Find below a chart of involved parties in the GDPR.
- Supervisory Authority is normally the national data agency (which in EU work under the EU General Data Protection Regulation). Each country implements this in their national law.
- The Data Controller is the party controlling the data. In the case of Umbraco Cloud it is our customers who decide what data (if any at all) to put into their Umbraco Cloud projects.
- The data processor is in the case of Umbraco Cloud us at Umbraco. We process the data stored with the purpose of running Umbraco Cloud (nothing more - nothing less). We have therefore made a Data Processor Agreement ensuring that you as a Data Controller know what we do, why we do it and where your data is stored. We are allowed to use external suppliers (Sub Processors) for this purpose provided we tell you beforehand.
- Sub Processors in the case of Umbraco Cloud is Microsoft Azure. Data is either stored at NW Europe (Netherlands) data center within the EU or US East (Virginia) - you as a customer decide which data center you prefer. We, as the main Data Processor, are obliged to ensure the same level of security and diligence from our suppliers as we promise you and as we are obliged to by the GDPR. Therefore we need to have a DPA with Microsoft - which we have and that you can find here (pick Online Service Terms and a relevant language).
- The data Subjects are your customers that you register information about. It is your responsibility that the data you register and use are within the law. It is also your obligation to delete, revise, update the data registered.