General Data Protection Regulation (GDPR)
This page is specifically about the European Union's General Data Protection Regulation (GDPR).
Cloud Ctrl's GDPR compliance
The European Union's General Data Protection Regulation (GDPR) approved and adopted by the EU Parliament in April 2016 aims primarily to give control back to EU citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying the regulation within the EU.
As the GDPR came into effect on the 25th of May 2018, all companies processing and storing the personal data of subjects residing in the EU must comply with it, regardless of their location.
Cloud Ctrl and GDPR
Cloud Ctrl is able to comply with the European Union's General Data Protection Regulation (GDPR). A priority at Cloud Ctrl is the security of our customers' data. We have followed the EU's transition to the GDPR and continue to take important strides in the area of data protection, many which are applicable under the GDPR.
We are here to help
We can provide further details about categories of data, assistance in facilitating deletion of data subjects, and discuss the impact of such deletions. We are also introducing features into the Cloud Ctrl application to help you meet requirements defined by the GDPR.
We value our customers and take all reasonable steps to protect their privacy. We follow up to date industry standards in securing infrastructure and how it relates to application code.
If a data breach does occur, Cloud Ctrl is ready to respond in accordance with the GDPR.
Cloud Ctrl will respond in accordance with rights granted by the GDPR when we receive a request to provide or delete a data subject's Personally Identifiable Information (PII).
Billing, cloudctrl.com.au, and GDPR
Cloud Ctrl stores PII on infrastructure we control and on 3rd Party systems for billing purposes. This includes starting a free trial without providing payment details. That data is comprised of:
a Technical Contact (name, email); and
a Billing Contact (name, email, address).
Entity / Platform
In addition to the general purpose and identification of data set out above, sub-processors rendering services such as cloud services may also collect technical and behavioral data, such as internet protocol addresses, device identifiers, times of connection, etc., including as part of the inherent nature of supplying such services.
GDPR and Cloud Ctrl
Data Subjects and PII
The PII stored by Cloud Ctrl is limited to data about the users (data subjects):
Data related to 3rd party Single Sign On (SSO) services
Behavioural data, through the audit log actions, including the time performed by data subjects exists and maps directly to the other PII they have supplied
PII not stored by Cloud Ctrl:
Profile pictures may be displayed in the web portal, these are not stored by Cloud Ctrl. This feature uses an external service called Gravatar which stores the data subject's email address and profile photo on the data subject's behalf.
The Cloud Ctrl product enables your users to write and execute custom code (Actions). Cloud Ctrl does not take any responsibility for PII recorded by custom code. You are solely responsible for the PII recorded by custom code.
Entity / Platform
Cloud Ctrl Support and GDPR
When a customer contacts Cloud Ctrl they can optionally use any of the following services:
Entity / Platform
Frequently Asked Questions FAQ
Where can I access my data?
Please contact us and we will assist in determining which systems house your data.
How can I change or erase data about me?
Please contact us and we will assist in making changes or deletions.
Cloud Ctrl and the invalidation of the EU-US Privacy Shield?
Cloud Ctrl was not and is not a registered EU-US or Swiss-US Privacy Shield participant, as such the recent EU court decisions haven't changed the way that we operate and treat your data.
We are here to help, if you have any questions about this or you want to access, correct, or request that we delete your personal data email us directly.