ODESSO GDPR Policy The General Data Protection Regulation, or GDPR, is a European privacy law that went into effect May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, which affects ODESSO and applications run on our platform. If you have visitors or customers in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, this guide covers what you should know as an ODESSO application owner.
Under the GDPR, personal data is any information that can reasonably identify a specific living person, either alone or with other information. This broad definition includes traditional personal data—like dates of birth, names, physical addresses, email addresses—and location data, biometric data, financial information, and more.
In the EU, cookie laws are currently governed by the E-Privacy Directive. The cookie laws in the EU require website owners to take certain steps before dropping non-essential cookies on EU visitors. Websites that drop non-essential cookies must, through a cookie banner, take the following minimum steps:
The GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK, and Switzerland to "third countries," which are all countries outside these protected areas, including the United States. We're committed to treating personal data received from the EEA, the UK, and Switzerland (as well as personal data received from elsewhere around the world) in a secure and privacy-first way, and processing it in a way that meets the European Commission Standard Contractual Clauses.
European Commission Standard Contractual Clauses
We use Standard Contractual Clauses (also known as Model Contractual Clauses) as the legal basis for transferring personal data to third countries, including the United States. We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards.
Other transfer requirements
Articles 45 to 50 of the GDPR set the various requirements for the lawful transfers of personal data to third countries or international organizations that provide an adequate level of protection. These include:
Third countries, specified sectors within third countries, or international organizations have adequacy if the EU Commission determined they provide an adequate level of data protection.
In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:
Exceptions for specific situations
Exceptions allow transfers in specific situations, like if consent is obtained, or:
For more information, visit this guidance document from the European Data Protection Board.
We may use other transfer mechanisms to ensure adequate data protection and we'll provide more information, as appropriate, if other transfer mechanisms are used for the lawful transfers of personal data to third countries.
ODESSO asks you to provide your own legal terms or privacy policies to be governed underneath ODESSO’s existing platform-wide policies.
Regulators within the EU provide specific guidance on the GDPR and Cookies. You can view their documentation here: