The broader use of technology brings with it new definitions of what constitutes as ‘personal information’ and a vast increase in cross-border processing. Over the last 2 years, privacy regulations have been put in place aiming to standardize data protection laws and processing within the EU as well as globally; affording individuals stronger, more consistent rights to access and control their personal information.
At Optimal Workshop, we’re committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to privacy. We have always had a robust and effective privacy program in place. However, we recognize our obligations in updating and expanding this program to meet the demands of privacy regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Lei Geral de Proteção de Dados Pessoais (LGPD).
We’re dedicated to safeguarding the personal information we manage and continuously developing a privacy practice that’s effective and fit for purpose.
Data Protection practices
We understand that our customers have requirements under various privacy regulations that impact their use of Optimal Workshop services. Below are several examples of how Optimal Workshop incorporates privacy considerations into our data protection and security practices.
Data Protection Officer (DPO)
We have an appointed Data Protection Officer, a European Representative and have registered both with the Irish Data Protection Commissioner. If you wish to contact our DPO please email firstname.lastname@example.org
Data Processing Agreement (DPA)
Optimal Workshop offers Data Processing Agreements to customers upon request. Optimal’s DPA is incorporated directly into our standard Terms of Service and does not require a signature. For enterprise customers requiring a copy of our DPA, please contact your account executive or email@example.com.
International Data Transfers
Optimal Workshop customers can rely on the New Zealand Privacy Act 1993 for international data transfers which the European Commission has determined provides adequate protection for the purposes of Article 45 of the GDPR. This means that Optimal is not required to rely on the EU-US Privacy Shield or Standard Contractual Clauses to transfer data out of the EU.
This is incorporated by reference into our Terms of Service, and the additional data protection obligations set out in our DPA.
To support delivery of our Services, Optimal Workshop engages a number data sub-processors with access to certain personal information. For more information, see our sub-processors list.
Updates to our Privacy Notice
We've reviewed our Privacy Notice and customer agreements to reinforce our commitment to privacy, security, and confidentiality. These updates outline our use of data, how you can enact your data subject rights and safeguarding measures in place to protect your information. For more information, see our Privacy Notice.
Information security, technical and organizational measures
We take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure personal data that we process here at Optimal Workshop. We have an ongoing security program in place to ensure we continue to follow best practice guidance. For additional information about our security practices, see our Security Statement.
We have also updated our policies and procedures to meet data protection requirements relating to data retention, data erasure, privacy breach management, vendor management and data subject requests.
A Data Protection Impact Assessment (DPIA) has been conducted on our processes to ascertain the risk posed by these processing activities and we have implemented mitigating measures to reduce the risk this poses on customers’ information.
If you have any further questions about Optimal Workshop’s data protection practices, you can reach out to our DPO on firstname.lastname@example.org