CloudCC Inc. is compliant with GDPR
Last Updated: May 25, 2018
What is GDPR?
The European Union’s General Data Protections Regulation is a privacy and data protection law that protects the data and privacy of EU citizens. The GDPR holds companies accountable for the user data they collect and process. It gives EU residents greater control over their personal data.
· Enforcement of the GDPR began May 25th, 2018. The GDPR applies to any organization operating globally and not just EU-based companies and EU residents. Non-compliance can result in hefty fines.
·The following information is provided to help you understand the basics of the GDPR as well as CloudCC’s compliance with the GDPR.
What is personal data?
Any data related to an identifiable person. GDPR covers a wide spectrum of information that can be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.
Does the GDPR apply to me?
The GDPR applies to any organization that is organized in the EU and any organization that processes personal data of EU citizens.
Organizations are classified as processors or controllers of personal data. Organizations that determine the purpose of the storage or processing of personal information are considered controllers. Organizations that store or process personal data on behalf of another organization are considered processors. Some organizations may be both.
When it comes to the personal information I input into CloudCC, is my organization a controller or processor?
Because you control and manage the data you enter into the CloudCC platform, you are the controller for that data. You decide how that data is used, how long to keep it, how often to update it, etc.
What does CloudCC do as the data processor?
The people you store in CloudCC as Contacts are your data subjects, and you are considered the data controller for this personal data.
Using the CloudCC platform to manage your customers means that you have engaged CloudCC as a data processor to carry out certain processing activities on your behalf. According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This is where our Terms of Service and Privacy Policy come in. These two documents also serve as your data processing contract, setting out the instructions that you are giving to CloudCC with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. CloudCC will only process your customer data based on your instructions as the data controller.
We have been fully compliant since May 25th, 2018?
Since May 25th, 2018, our Terms of Service and Privacy Policy are constantly being revised to increase transparency and to make sure the documents meet GDPR requirements.
The information above is provided to help you understand CloudCC’s role as processor of your data, the rights of your users, and the responsibilities you hold as a controller of their data. It is not comprehensive and is not legal advice.