What is GDPR?
HomeData Processing Addendum
The General Data Protection Regulation (GDPR / DSVGO) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018..
What are your sub-processors, as defined by the GDPR?
Cloud-IAM uses certain sub-processors to assist it in providing to its customers the Application Services as described in the Master Services Agreement or Terms of Use available at terms-of-service or such other location as the Terms of Use may be posted from time to time (as applicable, the “Agreement”). Defined terms used herein shall have the same meaning as defined in the Agreement.
What is personal data?
GDPR is especially concerned about protecting personal data of individuals. Personal data (
Art. 4 GDPR) consists of any information that allows us to identify a person directly or indirectly and can be anything such as a name, email address, credit card number, or documents with personal information.
How we process personal data
When you visit our websites or use our services we will most likely process your personal data in one way or another. You can find all relevant information about which data we process, our legal basis for processing, and your rights regarding your personal data in our
privacy policy.
How about sub-processors?
A subprocessor is a third party data processor engaged by Cloud-IAM, including entities from within the Cloud-IAM group, who has or potentially will have access to or process Customer Content (which may contain Personal Data). Cloud-IAM engages different types of subprocessors to perform various functions as explained in the tables below.
Cloud-IAM use the following sub-processors to provide Cloud-IAM's customers cloud infrastructure environment and storage for Cloud-IAM's Keycloak Clusters. Personal data of Cloud-IAM's customers's customer will only be stored there:
| Subprocessor |
Country of processing |
Purpose |
| Scaleway. |
Europe |
Cloud-IAM's customers Keycloak deployments |
| Google Inc. |
USA, Europe, Asia |
Cloud-IAM's customers Keycloak deployments |
| Amazon Web Services, Inc.. |
USA, Europe, Asia |
Cloud-IAM's customers Keycloak deployments |
Processing of Cloud-IAM's Customer Content.
Cloud-IAM work with various subprocessors that monitor, maintain and otherwise support the Cloud-IAM control-plane (Cloud-IAM's dashboard and Cloud-IAM's REST API).
In order to provide this functionality these subprocessors may, but not necessarily will, have access to Cloud-IAM's Customer Content but never Cloud-IAM's customer's customer content.
| Subprocessor |
Country of processing |
Purpose |
| Brevo |
Europe |
Automated mailing |
| BetterUptime |
Europe, Czech Republic |
Uptime monitoring, status page and on-call management |
| Crisp |
Europe, France |
Customer relations management |
| G Suite |
United States |
Internal company infrastructure |
| Matomo |
Paris, Europe |
User experience understanding in Cloud-IAM websites and products |
| Netlify |
United States |
Cloud-IAM dashboard static files hosting |
| Scaleway. |
Europe |
Cloud-IAM main infrastructure (REST API, database (Cloud-IAM's own users), logs (without PII), metrics (without PII), data exports) |
| Sentry |
United States |
Application monitoring and error management |
| Stripe |
United States |
Online payment processing services |
| Webflow |
United States |
CMS used for Cloud IAM's web site |
| YouSign |
France, Europe |
Electronic signature platform used for quote |
* Note, the list of subprocessors applies to any new Cloud-IAM customers as of that date, or existing Cloud-IAM customers who have not otherwise received notice of a different effective date of this list.
Always in control
As a French SaaS we can provide the highest degree of GDPR compliance. We rely on best-in-class global companies to provide our customers with the best possible confidentiality, integrity and availability. We understand that you might not want to rely on our or our sub-processor's controls and measures to safely handle personal data of you and your customers. We can provide high-quality, that include access to our support services without accessing your data.
