2. Security of data within your Virtual Machines
2.1. Unmanaged Virtual Machines
Skrey is an unmanaged service provider, as such we have no visibility or knowledge of customer data stored within Virtual Machines (VMs) on our platform. Each VMs’ disk is encrypted automatically and with the exception of the user not visible or accessible to anyone, Skrey staff included. The responsibility for the management and security of data held within the VMs on our platform is that of the user, whilst we can advise on best practices to ensure VMs remain uncompromised, we do not take responsibility for it.
With regards to GDPR, it being understood that Skrey has no active access to or knowledge of the data held on user services, Skrey cannot be deemed “controller” or “processor” on the user’s behalf to the full extent, however Skrey understands that on occasion it may be required of the user to provide Skrey staff with temporary access to their services in order to perform support-related tasks, if a Data Processing Addendum (DPA) is required to fulfil the user’s GDPR obligations, an agreement can be requested from this website customer area.
2.2 Managed Virtual Machines
On some Virtual Machines (VMs), depending on user subscription to a Managed Hosting Service provided by Skrey, the user is required to provide access to their services to Skrey staff in order to perform support-related tasks. If a Data Processing Addendum (DPA) is required to fullfil the user’s GDPR obligations, an agreement can be requested from this website customer area.
In any case, Skrey will be bound to GDPR obligations in its service to the user under the agreement previously mentioned.
3. Types of information collected
In our capacity as a “controller” under GDPR, we retain two types of information:
a. Personal data
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, telephone number and billing information.
b. Non-personal data
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information, browser types and other anonymous statistical data involving the use of our website.
4. Security of your personal data
Both Personal and Non-Personal Data is held on secure servers hosted by Skrey. The nature of the Internet is such that we cannot completely guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be fully 100% secure. However, we take all reasonable steps (including appropriate technical and organisational measures) to protect your data at all times, your privacy is paramount to us.
5. Purposes for which we hold your Information
We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our website.
We will process any Personal Data you provide to us for the following purposes:
to provide you with the goods or services you have ordered
to contact you if required in connection with your order or to respond to any communications you might send to us
to keep you informed of updates to our services and planned maintenance
6. Reasonable retention of personal data
In accordance with GDPR data submitted to us during registration will be held as long as there is an active service associated with your account. It is held only to act as a point of contact for you and for invoicing, and will not be shared with anyone outside of Skrey. Once all services are cancelled your data will be held for 12 months, available upon request, after which it will be erased from our systems automatically and permanently, this does not include invoices or other data for which we are legally required to keep. Requests for your data can be made via ticket or email@example.com.
7. Disclosure of Information to third parties
We may provide Non-Personal Data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include commercial partners, sponsors, licensees, researchers and other similar parties.
We will not disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfill your order (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
8. Sale of business
9. Updating, verifying and deleting personal data
You may inform us of any changes in your Personal Data, and in accordance with our obligations under Portuguese Law and GDPR we will update or delete your Personal Data accordingly. To find out what Personal Data we hold for you, or to have your Personal Data updated, amended or removed from our database (right to be forgotten), please email us at firstname.lastname@example.org. Removal from our systems will also result in the termination of any and all services currently active on your account, no refunds can be provided for the billing period in which this action is performed.