EU DATA PROTECTION
Overview
Practical Cloud Ltd, A United Arab Emirates registered company that abides by UAE laws prioritizes customer trust. We know that customer data is important to our customers’ values and operations. That is why we keep it private and safe.
Our customers entrust us with large amounts of sensitive information from various industries, including healthcare, financial services, government, and technology.
Practical Cloud helps customers maintain control of their privacy and data security in a myriad of ways:
Our customers entrust us with large amounts of sensitive information from various industries, including healthcare, financial services, government, and technology.
Practical Cloud helps customers maintain control of their privacy and data security in a myriad of ways:
- Data Security: We provide our customers' compliance with high-security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2, ISO 27001, ISO 27018), Distributed Denial of Service ("DDoS") mitigations, and a Support team that is on-call 24/7.
- Disclosure of Customer Service Data: Practical Cloud only discloses Service Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Trust: Practical Cloud, through its providers (Rackspace, NameSilo, Enom, Amazon, and Hetzner Online AG, has developed security protections and control processes to help our customers ensure a secure environment for their information.
- Access Management: Practical Cloud provides advanced access and encryption features to help customers protect their information. We do not access or use customer content for any purpose other than providing, maintaining, and improving Practical Cloud services, as otherwise required by law.
What is Service Data?
Service Data is any personal information stored in or transmitted via Practical Cloud services by, or on behalf of, our customers and their end-users.
Who owns and controls Service Data?
From a privacy perspective, the customer is the controller of Service Data, and Practical Cloud and its suppliers are a processor. This means that throughout a customer subscribes to services with Practical Cloud, the customer retains ownership of and control over Service Data in its account.
Who are Practical Cloud's sub-processors?
Entity Name:RackspaceAmazon Web ServicesCodeGuardHetzner Online AGLiveDriveLevel 27 BVBANamesilo Inc.EnomName.comOnly Domains
Entity Type:Cloud Service ProviderCloud Service ProviderCloud Service ProviderCloud Service ProviderCloud Service ProviderCloud Service ProviderDomain RegistrarDomain RegistrarDomain RegistrarDomain Registrar
Entity Country:United StatesUnited StatesUnited StatesGermanyUKBelguimUnited StatesUnited StatesUnited StatesNew Zealand
How does Practical Cloud use Service Data?
We use Service Data to operate and improve our services, help customers access and use the services, respond to customer inquiries, and send communication-related to the services.
What steps does Practical Cloud take to secure Service Data?
Practical Cloud prioritizes data security and combines enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected.
For example, Practical Cloud servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our Support team is on call 24/7 to respond to security alerts and events.
For example, Practical Cloud servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our Support team is on call 24/7 to respond to security alerts and events.
Where will Service Data be stored?
Practical Cloud, through its sub-processors, has data centers in three central regions — the United States, Asia Pacific, and the European Union. The location depends on the type of service offered.
How does Practical Cloud Respond to Information Requests?
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal data to respond to subpoenas, court orders, or legal processes, establish or exercise our legal rights or defend against legal claims. We may also share such information with relevant law enforcement agencies or public authorities if we believe the same to be necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms and Conditions and Service Level Agreement, or as otherwise required by law.
EU Directive
The EU Data Protection Directive (also known as “Directive 95/46/EC“) addresses the processing of personal data and the free movement of such data. This Directive broadly sets out several data protection principles and requirements that must be adhered to when personal data is processed.
Directive 95/46/EC established the Article 29 Working Party (“WP29”), comprised of representatives from the data protection authorities of all the EU Member States and the European Commission. WP29 works to harmonize the application of data protection rules throughout the EU and advises the EU Commission on the adequacy of data protection standards in non-EU countries.
Directive 95/46/EC established the Article 29 Working Party (“WP29”), comprised of representatives from the data protection authorities of all the EU Member States and the European Commission. WP29 works to harmonize the application of data protection rules throughout the EU and advises the EU Commission on the adequacy of data protection standards in non-EU countries.
How does the EU Directive apply to customers?
Practical Cloud customers that collect and store personal data are considered data controllers under Directive 95/46/EC. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including Directive 95/46/EC and the GDPR as of May 25, 2018.
What are the "Model Clauses"?
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”), which provide a data controller with a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”).
Does Practical Cloud replicate the Service Data it stores?
Practical Cloud periodically replicates data for archival, backup, and audit logs. We use CodeGuard and Rackspace to store some information backed up, such as database information and attachment files.
Does Service Data hosted in the EU region ever leave that region?
Service and customer data like encrypted file storage, email, archiving, and backup is region-specific. We use different providers for different services. Data hosted in the EU region does not leave that region.
GDPR
Since our inception, Practical Cloud’s approach has been anchored with a solid commitment to privacy, security, compliance, and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.
If a company collects, transmits, hosts, or analyzes the personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. Our contractual commitments guarantee that customers can:
If a company collects, transmits, hosts, or analyzes the personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. Our contractual commitments guarantee that customers can:
- Respond to requests from data subjects to correct, amend or delete personal data.
- Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
- Demonstrate their compliance with the GDPR as pertaining to Practical Cloud’s Services.
Practical Cloud GDPR Product Readiness
The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over the uses of their personal information.
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation that will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
What implications does GDPR have for organizations processing the personal data of EU citizens?
One of the critical aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to continually demonstrate the security of the data they are processing and their compliance with GDPR by implementing and regularly reviewing robust technical and organizational measures and compliance policies.
How has Practical Cloud been preparing for the GDPR?
Practical Cloud will comply with the GDPR when it became enforceable in May 2018. Our privacy team is working with customers worldwide to answer their questions and help them prepare for using Practical Cloud’s Services after the GDPR becomes effective. Additionally, our privacy team reviews Practical Cloud’s current product features and practices to ensure we support our customers with their GDPR compliance requirements.
How can Practical Cloud customers prepare for GDPR enforcement?
Practical Cloud encourages customers to prepare for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance by May 2018. Data controllers are primarily responsible for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
- Geographical Application: The GDPR may apply to organizations established in the EU and specific organizations h are processing the personal data of EU citizens, depending on their activities.
- Rights of End-Users: Organizations should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and organizations should be able to accommodate those rights.
- Data Breach Notifications: Organizations that are controllers of personal data should have transparent processes in place organizations with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR. Practical Cloud will notify affected customers without undue delay if we become aware of a data breach of our services.
- Appointment of Data Protection Office" (“PO”): Customers may need to appoint DPOs to manage issues relating to the processing of personal data.
- Data Processing Agreement" (“PA”): Where personal data is transferred outside the EEA, a customer may need DPAs in place with its sub-processors to ensure adequate Cloud'sprotection for the transferred data. Practical Cloud’s DPA addresses GDPR and can be obtained by submitting a request to privacy@practicalhost.com.
- Data Protection Impact Assessment" (“D" IA”): DPIAs usually describe organizations' data processes and protective measures, particularly those that may be risky. For data processing activities, customers must conduct and file with authorities a DPIA.
Which Practical Cloud services and features can support customers compliance with the GDPR?
Customers can use Practical Cloud’s third-party ISO certifications and SOC 2 audit reports to help conduct risk assessments and determine whether appropriate technical and organizational measures are in place. For additional information, please get in touch with us at privacy@practicalhost.com.
Does Practical Cloud currently provide any product-specific Features/Functionality in its Support product to assist us with our GDPR compliance program?
Practical Cloud allows customers to delete Service Data containing personal data, such as profiles, tickets, images, and attachments, in active Practical Cloud Support accounts. Customers also have full access to delete cloud data, such as emails, archives, backups, databases, and website content.