How to create your privacy profile

In Openli, you have the ability to create your customer-facing privacy profiles.

Go to your account, click “Trust Center” and then click “Create privacy profile”. You can now create your privacy profile.

This profile focuses on providing your customers with information about your customer-facing privacy efforts.

When you create your profile, you’ll be asked to outline and upload relevant privacy information and documentation so your customers and users can see your privacy and security efforts.

Your customer-facing privacy profile should include information like:

• Full company name and address

• A description of your service / offering

• Contact details, including an email address so people can easily get in touch with you

• A link to your privacy policy

• Information about the personal data you’re processing on behalf of your customers or users, incl. Personal data, data subjects, purpose and nature of processing

• A copy of your standard data processing agreement (if you are a data processor) with your customers. If you don’t have a standard data processing agreement in place, we need you to provide an explanation as to why you don’t have one in place. This can e.g. be due to you being a controller or a consultancy where bespoke data processing agreements are entered into for which reason you can’t provide a standard template.

• Information about your security efforts

• Your sub processor list (if you are a data processor). If you don’t have sub processors, provide an explanation as to why you don't use sub processors.

• Data retention and deletion policy

• Where personal data is processed by your company (your processing locations) and the processing locations of your sub processors. If you aren’t able to disclose this information, please provide an explanation as to why you can’t provide the information

• If you’re transferring data out of the EU, add information about the legal basis you use for the data transfers, e.g. EU SCCs, the EU and US Data Privacy Framework etc.

If you state that you have security certificates in place, please provide a copy of the certificates or a letter from your auditor confirming the certificate in place.

Please note that Openli does not perform a legal review of the documentation and that it is not an audit. Openli checks that the information requested is provided, e.g. that a SOC 2 is uploaded, but we cannot and does not verify the validity of the documentation. This is the sole responsibility of the company creating the profile.