Personal data protection
GDPR at Beyond.pl
The General Data Protection Regulation (GDPR) is a regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data inside the European Union, with an implementation date of May 25, 2018. In the contrary to the Directive 95/46/EC, which used to regulate the rules of data processing, the GDPR is a regulation, not a directive, so that it does not require national governments to pass any enabling legislation and is directly binding and applicable within the European Union. This solution standardizes the data protection law within the European Economic Area.
Beyond.pl as a data center is obliged to follow requirements for data controllers and processors. As an organization that processes data (processor) we guarantee confidentiality by persons who are authorized to process data of clients and also we constantly increase the level of security implementing appropriate technical and organizational means in order to protect personal data. Additionally, as data administrator, we take care of data security, determining the purposes and means of the processing of this data. We fully understand our clients needs.
Beyond.pl as data processor
Beyond.pl acts as a data processor while processing personal data on behalf of a data controller. It is a typical case, when you use our services and store your personal data at Beyond.pl.
What can you expect if you are a client of Beyond.pl?
As a data processor we are obliged to:
- processing data only for purposes related to proper services performance: under no circumstances we will process your personal data for other purposes (for example marketing etc.),
- transferring your personal data neither outside the European Union nor outside the territory of countries which are considered by the European Commission as the ones guaranteeing sufficient level of data protection: all of your data are stored in Poland. The only exception is the individually chosen by you local configuration of Azure Stack hybrid cloud completed with services available in the global Microsoft Azure,
- using appropriate technical and organizational means adjusted to the type of service and your needs in order to guarantee the security of personal data processing,
- notifying you as soon as possible of any violations of personal data protection,
- supporting you in terms of obeying the obligations arising from the GDPR by delivering essential information.
Who is the owner of personal data processed and stored by you within the framework of Beyond.pl’s services?
Your personal data within the framework of Beyond.pl’s services remain your property.
We manage the environment, in which your personal data are stored. Whereas we do not have access to them and we will not use them, except from cases, in which it is necessary to deliver services to you related to the IT administration.
We will not resell and use your data for our own purposes, such as data mining, creating clients’ portfolio or direct marketing.
Beyond.pl as data collector
Beyond.pl acts as a data collector when it determines the purposes and means of the processing of personal data.
If you are bound with us by a service contract, we become the data collector, with the data we can provide services to your company. We have the access to data, which you indicate by yourself in the contact form attached to the contract. Remember to update your data so that we will be able to contact you immediately if there is a need.
For which purposes do we process your personal data?
At Beyond.pl we use personal data in order to:
- process your queries and to ensure technical support for a particular service. In this case the access to data, which we dispose is strictly limited and takes place according to internal procedures ensuring the security of personal data,
- issue invoices and to manage debt collection,
- manage commercial processes,
- fulfilling legal obligation in response to the requests of a judicial and administrative authority.
What are your rights towards your personal data?
You have the right to receive information regarding processing of your personal data by Beyond.pl as well as your data’s copy. You also have the right to request rectification, deletion or restriction of processing your personal data. At any moment you can also withdraw your consent to process personal data if giving consent is the basis for data processing. If something will worry you, there is a possibility to lodge a complaint with a supervisory authority handling data protection.
Data Protection Officer has been constituted at Beyond.pl. Any question regarding data processing and exercising of rights related to data processing shall be sent to firstname.lastname@example.org
The Inspector of Personal Data at Beyond.pl is Aleksandra Urbanowicz.
Beyond.pl’s security measures
While using our services you can count on the highest standards of infrastructure security, in which your personal data are stored. At Beyond.pl we implement technical and organizational means in order to ensure protection and confidentiality of processed data. In this way we prevent its distortion and damage as well as we disable data access by unauthorized third parties. However, remember to distinguish protection of data stored by you and security of the infrastructure, in which data are stored. As the only owner you are responsible to assure the security of your IT systems and application systems. Beyond.pl assures full security infrastructure and instruments enabling secure storage and processing of data.
We guarantee the highest level of infrastructure security, especially through the implementation of IT systems security policy and compliance with the requirements of particular standards and certification systems. In both data centers of Beyond.pl the security management system is compliant with ISO 27:0001. Beyond.pl Data Center 2 is the first data center in Poland and Central Eastern Europe with Rated 4 according to ANSI/TIA 942 Certification. The audit was based on verifying more than 2,600 elements in four areas including architecture, mechanics, power supply and telecommunication.
At Beyond.pl we assure the following physical security:
- full anti-burglary protection preventing access to the infrastructure, in which your data are stored, to unauthorized third parties,
- privilege management system restricting access to facilities and data, only to persons, who need it due to their function and responsibilities,
- security systems, including anti-burglary and anti-robbery system and video monitoring system,
- 24/7 security personnel (patrols) taking care of physical security of Beyond.pl’s facilities.
Data security in cloud
Deciding on cloud services at Beyond.pl you can count on the following securities:
- two independent data centers connected with its own fiber optic ring, which goes through the main access points in Poznan (own IT infrastructure),
- support of a team of IT administrators with a 10 year experience,
- access to two redundant virtualized environments,
- network security, including access over a VPN connection, firewall mechanisms, redundant LAN,
- derived, redundant SAN only for VMware needs,
- data encryption on many levels, including transmission encryption, backup encryption and encryption of the entire virtual machines/hard drives.
Definitions of terminology used in Data Protection:
Personal data: any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly.
Data processing: operation or range of operations performed on personal data or sets of personal data manually or automatically (collection, recording, retention, storage, disclosure, transfer, disposal, adaptation or alternation etc.)
Controller: natural or legal person, public authority, agency or other body which:
- processes personal data for own purposes,
- alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: natural or legal person, public authority, agency or other body which:
- processes personal data on behalf of the controller,
- does not determine the purposes and means of the processing of personal data.
Last modified: June 26, 2019