Skip to main content

General Data Protection Regulation (GDPR)

Overview

ChargeOver is classified by the GDPR as a data processor. As a customer or merchant utilizing ChargeOver, generally you are classified as the data controller.

As a data controller, you are subject for meeting the data controller requirements set forth in the GDPR.

ChargeOver compliance with GDPR requirements

  • ChargeOver internally monitors a list of GDPR-required lawful-basis reasons for collecting data
  • ChargeOver will take necessary steps to keep personal data safe, secure, and private
  • ChargeOver will disclose all sub-processors and data partners
  • ChargeOver keeps compliance records and audit logs
  • ChargeOver will notify you in the event of a data breach
  • ChargeOver will notify you if our sub-processors change
  • ChargeOver provides a process for right-to-access and right-to-erasure requests

Data processing addendum

ChargeOver maintains a GDPR-compliant Data Processing Addendum. You can find our DPA here.

Privacy policy

You can review our privacy policy and information on what data we collect [here](https://chargeover.com/privacy-policy](http://chargeover.com/privacy-policy).

Sub-processors

ChargeOver maintains a list of sub-processors.

Integration partners

You can optionally connect ChargeOver to the following services. Data is not shared with these partners unless you connect one of their integrations to your ChargeOver account.

Please note this list is subject to change and may not be complete. As the data controller, you are responsible for detailing GDPR compliance for any external service or integration you connect to ChargeOver.

ChargeOver maintains a list of integration partners.