Q&A on GDPR

• Where does Pleo store customer data?

Our servers are located in AWS eu-west-1 (Ireland) and locally backed up, but we also send important backups to a different region for safety. We call them secondary backups and they're located in eu-central-1 (Frankfurt).

• How long is data stored?

We will not process personal data for a longer period than is necessary, as per our Privacy Policy. To fulfil the regulatory requirements deriving from the AML Directive and the local Bookkeeping Laws, data is stored for at least 5 years from the end of the business relationship, according to local applicable laws. Any data which does not fall within the scope of mentioned legislations is deleted at the termination of the business relation and in accordance with Pleo Privacy Policy. The data retention obligations will differ within the Pleo Group subject to applicable local laws.

If you wish to object to any data processing, please send an email to [email protected].

• Which security measures are in place? 

To see the full list of Technical and Organizational measures introduced by Pleo, please refer to our Data Protection Agreement available on the website. For information only, please find below some of the security measures in place to ensure that customer (and employee) data is treated securely and in compliance with GDPR and any other relevant local legislation.  

-- ID documents that customers upload during verification are securely stored in AWS (s3) and are only accessible by Pleo’s Compliance team. This personal data is encrypted between the client and the server.

-- Pleo passes the highest level of PCI-DSS Examination every year and maintains a yearly Google Security Assessment.

-- In the event Pleo transfers data to a country outside of the EU/EEA - e.g the US - Pleo ensures that the transfer is done according to GDPR legislation. This includes entering into applicable Standard Contractual Clauses with the sub-processor, TIA assessment along with the implementation of technical measures to ensure the protection of Pleo customer data.

• How can I get a copy of the data that Pleo stores about me / my company?

To receive information on data stored or processed by Pleo on your behalf, please contact [email protected]. Be aware that for security purposes Pleo might require additional information to validate the truthfulness of the request received.

• Do you need further information or a supplier questionnaire?

You can always contact [email protected] for any questions on Pleo Privacy Policy. If your company requires Pleo to fill in a supplier compliance questionnaire, please contact [email protected] and we’ll be happy to help.