General Data Protection Regulation (GDPR)

Overview

Chi Networks provides cloud infrastructure services, managed services, and business continuity solutions to help businesses deploy and secure their applications, websites, databases, and more on the cloud, enabling them to be more agile. Often, these services entail that Chi Networks servers receive and store “personal data” as defined in EU data protection laws.

Chi Networks customers may use our services to store, transmit, encrypt, decrypt, modify, process, and otherwise manipulate and/or transmit this personal data as they see fit. Chi Networks provides the infrastructure for businesses to build on, but we does not control how our infrastructure is used specifically, thus there are a wide range of applications and ways that personal data may be processed on top of the Chi Networks platform.

European Union’s (EU) Data Processing laws

Although Chi Networks is a US based company, Chi Networks complies with EU Data Processing laws including:

  • As of 18 May 2017 the Data Protection Directive
  • As from 25 May 2018 replaced by the GDPR

Processing operations and role

With EU privacy laws, there are two categories of personal data:

  • In most cases, Chi Networks only stores, transmits or manages data for its customers at the direction of it’s customers. In these circumstances, Chi Networks is simply a processor of customer data.
  • Chi Networks collects and stores detailed contact information, payment information, communication records, and other information for the purposes of billing its customers and providing services, verifying the identity of customers over the telephone or email, marketing, and more. In these cases, Chi Networks is a controller of its own customer data. For customer data that Chi Networks stores for the purposes of account management, Chi Networks does not release, sell or otherwise share any personal data for any of its Customers for any reason whatsoever.

Roles and Responsibilities

  • Access: Customer manages who has access to systems; Chi Networks provides tools and general network and physical level security
  • Storage: Customer decides what to store and where; Chi Networks provides the system where the data will reside.
  • Transmission: Customer makes content and data available on the internet; Chi Networks provides network connectivity for this content to be accessed remotely by users
  • Security: Chi Networks implements standard up-to-date security measures to secure the environment and connections; Chi Networks can deliver additional and/or alternative measures upon customer’s request Customer decides what security measures are implemented within the environment and what passwords are used to protect it; Chi Networks can provide assistance wherever necessary.
  • Disclosure: Chi Networks will not disclose any data unless required by law or a binding judicial order.
  • Compliance with other elements of data protection laws, such as data subject rights, data breaches, data protection impact assessment, prior consultation: Chi Networks can provide assistance upon customer’s request

Is the GDPR Applicable?

The GDPR applies to Chi Networks’ processing activities for its customers if

  • The customer uses Chi Networks’ services in the context of its activities of its establishments in the EU
  • The customer uses Chi Networks’ services of Chi Networks’ establishment in the EU (in Amsterdam, the Netherlands); or
  • The customer uses Chi Networks’ services for:
    • Offering goods or services to data subjects in the EU; or
    • Monitoring the behavior of data subjects in the EU
    • In this respect, we request our customers to inform us when they intend to use our services in the context of any EU establishment
      or if they otherwise feel that the GDPR is applicable to the processing of their data.
    • Note that for the personal data we process for our own purposes and for which we would be the controller, the GDPR only applies to the extent that:
  • The processing occurs in the context of the activities of the Chi Networks establishment in the EU (Amsterdam, the Netherlands)
  • The processing relates to:
    • Offering goods or services directly to data subjects in the EU; or
    • The monitoring of the behavior of data subjects in the EU.

GDPR compliance

To ensure GDPR compliance Chi Networks undertakes the following

  • Chi Networks enters into data processing agreements with its customers if the GDPR applies to the processing of their data
  • Chi Networks enters into sub-processing agreements with its providers if necessary
  • Chi Networks implements up-to-date security measures, performs regular audits, and is willing to implement additional measures upon customer’s request.
  • In areas applicable to GDPR, Chi Networks offers its customers assistance with security, rights of data subjects, data breaches, data protection impact assessment, prior consultation and other elements of the GDPR.