make terms clear

OneUptime · May 27, 2023 · 39a00e9 · 39a00e9
1 parent 22ccdf4
commit 39a00e9
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 2 deletions.
diff --git a/Home/views/privacy.ejs b/Home/views/privacy.ejs
@@ -30,6 +30,7 @@
         - How to manage your cookies <br />
         - Privacy policies of other websites <br />
         - Changes to our privacy policy <br />
+        - Audit Rights <br />
         - How to contact us <br />
         - How to contact the appropriate authorities <br /></p>
 
@@ -80,7 +81,7 @@
         receive
         certain information about you from the third party (such as a social network) based on your registration and
         privacy
-        settings on that third party service.
+        settings on that third party service. This information does not include tracking user behavior on our product.
     </p>
     <p>Information We May Collect. OneUptime may use cookies, web beacons, web analytics, or other technologies to
         automatically
@@ -207,6 +208,73 @@
         in
         which we operate.
     </p>
+    <h3>Audit Rights</h3>
+    <h4>1. Purpose</h4>
+    <p>The purpose of this Customer Audit Rights Policy is to outline the rights of customers regarding audits of their personal data as provided under the General Data Protection Regulation (GDPR). This policy aims to ensure transparency and accountability in the processing of personal data by our organization while respecting the rights and privacy of our customers.</p>
+  
+    <h4>2. Scope</h4>
+    <p>This policy applies to all customers who have provided their personal data to our organization, whether collected directly from the customers or obtained from other sources, and it aligns with the principles and requirements set forth in the GDPR.</p>
+  
+    <h4>3. Customer Audit Rights</h4>
+    <p>Under the GDPR, customers have the right to request an audit of the processing activities carried out by our organization concerning their personal data. The following provisions apply to such audit requests:</p>
+  
+    <h5>3.1. Process for Audit Request</h5>
+    <p>Customers can submit a written request for an audit of their personal data to our designated Data Protection Officer (DPO) or the relevant point of contact specified by our organization. The request should clearly state the purpose and scope of the audit.</p>
+  
+    <h5>3.2. Audit Scope and Timing</h5>
+    <p>Upon receiving an audit request, our organization will assess the request's validity and evaluate its scope. The scope should be relevant to the processing activities related to the customer's personal data. The timing of the audit will be determined by our organization, taking into consideration the complexity of the request and other ongoing operational requirements.</p>
+  
+    <h5>3.3. Audit Methodology</h5>
+    <p>The audit will be conducted in a manner that ensures the confidentiality and integrity of personal data and other proprietary information of our organization. The audit methodology may include a review of relevant documentation, interviews, site visits, or any other reasonable methods necessary to assess the processing activities.</p>
+  
+    <h5>3.4. Third-Party Audit</h5>
+    <p>In some cases, our organization may engage an independent third-party auditor to conduct the audit on behalf of the customer. The third-party auditor must be bound by appropriate confidentiality obligations and comply with the GDPR requirements.</p>
+  
+    <h5>3.5. Audit Findings and Reporting</h5>
+    <p>Upon completion of the audit, our organization will provide the customer with a summary of the findings, including any identified compliance gaps or areas of improvement. The report will be shared in a reasonable timeframe, taking into account the complexity of the audit and the need to ensure accuracy and completeness.</p>
+  
+    <h5>3.6. Corrective Actions</h5>
+    <p>If the audit reveals any non-compliance or deficiencies in the processing activities, our organization will take appropriate corrective actions to address the identified issues promptly. These actions may include implementing additional safeguards, revising policies and procedures, or providing additional training to staff members.</p>
+  
+    <h4>4. Confidentiality and Security</h4>
+    <p>All audit-related information, including personal data obtained during the audit, will be treated with strict confidentiality and in compliance with applicable data protection laws. Our organization will implement appropriate technical and organizational measures to safeguard the confidentiality, integrity, and security of the personal data processed during the audit.</p>
+  
+    <h4>5. Policy Review</h4>
+    <p>This Customer Audit Rights Policy will be reviewed periodically and updated as necessary to ensure its continued relevance and compliance with the GDPR and other applicable laws and regulations.</p>
+  
+    <h4>6. Contact Information</h4>
+    <p>For any questions or concerns regarding this policy or to submit an audit request, customers can contact our designated Data Protection Officer or the relevant point of contact as provided by our organization.</p>
+  
+
+    <h3> Confidentiality and Security - Technical and Organizational Measures</h3>
+    <p>All personal data processed by our organization is subject to strict confidentiality and security measures. We have implemented a comprehensive set of technical and organizational measures to ensure compliance with the General Data Protection Regulation (GDPR). These measures include:</p>
+  
+    <h4>1. Data Encryption</h4>
+    <p>We utilize strong encryption algorithms to protect personal data both during transmission and at rest. Encryption mechanisms are applied to prevent unauthorized access and maintain data integrity.</p>
+  
+    <h4>2. Access Control</h4>
+    <p>We have implemented strict access controls to ensure that personal data is only accessible to authorized personnel. Access rights are granted based on the principle of least privilege, ensuring that individuals only have access to the data necessary for their specific roles and responsibilities.</p>
+  
+    <h4>3. Employee Training and Awareness</h4>
+    <p>We provide regular training sessions and awareness programs to our employees regarding data protection, privacy, and GDPR compliance. This ensures that our staff members understand their obligations and responsibilities when processing personal data and are equipped with the necessary knowledge to maintain data confidentiality and security.</p>
+  
+    <h4>4. Incident Response and Breach Management</h4>
+    <p>We have established an incident response and breach management process to handle any potential data breaches or security incidents. This process includes proactive monitoring, incident detection, response planning, and timely reporting to the relevant supervisory authorities and affected individuals, as required by the GDPR.</p>
+  
+    <h4>5. Regular Security Audits and Assessments</h4>
+    <p>We conduct regular security audits and assessments to identify vulnerabilities, assess risks, and ensure compliance with the GDPR. These audits are performed internally or by independent third-party security experts to validate the effectiveness of our security controls and identify areas for improvement.</p>
+  
+    <h4>6. Data Minimization and Retention</h4>
+    <p>We follow the principle of data minimization, only collecting and retaining personal data that is necessary for the specified purposes. We establish appropriate retention periods for different types of personal data and securely dispose of data that is no longer required, in accordance with our data retention policy and legal obligations.</p>
+  
+    <h4>7. Vendor Management</h4>
+    <p>We ensure that our third-party vendors and service providers who have access to personal data comply with the GDPR and maintain appropriate confidentiality and security measures. We have established robust vendor management processes to assess the privacy and security practices of our vendors and regularly monitor their compliance.</p>
+  
+    <h4>8. Confidentiality</h4>
+    <p>We ensure that employees of OneUptime are subject to confidentiality. Such an undertaking is signed when a new employee is hired. All of our employees have confidentiality agreement in place.</p>
+  
+
+
     <h3>Marketing Choices</h3>
     <p>OneUptime may periodically send you emails with information regarding OneUptime, its products or its partners. If
         you no

diff --git a/Home/views/terms.ejs b/Home/views/terms.ejs
@@ -1,7 +1,7 @@
 <header id="pagmt">
   <h1>Terms of Use</h1>
   <p>Please Read Carefully Prior To Using This Product</p>
-  
+
 
 </header>
 
@@ -231,11 +231,26 @@
     this Website, any Content provided by User on this Website, and/or these Terms.
   </p>
 
+
   <p>
     <strong>5.5 Contact Information</strong>
   </p>
 
   <p>If you have any questions regarding these Terms or this Website, please contact OneUptime at
     [email protected].
   </p>
+
+
+  <h3>6. Standard Contractual Clauses (SCC)</h3>
+
+
+  <p>6.1 In accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR),
+    the Parties agree to incorporate the Standard Contractual Clauses (SCC) as set forth by the European Commission for
+    the transfer of personal data to processors located in third countries that do not provide an adequate level of data
+    protection.</p>
+  <p>6.2 The SCC shall form an integral part of this Agreement and shall apply to any personal data transferred from the
+    European Economic Area (EEA) to Provider's servers located outside the EEA.</p>
+  <p>6.3 The Parties acknowledge that the SCC provide appropriate safeguards for the protection of personal data and
+    ensure compliance with the requirements of applicable data protection laws.</p>
+  </p>
 </section>