onetool and the GDPR

Privacy and Security Contact

Gordian Braun
privacy@onetool.co

Proskauer Str. 8
10247 Berlin
Germany

As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.

Data Processing Addendum

If you need a signed DPA, please use the button below to cross sign and download your copy of our DPA.

Data Processing Partners

We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.

Services
Partner Locale Data Shared Purpose
Continually IP Address

Automated chat tool system.

Cookie Notice IP Address

Cookie notice lets you inform users that your sites comply with EU law.

Facebook Conversion Tracking IP Address

Conversion tracking functionality from Facebook, allows a user to track advertisement clicks.

Facebook Custom Audiences IP Address

Custom Audiences from your website makes it possible to reach people who visit your website and deliver the right message to them on Facebook.

Facebook for Websites IP Address

Allows a user to make a website more sociable and connected with integrations from the hugely popular Facebook website.

Facebook Pixel IP Address

Facebook Pixel is Facebooks conversion tracking system for ads on Facebook to websites.

Facebook SDK IP Address

JavaScript SDK enables you to access all of the features of the Graph API via JavaScript, and it provides a rich set of client-side functionality for authentication and sharing. It differs from Facebook Connect.

Global Site Tag IP Address

Google's primary tag for Google Measurement/Conversion Tracking, Adwords and DoubleClick.

Google Analytics IP Address

Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers.

Google Apps for Business IP Address

Web-based email, calendar, and documents for teams. Renamed to Google Apps for Work, but now known as G Suite From Google Cloud.

Google Font API IP Address

The Google Font API helps you add web fonts to any web page.

Hetzner IP Address

German based dedicated and virtual hosting running on 100% green energy.

reCAPTCHA IP Address

Anti-bot CAPTCHA widget from Google.

reCAPTCHA v2 IP Address

v2 of the Google reCAPTCHA system.

Sendgrid IP Address

SendGrid's cloud-based email infrastructure provides businesses with email delivery management.

Compliance Tasks

GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.

Application Site Security
Status Name
Completed Restrict Personal Data at Signup to the Minimum Necessary
Completed SSL (TLS) Deployed on App Site
Completed Inform Users about the GDPR Page
Completed Ensure internal employees and contractors behaviors around personal data are documented.
Completed Ensure Web Application Firewall enabled and blocking common attacks
Completed Ensure Access to Backups is Restricted
Completed Ensure Backups are Stored in on Encrypted File Storage
Marketing Site Security
Status Name
Completed Reviewed list of users with access to site
Privacy Procedures
Status Name
Completed Informed all Employees and Contractors about GDPR Compliance
Completed Privacy Policy Updates
Completed Procedure established to allow for people to request that inaccuracies in their data are fixed.
Completed Process established for subject data requests
Completed Get Management Approval for GDPR Efforts
Completed Data Protection Policy Created
Completed Briefed all Staff on GDPR Impact to the organization
Completed Nominate a Data Protection Lead or Data Protection
Security Procedures
Status Name
Completed Publish statement on public website on how to report security and data issues.

Frequently Asked Questions

If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.

What's the GDPR?

The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.

How Do I Report a Security Issue?

We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.

Do Non EU Companies need to comply with the GDPR?

While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.

  • Customers and Prospects are making it a requirement
  • It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.