Data Privacy at Nuxeo

Registry of Processing Activities

As required by GDPR, Nuxeo has created a registry of processing activities that indicates for each process: the actors, the business goals that justify personal data being stored, the security measures to guarantee personal data security and integrity, etc.

More specifically, we list all processes linked to:

• Prospects and users subscribing for content from our website and using a trial account in Nuxeo Studio
• Customers registered in Nuxeo Online Services and our client database
• Customers based on a Cloud subscription
• Nuxeo internal employees

This is all made available to authorities upon request.

Request Tracking

All the individual right requests are tracked in JIRA and linked to our internal GDPR platform. Individuals making a request will receive an email to acknowledge receipt of their request (within 48 hours) and a second email to confirm the request has been completed (within 30 days)

Personal Data Breaches

Personal data breaches are handled by the Nuxeo Security team, as part of the Nuxeo Security processes that are in place:

Registry of Subcontractors

Nuxeo maintains a list of all its subcontractors. In addition to the security questionnaire each subcontractor completes, Nuxeo requests a Data Protection Addendum (also called DPA). It is an agreement between Nuxeo and The subcontractor that states that the subcontractor is compliant with GDPR requirements.

Internal Training

A Nuxeo GDPR awareness course is mandatory for all the Nuxeo employees.

Contact

[email protected] to contact the Nuxeo Data Protection Officer.

[email protected] to raise an issue related to data privacy or to exercise individual rights:

• Right of access
• Right of data portability
• Right to restriction of processing
• Right to rectification
• Right to object