GDPR Compliance for SaaS Backups

GDPR | CloudAlly
dotted_horizontal_divider
CloudAlly is an OpenText Company

What is CloudAlly doing in order to comply?

CloudAlly SaaS Data Protection Platform.

We have customers in nearly every country in the world, hence preparing our product for the GDPR is a “must”.

  • GDPR Strategy.

    CloudAlly is an OpenText company, please view our GDPR COMMITMENT.

  • Data Mapping.
    We mapped CloudAlly’s data collection practices and determined that when using our product, CloudAlly is a data processor. As a provider of a backup solution, CloudAlly does not determine the “means” or the “purposes” of the processing of our customers’ personal data. Instead, CloudAlly processes the personal data on behalf of our customers.
  • Security.
    We obtained an ISO27001 certification in 2014, which we renew periodically.
     Among other items, it includes the implementation of robust encryption techniques, periodical penetration tests and a data breach policy. Our customers can read more on our security dedicated site: https://cloudally.com/resources/secure-online-backup


1.
 Authentication. We support authentication tools provided by Google, Facebook and Microsoft Azure. All these entities have announced that they are getting prepared for the GDPR. Moreover, we also provide our own authentication solution, with a two-factor authentication approach.

New features. We have made a number of modifications to our product and our systems so that it is easier for our customers to locate personal data and comply with right to be forgotten requests. In addition, we are happy to provide a certain level of manual assistance, should our customers need it. In such cases, our customers can approach us by sending an email to support@cloudally.com and we will analyze the request and decide the extent of the available assistance in each instance.

  • Data transfers.
    Server flexibility. We let our customers choose the location of the data centers where their back-up information will be stored. For example, our customers may choose to have their information hosted in the Amazon Web Services EU data center located in the Republic of Ireland.
    Amazon Web Services. AWS has already announced that will comply with the GDPR and they are also registered with the EU-US PrivacyShield (see: https://www.privacyshield.gov/list).
    CloudAlly’s Staff. Our staff sits in Israel, which was declared by the European Commission as a country that offers adequate level of data protection.
    Payment Processors. We work with PCI compliant payment processors and billing partners that have announced they will comply with GDPR.
    Other vendors and partners. We work with vendors and partners who, like Amazon Web Services, have announced they will comply with the GDPR. 
  • Data Retention. We are developing new tools and functionalities which will allow our customers to set limited retention periods.
  •  Ongoing Compliance. We are not approaching GDPR compliance as a onetime exercise and we are committed to periodically review our roadmap and ensure ongoing awareness of the GDPR requirements.Finally, CloudAlly understands that our customers want proof that our product is prepared for the GDPR, not just promises. That is why (a) we are ISO 27001 certified as mentioned above and (b) follow the creation of mechanisms to demonstrate compliance with the GDPR (such as GDPR certifications and seals) and, based on the experience of others, will consider the value to our customers of adherence thereto.

If you have any additional questions about the GDPR you are welcome to contact us at DPO@opentext.com

Disclaimer: The information in this document may not be construed as legal advice about the interpretation r application of any law, regulation or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law on their processing of personal data.
Last updated: February 16th 2023

Click to View Opentext GDPR Commitment

OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.  www.opentext.com