The General Data Protection Regulation (GDPR) is a new EU-based privacy and data protection law that came into effect on the 25th May, 2018. The law strengthens and unifies existing EU data privacy laws and provides sweeping new protections for individuals within the European Union and the European Economic Area (encompassing some countries, such as Switzerland for example, which aren’t part of the EU).
The GDPR aims primarily to give citizens and residents control over their personal data, and to simplify the regulatory environment for international business by unifying the data protection legislation across the EU.
The text of the GDPR defines Personal Data as:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
For practical reasons, we are defining two levels of personal data within phoenixNAP. Tier-1 data is considered personal in and of itself. Tier-2 data is considered personal when it is stored in conjunction with (combined, or alongside) tier-1 data.
Tier-1 personal data (i.e. data that can/should be considered to be personal all by itself) includes:
- First and Last Name
- National ID / Passport Number / Driver’s License
- National Insurance Number / Social Security Number / Tax Number
- Personal E-Mail Address
- Landline Number / Mobile Number
- Bank Account Number / Credit Card Number / BIC / SWIFT
Tier-2 personal data items are probably too numerous to list (since they will grow over time as technology expands its reach) but I’ll drop a few to give an idea of what we’re talking about:
- IP Addresses
- MAC Address
- Web Cookies
- Session Data (including Session ID’s)
- RFID Data (i.e. Tags)
- Audit Trail / Logs (that may contain one or more of the above mentioned Tier-2 data within them)
- Location / GPS data
- Personal Address (Includes home address and/or billing address - Address Line 1, Address Line 2, Apartment Number, City/Town Name, Post Code, Country)
Absolutely. Privacy, data protection, and data security are three of the core principals phoenixNAP follows when dealing with any data, especially the personal kind.
PhoenixNAP ensures that, at every point throughout your relationship with us, we are as transparent as possible with how we store and processes your personal data.
As an organization, one of our foundational principles was to only process personal data for the purposes for which it was collected.
If your data was collected as part of a marketing campaign/initiative, then we will only use that data for the purposes of that campaign/initiative and for nothing else. If, on the other hand, your data was collected as part of a contractual/services relationship then that is the sole purpose for which it will be used (although, there will be some ‘marketing-style’ communications that will occur from time to time – but they will only be related to the service itself).
Our marketing teams share data with our marketing partners (HubSpot, Google AdSense & SalesForce.com), but only for specific campaigns. Data is not shared between campaigns and you will never receive marketing messages for which you did not provide us with explicit consent to send you.
The simple answer is – we’ll do it for you.
If your data was provided to phoenixNAP as part of a contractual agreement, then that data cannot be considered personal in nature (since phoenixNAP is a B2B services organization). However, if you feel that you have adequate grounds to have your data deleted then please feel free to contact our Data Protection Officer (see below).
If you have provided us with data specifically for sales and marketing purposes, then a simple request to us will result in immediate deletion of your personal data. Essentially, we will only use your data whilst we have your permission to do so. When you revoke that permission, we will immediately delete that data since there is no longer any reason to hold it.
Yes, it does. Our DPO will work within the organization and with its various department heads to ensure that phoenixNAP complies with data privacy laws, uses data protection as a business enabler, addresses data privacy requirements early on in new technologies, and manages reputational risk that can arise from data protection mistakes.
All GDPR queries can be directed to our DPO email address (firstname.lastname@example.org).