GDPR

GDPR Statement

General Data Protection Regulation (GDPR) came into effect on May 25, 2018 with the objective of standardizing data protection law framework across the EU. GDPR imposes obligations on companies that control or process personal data of European Union Residents. Team Cymru is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for GDPR.

At Team Cymru, we understand the importance of your personal data, and we take steps to secure and protect it whenever it is stored in our infrastructure. We do not collect or process personal data on behalf of the individuals and we don’t have access to any personal data in our customer’s systems. As a data processor, we have instituted a robust information security program (backed up by legal contracts) to create a service that our customers can trust.
Team Cymru currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services.

Team Cymru has reviewed where and how our relevant services collect, use, store and dispose of personal data and has updated policies, standards, governance and documentation where needed. Team Cymru is dedicated to keeping such due diligence current and carrying out re-assessments periodically and/or as required by changed circumstances.

Compliance with the GDPR requires a shared responsibility between Team Cymru and our partners and customers to safeguard and protect personal data. In this context, Team Cymru primarily will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Team Cymru encourages partners and customers to independently familiarize themselves with the GDPR.

As a data processor, Team Cymru is committed to maintaining the privacy and confidentiality of the personal data entrusted to us. Standard security controls are in place to protect personal data and the physical locations in which it is hosted which include firewalls, two-factor authentication, logging and monitoring, 24×7 physical security and a dedicated internal security professional.

Our North American co-location facilities utilize access controls mechanisms, which establish physical and logical access controls to the facilities and the infrastructure hosting the services. All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24×7 on-site security and local and remote security and environmental monitoring. Logical access authentication for Team Cymru personnel is performed using two-factor authentication and is granted based on the employee’s role.

A highly trained security professional is responsible for documenting and reviewing security controls to ensure that these controls remain effective and in-place and is actively monitoring our systems.