The General Data Protection Regulation (GDPR) is the new legal framework of data protection law across the EU and is due to come into force on 25th May 2018. Contrary to Directive 95/46/EC, which governed this processing prior to this point, the GDPR has direct effect within the Union and does not need to be transposed at national level. In this way, it will aim to harmonise laws governing the processing of personal data across Europe. Even better, the GDPR enshrines a principle of extraterritoriality, which means that, in certain circumstances, the scope of its application can be extended beyond the frontiers of Europe.
If you are an organisation that processes personal data, you are highly likely to be governed by the provisions of the GDPR. In this regard, you are subject to obligations and must abide by them. The same is true of Nuclear.Hosting, which, in view of its situation, is bound by different obligations, in its capacity as a processor and as a data controller.
Understanding the real, specific issues at stake in European regulations is not always an easy task, especially when the regulation in question contains 99 articles, 173 recitals and numerous lines of guidance on how it will apply. Understanding these issues is nonetheless essential in order to avoid any risks that may arise from an excessively broad or imprecise interpretation of your organisation’s regulatory obligations. A proper understanding of the terms defined below is therefore essential:
- Personal data: any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, transmission, storage, conservation, extracting, consultation, use, disclosure by transmission and so on.
- Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Nuclear.Hosting as a processor
It is undoubtedly in this last scenario that you will deal the most frequently with Nuclear.Hosting. Nuclear.Hosting is classed as a “processor” when it processes personal data on behalf of a data controller.
This will typically be the case when you use the services of Nuclear.Hosting and you store personal data on an Nuclear.Hosting infrastructure. Within the limit of its technical restrictions, Nuclear.Hosting may process any data stored solely in accordance with your instructions, and on your behalf.
Nuclear.Hosting’s commitments as a processor
As a processor, Nuclear.Hosting commits to:
- Processing personal data solely for the purposes of carrying out the services correctly: Nuclear.Hosting will never process your information for any other purposes (marketing, etc.).
- Keeping your data inside the EU and only in countries recognised by the European Union as offering a sufficient degree of protection, provided that you do not select a datacentre located in a geographical area outside the EU.
- Informing you if we have enlisted a subcontractor to process your personal data: to date, no services involving any access to data you have stored as part of the service have been subcontracted outside the Nuclear.Hosting Company.
- Applying strict security standards to provide a high level of security for our customers.
- Reporting any data breach to you without “undue delay”.
- Helping you meet your own regulatory obligations, by providing you with adequate documentation of our services.
FAQ: Nuclear.Hosting’s as a processor
The data stored by the customer as part of Nuclear.Hosting’s services remains the property of the customer.
Nuclear.Hosting will not access or use this data except where necessary in order to perform the services, within the limits of its technical restrictions.
Nuclear.Hosting undertakes to refrain from selling on this data and from using it for personal purposes (such as data mining, profiling or direct marketing).
Nuclear.Hosting will access data in two circumstances only:
- In order to implement services, particularly to improve the support provided to customers when they contact the Nuclear.Hosting helpline. In this situation, access to data will be limited, thanks to specific authorisations and specific control and security measures.
- To comply with legal obligations or as part of legal and/or administrative requests. These requests are very strictly regulated.
Access as part of customer support:
When a customer contacts Nuclear.Hosting customer support, depending on the issue involved, two categories of data may be accessed. On the one hand, in order to handle the customer’s request as well as possible, customer support will access the data provided by the customer when his Nuclear.Hosting account was created (surname, first name, telephone number, email address, etc.).
On the other hand, and only if expressly requested by the customer and subject to technical restrictions unique to each service, the customer support team may access the data it has stored on Nuclear.Hosting services, in order to determine the origin of the problem encountered and, potentially, to solve it.
Access as part of a request from judicial and/or administrative authorities:
In order to act in accordance with the regulations that are in force, Nuclear.Hosting is obliged to answer requests from judicial and/or administrative authorities. Since requests for access are covered by a strict legal framework, Nuclear.Hosting will not authorise these requests until we have ensured that they are valid and substantiated. Moreover, unless prohibited by the request or by law, Nuclear.Hosting undertakes to inform the customer as soon as possible in the event that such a request is made. Requests issued from a third-party country will not be handled unless there is an underlying international agreement, such as a treaty for mutual legal assistance, in force between the third-party country applicant and the Union or a Member State.
Where a service allows a customer to host data, Nuclear.Hosting will inform the customer of the location or geographical area in which the datacentre(s) is/are located. This information is on the Nuclear.Hosting website, and you can also obtain it from customer support.
When several locations are available, the customer can select the location of his choice when ordering. The locations of the Nuclear.Hosting datacentres are available on this page at all times. Subject to the terms and conditions of each individual service, as mentioned in the specific terms and conditions currently in force, Nuclear.Hosting may not modify the location or geographical area stipulated in the order without the customer’s permission.
There are two different scenarios, depending on the choices made by the customer as to the location of the datacentres storing their data:
When the customer chooses a service that involves one or more datacentres within the European Union:
In this scenario, the customer’s data will never be transferred outside:
- The Member States of the European Union.
- Countries recognised by the European Commission as offering a sufficient degree of protection for personal data with regard to the protection of private life, liberties and fundamental human rights. The list of countries is available on the European Commission website.
In the wake of ‘safe harbor’ being ruled invalid, and despite the fact that the European Commission deems that the American bodies that are members of the Privacy Shield offer a sufficient degree of protection, Nuclear.Hosting will never transfer customer data with a selected geographical location within the EU to the United States of America.
Transfers of data to countries recognised by the European Commission as offering a sufficient degree of protection may occur as part of an intervention by Nuclear.Hosting customer support. For Nuclear.Hosting datacentres based in the European Union, the Nuclear.Hosting customer support teams who may be called on to intervene are based in the European Union and in Canada, since Canada is recognised by the European Commission as a country offering an adequate degree of protection for personal data. Nuclear.Hosting also reserves the right to entrust customer support services that may involve remote access to data stored by customers, as part of our services, to other bodies in the Nuclear.Hosting Group based in countries that are also recognised by the European Commission as offering a sufficient degree of protection (excluding the USA).
The guarantees provided by Nuclear.Hosting with regard to data transfer mean that customers can meet their own regulatory obligations. Article 45 of the GDPR, which defines “transfers on the basis of an adequacy decision”, stipulates that the transfer of personal data to a third-party country or to an international organisation may take place if the Commission has ruled that that third-party country, a territory or one or more specific sectors of that third-party country, or the international organisation in question, offers an adequate degree of protection. Such transfers do not need to be authorised separately.
If the customer chooses a service that uses a datacentre located outside the European Union:
In this scenario, it seems obvious that data will be transferred outside the European Union. The location or geographical area of the datacentre(s) used for the service can be found on the Nuclear.Hosting website. Customers may select the datacentre of their choice and Nuclear.Hosting will not change the location or geographical area requested in the order without the customer’s permission and subject to the individual terms and conditions of certain services.
To assist organisations wishing to process personal data using datacentres located outside the European Union, in a country that does not offer an adequate degree of protection for personal data, Nuclear.Hosting may, by express request, discuss the implementation of safeguards that would permit such a transfer, as defined in Article 46 of the GDPR, “Transfers subject to appropriate safeguards”.
Nuclear.Hosting as a data controller
Nuclear.Hosting is classed as a “data controller” when we determine the purpose and method of “our” personal data processing.
This is typically the case when Nuclear.Hosting collects data for billing, managing accounts receivable, improving the quality of services and performance, sales prospecting, commercial management, etc. But it is also the case when Nuclear.Hosting collects personal data on its own employees.
In this scenario, ‘your’ data – the data that you store on Nuclear.Hosting’s services – is not affected. On the other hand, certain information concerning you or concerning your employees (the identity and contact details of your contact person at Nuclear.Hosting part of a request for technical assistance, for example) may be. This is why Nuclear.Hosting is keen to explain the guarantees put in place to ensure that this personal data is protected. Nuclear.Hosting commits to:
- Limiting the data collected to what is strictly necessary: as part of this approach, when you order a service, you enter only the data required by Nuclear.Hosting for billing or support purposes, or to make sure we meet our own legal obligations on data conservation.
- Only using the data it collects for the purpose for which it was collected.
- Conserving personal data for a limited and proportionate time. For example, data processed for the purpose of managing relations between a customer and Nuclear.Hosting (surname, first name, postal address, email address, etc.) is conserved by the company for the full duration of the contract and for thirty-six (36) months thereafter. At the end of this period, the data is deleted from all media and backups.
- Not transferring this data to third parties other than companies associated with Nuclear.Hosting and acting as part of the performance of the contract. As part of these intra-Group transfers, some data may be transferred outside the European Union, based on the binding corporate rules implemented by the Nuclear.Hosting Group.
- Implementing appropriate technical and organisational measures to ensure a high degree of security.
What are “cookies”?
“Cookies” are small data files used as unique identifiers in application communication with your web browser. The cookie contains anonymous information. Cookies use the vast majority of websites for their business.
Cookies can be set by websites you visit (“our cookies”) or set up by an organization that is not the owner of the websites you view (“third party cookies”). For example, they can be set up by other websites that trigger content on the page you are viewing, or an independent analytics company. Websites may use third-party ad networks to provide a targeted ad. These cookies may be able to track your browsing of different sites.
This is useful for example when viewing a shopping cart, browsing history, hiding a business message, signing in, etc.
What are we using cookies for?
We use these cookies on our site:
- Technical – first pages, short-term. They provide the basic technical functionality of the site, ie logging in, remembering settings, using services,
- Statistical and diagnostic (eg Google Analytics) – first party, long-term. They are used to generate anonymous site usage statistics.
- Both first and third-party advertising. They are used for behavioral advertising targeting by interest. Once your ad has to appear (as the main web feed and content creation), let the user / reader see offers that can really interest him.
The consent to the location of cookies is voluntary. If you wish, you can block some or all cookies or delete cookies that have already been set. For details on how to manage cookies and how to block them in different types of web browsers, visit www.aboutcookies.org or
- Internet Explorer: https://support.microsoft.com/cscz/help/17442/windows-internet-explorer-delete-manage-cookies;
- Mozzilla/Firefox: https://support.mozilla.org/cs/kb/povolenizakazani-cookies
- Chrome: https://support.google.com/chrome/answer/95647
- Opera: https://www.opera.com/help/tutorials/security/privacy/
- Safari: https://support.apple.com/kb/ph21411?locale=cs_CZ
However, you must be aware that if you block or delete cookies sent from our websites that are absolutely necessary or ensure functionality and performance, you may not be able to use the site.
We use Google Analytics
Google Analytics is enhanced by Google’s related advertising features, namely:
- display reports on the Google Display Network,
- remarketing (displaying ads on the content network based on viewed products),
- expanded demographics (reporting anonymous demographic data). For more information on data processing and usage, please refer to Google’s Terms of Service (http://www.google.com/intl/en/policies/privacy/partners/).
How to Disable Google Analytics Tracking
If you do not want to provide anonymous Google Analytics data, you can use Google’s plugin. Once installed in your browser and activation, data will not be sent further.
We use Advertiser cookies
With Google CookieDoubleClick, Google and its partners can show ads to users based on their visits to our sites and other Internet sites. You can use the DoubleClick cookie for interest-based ads to log out through the Ads Preferences Manager.
Other cookies from third-party vendors or third-party ad networks may also be used when displaying ads from the Google Network. You can visit these third-party sites and opt out of them using cookies for interest-based advertising (if the vendor or the ad network offers this option).
- Data usage policy
- Cookies and other storage technologies
- Change ad targeting by Facebook user activity
- Preferences Facebook ad
- Digital AdvertisingAlliance
- Digital AdvertisingAllianceofCanada
- EuropeanInteractive Digital AdvertisingAlliance
How to disable interest ads
Turn off interest ads on desktop devices
The level of cookie protection can be set in the browser, except for total blocking of all cookies from the Internet. It increases the level of security, but it can also make it difficult to browse websites or make it impossible to sign in to certain sites and services.
The settings for receiving cookies are usually found in “Options” or “Preferences” in your browser menu. For a better understanding of this setting, the links below may be useful. You can also use minority browser help, which we do not reference directly here.