FAQ

Setup & Installation

{This data is currently marked private}

For Android users, you can download the OneMe app from Google Play.
For IOS users, you may download the app from the Apple App Store.

Privacy & Security

A primary goal of OneMe is to enable businesses to be compliant with the EU General Data Protection Regulation (GDPR) as well as the EU-US Privacy Shield.  Businesses and organizations that use the OneMe platform to protect individual’s identity and personal data, and are certified in their usage of the platform by OneMe, take a large step in being compliant with both of these policies.

Download our free GDPR-101 Guide.

Encryption is the act of scrambling the contents of data either by a mathematical formula or with a public key, so that it can only be read by deciphering it with a secret or private key.  The means for encrypting something is called the cipher. The strength of the encryption i.e. the effort required to decrypt the data without the key, depends on the combination of the cipher method and the key length. Key length is measured in bits i.e. a 256 bit key has greater strength than a 128 bit key.

Data can be encrypted in-transit, being transmitted from one party to another e.g.  Submitting your credit card data to Amazon.com, or moving employee data from one computer network to another, and data can also be encrypted at-rest, i.e. while it sits in storage like a database , your mobile phone, or in a blockchain.

Whenever OneMe handles any data, whether in-transit or at-rest, we ensure it’s encrypted using the latest and strictest industry standards and recommendations. We alsoensure only the owners of the data have the private keys to decrypt and authorize access to this data.

The EU General Data Protection Regulation , or GDPR, is a set of regulations set forth by the EU Council in Brussels Belgium, governing how businesses that operate in the European Union (EU) must handle customer personal data.

In 2016 an initial set of guidelines went into force regarding the directive. Businesses that do not comply with this directive may be subject to heavy fines. The EU Council has authorized various data privacy organizations to audit businesses throughout the year.

Key points of the directive for 2016 are:

  • Consent: Valid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.
  • A Right to Erasure:: Previously, the “right to be forgotten”. When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press.
  • Easier access to one’s data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way.
  • Right to data portability: Controllers will be required to make it easier for individuals to transmit personal data between service providers. In addition, the data must be provided by the controller in a structured and commonly used electronic format.
  • The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures.
  • Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.
  • Stronger enforcement of the rules: data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover.
  • Appointment of a Data Protection Officer – Each institution or body must appoint at least one person as a Data Protection Officer (“DPO”).  The main task of the DPO is to ensure, in an independent manner, the internal application of the provisions of the Regulation in his/her institution. The DPO is also required to keep a register of all of the processing operations involving personal data carried out by the institution. The Register, which must contain information explaining the purpose and conditions of the processing operations, should be accessible to any interested person.

Sanctions: 

The following sanctions can be imposed for non-compliance:

  • A fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4))
  • aAfine up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher (Article 83, Paragraph 5 & 6)

 

Additional detail of the GDPR can be found by downloading our free GDPR 101 guide and also found here.

The EU-US Privacy Shield is a set of personal data transfer guidelines designed by the U.S. Department of Commerce and European Commission to enable both US and EU organizations  a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce

{this data is currently private}

{This data is currently marked private}

How Do I ...

{This data is currently marked private}

Category: How Do I ...

{This data is currently marked private}

Category: How Do I ...

{This data is currently marked private}

Category: How Do I ...

{this data is currently private}

Category: How Do I ...

{This data is currently marked private}

Category: How Do I ...

Business Usage

For organizations based in the US, the EU Council will identify national independent regulators that will perform regular compliance reviews. If that organization operates in multiple countries, one regulator will be assigned as the supervisory authority and will coordinate with regulators in other countries, thus providing a single contact for the organization.

Organizations operating in the US must consent to regular reviews by the Department of Commerce as to their compliance with the applicable data protection rules. If an organization is found to be non-compliant, they face sanctions and removal from the Privacy Shield list, preventing them from doing business with the EU.

Download our free GDPR-101 Guide.

 

Category: Business Usage

Any business that wishes to operate in the EU must be in compliance with the EU General Data Protection Regulation (GDPR) or face heavy fines. Although this is termed a directive, it is actually a regulation within the EU.

Businesses that wish to transmit data between the US and the EU, must also be in compliance with the EU-US Privacy Shield or face penalties from the Department of Commerce.

Download our free GDPR-101 Guide.

Category: Business Usage

A primary goal of OneMe is to enable businesses to be compliant with the EU General Data Protection Regulation (GDPR) as well as the EU-US Privacy Shield.  Businesses and organizations that use the OneMe platform to protect individual’s identity and personal data, and are certified in their usage of the platform by OneMe, take a large step in being compliant with both of these policies.

Download our free GDPR-101 Guide.

The EU General Data Protection Regulation , or GDPR, is a set of regulations set forth by the EU Council in Brussels Belgium, governing how businesses that operate in the European Union (EU) must handle customer personal data.

In 2016 an initial set of guidelines went into force regarding the directive. Businesses that do not comply with this directive may be subject to heavy fines. The EU Council has authorized various data privacy organizations to audit businesses throughout the year.

Key points of the directive for 2016 are:

  • Consent: Valid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.
  • A Right to Erasure:: Previously, the “right to be forgotten”. When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press.
  • Easier access to one’s data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way.
  • Right to data portability: Controllers will be required to make it easier for individuals to transmit personal data between service providers. In addition, the data must be provided by the controller in a structured and commonly used electronic format.
  • The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures.
  • Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.
  • Stronger enforcement of the rules: data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover.
  • Appointment of a Data Protection Officer – Each institution or body must appoint at least one person as a Data Protection Officer (“DPO”).  The main task of the DPO is to ensure, in an independent manner, the internal application of the provisions of the Regulation in his/her institution. The DPO is also required to keep a register of all of the processing operations involving personal data carried out by the institution. The Register, which must contain information explaining the purpose and conditions of the processing operations, should be accessible to any interested person.

Sanctions: 

The following sanctions can be imposed for non-compliance:

  • A fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4))
  • aAfine up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher (Article 83, Paragraph 5 & 6)

 

Additional detail of the GDPR can be found by downloading our free GDPR 101 guide and also found here.

The EU-US Privacy Shield is a set of personal data transfer guidelines designed by the U.S. Department of Commerce and European Commission to enable both US and EU organizations  a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce

{This data is currently marked private}

Category: Business Usage