CCPA

California Consumer Privacy Act (CCPA)

Introduction

The CCPA is a new data privacy law that applies to businesses that collect personal information from California residents. The new law gives California residents new data privacy rights.

OneUptime (OneUptime Limited) strongly believes that customers should be able to control their data and trust that their information is protected when stored with our service. To support this, OneUptime holds itself to strict data security and privacy standards, including compliance with the CCPA.

Readiness Report

The California Consumer Privacy Act, or CCPA, extends California consumers’ privacy rights by giving those consumers more control over their personal information. The CCPA takes effect on January 1, 2020, and OneUptime is on it.

PROTECTING YOUR DATA

OneUptime does not and will not buy or sell personal information. Our business is built on providing world-class monitoring, analytics, and on-call management for your resources and for your team; not on re-selling or enriching the data we collect.

PROVIDING NEW RIGHTS & REQUESTS

The CCPA gives California consumers new rights over their personal information. This includes the right to access personal information, the right to have personal information deleted, and the right to control the sale of personal information to third parties.

MEETING CCPA REQUIREMENTS FOR CONSUMERS

OneUptime’s API integrations allow you to meet consumers’ requests for access. Using our APIs, you can delete personal information, understand the categories of data collected, and get copies of the data OneUptime has processed on your behalf.

HELPING YOU MEET YOUR COMPLIANCE OBLIGATIONS

OneUptime is prepared and able to help you meet your CCPA compliance obligations. When you use OneUptime to collect or process personal information, OneUptime acts as a “service provider” and is prepared to sign a contractual addendum that cements our role.

OPTION TO OPT-IN OR OUT

OneUptime’s opt-in/opt-out features allow you to meet your privacy obligations by not tracking or collecting information from users who have opted out of tracking or collection.

CUSTOM DATA COLLECTION

OneUptime’s implementation features allow you to customize the data you collect from your users so you can limit the amount of personal information you collect (or not collect any at all).

STRONG ENCRYPTION

OneUptime applies cryptographic controls across its platform to protect personal information. OneUptime encrypts data it collects both in transit and at rest using strong encryption algorithms.

ONEUPTIME HAS A TEAM OF PRIVACY AND SECURITY PROFESSIONALS DEDICATED TO OUR COMPLIANCE AND TO HELPING YOU MAINTAIN YOUR COMPLIANCE AND CONFIDENCE WHEN USING ONEUPTIME.

California Data Privacy Addendum

This California Data Privacy Addendum (“CDPA”) forms part of the Master Services Agreement or Terms of Use available at https://oneuptime.com/legal/terms/ (as applicable, the “Agreement”), by and between Customer (as defined in the Agreement) and OneUptime Limited, and its affiliates (collectively, “OneUptime”), pursuant to which Customer has accessed OneUptime’s Application Services as defined in the applicable Agreement.

By signing an Agreement or agreeing to the Terms of Use available at https://oneuptime.com/legal/terms/, OneUptime and Customer hereby agree to comply with the following provisions with respect to any Consumer’s Personal Information:

Definitions

“CCPA” means the California Consumer Privacy Act of 2018 as set forth in California Civil Code § 1798.100 et seq. and all other applicable laws or regulations relating to the Processing of Personal Information that may exist in the relevant jurisdiction. “Business,” “Business Purpose,” “Consumer,” “Person,” “Personal Information,” “Sell,” “Service Provider,” and “Third Party” shall have the meanings set forth in the CCPA. All other defined terms shall have the meanings set forth in the Agreement.

Terms

The terms of this CDPA shall take effect upon January 1, 2020 and continue on concurrently for the term of the Agreement.

The parties agree that Customer is a Business and OneUptime is its Service Provider in relation to this CDPA and Personal Information that is Processed in the course of OneUptime’s provision of the Application Services set forth in the Agreement. The parties agree to comply at all times with the applicable provisions of the CCPA in respect to the collection, transmission, and processing of all Personal Information exchanged or shared pursuant to the Agreement.

The subject-matter of the Processing of Personal Information covered by this CDPA is the Application Services ordered by Customer through OneUptime and provided by OneUptime to Customer as set out in the Agreement.

OneUptime certifies that it understands the restrictions set forth in Section 1798.140(w)(2)(A) of the CCPA and will comply with them.

OneUptime shall not Sell Personal Information.

In respect of Personal Information Processed in the course of providing the Application Services, OneUptime:

shall Process Personal Information only in accordance with the documented instructions from Customer (as set out in this CDPA or the Agreement or as otherwise notified by Customer to OneUptime from time to time); provided OneUptime may Process Personal Information for Business Purposes under the CCPA or another applicable law or regulation, and in such cases OneUptime will inform Customer of such requirement prior to the Processing unless that law prohibits this on important grounds of public interest;

may hire other companies to provide limited services on its behalf, provided that OneUptime complies with the provisions of this clause. Any such subcontractors will be permitted to Process Personal Information only to deliver the Services. OneUptime remains responsible for its subcontractors’ compliance with the obligations of this CDPA, and OneUptime shall ensure that any subcontractors to whom OneUptime transfers Personal Information will have entered into written agreements with OneUptime requiring that the subcontractor abide by terms substantially similar to this CDPA; and

shall reasonably assist the Customer with its obligation to respond to requests from Consumers under the CCPA (including requests for information relating to the Processing, and requests relating to access, rectification, erasure or portability of the Personal Information) provided that OneUptime reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance.

Miscellaneous

Except as expressly provided in this CDPA, the parties intend no amendment or modification of the Agreement or in such other addendum or supplement which may have been signed by the parties.

Any notice to be provided under this CDPA to Customer shall be sent via email to the email address associated with Customer’s account. This CDPA supplements the terms of the Agreement. In the event of any conflict between this CDPA and the Agreement regarding the processing of Consumers’ Personal Information, the terms of this CDPA shall control.

If any provision of this CDPA is held by a court of competent jurisdiction to be contrary to the law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this CDPA shall remain in full force and effect.

No waiver under this CDPA will be valid or binding unless set forth in writing and duly executed by the party against whom enforcement of such waiver is sought. Any such waiver will constitute a waiver only with respect to the specific matter described therein and will in no way impair the rights of the party granting such waiver in any other respect or at any other time. Any delay or forbearance by either party in exercising any right hereunder will not be deemed a waiver of that right.

Contact

Looking for more information or have questions?

Contact us at compliance@oneuptime.com or dpo@oneuptime.com.