GDPR Compliance for SaaS Backups

GDPR | CloudAlly
dotted_horizontal_divider
CloudAlly is an OpenText Company

What is CloudAlly doing in order to comply?

CloudAlly SaaS Data Protection Platform.

We have customers in nearly every country in the world,  hence preparing our product for the GDPR is a “must”.

  • GDPR Strategy: CloudAlly is an OpenText company, please view our GDPR COMMITMENT.
  • Data Mapping: We mapped CloudAlly’s data collection practices and determined that CloudAlly is a data processor when using our product. As a backup solution provider, CloudAlly does not determine the “means” or the “purposes” of processing our customers’ personal data. Instead, CloudAlly processes the personal data on behalf of our customers.
  • Security: We obtained an ISO27001 certification in 2014, which we renew periodically. Other checks include implementing robust encryption techniques, periodical penetration tests, and a data breach policy. Our customers can read more on our dedicated security site: https://cloudally.com/resources/secure-online-backup
  • Authentication: We support GDPR-compliant authentication tools provided by Google, Facebook, and Microsoft Azure. We also provide our own two-factor authentication solution.
  • New features. We have made a number of modifications to our product and systems so that it is easier for our customers to locate personal data and comply with right-to-be-forgotten requests. In addition, we are happy to provide a certain level of manual assistance, should our customers need it. In such cases, our customers can approach us by emailing support@cloudally.com, and we will analyze the request and decide the extent of the assistance available in each instance.
  • Data transfers
    • Server flexibility. We let our customers choose the location of the data centers where their backup information will be stored. For example, our customers may choose to have their information hosted in the Amazon Web Services EU data center located in the Republic of Ireland.
    • Amazon Web Services. AWS complies with the GDPR and is registered with the EU-US PrivacyShield (see: https://www.privacyshield.gov/list).
    • CloudAlly.  Has been declared by the European Commission as a country that offers adequate data protection.
    • Payment Processors. We work with PCI-compliant payment processors and billing partners who have announced they will comply with GDPR.
    • Other vendors and partners. We work with vendors and partners who, like Amazon Web Services, have announced they will comply with the GDPR. 
  • Data Retention. We are developing new tools and functionalities to allow our customers to set limited retention periods.
  •  Ongoing Compliance. We are not approaching GDPR compliance as a one-time exercise, and we are committed to periodically reviewing our roadmap and ensuring ongoing awareness of the GDPR requirements. Finally, CloudAlly understands that our customers want proof that our product is prepared for the GDPR, not just promises. That is why (a) we are ISO 27001 certified, as mentioned above, and (b) we follow the creation of mechanisms to demonstrate compliance with the GDPR (such as GDPR certifications and seals) and, based on the experience of others, will consider the value to our customers of adherence thereto.

If you have any additional questions about the GDPR, you are welcome to contact us at DPO@opentext.com

Disclaimer: The information in this document may not be construed as legal advice about the interpretation r application of any law, regulation or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law on their processing of personal data.
Last updated: February 16th 2023

Click to View Opentext GDPR Commitment

OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.  www.opentext.com