ASPHostCentral.com prioritizes customer trust. We know that customer data is important to our customers’ values and operations. That is why we keep it private and safe
ASPHostCentral.com supports over 10,000 domains in multiple countries and territories. Our customers entrust us with large amounts of sensitive information, stemming from a wide range of industries including healthcare, financial services, government, and technology.
ASPHostCentral.com helps customers maintain control of their privacy and data security in a myriad of ways:
Service Data is any information, including personal data, which is stored in or transmitted via the ASPHostCentral.com services, by, or on behalf of, our customers and their end-users.
From a privacy perspective, the customer is the controller of Service Data, and ASPHostCentral.com is a processor. This means that throughout the time that a customer subscribes to services with ASPHostCentral.com, the customer retains ownership of and control over Service Data in its account.
We use Service Data to operate and improve our services, help customers access and use the services, respond to customer inquiries, and send communication related to the services.
ASPHostCentral.com prioritizes data security and combines enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected.
For example, ASPHostCentral.com servers are hosted at Tier IV or III+, SSAE-16, or ISO 27001 compliant facilities. Additionally, we engage third-party security experts to perform detailed penetration tests on a periodic basis, and our Support team is on call 24/7 to respond to security alerts and events.
ASPHostCentral.com has data centers in three main regions — United States, Asia Pacific, and the European Union. Service Data may be stored in any region. Customers can select the region in which data centers that host certain of their Service Data are located by purchasing the Data Center Locality Add-On. Please see the Regional Data Hosting Policy for additional information.
ASPHostCentral.com recognizes that privacy and data security issues are top priorities for customers. ASPHostCentral.com does not disclose Service Data except as necessary to provide its services to its customers and comply with the law as detailed in our Privacy Policy found here.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information with relevant law enforcement agencies or public authorities if we believe same to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Master Subscription Agreement, or as otherwise required by law.
The EU Data Protection Directive (also known as “Directive 95/46/EC“) addresses the processing of personal data and the free movement of such data. Broadly, this Directive sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.
Directive 95/46/EC established the Article 29 Working Party (“WP29”), which is comprised of representatives from the data protection authorities of all the EU Member States as well as from the European Commission. WP29 works to harmonize the application of data protection rules throughout the EU and also advises the EU Commission on the adequacy of data protection standards in non-EU countries.
ASPHostCentral.com customers that collect and store personal data are considered data controllers under Directive 95/46/EC. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including Directive 95/46/EC and the GDPR as of May 25, 2018.
ASPHostCentral.com offers customers a robust Data Processing Agreement (“DPA”), governing the relationship between the customer (acting as a data controller) and ASPHostCentral.com (acting as a data processor). The DPA facilitates Zendesk’s customers’ compliance with their obligations under EU data protection law. Our DPA contains strong privacy commitments that few software companies can match, and has been updated to confirm our compliance with the GDPR as and from May 25, 2018. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to ASPHostCentral.com outside of the European Union by relying on one of three mechanisms: our Binding Corporate Rules, our Privacy Shield certification, or Standard Contractual Clauses.
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”) which provide a data controller a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”). The Model Clauses are appended to the ASPHostCentral.com DPA to help provide adequate protection for data transfer outside of the EEA or Switzerland.
ASPHostCentral.com periodically replicates data for purposes of archival, backup and audit logs. We use IBM Technology and Infrastructure to store some of the information that is backed up, such as database information and attachment files.
ASPHostCentral.com customers who purchase the Data Center Location Add-on have the ability to select the region (from the available ASPHostCentral.com regional options) where the data center which hosts their Service Data is located. Otherwise, ASPHostCentral.com may utilize any of its global data centers to host Service Data.
Since our inception, ASPHostCentral.com ’s approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.
If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our customers’ trust, our DPA has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR. Our contractual commitments guarantee that customers can:
The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.
At this point, you may be asking how ASPHostCentral.com ’s products align with these privacy rights and where you can learn more about the features and functionality made available in Zendesk’s products that support a GDPR compliance program.
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
ASPHostCentral.com encourages customers to begin preparing for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance by May 2018. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
ASPHostCentral.com provides customers the option to delete Service Data that may contain personal data, such as profiles, tickets, images, and attachments, in active ASPHostCentral.com Support accounts. Within the ASPHostCentral.com Support product, Administrators and Agents (collectively described as “Users”) have profiles with hierarchical privileges, as described here.