Skip to main content
All CollectionsOur policies
MY360 and Transformation360 Data Privacy Policy
MY360 and Transformation360 Data Privacy Policy
C
Written by Corinna Wolfsteller
Updated this week

Our Data Privacy Policy ensures compliance with GDPR and other international data protection regulations for all users of the My360 platform. Below are the key highlights:

  1. User Acceptance:
    All users, regardless of account type (e.g., LMS user, admin, process owner, ideator, etc.), must accept the Terms of Use when they log in to the My360.global platform for the first time. This ensures that every user adheres to the platform's operational standards from the outset.

  2. Privacy Policy Notification:
    During the initial login process, users are informed about the platform's Privacy Policy and Terms of Use. Explicit consent is required for cookies where applicable, maintaining transparency in the handling of user data and preferences.

  3. Accessibility of Policies:
    The Privacy Policy and Terms of Use are always readily accessible on the platform’s official website: www.my360.global, ensuring transparency and availability for review at any time.

  4. Application Coverage:
    These policies govern all services and applications within the My360 ecosystem. This includes Transformation360 and any integrated tools or features available on the platform, offering comprehensive data protection for all users and functionalities.

  5. Compliance with International Privacy Laws:
    In addition to GDPR, the My360 platform complies with other data privacy regulations, including the California Consumer Privacy Act (CCPA), the Saudi Personal Data Protection Law (PDPL), and other relevant frameworks. This ensures that data protection practices meet the highest global standards, regardless of user location.

    • CCPA Compliance: We provide users the ability to access, delete, or manage their personal data.

    • PDPL Compliance: Data transfers are conducted only under conditions of adequate protection or explicit user consent, with minimal data shared to fulfill service requirements.

  6. Data Minimization and Purpose Limitation:
    We adhere to the principles of data minimization by collecting only the necessary data required to provide our services. User data is processed strictly for specified purposes, such as enhancing the platform’s functionality, improving user experience, and fulfilling contractual obligations.

  7. Cookies and Tracking:
    Cookies are used on the My360 platform to enhance user experience, enable essential functionality, and analyze platform usage. We use CookieYes.com, a GDPR-compliant cookie management solution, to ensure transparency and user control:

    • Users are presented with a clear cookie consent banner upon first accessing the platform.

    • They can manage their preferences, including opting out of non-essential cookies.

    • A detailed Cookie Policy is accessible, providing information on the types of cookies used and their purposes.

  8. Data Access and Segregation:
    The platform ensures that each user’s data is accessible only to authorized personnel with a legitimate need. Segregation of data is maintained using unique Client IDs, which ensure that users can only access information they are authorized to view. Dedicated database instances can be set up for specific clients to enhance data isolation where required.

  9. Encryption and Security Measures:
    All data is encrypted during transmission and at rest using industry-standard protocols, such as TLS and AES-256. Access to our systems is secured through robust authentication methods, including multi-factor authentication (MFA) for added security.

  10. Retention and Deletion:
    Personal data is retained only as long as necessary to fulfill the purpose for which it was collected or as required by applicable laws. Upon user request or the fulfillment of contractual obligations, data is securely deleted, with proof of deletion provided upon request.

  11. Third-Party Data Handling:
    We collaborate with ISO 27001-certified hosting partners (Iver Sverige AB) and SOC-2-certified data centers (Interxion Sweden AB) to ensure that data remains secure under stringent controls. No data is shared with unauthorized third parties, and subcontractors adhere to strict confidentiality agreements.

  12. User Rights and Transparency:
    Users retain full control of their data, including rights to access, rectify, delete personal information, or withdraw consent. These rights are implemented in compliance with GDPR, CCPA, PDPL, and other applicable laws.

  13. Audit and Compliance Monitoring:
    Regular audits, penetration testing, and proactive monitoring are conducted to identify and mitigate any potential vulnerabilities. These processes help maintain a secure and compliant data handling environment.

Did this answer your question?