In May 2016, the General Data Protection Regulation (GDPR), was announced. In Dutch, this law is called the General Data Protection Regulation (GDPR). All organizations processing personal data were then given two years to comply with this new regulation. BasicCloud also complies with the GDPR . This is because we also process personal data of our customers.
What is the role of BasicCloud?
The GDPR has two types of processors of personal data: the controller and the processor. BasicCloud is active in both roles:
- Processor responsible: BasicCloud is responsible for the personal data you share when you purchase a product, so we can stay in touch with you, facilitate your payments, etc. In this case, we are responsible for securing your personal data and ensuring your privacy. For this purpose, we have drawn up a privacy and cookie statement.
- Processor: BasicCloud is a processor for the data you share with us in our products, for example through web hosting and email. For these services, you are the processor responsible. This means that you are responsible for the data that visitors to your website leave behind in a contact form and other personal data that your customers leave with you. As a processor responsible, you are required to make agreements with all processors with whom you work. More on this below.
Agreements with BasicCloud as a processor
Several customers have approached us about entering into a separate processor agreement. As you can imagine, with having a large number of customers, this is not a viable option. We have therefore chosen to add an annex to our general terms and conditions in which we have set out clear agreements on this subject. When you purchase your product, you agree to our terms and conditions. With that, you give consent and that is sufficient as a processor agreement.
Does BasicCloud itself work with third parties?
BasicCloud is the processor responsible for personal data you leave with us when you purchase a product. To be able to deliver those products, we sometimes cooperate with other organizations. For example, when purchasing a domain name, where the issuing authority decides on the allocation of a domain name. Think of the SIDN for .nl domain names. These third parties are then (sub) processors of your data. (Sub) processors must at least fulfill the same obligations as those imposed on BasicCloud. BasicCloud makes proper arrangements with them and keeps an eye on this.
What should I do as an organization myself with the GDPR ?
Whether you are a self-employed person, have a business or are on the soccer team, every organization that works with personal data must comply with the rules of the AVG. Personal data is data that can be traced (directly or indirectly) to a specific individual, for example: Name and address details, business contact details, age, gender, bank details, as well as photos, video footage and IP addresses. The new privacy laws not only address digital data, but also data on paper.