Eko’s GDPR Commitment
At Eko we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took – and what we will take in the future – to ensure and maintain a secure and compliant environment for our customers and users under GDPR.
GDPR (The General Data Protection Regulation) went into effect on May 25, 2018, with the goal of further regulating and strengthening the privacy rights of EU citizens. It is the most comprehensive privacy regulation ever adopted in the European Union.
GDPR sets out standards to comply with for all the organizations that collect and/or process Personal Data (i.e. all the information relating to an identified or identifiable natural person) and ensures full transparency throughout the collection and/or processing of such Personal Data.
1) Why Eko is GDPR compliant
Please find below the measures that we have taken to guarantee our compliance with GDPR:
Policy Reviews and Updates
Investments in Security Infrastructure and Certifications
Eko is committed to always guarantee to its users the best technical and organizational measures to protect their Personal Data against unauthorized disclosure or access and / or accidental or unlawful destruction or alteration. To this end, we have highly invested in building up a solid security infrastructure to ensure the best protection possible of your Personal Data. ( You can find more details on our security infrastructure and certification in paragraph no. 3 below).
Partnering only with Third-Parties that Meet our Requirements
We are committed to cooperate and work exclusively with partners who are 100% GDPR compliant, and have updated their terms and policies according to its provisions.
2) Our Certifications and Security Infrastructure
Obviously, your privacy is extremely important to us, and we have invested time and resources in guaranteeing to our customers and users the highest standards of security.
Our security protocols are aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. All data going through Eko is encrypted both in-transit and at-rest. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. Qualys Grade A+ compliance report of Eko servers: https://www.ssllabs.com/ssltest/analyze.html?d=s1.ekoapp.com&s=188.8.131.52
Data at rest is encrypted via AES-256 encryption before being stored. AES-256 currently offers the highest level of encryption of any standard and it is widely used by both banks and government agencies around the world to protect sensitive information. For user generated content such as messages or files, Eko will use uses a unique encryption key for every individual piece of content. The encryption keys are then encrypted a second time using a separate encryption key, and stored in a special key management server, on a seperate network, in order to add an additional layer of security.
Eko’s servers are hosted with Amazon Web Services (AWS) in their London, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Eko’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.
Your Opinion Matter
Should you have any question that was not addressed so far, or should you simply wish to better understand how Eko deals with your Personal Data or, in general, your rights under GDPR, please please feel free to email us at firstname.lastname@example.org.