Information about our company’s data protection and personal data processing practices in the form of “frequently asked questions”:
Can Magic Cloud staff access or process personal data of the customer company, for example in the context of customer service/helpdesk operations or database maintenance?
Yes. Access by Magic Cloud staff to customer company personal data in the company database varies depending on the service used by the customer.
How is it ensured that only certain designated persons in your company have access to personal data?
The rights and powers of staff in the information systems used to deliver services are limited according to the scope of their work, and access to the systems is controlled through targeted access rights.
Staff user IDs and access rights are deleted without delay when the person is no longer employed by Magic Cloud.
How is it ensured that no third party has access to the data, for example via a computer network?
The services provided by Magic Cloud are implemented in accordance with best practices. The data stored in Magic Cloud’s cloud services is stored in a company-owned, secure server centre environment in Finland, which is constantly updated and maintained. The technical implementation is described in more detail in Magic Cloud’s system description.
Does Magic Cloud use subcontractors who have access to or process the customer's personal data?
As a rule, not used. Where subcontractors are used to provide some services, subcontractors are required to comply with the same data protection principles.
How is it ensured that the review or processing of personal data results in log information about the reviewer and the subject of the review?
Magic Cloud’s data and communication systems record data processing history on a service-by-service basis as required.
Has your staff signed a confidentiality agreement covering personal data of your customers' employees?
Yes, all Magic Cloud staff are bound by the confidentiality clause in their employment contracts to respect the confidentiality of customer company data.
How are your staff trained in the requirements of the GDPR?
The daily activities of our staff are guided by our company’s data protection guidelines, which we have drawn up jointly. The privacy policy and practices are also part of the induction process for new employees. Our staff’s knowledge and understanding of the requirements of the GDPR is developed and maintained through internal training and the opportunity to participate in, for example, our partners’ data protection training.
For example, will Magic Cloud be making any changes to its terms and conditions or software upgrades due to the GDPR?
Magic Cloud has prepared an explanation for its customers on how to implement the requirements of the GDPR. In addition, the customer may, if he wishes, supplement the service contract with Magic Cloud with a contractual annex on data security.
For software, Magic Cloud continuously monitors security bulletins, published security updates and vulnerabilities, and updates the software it uses and provides to its customers as necessary.
How is customer data deleted at the end of the customer relationship?
Upon termination of the customer relationship, Magic Cloud will close the communication, information system, data transfer and remote access connections opened to the customer and delete the data stored by the customer on the Magic Cloud system within an appropriate period of time.
Interested in our service? Request a quote easily here!
Make an appointment with our team to review your current cloud solution and determine which sovereignty strategy is best for your organisation.
Interested in our service? Request a quote easily here!
Make an appointment with our team to review your current cloud solution and determine which sovereignty strategy is best for your organisation.