How can I get an Openli Privacy Badge?

In this article we will explain the steps you need to complete to get Openli’s Privacy Badge.

The first step is to go to this page and request access to Privacy Badges & Pages as part of your subscription with Openli.

Fill out the form and after that, you’ll be able to see the functionality enabled in your account.

The next step is then to complete your privacy profile. See this article for how to create your privacy profile and the information needed.

After that, you will need to publish your profile so you are transparent about your privacy efforts.

Your published privacy page needs to contain some core information before a privacy badge is enabled in your account:

• Full company name and address

• A description of your service / offering

• Contact details, including an email address so people can easily get in touch with you

• A link to your privacy policy

• A copy of your standard data processing agreement (if you are a data processor) with your customers. If you don’t have a standard data processing agreement, we need an explanation as to why you don’t have one in place.

• Information about your security efforts* or a link to information

• Your sub processor list (if you are a data processor). If you don’t have sub processors or a specific list, provide an explanation as to why you don't.

• The processing locations by your company and the processing locations of your sub processors. If you aren’t able to disclose this information, provide an explanation as to why you can’t provide the information.

• If you’re transferring data out of the EU, information about the legal basis you use for the data transfers, eg. EU SCCs, the EU and US Data Privacy Framework etc.

If/when a privacy badge is enabled, you’ll receive an email and you'll be able to find it in your account under “Share”.

* It's not a requirement that you have a security certificate, but if you do provide a copy of the certificate(s) or a letter from your auditor confirming the certificate in place. Other types of security information can include security policy, whitepapers and similar.

Please note that Openli does not perform a legal review of the documentation and that it is not an audit. Openli checks that the information requested is provided, e.g. that a SOC 2 is uploaded, but we cannot and do not verify the validity of the documentation. This is the sole responsibility of the company creating the profile and it is also the company that is responsible for keeping the profile up to date.