hostedexchange_header

Data Privacy Is Your Right.
We Comply With All Our Might.

General Data Protection Regulation

Apps4Rent has created this privacy statement to show our commitment to our customers concerning their online privacy and security. We want to stress that at no point in our relationship with you, will your information ever be sold or shared with any external company.

Data protection is very crucial to us. At Apps4Rent, we believe that individual privacy and personal data should always be protected and we’re strong advocates of it.

What is GDPR?

GDPR (General Data Protection Regulation) is an European privacy law which imposes new rules on companies, government agencies, non-profits and other organizations offering services to people in the EU.

This is also applicable to companies that collect and analyze data tied to EU residents. Unlike previous laws (which would only be applicable within EU), GDPR applies to every company regardless of its location in the world.

The GDPR law has been hailed as a new milestone and is considered as an important step in protecting individual privacy rights.
This new law replaces the current 1995 EU Data Protection Directive.

From when do companies need to follow the GDPR rules?

There has been a two-year transition period. GDPR come into effect on May 25, 2018.

What are the core aspects covered in GDPR?

GDPR gives individuals more control over the data as they can decide how their personal data can be used. This helps in improving transparency. Here are a few core aspects covered in GDPR:

  •  Users have right to access, delete and export personal data. They can object to processing of the personal data.
  •  It is the responsibility of the companies and organizations to protect personal data. They need to notify right people in case of breaches. Companies and organizations must take appropriate consent for processing personal data.
  •  To increase transparency, organizations need to provide clear notice of data collection as its usage.

Who are processors and controllers?

The personal data is very private. Therefore, it belongs to individuals. They are the controllers on how their data can be used further by organizations. The processors are the ones who stores and processes the data, after obtaining the necessary permissions from the controller.

  •  You (as a customer) own your data. Therefore, you are the controllers of data.
  •  We (as an organization) store your data. Therefore, we are the processors of data.

Under the GDPR law, controllers (You) must only use processor (Apps4Rent) that are compliant with the GDPR requirements.

What are the duties of processor?

GDPR applies to controllers as well as processors. Processors cannot act on their own with regards to personal data. They need to have clear instructions for the way personal data should be processed.

Where can I find more information about GDPR?

To know more on GDPR, see: http://ec.europa.eu/info/law/law-topic/data-protection_en

Does Apps4Rent make commitments to its customers regarding GDPR?

Yes. Typically, a cloud hosting company like Apps4Rent is processor and customers using Apps4Rent services are controllers. GDPR requirements and commitments must come from both the parties: the processors as well as the controllers.

What key GDPR requirements does Apps4Rent meet?

Apps4Rent’s GDPR Term covers and is committed to the following:

  •  All the customer data remains with us. Apps4Rent does not use any sub-processors. All data for all services provided by Apps4Rent is stored in Apps4Rents SSA16 Type II certified datacenters. Besides, in some rare cases as Microsoft Partner we may need to escalate issues to Microsoft Support. In such cases, we take consent from the controller and remain liable for sub-processors. We only use sub-processors who themselves meet key commitments for GDPR.
  •  Apps4Rent process personal data only on instructions from the controller. However, Apps4Rent’s liability is limited only when controller instructs Apps4Rent.
  •  Apps4Rent ensures that its employees who have access to personal data or sensitive information are committed to confidentiality.
  •  Inform customer of breach once detected within 72 hours. We have always had a policy of informing account owners of possible breaches once identified within 72 hours of breach. Besides, we would work with the controller to help remedy the breach.
  •  Delete personal data at the end of services.

While, we meet key aspects of GDPR-Controllers (our customers) should have an effective data governance program in place. This is more so as the onus of compliance is on customers (controller) too. Some critical aspects which our customers may want to check.

  •  How data is structured and stored in our environment?
  •  What kind of permissions your users have to personal information within your own organization?
  •  How your user store username and passwords for the systems and potential misuse/leak from user’s side?

I am storing my data with Apps4Rent. Am I still bound by GDPR?

Yes. Anyone who owns or controls personal data of EU citizens must adhere to GDPR, irrespective of the location where data is stored. Similarly, Apps4Rent too must adhere to GDPR as it is applicable to every processor that stores/processes the personal data of EU citizens.