top of page

GDPR

Effective starting: 12 May 2025

 

GDPR at Drova

The European Union’s General Data Protection Regulation (GDPR) came into force on May 25, 2018, designed to safeguard the rights of EU citizens with regard to the collection, processing, and use of their personal data. The United Kingdom followed with its own UK GDPR, effective from January 1, 2021.

At Drova, we are committed to upholding not just the requirements but the spirit of these regulations. Privacy, transparency, and user control are foundational to how we operate and build technology — and we continuously evolve our approach to ensure we exceed global data protection standards.

 

Our Approach to GDPR

The protection of our customers’ personal and commercial data is a core priority at Drova. From regulatory changes like the invalidation of the EU-U.S. Privacy Shield to the introduction of new Standard Contractual Clauses (SCCs), we have remained proactive and adaptive.

We closely monitor global developments in data privacy to ensure that our systems and practices remain robust, secure, and aligned with best-in-class compliance protocols.

 

GDPR Principles at Drova

We operate in line with the core principles set out by the GDPR and UK GDPR. All personal data collected or processed by Drova is:

  • Processed lawfully, fairly, and transparently.
     

  • Collected for specific, explicit, and legitimate purposes.
     

  • Stored only as long as necessary for the stated purposes.
     

  • Protected by appropriate technical and organizational security measures.
     

  • Easily accessible, correctable, and deletable by the data subject upon request.
     

 

Designed with Privacy in Mind

Security and privacy have always been at the heart of how we develop our products and services at Drova. GDPR reaffirmed our commitment to “Privacy by Design” — a principle that is embedded in everything from onboarding flows to internal access controls.

We’ve taken additional steps across our teams to ensure full alignment with GDPR, including:

  • Streamlined user onboarding and consent mechanisms.
     

  • Clear processes for user access, correction, and deletion of personal data.
     

  • Regular reviews of our contracts and vendor relationships.
     

  • Continuous audits of systems and software involved in data processing.
     

 

Security & Compliance

Drova’s commitment to information security is supported by our compliance with industry standards, including ISO 27001 certification. 

We take a holistic, layered approach to data protection and continuously review and improve our practices. This includes:

  • Documented procedures for identifying, managing, and reporting data breaches.
     

  • A comprehensive internal training and governance framework.
     

  • Secure data architecture and encrypted data transfers across our platforms.
     

 

Data Hosting and Protection

All Drova data is securely hosted on infrastructure that meets global security benchmarks, including:

  • AES 256-bit encryption for data at rest.
     

  • HTTPS/SSL encryption for data in transit.
     

  • Fine-grained access controls and identity management.
     

  • Multi-tenant architecture for secure data segregation.
     

  • High system availability and failover readiness.
     

Our hosting providers maintain leading certifications such as:

  • ISO 27001
     

  • SOC 1, SOC 2, and SOC 3
     

  • PCI DSS
     

  • FIPS 140-2
     

  • FedRAMP and others
     

Additionally, Drova supports single sign-on (SSO) and multi-factor authentication (MFA) to further safeguard user access.

 

Need a DPA or Have Questions?

If you require a Data Protection Agreement (DPA), or if you would like to discuss how Drova meets GDPR requirements in more detail, please contact our Legal and Compliance team at: privacy@drova.com.

Subscribe to our newsletter

© 2024 Drova Pty Ltd. All rights reserved.

Privacy Policy

  • Instagram
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • TikTok
bottom of page