GDPR Compliance

GDPR - What NoBox is Doing About It

NoBox always respects its users' rights to privacy and data protection. Over the years, we have demonstrated our commitment to this by consistently exceeding industry standards. We do not need to collect or process users' personal information beyond what is necessary for the functioning of our products, and this will never change. We foster a privacy-aware culture here, and GDPR is an opportunity for us to strengthen this further.

What is GDPR?

GDPR is an EU-wide privacy and data protection law that governs how companies protect EU residents' data and enhances the control EU residents have over their personal data.

GDPR is relevant to any company operating globally, not just those based in the EU or with EU residents. Our customers' data is important wherever they are; that is why we have implemented GDPR controls as our baseline standard for all operations worldwide. GDPR has been effective since May 25, 2018.

What is personal data?

Any data related to an identifiable or identified person. GDPR encompasses a broad spectrum of information that can be used alone or combined with other information to identify an individual. Personal data goes beyond someone's name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical addresses, sexual orientation, and ethnicity.

How prepared is NoBox for GDPR?

  • We have acted in many areas to comply with these new regulations.
  • We have raised awareness throughout the organization through frequent discussions on our internal channels, and trained employees to handle data properly. They now understand the importance of information security and the high standards set by GDPR.
  • We have assessed all NoBox products, one by one, against GDPR requirements and implemented new features that will give you greater control over your data, easing your burden to achieve GDPR compliance.
  • We have established an Information Asset Register (IAR), which details all roles assumed by NoBox, such as data controller and processor. It outlines the various categories of personal data processed by our organization and which department accesses what data and for what purpose. It has a comprehensive scope of all our processes and procedures.
  • We have evaluated our subprocessors (third-party service providers, partners) and streamlined the contract process with them to ensure they meet today's security and privacy demands.
  • We have appointed internal privacy champions for all our teams. We have also appointed a Data Protection Officer (DPO).
  • Our application team has embraced the concept of privacy by design and has given you greater control over the data you store in our systems. These provisions may vary based on product characteristics and domains. We continually strive to provide you with more enhancements, which will be rolled out gradually.
  • We have amended our Data Processing Addendum (based on Standard Contractual Clauses) to align with GDPR data processing requirements.
  • If you are an organization administrator and want to sign a DPA with us, email oursupport@gmail.com to request a copy of the Data Processing Addendum mentioning the Data Center you registered for a NoBox account.
  • We conduct Data Protection Impact Assessments (DPIA). Based on the results, we have implemented appropriate controls on data processing and management.
  • We conduct internal audits of our products, processes, operations, and management. Findings are communicated to our teams, who seek solutions for identified issues.
  • Based on DPIA and internal audits, we have enhanced our data security methods and processes, including encrypting data at rest, based on sensitivity and risk likelihood. We have developed internal tools for better data governance and discovery.
  • We have cleaned up our databases to ensure we only have the most current and accurate information. This cleanup process includes deleting terminated and inactive accounts in accordance with our Terms of Service.
  • Where necessary, breach notifications will be made in accordance with our internal Privacy Incident Response policy. Customers will be notified of breaches within 72 hours after NoBox becomes aware of them. For general incidents, we will inform users through our blog, forum, and social media. For incidents specific to individual users or organizations, we will notify the relevant parties via email (using their primary email address).
  • We have revised our Privacy Policy to include applicable privacy laws requirements based on our data inventory, data flows, and data handling practices.

results matching ""

    No results matching ""