POWERED BY BLACKSYNC INC.
GDPR Policy
1. GDPR & 1 Partner 360 Security approach
We have consistently upheld our commitment to safeguarding our users’ privacy and data protection rights. Our practices have consistently surpassed industry standards, reflecting our dedication to this crucial aspect. We only collect and process users’ personal information as necessary for the functionality of our products, and we have no intention of deviating from this practice. Cultivating a privacy-conscious environment is embedded in our organizational culture, and GDPR presents an opportunity for us to fortify this commitment further.
2. GDPR rules
The General Data Protection Regulation (GDPR) is a comprehensive privacy and data protection law applicable across the European Union. It governs the protection of data belonging to EU residents and empowers these individuals to exercise control over their personal information. The scope of GDPR extends beyond EU-based businesses and residents, impacting any globally operating company. Our commitment to safeguarding customer data transcends geographical boundaries, leading us to adopt GDPR standards as the foundation for all our global operations. GDPR came into effect on May 25, 2018.
3. Personal data
Personal data encompasses any information about an identifiable or identified individual. The General Data Protection Regulation (GDPR) includes a wide range of data that, either on its own or when combined with other data, can be used to identify a person. Personal data extends beyond primary identifiers such as a person’s name or email address and includes financial information, political opinions, genetic and biometric data, IP addresses, physical address, sexual orientation, and ethnicity.
4. What measures did we implement to ensure compliance with GDPR?
1 Partner 360 Security’s readiness for GDPR is a testament to the collective effort of our organization. We have undertaken comprehensive actions across various areas, engaging in extensive internal discussions and training sessions. This has not only raised awareness but also educated our employees on the proper handling of data, emphasizing the significance of information security and the rigorous standards set forth by GDPR.
We have not only ensured our own compliance with GDPR but also taken a user-centric approach. All our products have been individually evaluated against GDPR requirements, and new features have been implemented. These features are designed to provide our users with greater control over their data, demonstrating our commitment to facilitating GDPR compliance.
An Information Asset Register (IAR) has been established, encompassing detailed information on our roles as data controller and processor and various categories of personal data processed by the organization. This register comprehensively covers all processes and procedures, including data access and usage by different departments.
Furthermore, sub-processors (third-party service providers and partners) have been assessed, and the contract process has been streamlined to ensure alignment with current security and privacy standards.
Internal privacy champions and a designated Data Protection Officer (DPO) have been appointed for all teams. Application teams have embraced the concept of privacy by design, which provides users with enhanced control over their stored data.
Moreover, the Data Processing Addendum has been amended to align with GDPR data processing requirements. Organizations can request a copy of the Data Processing Addendum by contacting the specified email address.
Data Protection Impact Assessments (DPIA) have been conducted, leading to the implementation of appropriate controls for data processing and management. Internal audits of products, processes, operations, and management have been carried out, with findings communicated and solutions devised to address identified issues.
Rest assured, our data security methods and processes have been significantly enhanced. This includes data encryption and the development of in-house tools for improved governance and data discovery. These measures are a testament to our commitment to data protection and should instill confidence in our stakeholders.
Database cleanup efforts have been undertaken to ensure information accuracy and currency, including removing terminated and dormant accounts as per the organization’s Terms of Service.
In the event of a security breach, we will strictly follow our internal Privacy Incident Response Policy, guaranteeing prompt notifications to the affected parties. Furthermore, the Global Privacy Policy has been updated to encompass the requirements of relevant privacy laws, considering the organization’s data inventory, data flows, and data handling practices.
We have not only ensured our own compliance with GDPR but also taken a user-centric approach. All our products have been individually evaluated against GDPR requirements, and new features have been implemented. These features are designed to provide our users with greater control over their data, demonstrating our commitment to facilitating GDPR compliance.
An Information Asset Register (IAR) has been established, encompassing detailed information on our roles as data controller and processor and various categories of personal data processed by the organization. This register comprehensively covers all processes and procedures, including data access and usage by different departments.
Furthermore, sub-processors (third-party service providers and partners) have been assessed, and the contract process has been streamlined to ensure alignment with current security and privacy standards.
Internal privacy champions and a designated Data Protection Officer (DPO) have been appointed for all teams. Application teams have embraced the concept of privacy by design, which provides users with enhanced control over their stored data.
Moreover, the Data Processing Addendum has been amended to align with GDPR data processing requirements. Organizations can request a copy of the Data Processing Addendum by contacting the specified email address.
Data Protection Impact Assessments (DPIA) have been conducted, leading to the implementation of appropriate controls for data processing and management. Internal audits of products, processes, operations, and management have been carried out, with findings communicated and solutions devised to address identified issues.
Rest assured, our data security methods and processes have been significantly enhanced. This includes data encryption and the development of in-house tools for improved governance and data discovery. These measures are a testament to our commitment to data protection and should instill confidence in our stakeholders.
Database cleanup efforts have been undertaken to ensure information accuracy and currency, including removing terminated and dormant accounts as per the organization’s Terms of Service.
In the event of a security breach, we will strictly follow our internal Privacy Incident Response Policy, guaranteeing prompt notifications to the affected parties. Furthermore, the Global Privacy Policy has been updated to encompass the requirements of relevant privacy laws, considering the organization’s data inventory, data flows, and data handling practices.
Last revised
February 28, 2025
COPYRIGHT © 2008-2025 BLACKSYNC INC. ALL RIGHTS RESERVED.