Data Protection Policy
Rapid.Space provides cloud, edge and radio access infrastructure as well as the related software, support and maintenance services. In the course of these activities, Rapid.Space may come into contact with personal data belonging to its clients or to third parties whose data its clients choose to process using Rapid.Space services. This page describes, in general terms, how Rapid.Space approaches data protection in this context. Where a specific data processing agreement has been signed between a client and Rapid.Space, the terms of that agreement prevail over the present page.
Rapid.Space carries out its activities in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and with the French Loi Informatique et Libertés (Law No. 78-17 of 6 January 1978, as amended). The competent supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).
Roles
Each client decides what personal data is processed using Rapid.Space services, for what purpose, and on what legal basis. The client therefore acts as the data controller within the meaning of Article 4 of the GDPR. Rapid.Space, where applicable, acts as a data processor within the meaning of Article 28 of the GDPR, processing personal data only as needed to deliver the services that the client has subscribed to or purchased.
The client is responsible for complying with applicable data protection law in its own use of Rapid.Space services, including the lawfulness of data collection, the information provided to data subjects and the handling of any data subject request. The client is also responsible for ensuring that the categories of data processed using Rapid.Space services are appropriate to the nature of those services.
Approach
Rapid.Space takes reasonable technical and organisational measures to protect the personal data that may be processed in the course of providing its services. These measures are aligned with the requirements of Articles 24, 25 and 32 of the GDPR and are adapted over time in line with the evolving state of the art. A description of the measures in force may be communicated to clients upon written request.
Persons working for Rapid.Space, whether employees, contributors or affiliates, are bound by appropriate confidentiality obligations and have been made aware of the data protection rules applicable to them. Rapid.Space has designated a contact person for data protection matters, available to clients upon request.
Rapid.Space hosts most of its infrastructure within Member States of the European Union or the European Economic Area, and selects partner data centres accordingly wherever feasible. Some Rapid.Space staff and contributors work remotely, including from countries outside the EU and the EEA, and may, in the course of software edition, technical support or maintenance, have technical access to systems containing personal data. Clients with specific geographical requirements should agree these conditions with Rapid.Space in writing.
Rapid.Space may rely on subcontractors, including entities within the Nexedi–Rapid.Space group of companies, for the purpose of providing its services. The current list of subcontractors involved in the processing of client data may be communicated to clients upon written request.
Data Subject Rights
Where a data subject contacts Rapid.Space directly to exercise rights under Articles 15 to 22 of the GDPR, Rapid.Space will forward the request to the client concerned without undue delay, since the client is the data controller and is best placed to respond. Rapid.Space supports the client in handling such requests where this is technically feasible and consistent with the services concerned. Where the support requested requires significant time and resources, it may be invoiced on a time and materials basis.
Specific Engagements
Clients who require formal contractual commitments going beyond the principles described on this page, in particular a dedicated data processing agreement covering the obligations set out in Article 28 of the GDPR, are invited to contact Rapid.Space directly to put such an agreement in place.
Contact
For any question related to data protection, please contact Rapid.Space at the address indicated on the contact page.