background image

GDPR compliance when using StellarDS.io services

The European Union’s General Data Protection Regulation (GDPR) protects European Union (EU) individuals’ fundamental right to privacy and the protection of personal data. The GDPR includes robust requirements that raise and harmonize standards for data protection, security, and compliance. StellarDS.io customers can use the StellarDS.io service to process personal data (as defined in the GDPR) that is uploaded to the StellarDS.io cloud data storage service under their StellarDS.io accounts (customer data) in compliance with the GDPR.

StellarDS.io as Both Data Processor and Data Controller Under GDPR.

StellarDS.io operates under the General Data Protection Regulation (GDPR) as both a data processor and a data controller, depending on the context of the data processing activities. Please see the Data Processing Agreement (DPA) for information.

StellarDS.io as a Data Processor

When customers use StellarDS.io services to process personal data within the content they upload, StellarDS.io acts as a data processor. Customers can leverage the controls available in StellarDS.io services, including security configuration options, for handling personal data. In this scenario, the customer may function as a data controller or data processor, while StellarDS.io acts as a data processor or sub-processor. StellarDS.io provides a GDPR-compliant Data Processing Addendum (DPA) that outlines our commitments as a data processor. The DPA, which includes Standard Contractual Clauses, is part of the StellarDS.io Service Terms and is automatically available to all customers who need it for GDPR compliance.

StellarDS.io as a Data Controller

StellarDS.io acts as a data controller when it collects personal data and determines the purposes and means of processing that data. For example, when StellarDS.io stores account information (such as email addresses provided during account registration) for account management, service access, or contact information for customer support, it operates as a data controller.

GDPR Compliance at StellarDS.io

At StellarDS.io, we are committed to protecting and respecting your privacy. We adhere to the principles set out in the General Data Protection Regulation (GDPR), ensuring that your personal data is processed lawfully, fairly, and transparently.

Key Principles of Our GDPR Compliance:

1. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with the law and ensure fairness and transparency in all our data handling activities.

2. Purpose Limitation: Your data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3. Data Minimization: We collect only the data that is necessary for the purposes for which it is processed.

4. Accuracy: We take all reasonable steps to ensure that your personal data is accurate and kept up to date.

5. Storage Limitation: Your personal data is kept in a form that permits your identification for no longer than necessary for the purposes for which the data is processed.

6. Integrity and Confidentiality: We process your data in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.

7. StellarDS.io as Both Data Processor and Data Controller Under GDPR. StellarDS.io operates under the General Data Protection Regulation (GDPR) as both a data processor and a data controller, depending on the context of the data processing activities. Please see the Data Processing Agreement (DPA) for information.

8. Data Storage in the EU: All data used by StellarDS.io is stored on servers hosted within the European Union. This ensures that your data is subject to the strong data protection regulations of the EU, providing an additional layer of security and compliance with GDPR standards.

9. Your Rights Under GDPR: As a data subject, you have the right to: - Access your personal data and understand how it is being used. - Request correction of any inaccurate or incomplete data. - Request erasure of your personal data when it is no longer necessary for the purposes for which it was collected. - Object to the processing of your personal data in certain circumstances. - Request restriction of processing in specific cases. - How to Exercise Your Rights: If you have any questions about our GDPR compliance or wish to exercise your data protection rights, please contact us at info@stellards.io

10. Shared Responsibility Model with StellarDS.io Under the shared responsibility model, StellarDS.io is accountable for securing the underlying infrastructure that supports its services (“Security OF the cloud”), while customers, acting as data controllers or data processors, are responsible for any personal data they upload to StellarDS.io services (“Security IN the cloud”).

StellarDS.io Responsibility: Security "OF" the Cloud

StellarDS.io is tasked with safeguarding the global infrastructure that operates all of its services. This infrastructure includes the hardware, software, networking, and facilities that drive StellarDS.io services. StellarDS.io provides powerful controls for customers, including security configuration options for managing customer content. We offer numerous compliance reports from third-party auditors who have validated our adherence to various computer security standards and regulations.

Customer Responsibility: Security "IN" the Cloud

Customers using StellarDS.io are responsible for designing and securing the applications and solutions they deploy on our services. This includes configuring StellarDS.io services to meet the confidentiality, integrity, and security requirements of their data. The exact responsibilities customers have to secure their data depend on the StellarDS.io services they choose and how these services are integrated into their IT environments. Customers have full visibility and control over their data and can implement flexible security controls based on the sensitivity of their specific data. They can achieve this by using their own security measures and tools or by leveraging the security measures and tools provided by StellarDS.io or other vendors. This approach allows customers to add additional layers of security for their more sensitive data.

StellarDS.io is dedicated to safeguarding your personal information and upholding the highest standards of data privacy. We continually review and enhance our processes to ensure ongoing compliance with GDPR.

For more detailed information on our data protection practices, please refer to our Privacy Policy.