Before we go further, let us state clearly that we do not, nor have ever, sought to analyze, combine, collate, provide to a third party, or otherwise draw insights from any data that resides on our customer’s clusters. For the purposes of delivering uptime and availability, we mostly access machine-generated data pertaining to the health of your cluster and your indexes. The exception to this is when we collect data about our customers during the normal course of providing our service.
A Condensed List of What We Have Done
Who Is Subject to GDPR?
The regulation is pretty clear that both our company and our customers are subject to the regulation, by definition, no matter where your business is domiciled. Our business of hosting infrastructure, specifically databases like Elasticsearch and container orchestration like Kubernetes, means that the likelihood is high that, even if you do not reside in the EU, you have data on residents of the EU. Second, we broke down our data collection efforts into three processes: “using our service”, support, and sales and marketing. Each of these will be discussed below, but if you are reading this, you are probably most keenly seeking our compliance for your downstream data.
Do I Need to Obtain a Data Processing Addendum (DPA)?
Unless Qbox acts as Data Processor by hosting your nodes, a Data Processing Addendum is not required.
We disclose the third parties that we use for aggregating and analyzing our sales, marketing, and support data that is collected for the purpose of delivering our service. With this data, you have the right to:
We also have disclosed our data retention policy for customers that are no longer customers of Qbox.
How Will I Know That Your Vendors Are Compliant?
We have compiled a list and obtained our own DPA’s from vendors. Please contact our support team if you would like to review it.
How Can I Contact Your Data Protection Officer?
Qbox has hired an attorney specializing in privacy issues and data protection compliance to be our Data Protection Officer (DPO). The DPO will be regularly auditing our practices to ensure compliance with our handling of sales, marketing, and support data, as well as protecting the security and transfer of the data residing on our customers’ nodes. All inquiries can be directed to firstname.lastname@example.org.
We could not be more aware that SLA Support and our competency at managing clusters at scale is the sole reason customers pay us in the first place. We hope that these changes will give you the confidence to both trust our service and be compliant yourself.