General Data Protection Regulation (GDPR) is a new EU regulation designed to harmonize data privacy laws across Europe and enforce much stricter privacy regulations. It was designed to better protect user privacy and reshape how organizations handle personal data.
GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.
Due to the global nature of GrandCDN, it is likely that GDPR will affect you in some way, so we advise all of our users to thoroughly study the new GDPR regulations. GrandCDN is fully committed to help you with compliance, so we are rolling out anonymity features before May 25th 2018 and making sure no user identifiable data is collected or processed whenever possible.
GrandCDN's CDN and all other services may be used only for lawful purposes. Transmission, distribution or storage of any material in violation of any applicable law or regulation is prohibited. This includes, without limitation, any material protected by copyright, trademark, trade secret or other intellectual property right used without proper authorization, and material that is obscene, defamatory, constitutes an illegal threat, or violates export control laws.
GrandCDN typically acts as a data processor, which means that we process data on your behalf. GrandCDN allows you to gather and temporarily store visitor log information such as anonymised IP, web address, country code and user agent for the purpose of analyzing, processing, testing and security. Additionally, our system stores either temporarily or permanently files obtained from your website by our system our manually uploaded by you.
In most cases, the data held and collected by GrandCDN does not contain any user identifiable data. In some cases, which depend on how you are using GrandCDN and how your website is structured, personal data may be collected from your users. Such information includes hosting user uploaded content as well as personal data that might be transmitted in the URL, User-Agent or Referer headers of the HTTP protocol.
As a customer of GrandCDN, you typically act as a data controller. This means you determine if, why and for how long data will be stored on our system. Our system provides ways to process, store and aggregate the stored information. If you are storing personal data on GrandCDN it is your duty as a controller to demonstrate the same level of GDPR compliance.
While uncommon, GrandCDN also provides way to block users from the EU from accessing your content altogether by using our traffic manager tools if you do not wish to serve users from the European Union.
Typically, GrandCDN does not collect, store or distribute information that could be used in any way to identify a user or contain their personal information. If you believe that you process personal data on the GrandCDN platform, this qualifies you as a data processor and you will be required by law to complete a Data Processing Agreement (DPA). We are making sure to make this available by May 25th, so please contact our support team to receive the agreement.
GrandCDN is fully committed to complying with the GDPR. We have overhauled our user Privacy & Data policy and taken steps to ensure no personally identifiable data is stored from your users that access your services through GrandCDN by anonymizing any data that could be used to directly or indirectly identify a user. We are also signing the Data Processing Agreements with our partners and carefully overviewing that they take the required privacy measures over the data shared or stored on their platforms.