The GDPR, IKOULA and you
It has now been just over than a year since GDPR has come into force.
We take the opportunity provided by this first anniversary to improve this section. This is not to present to you what IKOULA has implemented as part of GDPR but rather to answer your questions regarding the application of GDPR, and the amended Data Protection act in terms of your relationship with IKOULA in its capacity as the host.
We would like to clarify that this page does not deal with how we process personal data which are directly related to you (and which we mainly collect from forms present in our internet site), for which we would like to refer to the following page: https://www.ikoula.com/en/confidentiality. .
This page deals with data that we process “on your behalf” in our capacity as the host (and therefore host personal data if you have it, process IP address...), by providing you with hosting services and if required and if you have subscribed for such an option, when we provide you with backup services.
1. How do GDPR and the modified Data Protection act apply to IKOULA as the host, and what are the consequences that these have on your relationship with IKOULA ?
IKOULA, in its capacity as the host, is considered as a « sub-contractor » under GDPR. As a result there are a certain number of obligations especially to regulate, in its relationship with each of its clients, the conditions under which the company acts in its role as a sub-contractor.
2. What are the contractual clauses applicable to IKOULA and you, regarding GDPR ?
In order for our relationship to comply with legal and regulatory requirements, we have specified, in accordance with the recommendations of the CNIL, the conditions under which we host your data. You can read the document here.
In order to be more clear, we have separated the clauses relating to GDPR and those applicable to our contractual relationship.
The two documents that are applicable (except in case of special contract signed between us ) are as follows:
- https://order.ikoula.com/information.php?source=order_agreement_text (these are the standard contractual terms and conditions))
- http://www.ikoula.com/sites/default/files/2018_05_17_Conditions_Generales_RGPD_EN_FINAL.pdf (this is the document dedicated to our role as a sub-contract as per GDPR)
3. I host personal data on the IKOULA services and I wish to declare it to IKOULA
IKOULA cannot replace you in your responsibility as the process manager. But, they can advice you, especially on the security measures to be implemented for your processes. But to do this, they have to know about the processes more clearly so that they can efficiently advice you and suggest security measures that they feel are more suited for your specific situation. Are you in this situation ? Please fill in the form available on the page : Download IKOULA's personal declaration form.
Based on this, our team will contact you again to update you.
4. In concrete terms, what is IKOULA doing for me within the framework of the GDPR?
In summary, IKOULA is committed to:
- implementing a high level of security for our services: it is up to you, however, as a data controller, to ensure that you take security measures adapted to the categories of processing you implement: if your data are very sensitive (because, in particular, they present a risk to the freedoms or privacy of the persons concerned), it is up to you to choose the appropriate security systems: fill in the form provided in the link appearing in section 3 and contact us if you wish to discuss with us
- only to process data for hosting and backup purposes if you have subscribed to the latter service
- to ensure a high level of confidentiality of our services: your data is your data and there is no reason for us or any other person to read it without your permission. If a security breach is detected, we will notify you so that you can take the necessary measures
- to inform you in the event a subcontractor is used: IKOULA does not subcontract any hosting services at present and if this should become the case, you will be - and this is normal - the first to be informed
- host your data in the European Union or in a country recognised by the European Commission as having a sufficient level of protection (unless you have chosen to host your data in a country that does not have a sufficient level of protection)
5. What happens if IKOULA receives a request to exercise the right of a person due to its presence in a process for which I am the manager?
If IKOULA receives a request for the exercise of rights intended for you in your capacity as data controller, we will implement the procedure which you can check by clicking the following link procedure for exercise of rights