GDPR Rules and Cloud Depot
Cloud Depot takes privacy and security seriously. We have worked hard to identify what data we hold, why we hold it and how long we need to hold it.
How have we prepared for the GDPR?
We have a Data Protection Officer on our Board of Directors whose job is to oversee our compliance with GDPR and ensure that business decisions in the future take into consideration GDPR rules.
As part of our preparedness with GDPR we ran an internal Privacy Impact Assessment (PIA) which resulted in deciding to treat all PII (Personally Identifiable Information) to the same standard as other sensitive information we store. We broadened the definition of PII information to include IP addresses and browser information. For more information please
view our data security page.
We changed our data retention policy (see below).
What data do we hold?
Our customer data is divided into four categories
Operational Data and Audit logs
Operational data is data that you or your clients enter into Cloud Depot that we store securely on our platform.
Audit logs is data created when a transaction occurs. This data is kept for customer auditing purposes of transactions.
Operational data and audit logs are stored for the entire time you are a client with Cloud Depot. If you choose to leave our platform your account goes into a deactivation phase and remains in a de-active mode pending a complete deletion (usually within 30 days). Once deleted we will no longer have any identifiable data records apart from the required accounting data.
Accounting data is kept for 7 years. This data is a legal requirement by the ATO in Australia and includes your company name, billing address and accounts email address. We need to retain this information for tax compliance purposes.
Transactional Log Data
Logs are used by our support team for customer assistance. They tell us what went on “under the hood” and usually relate to a transaction or process. We hold this information for up to 90 days before deleting it from our platform.
Metadata is non-identifiable data that we store indefinitely. It is statistical data about the growth of our platform transaction numbers and customer signups.
Data Processing and Hosting
Our Development and Technical Support team is based in New Zealand. New Zealand is one of a few countries recognised by the EU as an adequate country to receive and process EU personal data.
Our Cloud Depot platform is hosted on the Amazon AWS platform. Amazon AWS will be fully compliant with the GDPR when it comes into force in May 2018. For more information please click here.