Integritet

Under en tid av snabba tekniska och juridiska förändringar har det aldrig varit viktigare att ha ett genomtänkt tillvägagångssätt för att skydda personuppgifter. Från den europeiska dataskyddsförordningen (GDPR) till nya amerikanska lagar som California Consumer Privacy Act (CCPA) vet vi hur mycket arbete som krävs för att bedöma och hantera integritetsrisker. Därför bygger Optimizely sina tjänster med fokus på att minimera ansträngningen för våra kunder.

Våra lösningar för optimering av digitala upplevelser erbjuder branschledande funktionalitet med minimal insamling av personuppgifter och inriktning på säkerhet. Hänsyn till integritets- och säkerhetsöverväganden tas direkt i vår produktutvecklingsprocess så att kunderna kan lägga mer tid på att låta sin digitala potential växa och mindre tid på att oroa sig för regelefterlevnad. 

We help safeguard your personal data

Optimizely Privacy Policy

Data privacy is important to all customers especially those operating in industries like  financial services, healthcare and the public sector. We understand what's at stake and always operate in a highly secure and consistent manner while handling your information.

Product Readiness

We understand that your customers may be concerned about how their personal data is managed. We are committed to help you address these concerns and meet your compliance obligations. Here are some of the ways we build privacy into our services.

Optimizely Security

Optimizely is backed by security controls designed to protect your data. Our controls are constantly under third party review with certifications from PCI, ISO27001 and SOC2.

Organizational Readiness

We are committed to providing transparency and building trust. At Optimizely, our team of privacy, security and compliance experts are constantly working to maintain compliance with existing requirements and preparing to meet new ones.

Product Readiness

Data deletion & access

Data subjects in certain jurisdictions may request access to or erasure of their personal data. We have built tools to help our customers fulfill these requests.

Encryption

By default, our web snippet communicates with optimizely.com using Transport Layer Security (TLS), which is regularly updated to use updated ciphersuites and TLS configurations.

In addition, all Visitor Data stored by Optimizely and its third party service providers is encrypted at rest. Please see our documentation for details.

Cookie compliance

To comply with the GDPR, companies may want to review the cookies and local storage objects set by their EU websites. Optimizely can be integrated with popular tag management and cookie banner tools to make it easier for you to customize your approach to cookie compliance. 

Want to make a GDPR subject access request?

If you are an Optimizely customer and want to learn how to make a GDPR subject access request, please consult our documentation.

Read more

Organizational Readiness

Privacy & data protection compliance

Optimizely’s Privacy, Security, and Compliance teams have developed and implemented a company-wide privacy program to help ensure compliance with GDPR, CCPA and other relevant privacy and data protection laws and regulations.

Training & privacy awareness

As part of our employee onboarding and continuous training, all Optimizely employees receive annual privacy and security training. In addition, members of our engineering and product teams receive specialized data privacy and software security training annually. All efforts are overseen by our Privacy, Security and Compliance teams.

Data mapping

To verify that our privacy practices are appropriate, Optimizely maintains a data map of our product documenting how data is collected and what systems process personal data.

Informational security policies

We have published information security and data protection policies governing when employees and contractors can access data stores containing your data.

Data transfer

The GDPR including the Schrems II ruling, restricts the export or use of personal data to countries the EU and European Economic Area (EEA). We have implemented geo-fenced process and technical controls to limit transfer and access of personal data to allowed regions. We also support inquiry, correction and deletion for both your direct and indirect personal data.

Incident response

We have implemented a data breach and incident response plan that leverages advanced technology designed to detect and avoid threats. If needed, our rigorous 24/7 incident management program allows us to respond to security or privacy events promptly. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.

Product reviews

Our Security and Privacy teams review new product functionality according to stringent security and privacy guidelines throughout the entire software development cycle.

Vendor reviews

We have conducted security and privacy reviews of our vendor contracts. As a result, we have DPAs with those vendors who may help us process personal data on your behalf.

Contractual protections

To support your efforts to provide EU-compliant contractual protections, we have created a GDPR-ready Data Processing Agreement (DPA).

Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee our privacy and data protection compliance.