessment (PIA)
Reviewed current security and privacy processes in place and, where applicable, updated contracts with third parties and customers to meet GDPR requirements
Conducted employee awareness to ensure continual compliance with the GDPR
Evaluated the portability and transferability of data and found that none of our applications store unique end-user content or data that end users do not already possess, such as pictures, stories and so on
Enhanced data integrity and security, streamlining the processes for our cloud applications by implementing these data security actions:
- Encrypt, anonymize or delete user data.
- Perform data audits or assessments.
- Provide access controls.
- Identify personal data being collected or stored.
Some of our applications have a different level of personal data collection, usage, storage and disposal. We have defined the purview of personal data for each of these applications and documented the various sources of data to provide a roadmap for compliance. We analyzed how customer information is being processed, stored, retained and deleted.
- Assess any third parties with whom we disclose personal data.
At this time, there are no third parties with whom we share our customers’ personal data except banks for the purpose of paying rebates.
- Establish procedures to respond to data subjects when they exercise their rights.
- Create processes for data breach notification activities.