Cloudamize Data Protection and GDPR
What service is Cloudamize delivering?What is personal data?
What is confidential data?
What personal data does
Cloudamize collect?
What other data is collected/processed?
What lawful basis under GDPR is Cloudamize relying upon to collect the
data?
What is a Third country, and under which circumstances will data be
transferred to a Third country?
In what locations will the data be stored?
Who will access the data within Cloudamize?
How long will the data be retained?
SCHEDULE
Data Collected by Cloudamize Agents
I. SYSTEM INFORMATION
II. SYSTEM PERFORMANCE INFORMATION
III. PROCESS INFORMATION
IV. NETWORK BANDWIDTH INFORMATION
What service is Cloudamize delivering?
Cloudamize is a SAAS platform that companies use to collect metrics on Windows and Linux servers they are looking to migrate to the cloud.
...
This is data relating to a person, which means they can be identified from the information. This is usually referred to as personal data or personally identifiable information (PII). Herein, this will be referred to as personal data.
This may be one individual source of data (e.g. an email address) or multiple sources of data combined (e.g. an email address with a company identifier and location)
...
Confidential data may contain personal data, however. However, it can also be data that does
not lead to the identification of a person.
...
Cloudamize collects only the personal data about its customers necessary to provide its services. Any personal data collected will be given to Cloudamize directly by the customer and will only be requested for by the relevant personnel accessing the services.
...
Cloudamize relies on the lawful basis of the customer's consent, contractual necessity, and legitimate interest. - we cannot obtain the data without the customer actively handing it over to us. It is also in both parties' legitimate interests, as we cannot provide the services without the data.
What is a Third country, and under which circumstances will
data be transferred to a Third third country?
Under the GDPR, a Third country is based outside of the European Economic Area (EEA) , and has not been granted adequacy status by the EU Commission. Adequacy status is where the EU Commission has deemed that the country provides data protection practices equivalent to those in the EU. A list of adequate countries can be found here.
Cloudamize will only share data with third parties where the engagement is sponsored by a Cloud Services Provider (CSP). Cloudamize ensures valid data transfer mechanisms (such as Standard Contractual Clauses) are in place with all CSP’sCSPs, safeguarding customer data where it is transferred to a Third third country. Cloudamize does not utilise utilize any third-party tooling to deliver its services.
...
Data will be stored in the US or Germany, or UAE as per the customers customer's choice of AWS servers
closest to their location.
...
Cloudamize offboarding processes ensure the following:
● All Customer information and data collected for Cloudamize processes will be
stored for 30 days after the completion of your project.
● After the 30-day hold, the data will be deleted
● Upon request, Cloudamize can confirm to the Customer that it has requested for
AWS to delete all Customer Data.
● For accounting and tax compliance purposes, Cloudreach will retain the customer name and some details of the engagement for up to a maximum of 10 years, as required by relevant legislation. The exact time frame will be dependent on the geographically applicable legislation. In most cases, this will be up to 6 years.
o Access will be allocated on a need-to-know basis only, and the principle of least privilege” is
...
▪ Memory usage
▪ Disk usage
▪ Network usage
▪ Application-specific performance counters
...