At Cloud4Wi, Trust is our #1 value.
Nothing is more important than the success of our customers and the privacy of our customers’ data. We know you may have questions about the Data Processing Addendum (“DPA”) that Cloud4Wi offers to its customers. To help you develop a better understanding of the Cloud4Wi DPA, we have outlined the most common questions asked. All defined terms used in this FAQ are as set out in Cloud4Wi’s DPA.
This document does not provide legal advice and the information we present may not take into account future changes in laws and regulations. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.
Detailed explanations of how we process Personal Data are available on our Privacy article.
General
1. Does Cloud4Wi make a DPA available to its customers?
Yes, Cloud4Wi offers a DPA to its customers: the document can be found here. The DPA is an agreement that sets out the legal framework under which Cloud4Wi processes Personal Data. The DPA covers all of the services provided by Cloud4Wi. The DPA is an addendum or exhibit to the Master Subscription Agreement (“MSA”) between Cloud4Wi and our customer, and forms part of the customer agreement.
2. Does the DPA take GDPR into account?
Yes, Cloud4Wi’s current DPA includes provisions to assist customers with their GDPR compliance.
3. Can my organization use its own DPA?
The Cloud4Wi DPA is specific to Cloud4Wi's multi-tenant services and covers the specific processes and procedures in relation to, for example: specific notifications related to privacy; audits; certifications; security measures; and sub-processing activities, all of which are aligned to the way in which Cloud4Wi's services and its multi-tenant infrastructure work. The Cloud4Wi DPA is also drafted to seamlessly interoperate with the MSA and other relevant Cloud4Wi documentation.
Using your own organization DPA is restricted to special cases that need to be examined on a case by case basis.
4. How do customers incorporate Cloud4Wi's DPA into their existing Cloud4Wi contract?
Customers can request a DPA copy pre-signed by Cloud4Wi. Customers can sign Cloud4Wi's pre-signed DPA, sign and return the DPA to privacy@Cloud4Wi.com. Further information on the execution of the DPA can be found in the Section “How to execute this DPA” in the opening preamble of the DPA. Where a customer and Cloud4Wi sign a DPA at the same time the customer and Cloud4Wi execute a MSA or order form, the customer will not need to sign again or return the DPA.
5. What happens if my organization does not sign the DPA?
Cloud4Wi recommends that you consult with your legal advisor to assess the potential impact that your decision not to sign the DPA may have on your particular situation.
6. Where can I find additional legal documentation and information about Cloud4Wi's services?
- Cloud4Wi's DPA can be found here.
- Cloud4Wi's MSA, which incorporates the DPA, can be found here.
- The ‘Security Privacy and Architecture Documentation’ (SPARC) detailing Cloud4Wi's security measures can be found here
- The Infrastructure and Sub-processor Documentation listing Cloud4Wi's Subprocessors can be found here
- Cloud4Wi's Privacy page can be found here, and provides further information on Cloud4Wi's Privacy program as well as helpful references on key topics
7. What if I have additional questions not answered in this FAQ?
If you have additional questions, please contact your Account Executive or open a case with the Cloud4Wi customer support team here.
Body of the DPA
8. What is the scope of the DPA?
Although the DPA uses specific terminology based on EU data protection laws and regulations (e.g. controller, processor, etc.), it covers all jurisdictions and also applies to non-EU customers. The DPA sets out relevant legal obligations and commitments related to the processing of Customer Data and Personal Data.
9. Which customer entities can be a party to the DPA?
The following entities can be a party to the DPA: (i) the entity that signs the MSA; (ii) its Affiliates who sign an Order Form; and (iii) other customer Affiliates that are subject to European laws and regulations and are entitled to use the contracted Cloud4Wi services. The purpose of (iii) is to ensure that all affiliates that use our services and that must comply with European requirements can benefit from the DPA.
10. Does the DPA apply to my organization if we don’t have offices in the EU?
Yes, the majority of the DPA applies to customers, regardless of their connection to the EU. Most of the commitments in the DPA are general privacy related commitments which are not specific to EU laws.
11. What is contained in the annexes to the DPA?
The DPA includes three annexes:
- Annex 1 provides specific details of the types of data and the categories of data subjects involved in the processing activity.
- Annex 1 provides specific details regarding the technical and organizational security measures adopted for the processing activities.
12. What are Cloud4Wi's and the customer’s respective roles under the DPA?
Cloud4Wi acts as the Processor with respect to Personal Data submitted by customers to Cloud4Wi's services, and the customer acts as the Controller. This means that Cloud4Wi's customers uniquely determine what Personal Data is submitted to and processed by Cloud4Wi's services, and that Cloud4Wi processes Personal Data only in accordance with the customer’s documented instructions.
13. How does Cloud4Wi handle requests of data subjects?
If Cloud4Wi receives a data subject request from a customer’s customer, Cloud4Wi is the Processor, and we will, to the extent that applicable legislation does not prohibit Cloud4Wi from doing so, promptly suggest that the data subject contact the customer (i.e. the Controller) directly about the request. Cloud4Wi will not further respond to a data subject request without the customer’s prior consent.
14. Does Cloud4Wi use Sub-processors?
An effective and efficient performance of Cloud4Wi's services requires the use of Sub-processors. These Sub-processors can include affiliates of Cloud4Wi as well as third party organizations. Cloud4Wi's use of Sub-processors may require the transfer of Customer Data to Sub-processors for purposes like hosting Customer Data, providing customer support, and ensuring the services are working properly. As described in the DPA, Cloud4Wi takes responsibility for the actions of its Sub-processors. Up-to-date information about the hosting locations for each service that Cloud4Wi offers and the identities and the locations of Sub-processors can be found in the Sub-processors page here.
15. How does Cloud4Wi notify its customers of new Sub-processors?
Cloud4Wi will notify via email all subscribed customers of a new Sub-processor before authorizing the new Sub-processor to process Customer Data.
16. What security measures are in place to protect Customer Data?
Cloud4Wi maintains appropriate technical and organizational measures to protect Customer Data, as set forth in the applicable SPARC Documentation (available here).
17. How would Cloud4Wi notify its customers in the event of a security breach?
Cloud4Wi maintains security incident management policies and procedures, which are specified in the applicable SPARC Documentation (available here). Cloud4Wi commits to notifying its customers without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data processed by Cloud4Wi or its Sub-processors.
18. What happens to Customer Data after termination or expiration of an agreement with Cloud4Wi?
After termination or expiration of the agreement, Cloud4Wi will return and delete all Customer Data in accordance with the procedures and timeframes specified in the applicable SPARC Documentation (available here).