General Data Protection Regulation (GDPR)

Please Read Carefully Prior To Using This Product

OneUptime GDPR Policy

OneUptime is part of HackerBay, Inc. This GDPR and Privacy will explain how our organization uses the personal data we collect from you when you use our website and our product.

Topics:

- What data do we collect?
- How do we collect your data?
- How will we use your data?
- How do we store your data?
- Marketing
- What are your data protection rights?
- What are cookies?
- How do we use cookies?
- What types of cookies do we use?
- How to manage your cookies
- Privacy policies of other websites
- Changes to our privacy policy
- Audit Rights
- How to contact us
- How to contact the appropriate authorities

You can read full text of GDPR from the GDPR official website

Introduction

At OneUptime, it is one of our fundamental values to deliver a great customer experience. Based upon this philosophy, HackerBay, Inc. and its affiliated companies and subsidiaries (“OneUptime”) established this privacy statement (“Privacy Statement”) to assist our customers, business partners, and other visitors of this website, any other webpage or mobile applications that OneUptime operates, or any other location where we post a direct link to this policy (“Website”) with understanding the types of information that we collect from and about you when you visit our Website, why we collect it, what we do with it, and your ability to control certain uses of it. We want you to feel informed and comfortable when you visit with us.

When you visit our Website, please read the Privacy Statement carefully. By using or accessing our Website, you agree to the collection, use, and disclosure of information in accordance with this Privacy Statement. This Privacy Statement may change from time to time, and your continued use is deemed to be acceptance of such changes. So, please check this periodically for updates!

Data Collection

Information You Provide to Us. OneUptime collects information from you when you choose to provide it to us. Such information may be provided to us when you: apply for a job at OneUptime; download and install a product for evaluation; download and install a free tool; request a quote; purchase or register a product; sign up for newsletters, support materials, white papers, our email list, or other assets offered by OneUptime; obtain support, services, or training; create a user account on our Website, customer portal or community forum; or otherwise contact us. The personal information we collect may include your name, address, email address, telephone number, user name, password(s), information about the products that you own and use, or your payment information. Such information may be required to create your account or to complete your purchase. If you use a third party to create your account or otherwise link to us, we may receive certain information about you from the third party (such as a social network) based on your registration and privacy settings on that third party service. This information does not include tracking user behavior on our product.

Information We May Collect. OneUptime may use cookies, web beacons, web analytics, or other technologies to automatically collect certain information about you when you visit our Website, utilize the OneUptime products, or otherwise interact with us. Please note, these may be first party cookies or tools, which are hosted within a OneUptime domain name, or third party cookies or tools, which are hosted by another party. Please reference the OneUptime Cookie Policy for further information.

Information Collected from Other Sources. OneUptime may obtain information about you from other sources, including updated addresses, contact information, demographic information, and other publicly available data.

Combination of Information. OneUptime may combine the information it receives from and about you, including personal information, non-personal information, and information collected offline, with information collected from third party sources. Real User Monitoring Service (“RUM”). OneUptime uses customized and proprietary software code to analyze and obtain information regarding how third party visitors (“Visitor”) interact with its Clients’ websites. When a Visitor visits a website that uses RUM, this code contacts OneUptime’s servers and enables OneUptime to collect and analyze the Visitor’s activity while visiting that website (“Visitor Data”). This information is stored on OneUptime’s database servers and converted to an aggregate and anonymized form to perform analyses and produce reports for its Clients.

Our Commitment to GDPR

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.

HackerBay, Inc. has made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.

Data Use

OneUptime may use the information we collect to: - Administer or operate the OneUptime products, services, or Website, including completing a transaction, providing you with products or user support, responding to your requests for information, preventing transactional fraud, or otherwise contacting you; - Provide or contact you with customized content, targeted offers, information, newsletters, and advertising or other promotional material about OneUptime or its partners on the Website, other websites, or via telephone or email (if you have agreed to such communications); - Research, address, develop, and improve the usage and operations of the Website or existing or new OneUptime products and services; - Protect the security or integrity of the Website and our business; and - Perform any other functions as otherwise described to you at the point of data collection.

Data Sharing

OneUptime may disclose the information we collect from and about you (a) to our third party service providers, partners, and distributors to enable the service provider, partner, or distributor to perform a business, professional, or technical support function for OneUptime; (b) in association with law enforcement, fraud prevention, a subpoena, or other legal or government investigatory action; (c) as required by law, rule, or regulation; (d) if OneUptime reasonably believes it is required to protect OneUptime, its customers, or the public; or (e) as described to you at the point of collection.

Except as otherwise set forth herein, OneUptime may provide aggregated statistics about users to third parties, but such information will be aggregated so that it does not identify a particular individual or company. OneUptime is not in the business of selling or renting your personally identifiable information to others and will not share your personally identifiable information with others, except as otherwise described in this Privacy Statement.

OneUptime may sell or purchase assets during the normal course of our business. If another entity acquires OneUptime or any of our assets, information we have collected about you may be transferred to such entity. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, such information may be considered an asset of ours and may be sold or transferred to third parties. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee use personal information provided through the Website in a manner that is consistent with this Privacy Statement.

Data Storage

As OneUptime operates globally, using the Internet to collect and process your information necessarily involves the transmission and storage of data on an international basis. Therefore, by using our Website, our products, and communicating electronically with us, you acknowledge our processing of your information in this way. We may transfer your personal information among our global locations or to destinations of our storage facilities and/or our third party providers, including to countries outside the European Economic Area (EEA). Your personal information may be stored on servers in a global location. It may also be processed by staff operating outside of the EEA, who work for us or one of our suppliers.

Some of these locations may have data protection standards that are different to those in your country. For EEA residents, we have taken commercially reasonable measures to ensure that your personal information is treated securely and in accordance with this Privacy Statement. Additionally, your personal information may be subject to the laws of other countries, where the data protection and other laws may differ from those of your country of residence. Your personal information may be disclosed in response to inquiries or requests from government authorities in the countries in which we operate.

Audit Rights

1. Purpose

The purpose of this Customer Audit Rights Policy is to outline the rights of customers regarding audits of their personal data as provided under the General Data Protection Regulation (GDPR). This policy aims to ensure transparency and accountability in the processing of personal data by our organization while respecting the rights and privacy of our customers.

2. Scope

This policy applies to all customers who have provided their personal data to our organization, whether collected directly from the customers or obtained from other sources, and it aligns with the principles and requirements set forth in the GDPR.

3. Customer Audit Rights

Under the GDPR, customers have the right to request an audit of the processing activities carried out by our organization concerning their personal data. The following provisions apply to such audit requests:

3.1. Process for Audit Request

Customers can submit a written request for an audit of their personal data to our designated Data Protection Officer (DPO) or the relevant point of contact specified by our organization. The request should clearly state the purpose and scope of the audit.

3.2. Audit Scope and Timing

Upon receiving an audit request, our organization will assess the request's validity and evaluate its scope. The scope should be relevant to the processing activities related to the customer's personal data. The timing of the audit will be determined by our organization, taking into consideration the complexity of the request and other ongoing operational requirements.

3.3. Audit Methodology

The audit will be conducted in a manner that ensures the confidentiality and integrity of personal data and other proprietary information of our organization. The audit methodology may include a review of relevant documentation, interviews, site visits, or any other reasonable methods necessary to assess the processing activities.

3.4. Third-Party Audit

In some cases, our organization may engage an independent third-party auditor to conduct the audit on behalf of the customer. The third-party auditor must be bound by appropriate confidentiality obligations and comply with the GDPR requirements.

3.5. Audit Findings and Reporting

Upon completion of the audit, our organization will provide the customer with a summary of the findings, including any identified compliance gaps or areas of improvement. The report will be shared in a reasonable timeframe, taking into account the complexity of the audit and the need to ensure accuracy and completeness.

3.6. Corrective Actions

If the audit reveals any non-compliance or deficiencies in the processing activities, our organization will take appropriate corrective actions to address the identified issues promptly. These actions may include implementing additional safeguards, revising policies and procedures, or providing additional training to staff members.

4. Confidentiality and Security

All audit-related information, including personal data obtained during the audit, will be treated with strict confidentiality and in compliance with applicable data protection laws. Our organization will implement appropriate technical and organizational measures to safeguard the confidentiality, integrity, and security of the personal data processed during the audit.

5. Policy Review

This Customer Audit Rights Policy will be reviewed periodically and updated as necessary to ensure its continued relevance and compliance with the GDPR and other applicable laws and regulations.

6. Contact Information

For any questions or concerns regarding this policy or to submit an audit request, customers can contact our designated Data Protection Officer or the relevant point of contact as provided by our organization.

Confidentiality and Security - Technical and Organizational Measures

All personal data processed by our organization is subject to strict confidentiality and security measures. We have implemented a comprehensive set of technical and organizational measures to ensure compliance with the General Data Protection Regulation (GDPR). These measures include:

1. Data Encryption

We utilize strong encryption algorithms to protect personal data both during transmission and at rest. Encryption mechanisms are applied to prevent unauthorized access and maintain data integrity.

2. Access Control

We have implemented strict access controls to ensure that personal data is only accessible to authorized personnel. Access rights are granted based on the principle of least privilege, ensuring that individuals only have access to the data necessary for their specific roles and responsibilities.

3. Employee Training and Awareness

We provide regular training sessions and awareness programs to our employees regarding data protection, privacy, and GDPR compliance. This ensures that our staff members understand their obligations and responsibilities when processing personal data and are equipped with the necessary knowledge to maintain data confidentiality and security.

4. Incident Response and Breach Management

We have established an incident response and breach management process to handle any potential data breaches or security incidents. This process includes proactive monitoring, incident detection, response planning, and timely reporting to the relevant supervisory authorities and affected individuals, as required by the GDPR.

5. Regular Security Audits and Assessments

We conduct regular security audits and assessments to identify vulnerabilities, assess risks, and ensure compliance with the GDPR. These audits are performed internally or by independent third-party security experts to validate the effectiveness of our security controls and identify areas for improvement.

6. Data Minimization and Retention

We follow the principle of data minimization, only collecting and retaining personal data that is necessary for the specified purposes. We establish appropriate retention periods for different types of personal data and securely dispose of data that is no longer required, in accordance with our data retention policy and legal obligations.

7. Vendor Management

We ensure that our third-party vendors and service providers who have access to personal data comply with the GDPR and maintain appropriate confidentiality and security measures. We have established robust vendor management processes to assess the privacy and security practices of our vendors and regularly monitor their compliance.

8. Confidentiality

We ensure that employees of OneUptime are subject to confidentiality. Such an undertaking is signed when a new employee is hired. All of our employees have confidentiality agreement in place.

Marketing Choices

OneUptime may periodically send you emails with information regarding OneUptime, its products or its partners. If you no longer wish to continue receiving such information, please click the “unsubscribe” link available at the bottom of the relevant email. You can also contact OneUptime at [email protected] and let OneUptime know that you no longer wish to receive such information. Alternatively, you can reply to an email from OneUptime and type "REMOVE" in the subject line.

Public Forums

Any information that you may disclose on community forums or other public areas of the Website (“User Contribution”) becomes public information, and you are solely responsible for your User Contributions. OneUptime has no responsibility for any information, including personally identifiable information, that you choose to submit in these forums. We do encourage you to exercise caution when disclosing personal information in these public areas, as OneUptime has no control over who has access or will utilize said information. Additionally, OneUptime is not responsible for any circumvention by third parties of any privacy setting or security measures contained on the Website. Even after removal, your User Contributions may remain viewable in cached or archived pages or may have been copied or stored by other Website users. Proper access and use of information on the Website, including User Contributions, is governed by this Privacy Statement and the Terms of Use relating thereto. Any known or suspected violations should be reported to at [email protected].

Third Party Sites

The Website may include links to third party websites for your convenience and information only. OneUptime does not own or control these third party websites. OneUptime is not responsible for the availability, content, data collection, utilization of data, use of cookies, or otherwise on the third party websites, and any data that you choose to give to unrelated third parties is not covered by this Privacy Statement. We encourage you to review the privacy policy of any company before submitting any information to them. If you have any questions about how such third parties’ privacy and data use practices, you should contact such third parties directly.

How to Update and Access Information

Certain areas of this Website will require you to provide certain personal information. It is your responsibility to provide the most recent available and accurate information. Additionally, please inform OneUptime of any change of name, address, or other information. If you have created an account on the Website, you may update certain information in your account profile, or you may request that OneUptime update, modify, or delete your registered information by sending an email to [email protected] with the words "UPDATE USER INFORMATION" in the subject line. You have the right, subject to certain exemptions, to obtain a copy of any personal data we hold about you and to correct any inaccuracies in such data. If you wish to avail of any of these rights, please contact us at: [email protected]. While we will strive to accommodate your request, we may reject a request to satisfy our legal obligations, resolve disputes, enforce our agreements, where we have a legitimate reason to do so, or where the request may impose a risk on the privacy of others, is unreasonable, repetitive, or requires disproportionate technical effort.

Security

OneUptime uses commercially reasonable security measures, such as physical access controls, encryption, firewalls, and network monitoring, and strives to safeguard information concerning and submitted by users. Despite the security measures employed by OneUptime, users should be aware that it is impossible to guarantee absolute security with respect to electronic information, and User agrees and accepts the risks associated with the same.

Children under the Age of 13

This Website is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website; OneUptime does not knowingly collect personal information from children under 13. If you are under 13, please do not register on the Website, make any purchases through the Website, or send any information about yourself to us. If you believe that information from or about a child under 13 is in our possession, please contact us at [email protected].

Questions

If you have any questions about this Privacy Statement or our data handling practices, you may contact us at [email protected]. In order for us to properly respond to you, you will need to provide us with sufficient details regarding your question. We will contact you if we require any additional information from you.

Modifications to this Privacy Statement

OneUptime reserves the right to review, modify, and update this Privacy Statement and will note the date of its most recent revision. In the event OneUptime updates or modifies this Privacy Statement, OneUptime shall endeavor to post such updates or modifications on this Website following any such modifications. It we update or modify the Privacy Statement in a material way, we will utilize commercially reasonable efforts to provide appropriate notice to you.