Organizational Readiness
Privacy & data protection compliance
Optimizely’s Privacy, Security, and Compliance teams have developed and implemented a company-wide privacy program to help ensure compliance with GDPR, CCPA and other relevant privacy and data protection laws and regulations.
Training & privacy awareness
As part of our employee onboarding and continuous training, all Optimizely employees receive annual privacy and security training. In addition, members of our engineering and product teams receive specialized data privacy and software security training annually. All efforts are overseen by our Privacy, Security and Compliance teams.
Data mapping
To verify that our privacy practices are appropriate, Optimizely maintains a data map of our product documenting how data is collected and what systems process personal data.
Informational security policies
We have published information security and data protection policies governing when employees and contractors can access data stores containing your data.
Data transfer
The GDPR including the Schrems II ruling, restricts the export or use of personal data to countries the EU and European Economic Area (EEA). We have implemented geo-fenced process and technical controls to limit transfer and access of personal data to allowed regions. We also support inquiry, correction and deletion for both your direct and indirect personal data.
Incident response
We have implemented a data breach and incident response plan that leverages advanced technology designed to detect and avoid threats. If needed, our rigorous 24/7 incident management program allows us to respond to security or privacy events promptly. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.
Product reviews
Our Security and Privacy teams review new product functionality according to stringent security and privacy guidelines throughout the entire software development cycle.
Vendor reviews
We have conducted security and privacy reviews of our vendor contracts. As a result, we have DPAs with those vendors who may help us process personal data on your behalf.
Contractual protections
To support your efforts to provide EU-compliant contractual protections, we have created a GDPR-ready Data Processing Agreement (DPA).
Data protection officer
We have appointed a Data Protection Officer (DPO) to oversee our privacy and data protection compliance.