Datenschutz

In dieser Zeit des schnellen technologischen und regulatorischen Wandels war es noch nie so wichtig wie heute, den Schutz personenbezogener Daten mit Bedacht zu gestalten. Von der europäischen Datenschutz-Grundverordnung (DSGVO) bis hin zu neuen Gesetzen der US-Bundesstaaten wie dem California Consumer Privacy Act (CCPA) wissen wir, wie viel Aufwand es bedeutet, Datenschutzrisiken zu bewerten und zu verwalten. Aus diesem Grund baut Optimizely seine Dienstleistungen so auf, dass dieser Aufwand für unsere Kunden möglichst gering ist.

Unsere Lösungen zur Optimierung digitaler Erlebnisse bieten branchenführende Funktionalität bei minimaler Erfassung personenbezogener Daten und einem Schwerpunkt auf Sicherheit. Datenschutz- und Sicherheitsaspekte werden direkt in unseren Produktentwicklungsprozess integriert, sodass Kunden mehr Zeit damit verbringen können, ihr digitales Potenzial zu entfalten und sich weniger Gedanken um Compliance machen müssen. 

We help safeguard your personal data

Optimizely Privacy Policy

Data privacy is important to all customers especially those operating in industries like  financial services, healthcare and the public sector. We understand what's at stake and always operate in a highly secure and consistent manner while handling your information.

Product Readiness

We understand that your customers may be concerned about how their personal data is managed. We are committed to help you address these concerns and meet your compliance obligations. Here are some of the ways we build privacy into our services.

Optimizely Security

Optimizely is backed by security controls designed to protect your data. Our controls are constantly under third party review with certifications from PCI, ISO27001 and SOC2.

Organizational Readiness

We are committed to providing transparency and building trust. At Optimizely, our team of privacy, security and compliance experts are constantly working to maintain compliance with existing requirements and preparing to meet new ones.

Product Readiness

Data deletion & access

Data subjects in certain jurisdictions may request access to or erasure of their personal data. We have built tools to help our customers fulfill these requests.

Encryption

By default, our web snippet communicates with optimizely.com using Transport Layer Security (TLS), which is regularly updated to use updated ciphersuites and TLS configurations.

In addition, all Visitor Data stored by Optimizely and its third party service providers is encrypted at rest. Please see our documentation for details.

Cookie compliance

To comply with the GDPR, companies may want to review the cookies and local storage objects set by their EU websites. Optimizely can be integrated with popular tag management and cookie banner tools to make it easier for you to customize your approach to cookie compliance. 

Möchten Sie einen Antrag auf Zugang zu Informationen gemäß DSGVO stellen?

Wenn Sie Optimizely-Kunde sind und erfahren möchten, wie Sie Zugang zu Informationen gemäß DSGVO erhalten, lesen Sie bitte unser Informationsmaterial.

Mehr erfahren

Organizational Readiness

Privacy & data protection compliance

Optimizely’s Privacy, Security, and Compliance teams have developed and implemented a company-wide privacy program to help ensure compliance with GDPR, CCPA and other relevant privacy and data protection laws and regulations.

Training & privacy awareness

As part of our employee onboarding and continuous training, all Optimizely employees receive annual privacy and security training. In addition, members of our engineering and product teams receive specialized data privacy and software security training annually. All efforts are overseen by our Privacy, Security and Compliance teams.

Data mapping

To verify that our privacy practices are appropriate, Optimizely maintains a data map of our product documenting how data is collected and what systems process personal data.

Informational security policies

We have published information security and data protection policies governing when employees and contractors can access data stores containing your data.

Data transfer

The GDPR including the Schrems II ruling, restricts the export or use of personal data to countries the EU and European Economic Area (EEA). We have implemented geo-fenced process and technical controls to limit transfer and access of personal data to allowed regions. We also support inquiry, correction and deletion for both your direct and indirect personal data.

Incident response

We have implemented a data breach and incident response plan that leverages advanced technology designed to detect and avoid threats. If needed, our rigorous 24/7 incident management program allows us to respond to security or privacy events promptly. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.

Product reviews

Our Security and Privacy teams review new product functionality according to stringent security and privacy guidelines throughout the entire software development cycle.

Vendor reviews

We have conducted security and privacy reviews of our vendor contracts. As a result, we have DPAs with those vendors who may help us process personal data on your behalf.

Contractual protections

To support your efforts to provide EU-compliant contractual protections, we have created a GDPR-ready Data Processing Agreement (DPA).

Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee our privacy and data protection compliance.