1. Introduction

KGV Consulting Corp a.k.a. CIRRUSSERV by KGV Consulting Corp. provides cloud infrastructure services, managed services, and business continuity solutions to help businesses deploy and secure their applications, websites, databases, and more on the cloud, enabling them to be more agile. Too ensure the hieghest level of security and performance we outsorce the hardware (physical) servers to INAP.

Often, these services entail that KGV Consulting Corp. servers receive and store “personal data” as defined in EU data protection laws. KGV Consulting Corp. customers may use KGV Consulting Corp.’s services to store, transmit, encrypt, decrypt, modify, process, and otherwise manipulate and/or transmit this personal data as they see fit. KGV Consulting Corp. provides the infrastructure for businesses to build on, but KGV Consulting Corp. does not control how its infrastructure is used specifically, thus there are a wide range of applications and ways that personal data may be processed on top of the KGV Consulting Corp. platform.

2. EU Data Processing laws

Although KGV Consulting Corp. is a US based company, KGV Consulting Corp. takes EU Data Processing laws seriously. KGV Consulting Corp. complies with EU Data Processing laws, including: as of 18 May 2017 the Data Protection and Directiveas from 25 May 2018 replaced by the GDPR

3. Processing operations and role

In relation to EU privacy laws, KGV Consulting Corp. categorizes personal data into two categories:

• In most application cases, KGV Consulting Corp. merely stores, transmits or manages data for its customers at the direction of the customers. In these respects, KGV Consulting Corp. is simply a processor of customer data.
• KGV Consulting Corp. collects and stores detailed contact information, communication records, and other information for the purposes of billing, providing services, verifying the identity of customers over the telephone, marketing, and more. In these respects, KGV Consulting Corp. is a controller of its own customer data. For customer data that KGV Consulting Corp. stores for the purposes of account management, KGV Consulting Corp. will comply with its Privacy Policy, as posted online.

Roles and Responsibilities

• Access: Customer manages who has access to systems; KGV Consulting Corp. provides tools and general network and physical level security
• Storage: Customer decides what to store and where; KGV Consulting Corp. provides environment where the data is stored
• Transmission: Customer makes content available on the internet; KGV Consulting Corp. provides network connectivity for this content to be accessed remotely by users
• Security: KGV Consulting Corp. together with INAP Company implements standard up-to-date security measures to secure the environment and connections; KGV Consulting Corp. can deliver additional and/or alternative measures upon customer’s request Customer decides what security measures are implemented within the environment and what passwords are used to protect it; KGV Consulting Corp. can provide assistance in this regard
• Disclosure: KGV Consulting Corp. will not disclose unless required by law or a binding judicial order
• Compliance with other elements of data protection laws, such as data subject rights, data breaches, data protection impact assessment, prior consultation: KGV Consulting Corp. can provide assistance upon customer’s request

4. Applicability of GDPR

The GDPR applies to KGV Consulting Corp. processing activities for its customers if:

The customer uses KGV Consulting Corp.’s services in the context of its activities of its establishments in the EU;

The customer uses KGV Consulting Corp.’s services of INAP’s establishment in the EU (in Amsterdam, the Netherlands); or

The customer uses KGV Consulting Corp.’s services for:

Offering goods or services to data subjects in the EU; or Monitoring the behavior of data subjects in the EU

In this respect, we request our customers to inform us when they intend to use our services in the context of any EU establishment or if they otherwise feel that the GDPR is applicable to the processing of their data (cat. 1).

Note that for the personal data we process for our own purposes (cat. 2) and for which we would be the controller, the GDPR only applies to the extent that:

The processing occurs in the context of the activities of the KGV Consulting Corp. in INAP establishment in the EU (Amsterdam, the Netherlands);

The processing relates to:

Offering goods or services directly to data subjects in the EU; or The monitoring of the behavior of data subjects in the EU.

5. GDPR compliance

To ensure GDPR compliance KGV Consulting Corp. undertakes the following:

• KGV Consulting Corp uses hardware(physical) server locations provided by INAP an EU-US Privacy Shield Certified
• KGV Consulting Corp. enters into data processing agreements with its customers if the GDPR applies to the processing of their data.
• KGV Consulting Corp. enters into sub-processing agreements with its providers if necessary.
• KGV Consulting Corp. implements up-to-date security measures, performs regular audits, and is willing to implement additional measures upon customer’s request.
• In areas applicable to GDPR, KGV Consulting Corp. offers its customers assistance in relation to security, data subject rights, data breaches, data protection impact assessment, prior consultation and other elements of the GDPR.