About usCareers
Why Eko?
Pricing
Resources
BlogCustomer StoriesPodcastGuideRelease Notes
Log in
Let's talk
Solutions
EkoUpstraConvolab
About us
Careers

Eko’s GDPR Commitment

Eko’s GDPR Commitment

Last Updated

April 8, 2020

At Eko we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took – and what we will take in the future – to ensure and maintain a secure and compliant environment for our customers and users under GDPR.

GDPR (The General Data Protection Regulation) went into effect on May 25, 2018, with the goal of further regulating and strengthening the privacy rights of EU citizens. It is the most comprehensive privacy regulation ever adopted in the European Union.

GDPR sets out standards to comply with for all the organizations that collect and/or process Personal Data (i.e. all the information relating to an identified or identifiable natural person) and ensures full transparency throughout the collection and/or processing of such Personal Data.

1) Why Eko is GDPR compliant

Please find below the measures that we have taken to guarantee our compliance with GDPR:

Policy Reviews and Updates

We’ve updated our Terms and Policies (https://enterprise.ekoapp.com/en/legal/) according to GDPR provisions. Indeed, as set forth in GDPR, our new Privacy Policy guides you through all the data we collect, and explains to you in detail how we collect it. Importantly, any customer or user can always modify the data we collect. You can ask us to remove your Personal Data simply by sending us an email at legal@ekoapp.com. In any case, please have a look at our Privacy Policy at the following link (https://enterprise.ekoapp.com/en/privacy/).

Investments in Security Infrastructure and Certifications

Eko is committed to always guarantee to its users the best technical and organizational measures to protect their Personal Data against unauthorized disclosure or access and / or accidental or unlawful destruction or alteration. To this end, we have highly invested in building up a solid security infrastructure to ensure the best protection possible of your Personal Data. ( You can find more details on our security infrastructure and certification in paragraph no. 3 below).

Partnering only with Third-Parties that Meet our Requirements

We are committed to cooperate and work exclusively with partners who are 100% GDPR compliant, and have updated their terms and policies according to its provisions.

2) Our Certifications and Security Infrastructure

Obviously, your privacy is extremely important to us, and we have invested time and resources in guaranteeing to our customers and users the highest standards of security.

Our security protocols are aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. All data going through Eko is encrypted both in-transit and at-rest. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. Qualys Grade A+ compliance report of Eko servers: https://www.ssllabs.com/ssltest/analyze.html?d=s1.ekoapp.com&s=54.251.118.253

Data at rest is encrypted via AES-256 encryption before being stored. AES-256 currently offers the highest level of encryption of any standard and it is widely used by both banks and government agencies around the world to protect sensitive information. For user generated content such as messages or files, Eko will use uses a unique encryption key for every individual piece of content. The encryption keys are then encrypted a second time using a separate encryption key, and stored in a special key management server, on a seperate network, in order to add an additional layer of security.

Eko’s servers are hosted with Amazon Web Services (AWS) in their London, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Eko’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.

‍

Your Opinion Matters

Should you have any question that was not addressed so far, or should you simply wish to better understand how Eko deals with your Personal Data or, in general, your rights under GDPR, please please feel free to email us at legal@ekoapp.com.

Eko’s GDPR Commitment

Eko’s GDPR Commitment

Last Updated

April 8, 2020

At Eko we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took – and what we will take in the future – to ensure and maintain a secure and compliant environment for our customers and users under GDPR.

GDPR (The General Data Protection Regulation) went into effect on May 25, 2018, with the goal of further regulating and strengthening the privacy rights of EU citizens. It is the most comprehensive privacy regulation ever adopted in the European Union.

GDPR sets out standards to comply with for all the organizations that collect and/or process Personal Data (i.e. all the information relating to an identified or identifiable natural person) and ensures full transparency throughout the collection and/or processing of such Personal Data.

1) Why Eko is GDPR compliant

Please find below the measures that we have taken to guarantee our compliance with GDPR:

Policy Reviews and Updates

We’ve updated our Terms and Policies (https://enterprise.ekoapp.com/en/legal/) according to GDPR provisions. Indeed, as set forth in GDPR, our new Privacy Policy guides you through all the data we collect, and explains to you in detail how we collect it. Importantly, any customer or user can always modify the data we collect. You can ask us to remove your Personal Data simply by sending us an email at legal@ekoapp.com. In any case, please have a look at our Privacy Policy at the following link (https://enterprise.ekoapp.com/en/privacy/).

Investments in Security Infrastructure and Certifications

Eko is committed to always guarantee to its users the best technical and organizational measures to protect their Personal Data against unauthorized disclosure or access and / or accidental or unlawful destruction or alteration. To this end, we have highly invested in building up a solid security infrastructure to ensure the best protection possible of your Personal Data. ( You can find more details on our security infrastructure and certification in paragraph no. 3 below).

Partnering only with Third-Parties that Meet our Requirements

We are committed to cooperate and work exclusively with partners who are 100% GDPR compliant, and have updated their terms and policies according to its provisions.

2) Our Certifications and Security Infrastructure

Obviously, your privacy is extremely important to us, and we have invested time and resources in guaranteeing to our customers and users the highest standards of security.

Our security protocols are aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. All data going through Eko is encrypted both in-transit and at-rest. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. Qualys Grade A+ compliance report of Eko servers: https://www.ssllabs.com/ssltest/analyze.html?d=s1.ekoapp.com&s=54.251.118.253

Data at rest is encrypted via AES-256 encryption before being stored. AES-256 currently offers the highest level of encryption of any standard and it is widely used by both banks and government agencies around the world to protect sensitive information. For user generated content such as messages or files, Eko will use uses a unique encryption key for every individual piece of content. The encryption keys are then encrypted a second time using a separate encryption key, and stored in a special key management server, on a seperate network, in order to add an additional layer of security.

Eko’s servers are hosted with Amazon Web Services (AWS) in their London, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Eko’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.

‍

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Advertising

This type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on this Application, possibly based on User interests.

This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.

Some of the services listed below may use Cookies to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Application. For more information, please check the privacy policies of the relevant services.

In addition to any opt-out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.

Google Ad Manager (Google LLC)

Google Ad Manager is an advertising service provided by Google LLC that allows the Owner to run advertising campaigns in conjunction with external advertising networks that the Owner, unless otherwise specified in this document, has no direct relationship with. In order to opt out from being tracked by various advertising networks, Users may make use of Youronlinechoices. In order to understand Google's use of data, consult Google's partner policy.

This service uses the “DoubleClick” Cookie, which tracks use of this Application and User behavior concerning ads, products and services offered. Users may decide to disable all the DoubleClick Cookies by clicking on: www.google.com/settings/ads/onweb/optout?hl=en.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

HubSpot Analytics (HubSpot, Inc.)

HubSpot Analytics is an analytics service provided by HubSpot, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – Opt Out .

Google Analytics (Google LLC)

Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Wordpress Stats (Automattic Inc.)

Wordpress Stats is an analytics service provided by Automattic Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy.

LinkedIn conversion tracking (LinkedIn Corporation)

LinkedIn conversion tracking is an analytics service provided by LinkedIn Corporation that connects data from the LinkedIn advertising network with actions performed on this Application.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

MixPanel (MixPanel)

MixPanel is an analytics service provided by Mixpanel Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

According to the medical community, and as stated on this OvulationCalculator site, ovulation cramps are totally normal and they can occur quite often among women.

Contacting the User

By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data collected: email address; first name; last name.

Mailing list or newsletter (this Application)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.

Personal Data collected: email address.

SumoMe Contact form (Sumo Group Inc.)

By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
If this service is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.

Personal Data collected: Cookies; email address; Usage Data.

Place of processing: United States – Privacy Policy.

Content performance and features testing (A/B testing)

The services contained in this section allow the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of this Application.

Google Website Optimizer (Google LLC)

Google Website Optimizer is an A/B testing service provided by Google LLC.
Google may use Personal Data to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Data transfers outside the EU

The Owner is allowed to transfer Personal Data collected within the EU to third countries (i.e. any country not part of the EU) only pursuant to a specific legal basis. Any such Data transfer is based on one of the legal bases described below.

Users can inquire with the Owner to learn which legal basis applies to which specific service.

Data transfer abroad based on standard contractual clauses (this Application)

If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out by the Owner according to “standard contractual clauses” provided by the European Commission.

This means that Data recipients have committed to process Personal Data in compliance with the data protection standards set forth by EU data protection legislation. For further information, Users are requested to contact the Owner through the contact details provided in the present document.

Personal Data collected: various types of Data.

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

Google Fonts (Google LLC)

Google Fonts is a typeface visualization service provided by Google LLC that allows this Application to incorporate content of this kind on its pages.

Personal Data collected: Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Google Maps widget (Google LLC)

Google Maps is a maps visualization service provided by Google LLC that allows this Application to incorporate content of this kind on its pages.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

MyFonts (MyFonts Inc.)

MyFonts is a typeface visualization service provided by MyFonts Inc. that allows this Application to incorporate content of this kind on its pages.

Personal Data collected: Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Heat mapping and session recording

Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.

Some of these services may record sessions and make them available for later visual playback.

Crazy Egg (Crazyegg)

Crazy Egg is a heat mapping service provided by Crazy Egg, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy.

Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

Amazon Web Services (AWS) (Amazon Web Services, Inc.)

Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: United Kingdom – Privacy Policy. Privacy Shield participant.

Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the pages of this Application for the purpose of saving and reusing data.

If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.

Mailchimp widget (The Rocket Science Group LLC)

The Mailchimp widget is a service for interacting with the Mailchimp email address management and message sending service provided by The Rocket Science Group LLC.

Personal Data collected: email address.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Interaction with external social networks and platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.

Facebook Like button and social widgets (Facebook, Inc.)

The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

LinkedIn button and social widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Twitter Tweet button and social widgets (Twitter, Inc.)

The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Interaction with live chat platforms

This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Application, for contacting and being contacted by this Application support service.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.

Drift Widget (Drift.com, Inc.)

The Drift Widget is a service for interacting with the Drift live chat platform provided by Drift.com, Inc.

Personal Data collected: Cookies; Data communicated while using the service; Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Location-based interactions

Geolocation (this Application)

This Application may collect, use, and share User location Data in order to provide location-based services.
Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application.

Personal Data collected: geographic position.

Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

HubSpot Email (HubSpot, Inc.)

HubSpot Email is an email address management and message sending service provided by HubSpot, Inc.

Personal Data collected: email address; Usage Data.

Place of processing: United States – Privacy Policy.

Platform services and hosting

These services have the purpose of hosting and running key components of this Application, therefore allowing the provision of this Application from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

WordPress.com (Automattic Inc.)

WordPress.com is a platform provided by Automattic Inc. that allows the Owner to build, run and host this Application.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Remarketing and behavioral targeting

This type of service allows this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User.
This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.

Facebook Custom Audience (Facebook, Inc.)

Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Application with the Facebook advertising network.

Personal Data collected: Cookies; email address.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Application with the Facebook advertising network.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

SPAM protection

This type of service analyzes the traffic of this Application, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

Google reCAPTCHA (Google LLC)

Google reCAPTCHA is a SPAM protection service provided by Google LLC.
The use of reCAPTCHA is subject to the Google privacy policy and terms of use.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Akismet (Automattic Inc.)

Akismet is a SPAM protection service provided by Automattic Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Tag Management

This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.

Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

User database management

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Application, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Application.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.

HubSpot CRM (HubSpot, Inc.)

HubSpot CRM is a User database management service provided by HubSpot, Inc.

Personal Data collected: email address; phone number; various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

HubSpot Lead Management (HubSpot, Inc.)

HubSpot Lead Management is a User database management service provided by HubSpot, Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

Video conferencing

Jitsi

Jitsi is a set of open-source projects that allows you to easily build and deploy secure videoconferencing solutions. At the heart of Jitsi are Jitsi Videobridge and Jitsi Meet, which let you have conferences on the internet, while other projects in the community enable other features such as audio, dial-in, recording, and simulcasting.

Features:

  • Unlike other videoconferencing technologies, Jitsi Videobridge, the heart of Jitsi, passes everyone’s video and audio to all participants, rather than mixing them first.
  • The result is lower latency, better quality and, if you are running your own service, a much more scalable and inexpensive solution.
  • Jitsi is compatible with WebRTC, the open standard for Web communication.
  • Jitsi supports advanced video routing concepts such as simulcast, bandwidth estimations, scalable video coding and many others.
  • Ubuntu and Debian packages for easy installation

Jitsi Privacy Policy

Your Opinion Matters

Should you have any question that was not addressed so far, or should you simply wish to better understand how Eko deals with your Personal Data or, in general, your rights under GDPR, please please feel free to email us at legal@ekoapp.com.

Eko
Contact
Resources
BlogCustomer StoriesPodcastQuick Start GuideRelease Notes
SUPPORT
Help CenterDownload EkoPrivacy & Terms
Amity
AboutCareersLeadershipContact
Eko is a product of
Amity
Copyright © 2024 Amity Corporation. All rights reserved.