Authentication, Security, and Personalization - Cookies allow users to access their accounts, retain saved settings, and identify the account devices to prevent fraudulent access to ODESSO services.
Analytics and Performance - Cookies allow us to analyze how users interact with ODESSO’s processes, and to track the performance, and get insights to provide higher quality service to users.
Third-Party Access - Some third-party sites that partner with ODESSO may require cookies to access their services. All policies third-party cookies are used in conjunction with that third party’s separate individual policies.
ODESSO GDPR Policy The General Data Protection Regulation, or GDPR, is a European privacy law that went into effect May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, which affects ODESSO and applications run on our platform. If you have visitors or customers in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, this guide covers what you should know as an ODESSO application owner.
Under the GDPR, personal data is any information that can reasonably identify a specific living person, either alone or with other information. This broad definition includes traditional personal data—like dates of birth, names, physical addresses, email addresses—and location data, biometric data, financial information, and more.
In the EU, cookie laws are currently governed by the E-Privacy Directive. The cookie laws in the EU require website owners to take certain steps before dropping non-essential cookies on EU visitors. Websites that drop non-essential cookies must, through a cookie banner, take the following minimum steps:
Provide clear and comprehensive information regarding the website’s cookie usage.
Display that information prominently so visitors can easily access it.
Obtain consent from the website visitor to drop the non-essential cookies.
The GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK, and Switzerland to "third countries," which are all countries outside these protected areas, including the United States. We're committed to treating personal data received from the EEA, the UK, and Switzerland (as well as personal data received from elsewhere around the world) in a secure and privacy-first way, and processing it in a way that meets the European Commission Standard Contractual Clauses.
European Commission Standard Contractual Clauses
We use Standard Contractual Clauses (also known as Model Contractual Clauses) as the legal basis for transferring personal data to third countries, including the United States. We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards.
Other transfer requirements
Articles 45 to 50 of the GDPR set the various requirements for the lawful transfers of personal data to third countries or international organizations that provide an adequate level of protection. These include:
Third countries, specified sectors within third countries, or international organizations have adequacy if the EU Commission determined they provide an adequate level of data protection.
In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:
Approved Codes of Conduct or Approved Certification Mechanisms
Binding Corporate Rules
Standard Contractual Clauses
Exceptions for specific situations
Exceptions allow transfers in specific situations, like if consent is obtained, or:
For the performance or conclusion of a contract
For the exercise of legal claims
To protect the vital interests of the data subject when they can't give consent or for reasons of public interest
We may use other transfer mechanisms to ensure adequate data protection and we'll provide more information, as appropriate, if other transfer mechanisms are used for the lawful transfers of personal data to third countries.
ODESSO asks you to provide your own legal terms or privacy policies to be governed underneath ODESSO’s existing platform-wide policies.
Regulators within the EU provide specific guidance on the GDPR and Cookies. You can view their documentation here: