Cloudamize Data Protection and GDPR
What service is Cloudamize delivering?
What is personal data?
What is confidential data?
What personal data does Cloudamize collect?
What other data is collected/processed?
What lawful basis under GDPR is Cloudamize relying upon to collect the
data?
What is a Third country, and under which circumstances will data be
transferred to a third country?
In what locations will the data be stored?
Who will access the data within Cloudamize?
How long will the data be retained?
SCHEDULE 1
Data Collected by Cloudamize Agents
I. SYSTEM INFORMATION
II. SYSTEM PERFORMANCE INFORMATION
III. PROCESS INFORMATION
IV. NETWORK BANDWIDTH INFORMATION
What service is Cloudamize delivering?
Cloudamize is a SAAS platform that companies use to collect metrics on Windows
and Linux servers they are looking to migrate to a cloud. Cloudamize does not collect
any personal data within the metrics, rather it takes measurements of servers such
as what is the CPU in the server and how much of the CPU is it using. Cloudamize
then uses these measurements and metrics to make recommendations on
migration. Cloudamize collects a small amount of personal data for registration
purposes, which is outlined in detail in this document.
What is personal data?
This is data relating to a person that means they can be identified from the
information. This is usually referred to as personal data or personally identifiable
information (PII). Herein, this will be referred to as personal data. .
This may be one individual source of data (e.g. an email address), or multiple sources
of data combined (e.g. an email address with a company identifier and location).
What is confidential data?
Confidential data may contain personal data, however it can also be data that does
not lead to the identification of a person. E.g. Business confidential information such
as system identification and performance information, MAC addresses etc.
What personal data does Cloudamize collect?
Cloudamize collects only the personal data about its customers necessary to provide
its services. Any personal data collected will be given to Cloudamize directly by the
customer, and will only be requested for the relevant personnel accessing the
services..
Types of personal data collected as part of the registration process to use the
Cloudamize Software:
● Name
● Phone number
● Email address
In cases where personal data is passed to Cloudamize that was not intended to be
passed by the customer, it is the intention of Cloudamize to destroy this data as soon
as it’s identified.
What other data is collected/processed?
See “Data Collected by Cloudamize Agents” attached in Schedule 1. Data is collected
either directly or via one of the APIs provided as part of the Cloudamize Software.
What lawful basis under GDPR is Cloudamize relying upon to
collect the data?
Cloudamize relies on the lawful basis of the customer's consent, contractual
necessity and legitimate interest. - we cannot obtain the data without the customer
actively handing it over to us. It is also in both parties legitimate interests, as we
cannot provide the services without the data.
What is a Third country, and under which circumstances will
data be transferred to a Third country?
Under the GDPR, a Third country is that which is based outside of the European
Economic Area (EEA), and has not been granted adequacy status by the EU
Commission. Adequacy status is where the EU Commission has deemed that the
country provides data protection practices equivalent to those in the EU. A list of
adequate countries can be found here.
Cloudamize will only share data with third parties where the engagement is
sponsored by a Cloud Services Provider (CSP). Cloudamize ensures valid data transfer
mechanisms (such as Standard Contractual Clauses) are in place with all CSP’s,
safeguarding customer data where it is transferred to a Third country. Cloudamize
does not utilise any third party tooling to deliver its services.
In what locations will the data be stored?
Data will be stored in the US or Germany as per the customers choice of AWS servers
closest to their location.
Who will access the data within Cloudamize?
The data that Cloudamize collects will be accessible but the individuals the customer
authorizes within their organization. Additionally only Cloudamize staff with a
business need and who are in an approved group can access the data.
How long will the data be retained?
Cloudamize offboarding processes ensure the following:
● All Customer information and data collected for Cloudamize processes will be
stored for 30 days after the completion of your project.
● After the 30 days hold the data will be deleted
● Upon request Cloudamize can confirm to Customer that it has requested for
AWS to delete all Customer Data.
● For accounting and tax compliance purposes, Cloudreach will retain the
customer name and some details of the engagement for up to a maximum of
10 years, as required by relevant legislation. The exact time frame will be
dependent on the geographically applicable legislation. In most cases, this
will be up to 6 years.
○ Access will be allocated on a need to know basis only, and the privilege
principle of least principle privilege” is applied.
○ No system data will be retained within this information.
○ Limited types of personal data retained for contractual reasons may
include:
■ Name
■ Company address
SCHEDULE 1
Data Collected by Cloudamize Agents
I. SYSTEM INFORMATION
● Processor, e.g., "Intel(R) Xeon(R) CPU X5482 @ 3.20GHz"
● Other details about the processor such as processor clock rate, processor
family and processor number of cores, memory
● System board vendor and model, e.g., system vendor="Acer" system
model="Aspire S7-392"
● Operating system, e.g., Microsoft Windows [Version 6.2.9200]
● System identification information
o DNS host name, e.g., WIN-C3N2VD185F8
o System domain, e.g., WORKGROUP
o System name, e.g., WIN-C3N2VD185F8
o System workgroup, e.g., WORKGROUP
o System part of domain, e.g., False
o VM Name
o MAC address(es)
o IP address(es)
o NIC type, e.g., Ethernet, Intel(R) 82574L Gigabit Network Connection
o System status
▪ Last shutdown time
▪ Last boot up time
▪ Disk drives
▪ Interface type
▪ Manufacturer
▪ Serial number
▪ Description
▪ Disk name
II. SYSTEM PERFORMANCE INFORMATION
● CPU usage
● Memory usage
● Disk operations
● Network usage
● Cache usage
III. PROCESS INFORMATION
● Program information
o Executable name
o Vendor
o Other information such as product name, description, URL
o Process performance information
▪ CPU usage
▪ Memory usage
▪ Disk usage
▪ Network usage
▪ Application specific performance counters
...