Dear Clients,

This section is intended to answer any questions you may have regarding the application of the GDPR and the amended Data Protection Act in the context of your relationship with IKOULA in its capacity as hosting provider.

Please note that this page does not concern the way in which we process personal data relating directly to you (which we collect via the forms on our website, for example). For more information on this subject, please refer to the following page: https://www.ikoula.com/en/privacy-policy

This page deals with the data we process ‘on your behalf’ in our capacity as a hosting provider (and therefore host personal data when you have it, process IP addresses, etc.), by providing you with hosting services and, where applicable and provided that you have subscribed to such an option, when we provide you with a backup service.

1. How does IKOULA's hosting quality translate in the context of the GDPR and the amended Data Protection Act, and what consequences does this have for your relationship with IKOULA?

IKOULA, due to its status as a hosting provider, is considered a ‘sub-processor’ within the meaning of the GDPR. This entails a number of obligations, including that of setting out, in its relationship with each of its clients, the conditions under which the company acts as a sub-processor.

2. What contractual provisions apply to IKOULA and you with regard to the GDPR?

In order to ensure that our relationship complies with legal and regulatory requirements, we have specified, in accordance with the recommendations of the CNIL, the conditions under which we host your data. You can read the document here. For clarification purposes, we have separated the provisions relating to the GDPR and those applicable to our contractual relationship. The two documents that apply (unless we've agreed something else) are:

• General Terms and Conditions (these are standard contractual terms)
• GDPR General conditions (this document is dedicated to our role as a Sub-Processor within the meaning of the GDPR.)

3. I host personal data on IKOULA services and wish to declare this to IKOULA.

IKOULA cannot replace you in your capacity as Data Controller. However, we can advise you on the security measures to implement for your processing operations. To do so, we need to have a more detailed understanding of the processing operations concerned in order to provide you with useful advice and recommend the security measures we consider most appropriate for your specific situation. Are you in this situation? Please feel free to fill out the form on the following page: Donwload the Personal data declaration form IKOULA.
Based on this, our services will contact you to review the situation with you.

4. In practical terms, what does IKOULA do for me in relation to the GDPR?

To summarize, IKOULA is committed to:

• implement a high level of security for our services: however, as the Data Controller, you are responsible for ensuring that you take appropriate security measures for the categories of processing you carry out. If your data is highly sensitive (because, for example, it represents a risk to the freedoms or privacy of the individuals concerned), it is your responsibility to ensure that you choose appropriate security systems: fill in the form linked in section 3 and consult us if you wish to discuss this further;
• only process data for hosting and backup purposes if you have subscribed to this service;
• ensure a high level of confidentiality for our services: your data is your data and there is no reason for us or anyone else to access it without your permission. If a breach of your data security is detected, we will notify you so that you can take the necessary measures;
• inform you in the event that a Sub-Processor is used: IKOULA does not currently subcontract any hosting services, but should this become necessary, you will be informed. When you use services provided by third parties, we may send personal data about you to those third parties: this will be the case for domain name reservations and/or SSL certificates, for example;
• host your data in the European Union or in a country recognized by the European Commission as having an adequate level of protection (unless you have chosen to host your data in a country that does not have an adequate level of protection).

5. What happens if IKOULA receives a request to exercise rights from a person due to his or her presence in a processing operation for which I am responsible?

If IKOULA receives a request to exercise rights that is addressed to you in your capacity as Data Controller, we will implement the procedure that you can consult by following this link: procedure for exercise of rights.

6. Do you have any further questions?

Please feel free to contact us at [email protected] or [email protected].
This type of regulation supports our vision of hosting. Thank you for your trust!