v1.0 — Last edited on March 3, 2021
What is GDPR?
The General Data Protection Regulation (GDPR) aims to strengthen and unify data protection within the EU. As such, GDPR aims primarily to give control over your own personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
See more here.
Key Principles of GDPR
- Personal data collected needs to be processed in a fair, legal, and transparent way. It should only be used in way that a person would reasonably expect.
- Personal data should only be collected to fulfil a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
- Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
- EU citizens have the right to access their personal data. This also includes requesting a copy of data, and that data can be updated, deleted, restricted, or moved to another organisation.
- All personal data needs to be kept safe and secure .
- Companies undertaking certain types of activities must appoint a data protection officer.
GDPR and Viio?
As an european company with headquarter in Denmark, Viio must comply with GDPR regulations. Where US based companies are transporting data outside of EU, Viio's datacenters are placed in EU, same goes for backup and disaster recovery services.
What personal data does Viio collect?
Data Processed by Viio
Viio collects names of employees and their emails from our customers messaging platform (G Suite or O365) as well as log in information and financial records. Viio does not allow collection or processing of data not relevant to our service. As such, Viio does not collect nor process employee data on race, religion, political opinions, health data, etc.
Privacy is key for a product like Viio. We will not collect nor expose unnecessary data from your organisation. Our data collection approach ensures that we only enrich data when needed for the SaaS management perspective. See more information about privacy by design here: Article 25 of the GDPR.
Data Breach Procedures
Any employee of Viio who knows of, or suspects of a data breach, will report immediately to the CIO (Morten Kruse Søndergaard) and CEO (Michael Fornander).
Viio takes any data breach seriously. If we ever should experience a data breach, we have a defined process in place ensuring we learn from our mistakes after having closed the breach as highest priority.
Viio uses Viio to ensure complete overview of GDPR compliance. This provides us with always up to date insights on which third party providers we use and how they each one of them are GDPR compliant.
We do not allow any GDRP related data to be managed, processed or stored by third party providers, before undergoing evaluation.