GlowHost.com’s GDPR Statement
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) in 2018. Its primary aim is to enhance individuals’ control over their personal data and to unify data protection regulations within the EU. GDPR applies to organizations operating within the EU and those outside the EU that offer goods or services to, or monitor the behavior of, EU residents.
GlowHost’s ongoing compliance efforts include:
Contractual Commitments
Suppliers, partners and customers utilizing or intending to utilize GlowHost services with data that is subject to protection under the GDPR are required to discuss the compliance requirements with GlowHost. These requirements include, but are not limited to, data storage, data handling, and execution of a Data Protection Addendum (DPA) under which GlowHost will be a Processor and Customer will be the Controller as defined under the GDPR.
Cross-Border Data Transfer
In addition to ensuring GlowHost contractual commitments, policies, procedures and supplemental documentation meet the requirements to legally transfer data from the EU to the United States under applicable law, GlowHost offers the Standard Contractual Clauses (SCC) to our customers.
Employee Training and Awareness
All GlowHost staff members complete data privacy and security training. In addition to this training, GlowHost conducts ongoing awareness initiatives on a variety of topics, including data protection, security, and privacy.
GlowHost Partners and Customers
Compliance with the GDPR requires a partnership between GlowHost and our partners and customers in their use of applicable GlowHost services. In this context, GlowHost generally will act as a Data Processor, as defined by the GDPR, and our partners and customers generally will act as the Data Controllers. It is important that any partner or customer notify GlowHost if it intends to use GlowHost with data that is subject to protection under the GDPR.
