We understand the need for strict privacy regulations required by certain countries. For the European data protection acts Bundesdatenschutzgesetz (BDSG) and General Data Protection Regulation (GDPR), Static.Media provides infrastructure for sites, apps or other properties. For sites, apps, or other properties hosted with Static.Media you are the "Data Processor", and you or your affiliate or client is the "Data Controller".
Credit / debit card purchases for Static.Media services are processed by the third-party vendor GoCardless. When you provide your credit / debit card information for a payment the data is sent to GoCardless, i.e. the payment data is not stored on our systems. GoCardless power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.
When using Static.Media services and products that incorporate this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area and where data protection law requires such disclosures and consents. If you fail to comply with this policy, we may limit or suspend your use of the Static.Media service or product and/or terminate your agreement.
For Static.Media products and services used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area and where data protection law requires such disclosures and consents.
You must obtain end users’ legally valid consent to:
When seeking consent you must:
You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of Static.Media’s services. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.
You must use commercially reasonable efforts to ensure that an end user is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the end user’s device where such activity occurs in connection with a service or product to which this policy applies.
If personal data of end users of a third party property is shared with Static.Media due to your use of, or integration with, a Static.Media service or product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate's or your client's control and whose operator is not already using a Static.Media service or product that incorporates this policy.
Static.Media provides services as a provider of Infrastructure-as-a-Service (IaaS). Giving you flexibility to choose how to use that infrastructure. As well as freedom to choose what data to process on that infrastructure. This IaaS is under your control, including with respect to whether any personal data is uploaded to the infrastructure service and, if so, how that personal data is “processed”.
In respect of data processed by you on the IaaS Static.Media will not (a) access or use such data except as absolutely necessary on your behalf to provide services to you, or (b) process such data for Static.Media’s own purposes, including, in particular, for the purposes of data mining, profiling, or direct marketing.
Where the nature of your core activities and/or the type of data processed on any site, app or other property that is under your control requires such you are under obligation to appoint your own Data Protection Officer (DPO). Static.Media will not act as DPO on your behalf.
Where appropriate for all sites, apps or other properties that are under your control, or that of your affiliate or your client, you or your affiliate or client will act as Data Controller (DC). Static.Media will not act as DC on your behalf.
Where appropriate for all sites, apps or other properties that are under your control, or that of your affiliate or your client, you will act as Data Processor (DP). Static.Media will not act as DP on your behalf.
You must ensure that persons authorised by the processor to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (GDPR Art 28(3)(b)).
The majority of the obligations from data protection law will fall upon the DC, it may be that infrastructure or services provided by Static.Media need to be adapted to accommodate the service and legal burden of your customers, or of your affiliates or your clients. Static.Media will use commercially reasonable efforts to ensure that services provided to you accommodate this, without Static.Media assuming the role of DPO, DC, or DP.
You must (taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (GDPR Art 32(1)).
Static.Media will provide the customer with the ability to rectify, erase, restrict or retrieve customer data. You may use this ability to assist customers in the fulfilment of your obligations to respond to requests for exercising data subject's rights.
Static.Media may provide you with the ability to rectify, erase, restrict or retrieve customer data (a) as part of the service, or (b) by enabling you to design and deploy your own solutions using the service. The method this is provided through will be dependant upon the IaaS setup for you.