The General Data Protection Regulation (GDPR) aims to strengthen and unify data protection within the EU. As such, GDPR aims primarily to give control over your own personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. See more here.

  • Personal data collected needs to be processed in a fair, legal, and transparent way. It should only be used in way that a person would reasonably expect.
  • Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes.
  • Organizations must specify why they need the personal data when they collect it.
  • Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
  • EU citizens have the right to access their personal data. This also includes requesting a copy of data, and that data can be updated, deleted, restricted, or moved to another organisation.
  • All personal data needs to be kept safe and secure .
  • Companies undertaking certain types of activities must appoint a data protection officer.

Data Processed by ONDO

ONDO collects names and emails of our newsletter subscribers, name and email of leads submitted via the demo form on, as well as log in information. ONDO does not allow collection or processing of data not relevant to our products or services. As such, ONDO does not collect nor process personal data on race, religion, political opinions, health data, etc.


We will not collect nor expose unnecessary product data for your organisation. Our data collection approach ensures that we only enrich data when needed for our product development. 

Data Breach Procedures

Any employee of ONDO who knows of, or suspects of a data breach, will report immediately to the CTO (Ivan Dragoev) and CEO (Ilia Iordanov).

ONDO takes any data breach seriously. If we ever should experience a data breach, we have a defined process in place ensuring we learn from our mistakes after having closed the breach as highest priority.

Third-Party Providers

We do not allow any GDRP related data to be managed, processed or stored by third party providers, before undergoing evaluation.