The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It impacts any and all businesses in the European Union or businesses that handle data of individuals within the European Union. This is new EU privacy legislation is replacing 95/46/EC Directive on Data Protection of 24 October 1995.
According to the new regulation, LeaveBoard acts as Data Processor, processing HR and time off data on behalf of its customers. LeaveBoard customers will act as the Data Controller for the employee data they manage in the platform.
Our commitment as Data Processor:
Frequently asked questions:Where is our data held?
The servers are hosted by OVH in France, recognized with an ISO/IEC 27001 certification and audited to SSAE 16/ISAE 3402 and SOC 2 Type II standard.Can we ask to remove all the data from your servers?
Yes. Contact us.Is LeaveBoard data encrypted?
Yes. Data is encrypted - from login to logout - using bank-grade standards, including 256-bit SSL encryptionDoes LeaveBoard has a data processing officer?
To comply with these regulations we have a designated Data Protection Officer.