Eko’s GDPR Commitment
Last Updated
April 8, 2020
At Eko we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took – and what we will take in the future – to ensure and maintain a secure and compliant environment for our customers and users under GDPR.
GDPR (The General Data Protection Regulation) went into effect on May 25, 2018, with the goal of further regulating and strengthening the privacy rights of EU citizens. It is the most comprehensive privacy regulation ever adopted in the European Union.
GDPR sets out standards to comply with for all the organizations that collect and/or process Personal Data (i.e. all the information relating to an identified or identifiable natural person) and ensures full transparency throughout the collection and/or processing of such Personal Data.
Please find below the measures that we have taken to guarantee our compliance with GDPR:
Policy Reviews and Updates
We’ve updated our Terms and Policies (https://enterprise.ekoapp.com/en/legal/) according to GDPR provisions. Indeed, as set forth in GDPR, our new Privacy Policy guides you through all the data we collect, and explains to you in detail how we collect it. Importantly, any customer or user can always modify the data we collect. You can ask us to remove your Personal Data simply by sending us an email at legal@ekoapp.com. In any case, please have a look at our Privacy Policy at the following link (https://enterprise.ekoapp.com/en/privacy/).
Investments in Security Infrastructure and Certifications
Eko is committed to always guarantee to its users the best technical and organizational measures to protect their Personal Data against unauthorized disclosure or access and / or accidental or unlawful destruction or alteration. To this end, we have highly invested in building up a solid security infrastructure to ensure the best protection possible of your Personal Data. ( You can find more details on our security infrastructure and certification in paragraph no. 3 below).
Partnering only with Third-Parties that Meet our Requirements
We are committed to cooperate and work exclusively with partners who are 100% GDPR compliant, and have updated their terms and policies according to its provisions.
Obviously, your privacy is extremely important to us, and we have invested time and resources in guaranteeing to our customers and users the highest standards of security.
Our security protocols are aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. All data going through Eko is encrypted both in-transit and at-rest. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. Qualys Grade A+ compliance report of Eko servers: https://www.ssllabs.com/ssltest/analyze.html?d=s1.ekoapp.com&s=54.251.118.253
Data at rest is encrypted via AES-256 encryption before being stored. AES-256 currently offers the highest level of encryption of any standard and it is widely used by both banks and government agencies around the world to protect sensitive information. For user generated content such as messages or files, Eko will use uses a unique encryption key for every individual piece of content. The encryption keys are then encrypted a second time using a separate encryption key, and stored in a special key management server, on a seperate network, in order to add an additional layer of security.
Eko’s servers are hosted with Amazon Web Services (AWS) in their London, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Eko’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.
Should you have any question that was not addressed so far, or should you simply wish to better understand how Eko deals with your Personal Data or, in general, your rights under GDPR, please please feel free to email us at legal@ekoapp.com.
Eko’s GDPR Commitment
Last Updated
April 8, 2020
At Eko we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took – and what we will take in the future – to ensure and maintain a secure and compliant environment for our customers and users under GDPR.
GDPR (The General Data Protection Regulation) went into effect on May 25, 2018, with the goal of further regulating and strengthening the privacy rights of EU citizens. It is the most comprehensive privacy regulation ever adopted in the European Union.
GDPR sets out standards to comply with for all the organizations that collect and/or process Personal Data (i.e. all the information relating to an identified or identifiable natural person) and ensures full transparency throughout the collection and/or processing of such Personal Data.
Please find below the measures that we have taken to guarantee our compliance with GDPR:
Policy Reviews and Updates
We’ve updated our Terms and Policies (https://enterprise.ekoapp.com/en/legal/) according to GDPR provisions. Indeed, as set forth in GDPR, our new Privacy Policy guides you through all the data we collect, and explains to you in detail how we collect it. Importantly, any customer or user can always modify the data we collect. You can ask us to remove your Personal Data simply by sending us an email at legal@ekoapp.com. In any case, please have a look at our Privacy Policy at the following link (https://enterprise.ekoapp.com/en/privacy/).
Investments in Security Infrastructure and Certifications
Eko is committed to always guarantee to its users the best technical and organizational measures to protect their Personal Data against unauthorized disclosure or access and / or accidental or unlawful destruction or alteration. To this end, we have highly invested in building up a solid security infrastructure to ensure the best protection possible of your Personal Data. ( You can find more details on our security infrastructure and certification in paragraph no. 3 below).
Partnering only with Third-Parties that Meet our Requirements
We are committed to cooperate and work exclusively with partners who are 100% GDPR compliant, and have updated their terms and policies according to its provisions.
Obviously, your privacy is extremely important to us, and we have invested time and resources in guaranteeing to our customers and users the highest standards of security.
Our security protocols are aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. All data going through Eko is encrypted both in-transit and at-rest. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. Qualys Grade A+ compliance report of Eko servers: https://www.ssllabs.com/ssltest/analyze.html?d=s1.ekoapp.com&s=54.251.118.253
Data at rest is encrypted via AES-256 encryption before being stored. AES-256 currently offers the highest level of encryption of any standard and it is widely used by both banks and government agencies around the world to protect sensitive information. For user generated content such as messages or files, Eko will use uses a unique encryption key for every individual piece of content. The encryption keys are then encrypted a second time using a separate encryption key, and stored in a special key management server, on a seperate network, in order to add an additional layer of security.
Eko’s servers are hosted with Amazon Web Services (AWS) in their London, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Eko’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.
Personal Data is collected for the following purposes and using the following services:
This type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on this Application, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Cookies to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Application. For more information, please check the privacy policies of the relevant services.
In addition to any opt-out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.
Google Ad Manager is an advertising service provided by Google LLC that allows the Owner to run advertising campaigns in conjunction with external advertising networks that the Owner, unless otherwise specified in this document, has no direct relationship with. In order to opt out from being tracked by various advertising networks, Users may make use of Youronlinechoices. In order to understand Google's use of data, consult Google's partner policy.
This service uses the “DoubleClick” Cookie, which tracks use of this Application and User behavior concerning ads, products and services offered. Users may decide to disable all the DoubleClick Cookies by clicking on: www.google.com/settings/ads/onweb/optout?hl=en.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
HubSpot Analytics is an analytics service provided by HubSpot, Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out .
Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
Wordpress Stats is an analytics service provided by Automattic Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
LinkedIn conversion tracking is an analytics service provided by LinkedIn Corporation that connects data from the LinkedIn advertising network with actions performed on this Application.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
MixPanel is an analytics service provided by Mixpanel Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
According to the medical community, and as stated on this OvulationCalculator site, ovulation cramps are totally normal and they can occur quite often among women.
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data collected: email address; first name; last name.
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.
Personal Data collected: email address.
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
If this service is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.
Personal Data collected: Cookies; email address; Usage Data.
Place of processing: United States – Privacy Policy.
The services contained in this section allow the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of this Application.
Google Website Optimizer is an A/B testing service provided by Google LLC.
Google may use Personal Data to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
The Owner is allowed to transfer Personal Data collected within the EU to third countries (i.e. any country not part of the EU) only pursuant to a specific legal basis. Any such Data transfer is based on one of the legal bases described below.
Users can inquire with the Owner to learn which legal basis applies to which specific service.
If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out by the Owner according to “standard contractual clauses” provided by the European Commission.
This means that Data recipients have committed to process Personal Data in compliance with the data protection standards set forth by EU data protection legislation. For further information, Users are requested to contact the Owner through the contact details provided in the present document.
Personal Data collected: various types of Data.
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts is a typeface visualization service provided by Google LLC that allows this Application to incorporate content of this kind on its pages.
Personal Data collected: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Google Maps is a maps visualization service provided by Google LLC that allows this Application to incorporate content of this kind on its pages.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
MyFonts is a typeface visualization service provided by MyFonts Inc. that allows this Application to incorporate content of this kind on its pages.
Personal Data collected: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.
Crazy Egg is a heat mapping service provided by Crazy Egg, Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United Kingdom – Privacy Policy. Privacy Shield participant.
This type of service allows Users to interact with data collection platforms or other services directly from the pages of this Application for the purpose of saving and reusing data.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.
The Mailchimp widget is a service for interacting with the Mailchimp email address management and message sending service provided by The Rocket Science Group LLC.
Personal Data collected: email address.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Application, for contacting and being contacted by this Application support service.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.
The Drift Widget is a service for interacting with the Drift live chat platform provided by Drift.com, Inc.
Personal Data collected: Cookies; Data communicated while using the service; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
This Application may collect, use, and share User location Data in order to provide location-based services.
Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application.
Personal Data collected: geographic position.
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
HubSpot Email is an email address management and message sending service provided by HubSpot, Inc.
Personal Data collected: email address; Usage Data.
Place of processing: United States – Privacy Policy.
These services have the purpose of hosting and running key components of this Application, therefore allowing the provision of this Application from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
WordPress.com is a platform provided by Automattic Inc. that allows the Owner to build, run and host this Application.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This type of service allows this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User.
This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.
Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Application with the Facebook advertising network.
Personal Data collected: Cookies; email address.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Application with the Facebook advertising network.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
This type of service analyzes the traffic of this Application, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
Google reCAPTCHA is a SPAM protection service provided by Google LLC.
The use of reCAPTCHA is subject to the Google privacy policy and terms of use.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Akismet is a SPAM protection service provided by Automattic Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Application, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Application.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.
HubSpot CRM is a User database management service provided by HubSpot, Inc.
Personal Data collected: email address; phone number; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
HubSpot Lead Management is a User database management service provided by HubSpot, Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Jitsi is a set of open-source projects that allows you to easily build and deploy secure videoconferencing solutions. At the heart of Jitsi are Jitsi Videobridge and Jitsi Meet, which let you have conferences on the internet, while other projects in the community enable other features such as audio, dial-in, recording, and simulcasting.
Features:
Jitsi Privacy Policy
Should you have any question that was not addressed so far, or should you simply wish to better understand how Eko deals with your Personal Data or, in general, your rights under GDPR, please please feel free to email us at legal@ekoapp.com.