GDPR Compliance

OVERVIEW

The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It came into effect on May 25, 2018. Odrive meets all the requirements of the GDPR.

KEY GDPR REQUIREMENTS

Data Residency
Under the GDPR, "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data." Odrive does not store any of a user's files and customers choose how and where to store their files; all of your files remain within the storage service that you have linked to Odrive. Minimal user profile information is stored in order to provide the service and communicate with you (see below).

Right to Control and Access Your Information
You can update or correct your account information at any time by logging in and modifying information contained in the "Profile" settings page. You can also delete your account from the "Profile" page. If you have questions about deleting your account profile information, you may email us at [email protected]. We will respond to your request within 30 days.

Data Protection Addendum ("DPA")
To help meet compliance with the GDPR, a Data Processing Addendum is available for all customers. Once signed, customers can provide the DPA to auditors to show that they use Odrive in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.