The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in the EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
For the last six months, we were actively working to make all parts of Cloud Linux Inc GDPR compliant.
- We have reviewed and adjusted our data collection and retention policies.
- We have signed DPA with all our vendors we use to provide you with our services. This includes payment processing services, ticketing system vendor, our outgoing and incoming mail system providers, as well as marketing services vendors we use.
- We don't sell or share your information with any 3rd party vendors that we don't use to provide you with services.
- Our ticketing system now requires a form submission for each server access, with a click-through binding agreement that includes data processing addendum. You can find a copy of the agreement here.
Why is this needed?
When accessing your servers, our support staff might need to run some of the scripts, or access the database for testing/debugging purposes, which might be considered as data sub-processing. As such, we decided it is necessary to establish an agreement that would cover our work on your servers.
For Imunify360, we collect visitors IPs as well as browser metadata and request headers and that can be considered personal information. If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum (DPA) in place with your qualifying vendors, we want to help make things easy for you.
Here is what you need to do:
- Download our GDPR-compliant DPA, which has been pre-signed on behalf of Cloud Linux Inc here.
- To complete the DPA, you should fill in the “Customer” information and sign on pages 7, 13, 15, and 19.
- We collect:
- Visitors IP address and browser headers, as well as some other metadata like browser fingerprints and screen resolution;
- Online property identification data, including domain, server IP, port, protocol and URI in case of HTTP/HTTPS;
- We might also collect HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis);
- If attack is detected, we will collect HTTP parameters without using one-way encryption. We will still encrypt it for the purpose of transferring it to our servers.