Security of your data and implementation of the GDPR
At OOTI, we take the security and privacy of your data very seriously. Since the beginning of our adventure, we have always taken care to host your data in Europe in an ultra-secure way.
With the implementation of the General Data Protection Regulations (GDPR), effective May 25, 2018, OOTI continues to work in this direction by providing you with the following guarantees:
Nomination of a DPO
OOTI has appointed an internal Data Protection Officer (DPO) whose responsibility is to monitor the collection and processing of data, train teams in data security and privacy, and report any non-compliance with GDPR standards.
You can contact our DPO for any questions relating to the GDPR, the security or the confidentiality of your data at privacy@ooti.co.
Security audit and Privacy Impact assessment
OOTI has launched a data protection impact analysis, or Privacy Impact Assessment (PIA), to ensure that the processing of your data is respectful of privacy and complies with GDPR standards.
Collection of data
OOTI undertakes to collect data concerning you or your company in strict compliance with the rules laid down under the GDPR. You can consult our TOS for more detailed information.
Data hosting
Your data is at Amazon Web Services (AWS) on servers in Europe. These data centers are equipped with inverters and generators, video surveillance and motion detection systems as well as security personnel. Their access is strictly controlled and limited to authorized personnel equipped with RFID badges.
In addition, OOTI hosts your data in your country of practice when technically possible and when this country is deemed adequate according to GDPR standards. So, if you exercise:
OOTI's physical infrastructure is hosted and managed in Amazon's secure data centers and uses AWS (Amazon Web Service) technology on servers in Europe. Amazon continuously manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:
ISO27001
SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II)
PCI level 1
FISMA Moderate
Sarbanes-Oxley (SOX)
For more information see: https://aws.amazon.com/security
PCI
We use Stripe compliant payment processor for encryption and processing of credit card payments. OOTI's infrastructure provider is PCI Level 1 compliant.
For more information see: https://stripe.com/docs/security/stripe
Data security
Redundancy : Your data is replicated in other geographically distant data centers. In the event of failure of one of them, access to your data automatically switches to another server and allows you to always have access to your data.
Backups : Your data is backed up once a day. These backups are kept for 3 months in case data restoration is needed.
Encryption : The data that passes between your terminal and our servers is encrypted using Let's Encrypt Authority X3 certificates with a 2048-bit RSA key.