General Data Protection Regulation (GDPR)

Last Updated: 13 June 2018

The General Data Protection Regulation (GDPR) is a regulation in European law that was adopted on April 14 2016, but only became enforceable on May 25, 2018 after a two year transition period. This law regulates data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The GDPR governs how companies can collect, store, delete, modify and otherwise process personal data about individuals. The individual's personal data needs to be processed fairly, lawfully, and transparently as they own the legal rights in respect of their personal data.


Who does the GDPR apply to?

The GDPR applies to all entities and individuals which process personal data as part of their activities, or the activities of one of their branches, established in the EU, regardless of where the data is processed. The law also applies to any company established outside of the EU offering goods/services or monitoring the behaviour of individuals within the EU.


Does the GDPR apply to an individual developer?

The GDPR applies to all RunCloud customers, including individuals (whether located inside or outside the EU), who collect and process personal data and information from any persons within the EU, using our products and services.


What is RunCloud's Role Under GDPR?

In GDPR nomenclature, RunCloud acts both as a Data Controller and Data Processor.

RunCloud acts as a data processor when our customers use RunCloud Products and Services to process EU personal data. For example, if any third party's personal information gets uploaded and processed by a RunCloud customer on a RunCloud managed server. In this role, we comply with both our customers' instructions and the new legal obligations that apply directly to data processors under the GDPR.

RunCloud acts as a data controller for the EU personal information that we directly collect as a requirement of delivering our products and services and to provide prompt customer support. An example of the personal data for which we are responsible as a data controller would be the collection of our customer's names and contact information.


What Have We Done to Comply with GDPR?

We initiated a detailed and thorough analysis of our operations and processes to identify areas where GDPR compliance is necessitated. We have reviewed our products and services and revised our customer policies to ensure GDPR compliance.


What Personal Data does RunCloud Collect and Store?

We collect and store data that our customers provide us voluntarily on the RunCloud website and/or associated domains. This information may include, but not be limited to, contact information such as name, email address, ip addresses and financial information. For a better understanding and more information, kindly refer to our Privacy Policy.


What is RunCloud's Data Processing Agreement (DPA)?

Customers who handle personal data of EU residents are required to comply with the security and privacy requirements introduced under the GDPR. RunCloud's DPA outlines the privacy and security measures that we have in place. We are both committed to our own GDPR compliance and also ensuring our customers compliance with the GDPR while using our services. RunCloud's DPA is available to all our customer here.


Does RunCloud Transfer Data Internationally?

RunCloud is headquartered in Malaysia and has customers in the EU. However, we are a global entity and as such could process personal data that originates from the EU at locations outside the EU. In these cases, we provide a level of protection of privacy that conforms to the EU rules, as described by our Privacy Policy.


How does RunCloud Handle Delete Requests From Customers?

Customers have the ability to remove all information they have uploaded to our products (such as servers). Similarly, they may delete their account and request that all their personal data we have collected or stored be deleted. This deletion will also delete all customer data from our subprocessors. Please log into your account at RunCloud.io for further instructions. Remember that once the account has been deleted, RunCloud will permanently delete all data except sales record (which are necessitated used for auditing purpose and tax law compliance) and emails in a SHA512 hash (to prevent abuse of our free trial from customers re-registering). Please note, both the sales record and customer email addresses (in SHA512 hash) will not be used by any means except for RunCloud's internal usage for these purposes.


How Can You View and Download Your Data?

RunCloud supports data portability which grants customers to access and download their data. We have several options including taking a backup. The instruction can be found here.

Customers could also use SFTP to connect to any RunCloud managed server and download the files they need. With regards to portability of any database on a RunCloud managed server, you can use tools like SequelPro to download export your database.

At any time you can contact our support and request to view any other personal data that we may have collected on you, and or it's deletion.