Account Deletion and Data Deletion Request
Your right to be forgotten
CloudPhysics recognizes the right to be forgotten and observes your right to delete all personal data which CloudPhysics holds. (GDPR “right to be forgotten” / “right to erasure”) EU individual citizens have a right to the erasure of their personal data, under the GDPR law. At CloudPhysics, we are happy to extend this right to all users, worldwide, as we believe it is based upon good principles. CloudPhysics also extends this right to some organizational data where the law requires.
Data that we process
Firstly, you may want to familiarize yourself with how CloudPhysics’ processes and data collection practices, which you can read about here. If you have not received a CloudPhysics account (e.g. to use https://app.cloudphysics.com) then we have no data that concerns you. You do not have a CloudPhysics account unless you created one (either manually or were invited by a strategic partner to process data). To be clear: if you have no login at http://app.cloudphysics.com, then we do not have, and cannot process, any of your data, and thus have nothing to delete.
On-Premises and Cloud Provider Data
If you deployed the CloudPhysics Observer, you will need to turn off and delete the observer to prevent your organization from sending data to CloudPhysics.
If you have a connection to CloudPhysics via Amazon AWS, Microsoft Azure, Google Cloud, or any other cloud provider, you will need to change your cloud access policies and roles to remove the access you have granted to CloudPhysics for data collection. CloudPhysics cannot remove policies from your organization. Cloud data collected by CloudPhysics and residing within the CloudPhysics systems that is identifiable to your organization will be deleted.
Limitations upon rights to delete data
There are other laws, except the GDPR, which touch upon the deletion of data. In particular, there is some data that we are legally required to maintain for a time. For example, VAT (sales tax) laws require us to keep purchase data for audit purposes for a minimum of 10 years after purchase. UK data retention laws require us to keep web server access logs for 6 months – after which they are automatically deleted. The GDPR also allows anonymization, instead of deletion of data, in some circumstances. Anonymization means that there is no way to trace the data back to you. Specific information follows.
What data we will delete or anonymize/scramble
- All your support form entries will be deleted from our web site’s database.
- Global aggregate hardware inventories (Server vendor, storage vendor, processors family, etc) and configurations will be anonymized and used as part of the global data lake to provide analysis of global trends. No data will correlate back to any organization.
- If you are a premium customer, then your account will be locked to prevent future logins. If you are not a customer, then it will be deleted.
- Any/all data in your CloudPhysics history will be deleted.
- Any/all users within your organization will be deactivated and deleted upon confirmation of the users.
Things that are not deleted, or which are deleted later, with reasons
- We do not delete information out of our website backups, because this is technically too difficult to accomplish. However, they are stored encrypted after a number of months (depending on our current policy). We also keep a log of deletion requests so as to be able to a) demonstrate compliance and b) re-run any deletion requests in the event of needing to restore a backup.
- Sales records and data held by payment vendors are retained for a minimum of 10 years, to comply with taxation/auditing laws, and our own accountancy and auditing requirements.
To request the deletion of your personal data, please use this form. If you are not a paying customer, then you can leave the relevant fields empty, and explain in the message input area. If you are an EU citizen, then we are granted one month to respond to the request (usually, one month to carry it out). We will take steps to verify your identity, to prevent fraud/abuse (“social engineering” attacks).
By completing the account deletion request form provided, your personal data will be removed from CloudPhysics. If you requested your organization data also be removed, we will follow through with due diligence to notify all additional users and partners of the deletion request before the non-personal company data is removed. This is to ensure that all parties have approved the account deletion.