Security at Ometria

decor
Ometria

Information security
management

We, at Ometria, are proud of the value our platform delivers to our Clients, but we are also
highly aware of the sensitivity of our clients’ customers’ information and the importance of
protecting not only their privacy, but also the protection of all personally identifiable or
commercially sensitive data we handle whether it belongs to us or not.

This is why one of our five values is:

Respect for the trust we've been given

Core to this value is our capability to provide appropriate assurances to all Ometria’s
stakeholders* of the stability of our business, the security and privacy of our products and
services and the confidentiality of their information whilst in our care.

To achieve this, Ometria has identified and will adhere to the following information security
and privacy objectives:

  • To ensure the appropriate level of security and privacy control is applied to
    information through a process of risk assessment which defines the necessary
    security and privacy requirements and identifies the probability and impact of security
    and privacy breaches in respect of that information.
  • To ensure the confidentiality of information belonging to all stakeholders by restricting
    access to information on a need-to-know basis.
  • To ensure the security and privacy of the Ometria platform and professional services in
    accordance with secure coding standards and best practices in software development
    and systems engineering.
  • To ensure the careful selection and management of suppliers in accordance with the
    needs and expectations of our stakeholders and relevant regulations and to mitigate
    the risks they may present to information security and privacy.
  • To ensure all employees, contractors and suppliers receive awareness training and
    guidance appropriate to their role, and their impact on information security and
    privacy, throughout the lifetime of their relationship with Ometria.
  • To meet all contractual, legislative and regulatory requirements of our stakeholders.
  • To ensure that personal data is processed only in accordance with the documented
    instructions of the data controller, as specified in the contract or other legal agreements.
  • To ensure that all data processing agreements with controllers meet legal requirements and that all processing activities are governed by clear contractual obligations, including the roles and responsibilities of both parties.
  • To assist our clients (as data controllers), where applicable, in fulfilling their obligations to respond to data subject rights requests, such as access, rectification, or erasure, without directly handling these requests unless instructed to do so by the controller.
  • To ensure that any sub-processors engaged to process personal data on behalf of Ometria do so under terms that are aligned with the data processing agreements with our clients (as data controllers), and that appropriate due diligence and contractual safeguards are in place.
  • To assist our clients (as data controllers) in conducting data protection impact assessments (DPIAs), where applicable, by providing relevant information regarding the processing operations and any potential risks.
  • To promptly notify our clients (as data controllers) of any personal data breaches without undue delay, providing sufficient detail to enable them to meet their notification obligations to supervisory authorities and data subjects.
  • To ensure that personal data is either deleted or returned to our clients (as data controllers) upon termination of the processing contract, unless otherwise required by law, in accordance with the data processing agreement.
  • To maintain appropriate records of processing activities and cooperate with our clients (as data controllers) to provide evidence of compliance with applicable data protection requirements, including audit support where specified in agreements.
  • To ensure that personal data is not used for any purposes other than those explicitly instructed by our clients (as data controllers), including preventing any secondary uses such as profiling, unless specifically allowed under written agreements with our clients.
  • To ensure that any suspected or actual breach of information security and privacy policies and procedures is reported to the Data Protection Officer and handled in accordance with Ometria’s formal information security and privacy incident management procedures.
  • To ensure that any actual breach of information security or privacy is reported to the stakeholder(s)* affected and to the relevant National Data Protection Authorities (e.g. the Information Commissioner’s Office), as appropriate.
  • To ensure the achievement and ongoing certification of Ometria’s:
  • information security management system (ISMS)** to the ISO/IEC 27001 international standard for information security management systems; and
  • privacy information management system (PIMS)** to the ISO 27701 international standard, being an extension ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

by a UKAS-accredited certification body through continual improvement of the ISMS.


*stakeholders include, amongst others, clients and their customers, employees, suppliers, investors, directors and partners.


** The scope of certification is defined as, “Providers of a cross-channel dynamic marketing
platform for creative marketing experiences in the retail sector across the world”.


These objectives and Ometria’s performance in achieving such objectives are regularly reviewed, to ensure their ongoing relevance, to ensure the necessary resources are made available to achieve these, and to promote continual improvement.

wardrobe

"With Al driven insights, segmentation capabilities, and a centralized dashboard, retail organizations have real- time access to valuable insights needed to create and deliver impactful and efficient campaigns, leading to stronger customer relationships and increased revenue"

Jessica Herbert-Maynard
Head of Marketing at Sephora
Speak to our expert team about your customer experience growth journey
Join industry leaders in choosing Ometria to power your customer marketing.