GDPR compliance

GDPR is our foundation.
We build cloud that respects your rights by design.

GDPR compliance at Ormilon

We design for GDPR .

At Ormilon, your data stays in Europe, hosted on infrastructure we own and operate ourselves. No back doors. No hidden subprocessors. All transparency, security and full control, so you can meet your own GDPR obligations with confidence.

From start to finish, you remain the data owner, backed by live logs and audit trails that prove it.

GDPR image Ormilon

What is the GDPR?

The General Data Protection Regulation (GDPR) is the European Union’s data privacy law. It protects individuals’ personal data and sets rules for how businesses collect, process and store that data, inside and outside the EU.

GDPR applies to anyone handling personal data from EU residents, including Cloud Service Providers like Ormilon and our customers like SaaS Providers.

How Ormilon enables GDPR compliance

We’ve built our platform to align with GDPR principles from the ground up:

  • 100% EU-based infrastructure
    Your data stays within Europe. Always. Our servers run in ISO 27001 certified datacenters, operated entirely under European law.
  • No hidden data transfers
    We never use third-party US cloud platforms or services that may trigger cross-border transfers. There are no backdoors and no surprises.
  • Subprocessors? You’ll know
    We keep a live list of (sub)processors on our Privacy Policy page, so you know exactly who handles what. If we change something, we’ll notify you in advance.
  • Security by design
    We apply strong access control, encryption, audit logs and monitoring. You decide who gets access, when and how.
  • GDPR-ready Data Processing Agreement (DPA) included
    Every Ormilon customer receives a Data Processing Agreement (DPA) that meets all GDPR requirements. No extra paperwork needed.

Your rights under the GDPR

As a data subject or as a business handling user data, you (and your users) have rights. We make it easy to act on them.

  • Right to access: Request what data we store
  • Right to rectification: Ask for corrections if something’s wrong
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Pause how your data is used
  • Right to data portability: Export your data
  • Right to object: Say no to certain types of processing
  • Right to lodge a complaint: With a supervisory authority

Want to use one of these rights? Just email us at [email protected]

Security & Internal Procedures

We apply technical and organizational measures to protect personal data, including:

  • Role-based access control
  • Working with need to know principle
  • Encryption at rest and in transit
  • Data breach procedure, data breach reporting
    • Early warning within 24 hours
    • Update within 72 hours
    • Final report within one month
  • Privacy impact assessments for new services
  • Quarterly internal audits

How we process data

Example use case 1:

Let’s say you’re building a SaaS platform and use Ormilon to host your application and store user data. You act as the data controller, and Ormilon acts as your processor. We make sure all infrastructure is compliant, and give you tools to respond to user data requests under the GDPR, fast, simple, and secure.

Example use case 2:

Let’s say you’re running an HR-tech platform that stores sensitive employee data for your clients. With Ormilon, your infrastructure is isolated, compliant, and equipped with privacy-first defaults, helping you meet strict data handling standards across the EU.

Example use case 3:

Let’s say you run an-EdTech platform that stores grades, progress data and session recordings for schools and training centres across Europe. You are the data controller; Ormilon is your processor.

Because Education & Analytics falls squarely inside our Ideal Customer Profile, every layer of the stack is already tuned for that reality:

  • Data-sovereign by default – all student records live in EU-only regions you select (NL or DE) and never cross borders, satisfying strict national rules around pupil information.
  • Privacy-first presets – encryption at rest and in transit, plus Bring-Your-Own-Key so you hold the master key.
  • Instant subject-access workflow – our self-service portal lets you export or delete an individual learner’s data in seconds, keeping GDPR requests from piling up.
  • Audit-ready logging – one-click reports prove compliance to school boards and regulators without extra scripting.

Result: you focus on better learning outcomes, while Ormilon guarantees the European compliance, performance and budget control your EdTech customers demand.

Where to Find More

Questions?

Still unsure about something? Want more details about GDPR-compliance?
We’re happy to help, just email us at [email protected].

Boost your performance!

Contact us now
Privacy Policy Cookie Policy Term of Service Disclaimer GDPR compliance DPA Legal Notice