When processing personal data, there are two roles, the Data Controller (PuA) who has ultimate responsibility for the processing and determines the purposes and means. The controller shall ensure compliance with the law, shall inform the persons whose personal data is processed and shall ensure compliance with the data processor. The Data Processor (PuB) processes the personal data on behalf of the controller and is responsible for the technical and organisational security measures.
Customer is Data Controller
All personal data processed must have a legal basis for. As a Data Controller, it is your responsibility to find out the basis for the data being processed and document this. What it looks like depends on your business, what laws you follow, how necessary the data itself is for your business and so on. It is always the person who decides that personal data should be collected that is the data controller and thus has the obligation to, among other things, protect the data and inform the person who is registered.
Rackfish is Personal Data Processor:
If a data controller hires a subcontractor to transfer data (e.g. a data center, a social network, an email operator), this is The Data Processor, and that is Rackfish’s role in our relationship with customers. All processing of personal data in Rackfish’s services is the responsibility of the customer, the controller. Rackfish is a data processor and is responsible for ensuring that your collected personal data is processed securely and according to the law.
Rackfish is the Data Controller
Personal data processor agreement
The controller needs to ensure that you have an assistant agreement with the data processors you use, which regulates that the subcontractor complies with the legal requirements. Since there are often many competences involved in digital services, there is usually a chain of subcontractors under the Personal Data Processor. The right to use sub-assistants shall be governed by the assistance agreement. The data processor must also ensure that there are assistance agreements between themselves and sub-processors.
The assistance agreement regulates, among other things, the use of sub-assistants, deletion of data at the termination of the agreement, possibilities for follow-up, security level and confidentiality.
For custom services and our streamio product, Rackfish uses IT & Telecom companies’ standard agreements to comply with industry standards.
We want to draw up our own agreement
For our standard services, we cannot sign the customer’s own assistance agreement. There are several reasons for this, but most importantly, we cannot make individual assessments of contract terms for hundreds of customers while implementing these terms in a service that is standardized.
Another important reason is the economy. Standard services, such as cloud services, storage and distribution, are highly competitive. Legally reviewing, valuing and negotiating these and then adapting a service that follows it is often not possible on the margins that exist.
You have the legal right to give specific instructions on how personal data is handled. Or if, due to laws or regulations, you have specific requirements for writing any detail, then of course we can discuss deviations from the basic agreement and deal with this. Please contact us and specify what deviates from your needs in the standard agreement and this handling will be facilitated. This usually requires a customized service.
Many of our customers have customized services and there can of course be customized contract terms, but then the solution will also be adapted and the costs of the service as well. In many cases, there are also costs for reviewing the agreement legally, contact us and we will discuss how we can resolve this.