kierenp Having been a customer of Webfaction and based within the EU we signed a "Data Processing Addendum" with them that they produced. Other hosts we use handled this contract in their specific terms (i.e. their privacy policies). I just wondered what the situation was with Opalstack? The requirements of the privacy agreements as set out here for info: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/contracts/ Would be interested to hear how things stand with Opalstack and what other EU/UK customers have been doing. Cheers Kieren
klynton Hey Kieren, Our privacy policy can be found here: https://www.opalstack.com/privacy-policy/ Is there something we haven't covered in there?
kierenp Hi @klynton Thanks for the reply. I should stress, although it's probably obvious, that I'm not a lawyer but looking through the list of requirements I wondered if something about "audits and inspections" might be worth adding. This is potentially implied in the section in your policy where it mentions exports of CSV data etc but I'm not sure if something more specific about Opalstack providing information to help customers with audits etc is needed as per: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/contracts-and-liabilities-between-controllers-and-processors-multi/what-needs-to-be-included-in-the-contract/#10 That and perhaps stating you have written contracts with third parties etc although this would seem a given I suspect. Many thanks in advance.
klynton Hey, Things got a little busy over the last few weeks, I'll look back at this when we have time to breath. 🙂
