Ethicontrol OÜ and the GDPR
Privacy and Security Contact
Oleg Lagodiyenko
privacy@ethicontrol.com
Ethicontrol OÜ, Orumetsa tn 5/1-15 Maardu Harjumaa 74111
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
Data Processing Addendum
If you need a signed DPA, please use the button below to cross sign and download your copy of our DPA.
Make A Data Request
We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.
Data Processing Partners
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
| Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Ahoy |  |
IP Address | First party analytics for Rails. |
|
| Almond | |
IP Address | A replacement AMD loader for RequireJS. |
|
| Dropzone |  |
IP Address | Handles drag and drop of files for you. |
|
| Freshdesk | |
IP Address email first name last name | An online help desk software that allows you to support customers over email |
|
| Global Site Tag | |
IP Address | Google's primary tag for Google Measurement/Conversion Tracking, Adwords and DoubleClick. |
|
| Hammer JS | |
IP Address | A javascript library for multi-touch gestures from mobile devices. |
|
| JSON 3 | |
IP Address | JSON 3 is a modern JSON implementation compatible with a variety of JavaScript platforms. |
|
| Linode | |
IP Address | VPS hosting company specializing in Linux hosting. |
|
| Mailgun | |
IP Address email first name last name | Transactional mail service |
|
| Microsoft Azure Cloud | |
IP Address email first name last name | PVS hosting and security infrastructure |
|
| Microsoft Azure Cloud UAE |  |
IP Address email first name last name | VPS hosting and cloud security infrastructure |
|
| Phusion Passenger | |
IP Address | Phusion Passenger - a.k.a. mod_rails or mod_rack - is a web server and application server, designed to be fast, robust and lightweight. Administration tools allow you to gain insight into web application operations and server performance. |
|
| Select2 | |
IP Address | jQuery replacement for select boxes |
|
| TurboLinks | |
IP Address | Turbolinks is a recompilation speed up tool for Ruby on Rails. |
|
| Typed.js | |
IP Address | A jQuery typing animation script |
|
| Ubuntu | |
IP Address | Ubuntu is a free, Debian derived Linux-based operating system, available with both community and professional support. |
|
| Zadarma |  |
IP Address | Cloud communications platform. |
|
Compliance Tasks
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
| Application Site Security | |
|---|---|
| Status | Name |
| Completed | Ensure Backups are Stored in on Encrypted File Storage |
| Completed | Personal Data in Databases is Encrypted |
| Completed | SSL (TLS) Deployed on App Site |
| Completed | Affirmative Consent mechanism added to User Signup |
| Completed | Restrict Personal Data at Signup to the Minimum Necessary |
| Completed | Establish Development Environment Data Handling Guidelines |
| Completed | Personal Data in File Storage is Encrypted |
| Completed | Added External Javascript Files to Data Partners |
| Completed | Establish Stale Data and User Policies |
| Completed | Registered with HaveIBeenPwned Domain Notification |
| Completed | Inform Users about the GDPR Page |
| Completed | Ensure Web Application Firewall enabled and blocking common attacks |
| Completed | Redact Logs from Writing Unneeded Personal or Sensitive Data |
| Completed | Ensure Access to Backups is Restricted |
| Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of App Site |
| Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
| Completed | Ensure Database Backups of Personal Data are working |
| Completed | Ensure Intrusion Detection Systems are in Place |
| Data Mapping | |
|---|---|
| Status | Name |
| Completed | Add Web Analytics Service to Data Partners |
| Completed | Add Performance Monitoring Applications to Data Providers |
| Completed | Add Customer Support (Helpdesk) Service to Partners |
| Completed | Add Internal Email Service to Data Partners |
| Completed | Add Hosting Provider to Data Partners |
| Completed | Add Transactional Email Service to Partners |
| Completed | Add Exception/Error Reporting Services to Data Partners |
| Marketing Site Security | |
|---|---|
| Status | Name |
| Completed | SSL (TLS) Deployed on Marketing Site |
| Completed | Reviewed list of users with access to site |
| Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of Marketing Site |
| Privacy Procedures | |
|---|---|
| Status | Name |
| Completed | Nominate a Data Protection Lead or Data Protection |
| Completed | Get Management Approval for GDPR Efforts |
| Completed | Process established for subject data requests |
| Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
| Completed | Data Protection Policy Created |
| Completed | Briefed all Staff on GDPR Impact to the organization |
| Completed | Developed a Data Processing Agreement |
| Completed | Privacy Policy Updates |
| Completed | Informed all Employees and Contractors about GDPR Compliance |
| Security Procedures | |
|---|---|
| Status | Name |
| Completed | Publish statement on public website on how to report security and data issues. |
| Completed | Data Breach Notification Policy has been established |
Frequently Asked Questions
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
Do Non EU Companies need to comply with the GDPR?
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
- Customers and Prospects are making it a requirement
- It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.
How Do I Report a Security Issue?
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
What's the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.