The General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation (GDPR) has been implemented starting with May 25th, 2018, and the new regulations have all-around impact on organizations that collect and process data in the EU. On the most basic level, the GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
To be more specific, the GDPR regulates the processing of personal data about individuals in the EU including its collection, storage, transfer and/or use. It gives data subjects more rights and control over their data by regulating how companies handle and store the personal data they collect.
Here at CloudSwap.io, we are devoted to the security of your data and protecting the privacy of your clients. CloudSwap.io aims to develop its services using the Privacy by Design and Privacy by Default philosophies. This means we consider privacy and personal data protection around all parts of our product development lifecycle. Our services are designed to limit personal data collection by default, requiring you as a customer to explicitly enable features that collect more information. All personal data is stored in Microsoft Azure (Microsoft’s dedicated GDPR page can be checked here), meaning in the European Union. The customer portal is also hosted in the same location. Where possible, CloudSwap.io will perform processing activities and analysis on anonymized or pseudonymized data.
CloudSwap.io has customers who are both companies and individuals.We offer a product to companies that allows them to collect and analyze product feedback provided by individuals who may reside in the EU. In this case, through our contract with the company who is our customer, we are acting as a data processor. We collect, store, and retrieve data on their behalf and at their request. We also use our own product to collect, store, and retrieve data to analyze our own product. In this capacity, we are both a data controller and data processor, since the data processing is happening for our own purposes.
CloudSwap.io makes use of third party services in infrastructure, reporting, and analytics. It is our obligation to ensure that the processing of data on our behalf is also GDPR compliant. For the details of our third-party tools, please refer to the privacy page.
When acting in our role as a data processor, it is the obligation of the data controller (our customer, a company) to ensure that they have collected consent and made clear that personal data is being collected for the purposes served by the CloudSwap.io platform. When acting in our role as a data controller, it is our obligation to make sure that we have collected consent to allow us to store and use data for the purposes served by the CloudSwap.io platform. All details about the data we collect can be found on our Privacy page
CloudSwap.io is required to be in compliance with the GDPR law since we offer services to residents of the EU. In order to offer our service, we must collect data that can identify people. In addition to our obligation to follow the regulation, CloudSwap.io intends to follow best practices in privacy and protection of data. In accordance with the European General Data Protection Regulation (EU) 2016/679 (GDPR) you have a right of access, correction and removal of your personal data which you may exercise by contacting us. Your requests will be processed within 30 days. We may require that your request be accompanied by a photocopy of proof of identity or authority.
We will notify the owners of CloudSwap.io accounts within 48 hours of the discovery of a data breach. We will work with our customers to inform Data Subjects of the breach.
Enterprise customers who have custom DPAs can submit the DPA for review. Please contact us if this is the case.