Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Cloudamize Data Protection and GDPR

What service is Cloudamize delivering?

Cloudamize is a SAAS SaaS platform that companies use to collect metrics on Windows and Linux servers they are looking evaluating to migrate to the cloud.

Cloudamize does not collect any personal data within the metrics, rather it takes measurements of servers, such as what is the CPU in the server type and how much of the CPU it is usingused. Cloudamize then uses these measurements and metrics to make cloud migration recommendations on migration.

Cloudamize collects a small amount of personal data for registration purposes, which is outlined in detail in this document.

...

This is data relating to a person, which means they can be identified from the information. This is usually referred to as personal data or personally identifiable information (PII). Herein, this will be referred to as personal data.
This may be one individual source of data (e.g. an email address) or multiple sources of data combined (e.g. an email address with a company identifier and location).

What is confidential data?

...

Cloudamize relies on the lawful basis of the customer's consent, contractual necessity, and legitimate interest. - we We cannot obtain the data without the customer actively handing it over to us. It is also in both parties' legitimate interests, as we cannot provide the services without the data.

What is a Third third country, and under which circumstances will
data be transferred to a third country?

Under the GDPR, a Third third country is based outside the European Economic Area (EEA) and has not been granted adequacy status by the EU Commission. Adequacy status is where the EU Commission has deemed that the country provides data protection practices equivalent to those in the EU. A list of adequate countries can be found here.

...

Data will be stored in the US or , Germany, or UAE as per the customer's choice of AWS servers
closest to their location.

...

The data that Cloudamize collects will be accessible but by the individuals the customer authorizes within their organization. Additionally, only Cloudamize staff with a business need and who are in an approved group can access the data.

...

  • All Customer information and data collected for Cloudamize processes will be
    stored for 30 90 days after the completion of your project.

  • After the 3090-day hold, the data will be deleted.

  • Upon request, Cloudamize can confirm to the Customer that it has requested for
    AWS to delete all Customer Data.

  • For accounting and tax compliance purposes, Cloudreach will retain the customer name and some details of the engagement for up to a maximum of 10 years, as required by relevant legislation. The exact time frame will be dependent on the geographically applicable legislation. In most cases, this will be up to 6 years.
    o Access will be allocated on a need-to-know basis only, and the principle of least “least privilege” is applied.
    o No system data will be retained within this information.
    o Limited types of personal data retained for contractual reasons may include:
    > Name
    > Company address

...


III. PROCESS INFORMATION

  • Program information >

    • Executable name

    >
    • Vendor

    >
    • Other information such as product name, description, URL

    >
    • Process performance information

...

      • CPU usage

...

      • Memory usage

...

      • Disk usage

...

      • Network usage

...

      • Application-specific performance counters

IV. NETWORK BANDWIDTH INFORMATION

...