DATA HOSTING POLICY
Vision Helpdesk’s Data Hosting Policy explains where Vision Helpdesk Service Data can be Hosted, and where other processing activities occur. “Hosting/Hosted” means the storing, hosting or replicating of Service Data including for archival, backup and log purposes. All other capitalized terms not otherwise defined herein such as “Service Data”, shall have the meaning set forth in Vision Helpdesk’s Terms of Services. Definitions for the categories of Service Data covered in this Data Hosting Policy can be found following the table below. This Data Hosting Policy does not apply to (a) data that resides in any Vision Helpdesk product or services not detailed in this Data Hosting Policy; (b) data that resides in Third Party Services managed and hosted by third parties and the Service Data that is or may be shared with such Third Party Services (as defined in our Master Services Agreement); or (c) data that resides in a Vision Helpdesk product or service that is in a Beta, Testing or Early Access Program (except as noted within this Data Hosting Policy).
WHERE VISION HELPDESK SERVICE DATA CAN BE HOSTED
Vision Helpdesk Subscribers who purchase the Add-on “Data Center Location” have the ability to select the region in which data centers that Host certain of their Service Data are located from the data center regions made available by Vision Helpdesk (“Data Locality”). The table below summarizes the geographical region(s) where the Service Data can be Hosted when the Add-On is purchased and Data Locality is enabled. For the avoidance of doubt, all Service Data which is available for Data Locality as detailed in this Data Hosting Policy can only be Hosted in a single Data Locality:
VISION HELPDESK SaaS Hosting Options
|Service Data Description||Hosting Options|
|Database (Including but not limited to Tickets data, Users profiles, Staff profiles, Solutions, Forum, Blabs etc.)||USA, UK and EU Data Center|
|Files (Attachments, Logs, Reports)||USA, UK and EU Data Center|
|Database Backup, Files Backup||USA, UK and EU Data Center|
Ticket Data: includes ticket comments, tags, custom fields and audit events.
User Data: includes identities, hashed passwords and names for both Agents and End-Users.
Attachments: includes files attached to tickets or articles.
Solution & Forum Content: includes data posted on a Subscriber’s Solutions and Forum Module such as articles and any comments thereto.
Images: includes image files attached to articles in Tickets / Solutions / Forums / Blabs Module.
Ticket Conversations: includes content inserted in a Message thread by End-Users and Agents.
HOSTING AND PROCESSING OF BACKUPS AND LOGS
Backups and audit logs of Service Data for which Data Locality is available (“Backups and Logs”) are also Hosted in the selected region. Backups and Logs may be otherwise Processed outside of the EEA and the US in accordance with the policies below.
PROCESSING OF SERVICE DATA
PROTECTIONS FOR PERSONAL DATA
Service Data may include data relating to an identified or identifiable natural person, which includes persons that can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity (“Personal Data”). Applicable Data Protection Laws (as the term is defined herein) sets out a number of data protection requirements which apply when Personal Data is being Processed. Applicable Data Protection Law means the following data protection law(s)): (i) where Data Controller is established in an European Economic Area (“EEA”) member state or where Data Controller’s Agents or End-Users access the Services from an European Economic Area (“EEA”) member state: (a) prior to May 25, 2018, the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, entitled “On the protection of individuals with regard to the processing of personal data, and on the free movement of such data.” (as implemented into the relevant national laws of the member state in which the data controller is established), and (b) on and after May 25, 2018, the EU Regulation 2016/679 (and any applicable national laws made under it); and (ii) where the data controller is established in Switzerland, the Swiss Federal Act of 19 June 1992 on Data Protection (as may be amended or superseded).
Service Data is Processed by the Vision Helpdesk and its third party service providers in compliance with the EU Directive. This includes compliance with requirements that Personal Data transferred from the EEA to other countries where the Vision Helpdesk or its third party service providers operate is adequately protected. Vision Helpdesk regularly enters into Data Processing Agreements with its Subscribers which incorporate EU Model Contract Clauses and detail our obligations with respect to the Processing of Personal Data. If you would like to review and enter into such an agreement, please contact firstname.lastname@example.org
Vision Helpdesk maintains an up-to-date list of the names and locations of all subprocessors (including members of the Vision Helpdesk and third parties) used for Hosting or other Processing of Service Data, including Personal Data, which can be found Subprocessor List.
Vision Helpdesk computing environments are routinely audited with standards, certifications and accreditations including ISO 27001:2013. Vision Helpdesk servers are hosted at Tier IV or Tier III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Learn more about Security at Vision Helpdesk Security Page. By operating in an accredited environment, Vision Helpdesk Subscribers reduce the scope and cost of audits they need to perform. Vision Helpdesk continuously undergoes assessments of its underlying infrastructure, including the physical and environmental security of its hardware and data centers, so its Subscribers can take advantage of those certifications and simply inherit those controls.
For existing Vision Helpdesk Subscribers who enable Data Locality, migration of Service Data to a data center in the requested region may be required. In such circumstances, a copy of Subscriber’s Service Data will be created during the migration process for +the purposes of ensuring that all Service Data required to be migrated has been fully migrated to the data center in the specified region. This assurance process conducted by Vision Helpdesk may take up to thirty (30) days from the date of commencement of such migration. After the migration process has been completed and confirmed, deletion of the copy of the Subscriber’s Service Data in the former data center will commence under Vision Helpdesk’s Data Deletion Policy. Subscribers should expect that migrations will likely require a scheduled downtime.
VISION HELPDESK APPS AND THIRD PARTY SERVICES
Service Data may be shared with Third Party Services (as that term in defined in our Terms of Services, as amended from time to time), including third party applications that integrate with Vision Helpdesk Services through apps and other integrations. These include Vision Helpdesk Apps made available on the Vision Helpdesk Website or through the Agent interface in the Vision Helpdesk Service. Service Data that is Hosted or Processed through such Third Party Services is outside the scope of this Data Hosting Policy. Please contact the providers of these Third Party Services directly if you have questions about Hosting or Processing of Service Data through these Third Party Services.
OTHER DATA COLLECTED