EU Data Protection
Our customers entrust us with large amounts of sensitive information from various industries, including healthcare, financial services, government, and technology.
PracticalH helps customers maintain control of their privacy and data security in a myriad of ways:
- Data Security: We provide our customers' compliance with high-security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2, ISO 27001, ISO 27018), Distributed Denial of Service ("DDoS") mitigations, and a Support team that is on-call 24/7.
- Disclosure of Customer Service Data: PracticalHost Fze only discloses Service Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Trust: PracticalHost Fze, through its providers (Open Xchange, Rackspace, NameSilo, Enom, Amazon, and Hetzner Online AG, has developed security protections and control processes to help our customers ensure a secure environment for their information.
- Access Management: PracticalHost Fze provides advanced access and encryption features to help customers protect their information. We do not access or use customer content for any purpose other than providing, maintaining, and improving PracticalHost Fze services, as otherwise required by law.
What is Service Data?
Who owns and controls Service Data?
Who are PracticalHost Fze Provider's sub-processors?
How does PracticalHost Fze use Service Data?
What steps does PracticalHost Fze take to secure Service Data?
For example, PracticalHost Fzeservers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our Support team is on call 24/7 to respond to security alerts and events.
Where will Service Data be stored?
How does PracticalHost Fze Respond to Information Requests?
PracticalHost Fze does not disclose Service Data except as necessary to provide its services to its customers and comply with the law.
How does PracticalHost Fze respond to legal requests for Service Data?
Directive 95/46/EC established the Article 29 Working Party (“WP29”), comprised of representatives from the data protection authorities of all the EU Member States and the European Commission. WP29 works to harmonize the application of data protection rules throughout the EU and advises the EU Commission on the adequacy of data protection standards in non-EU countries.
How does the EU Directive apply to customers?
What are the "Model Clauses"?
Does PracticalHost Fze replicate the Service Data it stores?
Does Service Data hosted in the EU region ever leave that region?
If a company collects, transmits, hosts, or analyzes the personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. Our contractual commitments guarantee that customers can:
- Respond to requests from data subjects to correct, amend or delete personal data.
- Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
- Demonstrate their compliance with the GDPR as pertaining to PracticalHost Fze Services.
What is the GDPR?
To whom does the GDPR apply?
What implications does GDPR have for organizations processing the personal data of EU citizens?
How has PracticalHost Fze been preparing for the GDPR?
How can PracticalHost Fze customers prepare for GDPR enforcement?
- Geographical Application: The GDPR may apply to organizations established in the EU and specific organizations h are processing the personal data of EU citizens, depending on their activities.
- Rights of End-Users: Organizations should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and organizations should be able to accommodate those rights.
- Data Breach Notifications: Organizations that are controllers of personal data should have transparent processes in place organizations with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR. PracticalHost Fze will notify affected customers without undue delay if we become aware of a data breach of our services.
- Appointment of Data Protection Office" (“PO”): Customers may need to appoint DPOs to manage issues relating to the processing of personal data.
- Data Processing Agreement" (“PA”): Where personal data is transferred outside the EEA, a customer may need DPAs in place with its sub-processors to ensure adequate Cloud'sprotection for the transferred data. PracticalHost Fze DPA addresses GDPR and can be obtained by submitting a request to firstname.lastname@example.org.
- Data Protection Impact Assessment" (“D" IA”): DPIAs usually describe organizations' data processes and protective measures, particularly those that may be risky. For data processing activities, customers must conduct and file with authorities a DPIA.