The GDPR protects personal data. We do too.

The General Data Protection Regulation (GDPR in short) is a landmark European legislation regulating the way entities may process personal data.
The GDPR aims to strengthen the security and protection of personal data in Europe and to harmonise data protection law. Broadly, it sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.

The GDPR applies to any business, nonprofit or administration processing personal data from an establishment in Europe. Europe here is a shortcut for the European Economic Area (EEA) which is the territory that spans all countries in the European Union plus Norway, Iceland and Liechtenstein. The GDPR applies to Osimis and to our customers established in Europe or offering products or services in Europe.
Personal data is any piece of information that relates to an identified or identifiable person. The definition is very large and encompasses any information such as a name, an email, an IP address, a health condition, etc.

At Osimis, we have taken measures to ensure that our activities comply with the GDPR, that you are informed about the way we process personal data and that data subjects can effectively exercise their rights.
Scroll down to the next section to find out how we ensure to comply with the GDPR.

The GDPR is no tick-the-box regulation. The extent of your obligations depends on the scope, nature and context of your processing activities. However, there are some measures any organisation must take under the GDPR. And we can help our customers with some of them. We have listed in a section below the actions you can take to ensure that your use of our service complies with the applicable GDPR provisions.

Both.
A controller is an entity determining the purposes and the means of the processing of personal data. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with the GDPR.
A processor is an entity processing personal data on behalf of, and under the instructions of, a controller. Processors must comply with some (not all) provisions of the GDPR. Like virtually all companies in the sector, Osimis is processing certain personal data as controller and certain personal data as processor depending on the purpose of their processing.
Scroll down to the section below for examples of instances where we act as controller and as processor.

You can contact our Data Protection Officer using the contact details set out in this GDPR compliance statement. You can also contact our support team or our business development team and they will get you in touch with the right person.

No.
As we are processing certain personal data as processor on behalf of our customers, we must enter into a contract (usually called a 'Data Processing Agreement' or DPA in short) with our customers. Such DPA contains all the mandatory provisions governing the way we process personal data as processor (such as how we must return and destroy personal data at the end of our commercial relationship or how we may subcontract part of our processing activities to third parties). We have included all of those mandatory provisions in a Data Processing Addendum (available here).

You may find a list of our sub-processors in our Data Processing Addendum (available here).
Sub-processors are entities that we hire to perform parts of the processing of personal data. We must inform you about any change to the list of sub-processors.

You can learn more about how the GDPR may affect your activities by visiting the website of the EU Commission available here.