Purpose
HOST has completed Transfer Impact Assessments (TIAs) for relevant data transfers, following GDPR requirements and the updated 2021 Standard Contractual Clauses (SCCs) for EU and non-EU transfers. HOST’s TIAs include legal evaluations from internal and reputable external advisors. Therefore, full TIAs aren’t shared publicly. This factsheet provides sufficient information to confirm HOST's positive TIA results, supporting customer obligations regarding supplier oversight.
General Information
Scope of Processing
HOST processes the following data types and categories as directed by the customer:
Data Transfers
HOST utilizes cloud hosting services across multiple regions, allowing customers to select data storage regions. HOST Support and Operations Teams may access customer data solely for support purposes, following stringent access control measures, including MFA and IP whitelisting. Data access is logged, justified, and time-bound.
HOST works with selected sub-processors, each aligned with strict security and compliance standards, to enhance service delivery.
Regulatory Framework
Some foreign regulations may permit governmental data access requests, which HOST addresses through robust technical measures to secure customer data and structured legal procedures to challenge access demands.
Transfer Mechanisms
HOST adheres to the EU Commission’s adequacy decisions and the updated SCCs for international transfers. Along with legal and operational safeguards, these practices ensure GDPR-aligned protection across all transfer destinations.
Previous Access Requests
To date, HOST has not received any data access requests from government authorities. HOST’s Transparency Report is accessible for customer review.
Government Access Procedure
If HOST receives a disclosure request, it follows an ISO 27701-certified protocol to challenge the request or redirect it to the customer, ensuring the utmost protection for customer data.
Supplementary Measures
HOST’s Information Security Addendum outlines ISO 27001-2022 compliant security practices. These include encryption (AES-256 for data at rest and TLS 1.2+ for data in transit), multi-layered access controls, and regular SOC 2 Type II audits. Detailed security reports are available under NDA.
Summary
HOST’s data practices and protections meet GDPR and SCC requirements. Following Schrems II, HOST ensures that all security measures, legal standards, and access protocols apply uniformly to all data transfers, securing customer data globally.