SingleHop provides cloud infrastructure services, managed services, and business continuity solutions to help businesses deploy and secure their applications, websites, databases, and more on the cloud, enabling them to be more agile. Often, these services entail that SingleHop servers receive and store “personal data” as defined in EU data protection laws.
SingleHop customers may use SingleHop’s services to store, transmit, encrypt, decrypt, modify, process, and otherwise manipulate and/or transmit this personal data as they see fit. SingleHop provides the infrastructure for businesses to build on, but SingleHop does not control how its infrastructure is used specifically, thus there are a wide range of applications and ways that personal data may be processed on top of the SingleHop platform.
Although SingleHop is a US based company, SingleHop takes EU Data Processing laws seriously. SingleHop complies with EU Data Processing laws, including:
- as of 18 May 2017 the Data Protection Directive
- as from 25 May 2018 replaced by the GDPR
In relation to EU privacy laws, SingleHop categorizes personal data into two categories:
- In most application cases, SingleHop merely stores, transmits or manages data for its customers at the direction of the customers. In these respects, SingleHop is simply a processor of customer data.
- Access: Customer manages who has access to systems; SingleHop provides tools and general network and physical level security
- Storage: Customer decides what to store and where; SingleHop provides environment where the data is stored
- Transmission: Customer makes content available on the internet; SingleHop provides network connectivity for this content to be accessed remotely by users
- Security: SingleHop implements standard up-to-date security measures to secure the environment and connections; SingleHop can deliver additional and/or alternative measures upon customer’s request Customer decides what security measures are implemented within the environment and what passwords are used to protect it; SingleHop can provide assistance in this regard
- Disclosure: SingleHop will not disclose unless required by law or a binding judicial order
- Compliance with other elements of data protection laws, such as data subject rights, data breaches, data protection impact assessment, prior consultation: SingleHop can provide assistance upon customer’s request
The GDPR applies to SingleHop’s processing activities for its customers if:
- The customer uses SingleHop’s services in the context of its activities of its establishments in the EU;
- The customer uses SingleHop’s services of SingleHop’s establishment in the EU (in Amsterdam, the Netherlands); or
- The customer uses SingleHop’s services for:
- Offering goods or services to data subjects in the EU; or
- Monitoring the behavior of data subjects in the EU
In this respect, we request our customers to inform us when they intend to use our services in the context of any EU establishment or if they otherwise feel that the GDPR is applicable to the processing of their data (cat. 1).
Note that for the personal data we process for our own purposes (cat. 2) and for which we would be the controller, the GDPR only applies to the extent that:
- The processing occurs in the context of the activities of the SingleHop establishment in the EU (Amsterdam, the Netherlands);
- The processing relates to:
- Offering goods or services directly to data subjects in the EU; or
- The monitoring of the behavior of data subjects in the EU.
To ensure GDPR compliance SingleHop undertakes the following:
- SingleHop is EU-US Privacy Shield certified
- SingleHop enters into data processing agreements with its customers if the GDPR applies to the processing of their data
- SingleHop enters into sub-processing agreements with its providers if necessary
- SingleHop implements up-to-date security measures, performs regular audits, and is willing to implement additional measures upon customer’s request.
- In areas applicable to GDPR, SingleHop offers its customers assistance in relation to security, data subject rights, data breaches, data protection impact assessment, prior consultation and other elements of the GDPR.