Collection of Personal Data Policy
1. Who we are & what we do?
European Data Hub (EDH) is a privately owned Luxembourgish carrier neutral colocation data center located in Cloche D’or Luxembourg. EDH offers power, cooling, and security as its core contracted services. In order to provide these services as per the conditions outlined in each contract, EDH requires certain personal data.
2. Whose personal data do we collect?
- Visitors to our data centre.
- Visitors to our website and web portal.
- Vendors, Suppliers & Service providers.
- Staff and employment applicants.
- Potential prospects.
3.Why do we need your personal data?
- To meet the contractual service level agreements for requested services.
- To secure customers assets.
- To provide controlled access to the data center and customer spaces.
- To provide proof of access/security to customer spaces.
- To perform specific customer requests.
- To ensure the health and safety of all persons.
- To communicate to and between persons and companies for daily business, marketing and emergencies.
- To analyse website and web portal traffic.
4. What kind of personal data do we collect?
- First and Last name.
- Email address.
- Telephone number.
- Company name.
- Company address.
- Job Title.
- Access log of the time the data centre was entered, traversed and exited.
- CCTV footage of the time the data centre was entered, traversed and exited.
- Website and web portal analytics.
5. What kind of personal data do we NOT collect?
With regards to visitors of the data center, EDH does not scan, store or copy any sensitive information such as biometric data or numbers and photographs from any government issued ID. A Government issued ID is used only to verify and ensure that EDH is authorising the correct person to enter the site.
6. When and how do we collect your personal data?
- When you enter into a contract with EDH.
- When you enter into a commercial or a potential business partner discussion with EDH
- When you engage in communication with EDH via telephone, fax, email or the web portal.
- When you physically visit our premises, specifically the data centre.
- When you visit our website or fill out any forms on our website/web portal.
- When you work for us or want to work for us.
- When you meet us at a trade show or event.
- When your employer, customer, supplier or business partner etc. provides us your personal data.
7. When do you give your consent for us to collect your personal data?
By communicating with us, using our web portal, or entering our secure data center, we need to verify your identity and if applicable your authorisation level so that we can perform your request. By engaging in communication or requesting a service from EDH you thereby give your consent to process your personal data. By accepting cookies on our website.
8. Where do we keep your personal data?
Your data is stored on paper and/or in digital format on our high availability systems and servers. Our systems and servers are located on our premises in Luxembourg.
9. How long do we keep your personal data?
As part of our business activities in Luxembourg, we are subject to the applicable legal and regulatory provisions regarding the retention period of documents.
CCTV footage is stored for 60 days.
Access log data in the access control system is stored for 6 months.
All other data expires by default after 2 years or at termination of contractual agreements such as the Master Services Agreement (MSA).
10. Who is in contact with your personal data?
We share your data only with the applicable staff necessary to provide or support the requested and or contracted services. Our staff includes third party service providers specialised in physical security and facilities management.
When entering rooms in our data center your name, company name and time of entry is shared with the renting tenant (Customer) of that room.
In the event of a medical or safety emergency, personal data may be shared with local emergency and rescue services.
EDH does not share any personal data to any other third parties unless legally obliged to do so. If legally obliged, EDH will notify all affected parties.
11. How do we protect your personal data?
Your data is protected through modern IT security measures in a secure building and also by an information security code of conduct developed as part of our ISO 27001 management system. All the information used to run the business, including personal data, are in scope and at the core of risk assessments which are performed on the basis of confidentiality, integrity and availability. Our information security measures are state of art and our ISO27001 compliance is audited once a year by an external certification body. For more details on information security measures and controls please review ISO 27001 Annex A or ISO27002.
12. What do we do in case of a data breach?
Without undue delay EDH will analyse the breach and notify any applicable parties such as the CNPD and those who are affected. All actions performed and notification details will be in compliance with GDPR articles 33 & 34.
13. What are your rights?
Any person whose personal data has been collected and stored by EDH possesses the rights as indicated in the GDPR articles 15 to 22.
Please note that in the case of requests from persons whose personal data has been given to us by their employer, customer, supplier or business partner etc., we will communicate the request to whom has provided us the personal data.
14. How do you contact us about your personal data?
Any general questions on our policies, our security measures or general data protection inquiries please email firstname.lastname@example.org
Official requests stemming directly from a GDPR article such as 15 to 22 are to be made via written registered letter with a copy of your ID. Requests will be processed within one month of receipt.
ATTN: Data Protection Officer
European Data Hub S.A.
9 Rue Robert Stumper
Version 1.4 | 21/08/2020