As a European based company we understand GDPR.
The General Data Protection Regulation (GDPR) aims to strengthen and unify data protection within the EU. As such, GDPR aims primarily to give control over your own personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
See more here.
As an european company with headquarter in Denmark, Oveo must comply with GDPR regulations. Where US based companies are transporting data outside of EU, Oveo's datacenters are placed in EU, same goes for backup and disaster recovery services.
Oveo collects names of employees and their emails from our customers messaging platform (G Suite or O365) as well as log in information and financial records. Oveo does not allow collection or processing of data not relevant to our service. As such, Oveo does not collect nor process employee data on race, religion, political opinions, health data, etc.
Privacy is key for a product like Oveo. We will not collect nor expose unnecessary data from your organisation. Our data collection approach ensures that we only enrich data when needed for the SaaS management perspective. See more information about privacy by design here: Article 25 of the GDPR.
Any employee of Oveo who knows of, or suspects of a data breach, will report immediately to the CIO (Morten Kruse Søndergaard) and CEO (Michael Fornander).
Oveo takes any data breach seriously. If we ever should experience a data breach, we have a defined process in place ensuring we learn from our mistakes after having closed the breach as highest priority.
Oveo uses Oveo to ensure complete overview of GDPR compliance. This provides us with always up to date insights on which third party providers we use and how they each one of them are GDPR compliant.
We do not allow any GDRP related data to be managed, processed or stored by third party providers, before undergoing evaluation.