Privacy Policy

GDPR:

I. Pseudonymisation

Your password and account data is encrypted as is all data that is stored within our billing portal and client area portal. We do not store any other billing related material on our servers (i.e. credit card data) and we use 3rd party PCI compliant companies to handle these payments.

II. Confidentiality

Access Control

After initial deployment of servers, root passwords can be reset by the client and are not known to Cyclone Serversunless requested in order to login and offer support. Passwords must meet a minimum length and new passwords must be changed on a regular basis. While Cyclone Servers shall try to prevent unauthorized access by applying security udpates regularly, the responsibility for access control is incumbent upon the client.

For Cyclone Servers internal administration systems, we prevent unauthorized access by applying security updates regularly, by keeping critical systems off of the public facing internet and accessible only via DMVPN (dynamic multipoint VPN), and by creating a compulsory process for allocating authorization for employees.

Transfer Control

Upon termination, hard disks that are decommissioned, are swiped multiple times (deleted) in accordance with data protection policies. The swiped (deleted) hard disks are only reused after thorough testing and defective drives are destroyed and environmentally sensibly recycled in specialised facilities.

Isolation Control

Cyclone Servers internal administration systems’ data is physically isolated from customer data. Also, networking is air gapped seperated from customer networks.

Anonymization

We offer clients the choice to anonymize their accounts and they can do so from within their client area portal.

III. Integrity 

Data transfer control

In accordance with Art. 32 Para. 4 GDPR, all Cyclone Servers staff is trained and obliged to ensure that personal data is handled in accordance with data protection regulations. This means that client data is wholly deleted after termination of a contract, in accordance with data protection regulations. Furthermore, encrypted data transmission is also provided as standard in our client area portal.

Data Entry Control

All data changes made by Cyclone Servers staff in internal administration systems are logged. For client servers, the responsibility for input control is incumbent upon the client.

IV. Availability and Resilience

Cyclone Servers internal administration systems are backed up daily and are also protected by the employment of security processes which include but are not limited to, firewalls, intrusion detection systems (IDS), intrustion protection systems (IPS), website application firewalls (WAF), spam filters, and virus scanners. Furthermore, all internal systems are monitored using http and snmp monitoring protocols. Data resilience is enhanced by employing hardware RAID across any hard disk in operation.

Client server backups are included as a courtesy, but data backups are incumbent upon the client. Cyclone Servers provides an uninterruptible power supply system, high availability networking (WAN/LAN and Storage via FC) and also provides an uptime SLA.

V. Procedures for Disaster Recovery

Cyclone Servers has created and defined an escalation process which notes who is to be informed in the case of any sort of network, storage, or compute malfunction which results in service degredation and/or data loss. The goal of this escalation process is for all staff to be in a state of readiness in the case that disaster recovery procedures ie. data recovery need to be actioned as to restore systems as quickly as possible.

VI. Procedures for Regular Testing, Assessment, and Evaluation

As part of the procedure for regular testing of our GDPR preparedness process staff will undergo regular “drill” to prove beyond any doubt readiness to react swiftly and effectively in the case of service degredation. Employees are regularly trained in data protection law and are expected to be familiar with the procedural and user guidelines for data processing on behalf of clients also with regard to the client’s right of instruction.