Visor del documento
Nombre Último Cambio
Workfront (en) - Política de Privacidad y Puerto Seguro 14-nov-2017 | 78,4%
Cambio importante indicado
# Antigua Versión Nueva Versión
0 Privacy PolicyWorkfront Security Privacy Policy
1 Terms of Service
2 Website Privacy
3 Compliance
4 EU Data Protection
5 Privacy Policy EU Data Privacy
6 Privacy Policy and Privacy Shield Statement
7 Workfront Inc. (“Workfront”) takes the protection of our customer’s privacy seriously. This privacy policy (the “Privacy Policy”) informs you of our policies regarding the collection, use, and disclosure of all personally identifiable information (“Personal Data) and other data that is provided to us through use of each of our web sites and mobile applications on which a link to this Privacy Policy is displayed and all products and services made available through those web sites, including, without limitation our SaaS offerings (collectively, the “Service”). Workfront Inc. (“Workfront”) takes the protection of our customer’s privacy seriously. This privacy policy (the “Privacy Policy”) informs you of our policies regarding the collection, use, and disclosure of all personally identifiable information (“Personal Data) and other data that is provided to us through use of each of our web sites and mobile applications on which a link to this Privacy Policy is displayed and all products and services made available through those web sites, including, without limitation our SaaS offerings (collectively, the “Service”).Privacy Shield Compliance
8 Workfront complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Workfront has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
9 In compliance with the Privacy Shield Principles, Workfront commits to resolve complaints about our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Workfront at: privacy@workfront.com
10 Information Collection Workfront has chosen to cooperate with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Workfront is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).Information Collection
11 Personal Data The following Personal Data may be collected in the course of using the Service or visiting our web sites: Personal Data: The following Personal Data may be collected in the course of using the Service or visiting our web sites:
12 Family and Given names Family and Given names
13 Email address Email address
14 IP Address IP Address
15 Company information, including title and contact information for each userInformation Usage Company information, including title and contact information for each userPersonal Data Usage
16 Personal Data could be used for the following purposes: Personal Data could be used for the following purposes:
17 Administer the SaaS service Administer the Service
18 Personalize the website for you Personalize the Services for you
19 Enable your access to and use of the SaaS service Enable your access to and use of the Service
20 Supply you access to the services that you purchase Supply you access to the services that you purchase
21 Send you statements and invoices Send you statements and invoices
22 Marketing communications, with opt out option Marketing communications, with an opt-out option
23 Data Security
24 Since Privacy is important to us, Workfront has taken organizational and commercially reasonable precautions to prevent the loss, misuse or alteration of p for users who wish to exercise their choice to decline to participate in these communications
25 Data Security
26 ersonal data. Though Workfront seeks to protect the privacy of others who use our Service, there is inherent risk in internet based activities so there is no 100% guarantee of absolute security. We take reasonable and appropriate measures to protect Personal Data
27 Cross Border Data Transfers
28 If you are using the Service from outside of the United States, you expressly acknowledge and agree that your Personal Data and other information will be processed in the United States and potentially in other countries, where applicable privacy and data security laws may be less stringent than or otherwise different from the laws in effect in your country of residence. You expressly consent to the processing of your Personal Data and other information in accordance with this Privacy Policy. from loss, misuse and unauthorized access, disclosure, alteration and destruction. These measures are appropriate to the risks involved and the nature of the Personal Data. Although Workfront seeks to protect the privacy of others who use our Service, there is inherent risk in internet based activities so there is no 100% guarantee of absolute security.
29 Passively Collected Information Passively Collected Information
30 When you interact with us through the Service, we and third parties that provide functionality on the Service, may engage, receive, collect and store certain types of information through automatic data collection tools including cookies, encrypted authentication tokens and similar technology. Such information, which is collected passively using various technologies, may include but is not limited to information about your device, referring/exit pages and URLs and number of clicks. Workfront may store such information itself or such information may be included in databases owned and maintained by Workfront affiliates, agents or third party service providers. The Service may use such information and pool it with other information to track, for example, the total number of visitors to our Service, the number of visitors to each page of our Service, and the domain names of our visitors’ Internet service providers. Such information that we collect will allow Workfront to make decisions on how to provide better products and better services for our users. When you interact with us through the Service, we and third parties that provide functionality on the Service, may engage, receive, collect and store certain types of information through automatic data collection tools including cookies, encrypted authentication tokens and similar technology. Such information, which is collected passively using various technologies, may include but is not limited to information about your device, referring/exit pages and URLs and number of clicks. Workfront may store such information itself or such information may be included in databases owned and maintained by Workfront affiliates, agents or third party service providers. The Service may use such information and pool it with other information to track, for example, the total number of visitors to our Service, the number of visitors to each page of our Service, and the domain names of our visitors’ Internet service providers. Such information that we collect will allow Workfront to make decisions on how to provide better products and better services for our users.
31 Cookies Cookies
32 In operating the Service, we may use cookies. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.Like many sites, we use “cookies” to collect some of the information detailed above. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent [However, if you do not accept cookies, you may not be able to use some portions of our Service.] In operating the Service, we may use cookies. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect some of the information detailed above. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
33 We may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to help us analyze how users use our Service. Google will use this information it collects for the purpose of evaluating your use of our Service, compiling reports on Service activity and providing other related services. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. We may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to help us analyze how users use our Service. Google will use this information it collects for the purpose of evaluating your use of our Service, compiling reports on Service activity and providing other related services. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
34 Do Not Track Do Not Track
35 We may (and we may allow third party service providers to) use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of our Service. Our Service currently does not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy. We may (and we may allow third party service providers to) use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of our Service. Our Service currently does not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy.
36 Children Children
37 Workfront does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Workfront, please contact us, and we will delete that information. Workfront does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Workfront, please contact us, and we will delete that information.
38 Links to Other Web Sites Links to Other Web Sites
39 This Privacy Policy applies only to the Service. The Service may contain links to other web sites and/or services not operated or controlled by Workfront (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Site do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies. This Privacy Policy applies only to the Service. The Service may contain links to other web sites and/or services not operated or controlled by Workfront (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Site do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.
40 Personal Data Sharing Personal Data Sharing
41 There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below: There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
42 Business Transfers: As we develop our business, we might decide to sell or buy businesses or assets. In connection with any potential or actual corporate sale, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution or similar event or transaction, Personal Data may be disclosed to third parties as it may be part of the assets potentially transferred or otherwise relevant to the transaction. Business Transfers: As we develop our business, we might decide to sell or buy businesses or assets. In connection with any potential or actual corporate sale, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution or similar event or transaction, Personal Data may be disclosed to third parties as it may be part of the assets potentially transferred or otherwise relevant to the transaction.
43 Agents, Consultants and Third Parties: Like many businesses, Workfront sometimes hires other companies to perform certain business-related functions, including to help us understand and improve the use of our Service. We may share any information we receive with vendors and service providers retained in connection with the operation of our business. Agents, Consultants and Third Parties: Like many businesses, Workfront sometimes hires other companies to perform certain business-related functions, including to help us understand and improve the use of our Service. We may share any information we receive with vendors and service providers retained in connection with the operation of our business.
44 Legal Requirements: Workfront may disclose your Personal Data if requested, subpoenaed and/or if we are required to do so by law, regulation, legal process, or by any court of competent jurisdiction or any inquiry or investigation by any governmental, official or regulatory body which is lawfully entitled to require any such disclosure, or otherwise in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Workfront or a third party, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect Workfront against potential legal liability.
45 Communications
46 Workfront may use the Personal Data collected to occasionally provide newsletters, marketing or promotional materials, and other information that is relevant to the users and administrators of our Service. An “Opt Out” option is available via link in all email communications. With respect to Personal Data that is subject to our Privacy Shield registration, before disclosing Personal Data to a subcontractor or third-party agent, Workfront will obtain assurances from the recipient that it will: (a) use the Personal Data only to
47 Access to Personal Data; Contacting Us
48 To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take commercially reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Service. Please also feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Service. You may contact us as follows: privacy@workfront.com
49 Changes/Updates
50 The Service and our business may change from time to time. As a result, at times it may be necessary for Workfront to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your use of the Service after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.
51 Effective Date: August 17, 2017
52 Workfront Security
53 Workfront will use commercially reasonable efforts consistent with, and no less rigorous than, best industry practices to ensure that appropriate facility and data security procedures and processes are in place to protect against destruction, corruption, loss or alteration of, unauthorized access to, or interference with, any of the customer’s production and other data, accounts, systems, confidential information or customer data created and generated through the use of the Workfront software. assist Workfront in providing the Service; (b) provide at least the same level of protection for Personal Data as required by the Privacy Shield Principles; and (c) notify Workfront if the recipient is no longer able to provide the required protections. Upon notice, Workfront will act promptly to stop and remediate unauthorized process
54 Data Storage and Isolation. Workfront will not store the customer’s data on unencrypted portable media such as laptop computers, external hard drives, USB drives, or other portable devices. The customer’s data will be properly segregated from all third party data. ing of Personal Date by a recipient. Workfront will remain liable for onward transfers to its subcontractors and third-party
55 Data Access. Access to customer data is restricted to appropriate personnel. The appropriateness is established based on role and the principle of least privilege. Only DBAs, System Engineers and System Administrators may access production application environments containing customer data. Developers, Support personnel and Quality Assurance may require access to non-production environments containing customer data in order to ensure application performance or to troubleshoot agents.
56 a reported customer issue. Support access to troubleshoot data-specific issues is granted explicitly by the customer and provisioned temporarily using automated tools and mechanisms. Legal Requirements: Workfront may disclose your Personal Data if requested, subpoenaed and/or if we are
57 In order to provide greater quality service and performance, Development, QA and Support teams that may have access to customer data in a non-production environment reside both inside and outside the US.
58 Data Transmission. Workfront warrants that all transmissions of the customer’s data in the Workfront software will be properly encrypted in accordance with industry standards. required to do so by law, regulation, legal process, or by any court of competent jurisdiction or an
59 Vulnerability Scans and Testing. Workfront will perform regularly scheduled vulnerability assessments on the hosted Workfront software and mobile app. Results from these assessments are internally escalated, planned, prioritized and remediated. Workfront will use application and system logging processes, and these logs will be stored, protected and reviewed on a regular basis. Systems will be scanned regularly for vulnerabilities, which will be prioritized and patched according to corporate policy.
60 Disclosure Requests. If a third party should request that Workfront disclose a customer’s data pursuant to a subpoena, summons, search warrant, court or governmental order, Workfront will provide the customer with immediate notice and, to the extent permissible by law, a reasonable opportunity to oppose release of the data prior to releasing any such data. If any disclosure is finally directed by a lawful order, Workfront will disclose only so much of the data as is necessary to meet the requirements thereof.
61 Data Location and Redundancy. . Customer application data resides in Workfront’s collocated data center facilities. Collocation facilities are located in the US, are replicated in real time and act as primary data site with a warm failover. At the request of the customer, certain support activities will be carried out by appropriate personnel outside the US (see Data Access). This ability to deliver support services globally provides our customers with around-the-clock availability and performance.
62 By default, Workfront document storage is provided on Amazon’s Simple Storage Service (S3) platform in US regions. Commitments to encryption, data security, confidentiality and availability are maintained at standards that meet or exceed those established with Workfront.
63 AWS environments are configured with multiple Availability Zones (AZs) within each given region. These AZs distribute documents between various physical locations within an AWS region. AZs are designated by environmental tolerance. While they exist in the same AWS region, they do not share power grids, flood plains, fault lines, etc. with the other physical locations within the same region. Each Workfront instance is also replicated to a separate region in order to provide additional failover and redundancy. For additional information on AWS regions and AZs, please visit http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html. y inquiry or investigation by any governmental, official or regulatory body which is lawfully entitled to require any such disclosure, or otherwise in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Workfront or a third party, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect Workfront against
64 Data Categories. Through The use of the Workfront application data may be transferred and stored in order to provide the intended service. The following data categories apply to the types of information transferred and stored by the Workfront platform.
65 Account Data – Workfront requires the collection and use of account information in order to provide authenti potential legal liability.
66 Communications
67 cation and role based application security for the data subject. For the purposes of the application, this includes the username and a hash of the user’s password. Workfront may use the Personal Data collected to occasion
68 Application/Service Data – The subject’s inputs (documents, presentations, images, text, etc.) are stored throughout the course of Workfront Use. This data may be transferred and stored out of country (as determined by the environment on which the customer is provisioned).
69 Usage Data – Workfront will collect logs related to the activities performed by the subject within the application.
70 Cookies – Workfront cookies contain relevant data to support the function of the application. While sensitive/personal data is not included in the cookie, it will contain information regarding the environment and session.
71 EMEA Data Centers and AWS. Customers residing on our EMEA data centers receive equivalent data protections through a controlled environment established using the AWS (Amazon Web Services) platform. Amazon offers world class data protection, performance and availability. For additional information please refer to https://aws.amazon.com/compliance .
72 Workfront performs regular reviews of the security in the Amazon platform. Workfront understands the ‘Shared Responsibility Model’ and designs its security controls with these requirements in mind. Customers are encouraged to contact their sales representatives for details related to the security of this platform.
73 For additional details, please refer to our EU Data Protection page.
74 Other Services
75 Document Storage. Workfront document storage leverages Amazon’s S3 by default. Providing this functionality on S3 allows customers significant storage scalability. No customer registration is required. Documents are stored in Workfront application buckets within Amazon’s S3 platform. Access safeguards are applied to these buckets just as they are for any and all application environments.
76 Customers remain responsible for the security of the data uploaded to Workfront. The data protection is facilitated in a shared responsibility approach between Workfro ally provide newsletters, marketing or promotional materials, and other information that is relevant to the users and administrators of our Service. You have the choice to elect not to participate in these communications. An “Opt Out” option is available via link in all email communications.
77 Access to Personal Data; Contacting Us
78 nt and Amazon. Additional details can be found here: https://aws.amazon.com/compliance/shared-responsibility-model . Annually, Workfront obtains control requirements for meeting Amazon’s designed control objectives (User Control Considerations) and ensures that appropriate compensating controls are operating effectively in the environment. To keep your Personal Data accurate, current, and
79 ProofHQ. Additional functionality is available to users of the Workfront platform that leverage systems and services provided by ProofHQ. Security safeguards and standards supporting the ProofHQ platform are sufficient to meet the commitments in place on the Workfront platform. Workfront performs annual reviews to ensure that appropriate data protection measures are in place with all peripheral application providers (including ProofHQ). Details regarding ProofHQ security may be obtained at http://www.proofhq.com/html/information-security-policy.html.
80 Workfront DAM. Workfront offers the Workfront DAM software through a partner agreement with WebDAM. While Workfront owns all commitments established through Workfront DAM SLAs, it is WebDAM that provides the systems and infrastructure that make up the Workfront DAM platform. WebDAM has taken measures to secure user data as well as maintain the availability, confidentiality, and integrity of the Workfront DAM service. Contact your sales representative for additional details on the safeguards established by WebDAM.
81 Partner Plug-ins and Connectors. Workfront may recommend various partner solutions for delivering strategic integrations with independent vendor applications. Safeguards for the tools built and implemented by Workfront partner solutions are established and maintained by the partner. Workfront does not include these plug-ins and connectors during control performance or application penetration testing. Any additional information related to the security of these partner plug-ins and connectors should be addressed to the partner.
82 The above stated security policy is now in effect for all new Workfront customers and will be effective for all existing Workfront customers 30 days after publication.
83
84 Last Updated March 31, 2016
85 Terms of Service
86 By using Workfront software you acknowledge your acceptance of these terms of use. Users are not permitted to misuse Workfront software. This includes attempting to access the software or its features outside of the intended methods. Users are to use Workfront software for purposes directly related to their business processes. If it is discovered that Workfront software has been used in violation of standards in use agreements, Workfront may suspend your right to use of the software.
87 The user is the owner of and responsible for data input into the Workfront application. These terms do not give a user ownership of all elements of the application. Users must not manipulate, remove, alter or in anyway obscure elements of the service(s) provided by Workfront. This includes pages, branding, application features/functions, etc.
88 Administrators are responsible for setting and maintaining password policies and access controls in a customer’s environment. If a user is concerned with password security requirements or access rights, the user is to contact their Workfront administrator.
89 If, during use or interaction with the software, a user becomes aware of a security issue, please submit a ticket using our Community page.
90 Last Updated March 31, 2016
91 Website
92 Workfront is committed to protecting your privacy and ensuring the security of your information. To prevent unauthorized access or disclosure, to maintain the accuracy of all data and to ensure the appropriate restrictions on use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online.
93 This site contains information about our company, products and services. It will also feature success stories about partners and customers, the latest Workfront news, schedules for upcoming events, and possible employment opportunities. We’ve structured the Workfront Web site so that, in general, you can visit most pages without identifying yourself or revealing personal information. Registration is required for submitting information to and participating in Workfront’s knowledge base, forum, and blog.
94 In some circumstances, Workfront may request personal information from you, such your name, e-mail address and company name or telephone number. Examples include on access to product demos and featured documents, registration for select services and training courses, participating in a beta program or joining a user group. Your response to these inquiries is strictly voluntary, although it may be necessary to complete the activity with which the information i complete, please contact us as specified below. Upon receipt of verifiable request, we will update or correct Personal Data in our possession that you have previously submitted via the Service. Please also feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Service. You may contact us as follows: privacy@workfront.com
95 Changes/Updates
96 s associated. Workfront may use this information to customize your experience on our Web site. In addition, Workfront may use this information for other business purposes, such as to alerting you to products and services that can assist you in your business or assisting in order processing. Once you choose to provide us personally identifiable information (any information by which you can be identified), you can be assured that it will only be used to support your relationship with Workfront. The Service and our business may change from time to time. As a result, at times it may be necessary for Workfront to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your use of the Service
97 If you do provide personal information, we will not disclose (share, sell or divulge) it to external organizations unless we have informed you or are required to do so by law. We will maintain this information, as well as your business activities and transactions, according to Workfront’s normal confidentiality standards.
98 Workfront also collects domain information as part of its analysis of the use of this site. This data enables us to become more familiar with customer usage of our site. Workfront uses this information to improve its web-based offerings. This information is collected automatically, frequently from third-party providers such as LeadLander, and requires no action on your part.
99 Workfront’s Web site may contain links to Web pages not created and/or owned by Workfront. We make no guarantees or promises about the information on those web sites and cannot accept responsibility for the actions or inaction of their operators.
100
101 Last Updated March 31, 2016
102 Compliance
103 Workfront works to provide any and all appropriate validation of security, availability, confidentiality and data integrity safeguards. A mixed approach of int after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.
104 Effective Date: November 6, 2017
105 EU Data Privacy
106 ernal testing and third-party independent attestation reports are used to provide this assurance. Customers are encouraged to review our compliance offerings and the safeguards to which they attest. General
107 SOC 1
108 Workfront publishes a Service Organization Controls 1 (SOC 1), Type II report . The audit for this report is conducted in accordance with AICPA: AT 801 (formerly SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).
109 This audit is the Data Protection Regulation (GDPR)
110 replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report. This dual-standard report can meet a broad range of auditing requirements for U.S. and international auditing bodies. The EU General Data Protection Regulation (GDPR) replace
111 The SOC 1 report audit attests that Workfront control objectives are appropriately designed and that the controls safeguarding customer data are operating effectively.
112 To request a copy of Workfront’s SOC 1, please contact your sales representative.
113 SOC 2
114 Workfront publishes a Service Organization Controls 2 (SOC 2), Type II report . As with other reports (SOC 1), the SOC 2 consists of an evaluation of controls, but the SOC 2 results in an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles . These principles propose definitions for control criteria both general and specific to security, availability, processing integrity, confidentiality and privacy. s the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU cit
115 The Workfront SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security, availability, processing integrity and confidentiality principles set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into Workfront’s safeguards based on a defined industry standard and further demonstrates Workfront’s ability to protect customer data.
116 Web Application Penetration Test and Vulnerability Assessment
117 Third-Party providers are selected biannually to perform independent penetration tests and vulnerability assessments of the Workfront application. These tests are performed on an environment that is built to mirror production (without customer data). The scope of this test focuses on external penetration as well as vulnerabilities within the application exploited by an authenticated user. At a minimum, these engagements will include testing for industry standard vulnerability saf izens data privacy and to reshape the way organizations across the region approach data privacy. Workfront is compliant many areas and will be compliant in all areas before May 25, 2018 when GDPR becomes enforceable.
118 eguards including OWASP Top 10. Questions regard
119
120 Last Updated March 31, 2016
121 EU Data Protection
122 EU Data Protection Directive (95/46/EC)
123 The EU Data Protection Directive refers to a European Union directive adopted in 1995 for the protection of individuals related to processing personal data and the free movement of such data. Directive 95/46/EC establishes a number of data protection requirements that apply when personal data is being processed or transferred.
124 Article 29 Working Party
125 The Article 29 Working Party, referred to as the “Working Party”, is an advisory group established under the Directive 95/46/EC of European Parliament. This party acts independ ing Workfront’s Privacy Program can be submitted here
126 Privacy Shield
127 ently of Parliament and advises on the protection of individuals regarding the processing and free movement of their data. The Working Party has responsibility to evaluate, advise and provide opinions on the agreements and directives established for the protection of personal data. Workfront complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of
128 “Model Clauses”
129 The Model Contract Clauses are a set of provisions established by Workfront to enable personal data to be transferred by a data controller to a data processor outside the European Economic Area in a way that complies with relevant directives (such as Directive 95/46/EC).
130 Where is your data?
131 Workfront customers may be running on either our US or EMEA instance.
132 EMEA customers are run on Amazon Elastic Web-Scale Computing (EC2) environments with data stored in Amazon Simple Storage Service (S3) in EU regions. Workfront understands the requirements that Amazon establishes for their customers in order to ensure a secure environment. These requirements are known as User Control Considerations (UCCs). Workfront performs annual review of the UCCs to ensure compensating controls are in place and operating effectively. Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Workfront has certified to the Department of Commerce that it adhere
133 US customers are run on Workfront owned systems that reside in dedicated collocation facilities in the US. Those customers’ documents are stored in the physical collocation facilities mentioned or Amazon S3 based on customer preference.
134 Safe Harbor
135 Workfront continues to adhere to Safe Harbor Principles. Despite its status with EU governing bodies, the safeguards established that represented Workfront’s fulfillment of the agreement are designed and operating effectively. Controls reflecting these safeguards are documented, described and tested in our security reports and test results. s to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
136 Last Updated March 31, 2016 Last Updated November 6, 2017