Privacy

As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices.

Verify transfers

Security

Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate.

data redaction

Compliance

Our in-house Integrated Management System (IMS) Team uses OneTrust tools to operationalize privacy, security and third-party risk management. Compliance is a company imperative as we continually undergo independent third-party audits to validate our commitments.

Reliability

Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.

Certifications


ISO 27001 Certification

ISO 27701 Certification

SOC 2 Type II

Options for EU Customers In Light of "Schrems II" Decision


On July 16, 2020 the Court of Justice of the European Union invalidated EU-US Privacy Shield as a data transfer mechanism between the EU and US. Since then, additional guidance on supplementary measures for international data transfers has been released by the European Data Protection Board, and updated draft Standard Contractual Clauses by the European Commission. OneTrust is dedicated to offering our customers flexible options that meet their unique business needs along with their interpretation of these new guidelines, and therefore offers the following options to our customers:

HOST ON-PREMISES IN COUNTRY OF YOUR CHOICE

Customers can choose to host OneTrust fully on-premises in their data center or in a private cloud, local to a country of their choice and under their control.

STANDARD CONTRACTUAL CLAUSE BASED SOLUTION - MULTI-TENANT SAAS

Customers can leverage a multi-tenant SaaS instance of OneTrust deployed in any of our 10 data centers, including Germany, France or Switzerland, with limited data transfers. These data transfers will be based on the updated SCCs from the European Commission as well as European Data Protection Board recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

SAAS HOSTED WITH BRING YOUR OWN KEY (BYOK) ENCRYPTION

Customers can host in our cloud environments while maintaining full control to create, disable, and revoke access to their encryption keys, preventing OneTrust or any entity from having the ability to decrypt customer data.

OneTrust is committed to transparency in its privacy practices. We will continue to provide our policy for government and law enforcement requests for customer data and a publish Transparency Report that documents the number of requests received and how we responded to them. You can view this report at the link below

Going Cloud? Choose From 10 Global Data Centers


AUSTRALIA | BRAZIL | CANADA | FRANCE | GERMANY | INDIA | UNITED KINGDOM | UNITED STATES | SINGAPORE | SWITZERLAND

Data Centers

*Cloud hosting provided by Microsoft Azure

Want to learn more about our compliance program or how we can help with yours?

Contact Us Request a Demo
Onetrust All Rights Reserved