As a European based company we understand GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) aims to strengthen and unify data protection within the EU. As such, GDPR aims primarily to give control over your own personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
See more here.
Key Principles of GDPR
- Personal data collected needs to be processed in a fair, legal, and transparent way. It should only be used in way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
- Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
- EU citizens have the right to access their personal data. This also includes requesting a copy of data, and that data can be updated, deleted, restricted, or moved to another organisation.
- All personal data needs to be kept safe and secure .
- Companies undertaking certain types of activities must appoint a data protection officer.
GDPR and Oveo?
As an european company with headquarter in Denmark, Oveo must comply with GDPR regulations. Where US based companies are transporting data outside of EU, Oveo’s datacenters are placed in EU, same goes for backup and disaster recovery services.
What personal data does Oveo collect?
Data Processed by Oveo
Oveo collects names of employees and their emails from our customers messaging platform (G Suite or O365) as well as log in information and financial records. Oveo does not allow collection or processing of data not relevant to our service. As such, Oveo does not collect nor process employee data on race, religion, political opinions, health data, etc.
Privacy is key for a product like Oveo. We will not collect nor expose unnecessary data from your organisation. Our data collection approach ensures that we only enrich data when needed for the SaaS management perspective. See more information about privacy by design here: Article 25 of the GDPR.
Data Breach Procedures
Any employee of Oveo who knows of, or suspects of a data breach, will report immediately to the CIO (Morten Kruse Søndergaard) and CEO (Michael Fornander).
Oveo takes any data breach seriously. If we ever should experience a data breach, we have a defined process in place ensuring we learn from our mistakes after having closed the breach as highest priority.
Oveo uses Oveo to ensure complete overview of GDPR compliance. This provides us with always up to date insights on which third party providers we use and how they each one of them are GDPR compliant.
We do not allow any GDRP related data to be managed, processed or stored by third party providers, before undergoing evaluation.