Legal Information

The General Data Protection Regulation (GDPR) is a European Union regulation that protects the personal data of individuals in the EU and EEA. It applies to any company, whether established in the EU or not, that processes personal data of individuals in the EU.

IDrive’s Commitment

IDrive^® is committed to protecting personal data and ensuring compliance with the GDPR and other global privacy laws. We maintain strong technical and organizational safeguards, hold ISO 27001 and SOC 2 certifications, and participate in the following international transfer frameworks:

• EU–U.S. Data Privacy Framework (DPF)
• UK Extension to the EU–U.S. DPF
• Swiss–U.S. DPF

Where the DPF is not available, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK Addendum.

How We Support GDPR Rights

We provide tools and processes that enable our customers to meet their GDPR obligations, including:

• Encryption of data in transit and at rest, with optional private key encryption
• Secure backup, versioning, and recovery features
• Options to delete or remove personal data upon request
• Notification of personal data breaches without undue delay
• A Data Processing Addendum (DPA) available to all customers

You can exercise your GDPR rights (access, deletion, correction, portability, restriction, or objection) at any time by contacting our support team or by submitting a request to privacy@idrive.com.

Roles and Responsibilities

• IDrive^® as Controller/Processor: IDrive^® acts as a Data Controller when it determines the purposes of processing (e.g., account management), and as a Data Processor when handling customer data under their instructions.
• Customer as Controller: If you are a Partner/Reseller, you remain the Data Controller of your end-user data. Our DPA ensures we process such data only on your instructions and in compliance with GDPR.

Related Resources

• Privacy Policy
• Data Processing Addendum
• EU–U.S. Data Privacy Framework Listing