Creating effective privacy controls is essential for compliance with various state and national privacy laws. It is also required for meeting customer privacy expectations. Optimizely has implemented a variety of privacy controls, but recognizes that privacy is a shared responsibility with customers.
- Data collection use and sharing disclosure Communicates the data types collected, how the organization uses the data and any third parties with whom the organization shares data.
- Method of contact Provides a channel for customers to contact the organization about privacy-related questions or concerns.
- Individual rights Gives customers a list of options for reviewing, opting-out or removing their data from an organization s storage or processes.
- Laws and regulations Provides a list of in-scope privacy laws and regulations by which the organization must abide.
As a service provider of B2B solutions, Optimizely's strategy is to build privacy controls, processes and technologies that both meet our privacy requirements and enable you to meet your own unique requirements. We accomplish this strategy by including privacy information in the following:
- The Services and Support Agreement (SSA) that customers sign when purchasing Optimizely services.
- A variety of General Data Protection Regulation (GDPR) processes and a Data Processing Agreement (DPA) for customers who require one, such as customers that are in scope for GDPR.
Laws and Regulations
Below is a list of the laws and regulations you should consider when determining your organization s privacy requirements. Each includes a scope that depends on the type of data you collect and the region or nation in which your customer resides.
|Law/Regulation||Country of Origin|
Health Insurance Portability and Accountability Act (HIPAA)
US Privacy Shield
Children's Online Privacy Protection Act (COPA)
Gramm-Leach-Bliley Act (GLBA)
California Online Privacy Protection Act (CalOPPA)
General Data Protection Regulation (GDPR)
Personal Information Protection and Electronic Documents Act (PIPEDA)
- Identification of all data collected, how it is collected and how you use it.
- Indication that you take due diligence with data you share with third parties, which ensures that the same or equal protections of the data exist.
- Description of data retention/deletion policies and how customers can revoke consent and/or request deletion of their data.
For more general information on privacy policies, see: