Q&A on GDPR

  • Where does Pleo store customer data?

Our servers are located in AWS eu-west-1 (Ireland) and locally backed up, but we also send important backups to a different region for safety. We call them secondary backups and they're located in eu-central-1 (Frankfurt).

  • How long is data stored?

We will not process personal data for a longer period than is necessary, as per our Privacy Policy. To fulfil the regulatory requirements deriving from the AML Directive and the local Bookkeeping Laws, data is stored for at least 5 years from the end of the business relationship, according to local applicable laws. Any data which does not fall within the scope of mentioned legislations is deleted at the termination of the business relation and in accordance with Pleo Privacy Policy. The data retention obligations will differ within the Pleo Group subject to applicable local laws.

If you wish to object to any data processing, please send an email to dpo@pleo.io.

  • Which security measures are in place? 

To see the full list of Technical and Organizational measures introduced by Pleo, please refer to our Data Protection Agreement available on the website. For information only, please find below some of the security measures in place to ensure that customer (and employee) data is treated securely and in compliance with GDPR and any other relevant local legislation.  

-- ID documents that customers upload during verification are securely stored in AWS (s3) and are only accessible by Pleo’s Compliance team. This personal data is encrypted between the client and the server.

-- Pleo passes the highest level of PCI-DSS Examination every year and maintains a yearly Google Security Assessment.

-- In the event Pleo transfers data to a country outside of the EU/EEA - e.g the US - Pleo ensures that the transfer is done according to GDPR legislation. This includes entering into applicable Standard Contractual Clauses with the sub-processor, TIA assessment along with the implementation of technical measures to ensure the protection of Pleo customer data.

  • How can I get a copy of the data that Pleo stores about me / my company?

To receive information on data stored or processed by Pleo on your behalf, please contact dpo@pleo.ioBe aware that for security purposes Pleo might require additional information to validate the truthfulness of the request received.

  • Do you need further information or a supplier questionnaire?

You can always contact legal@pleo.io for any questions on Pleo Privacy Policy. If your company requires Pleo to fill in a supplier compliance questionnaire, please contact legal@pleo.io and we’ll be happy to help.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article

Need more help? Contact us.

Chat with us if you have an Essential or Advanced plan, otherwise send us an email!