The Bundesdatenschutzgesetz or BDSG, is Germany’s Federal Data Protection Act. Enacted in 1970 and later amended in 1990 and 2009 as the use of information technology grew, the need for a regulatory framework was created and expanded to protect and safe guard the use of personal data. Additionally, Germany requires all parties to assure Safe Harbor requirements are met, requiring CenturyLink Cloud services to obey incremental BDSG compliant standards.
CenturyLink maintains a standard operating MSA and Annex clearly identifying scope, responsibilities and obligations enabling CenturyLink cloud customers remain in BDSG compliance. CenturyLink ensures the required technical and organizational measures are adhered to for protection of personal data against misuse and loss in accordance with the requirements of the BDSG.
CenturyLink is Safe Harbor Certified and adheres to the Principles administered by the United States Department of Commerce in consultation with the European Commission and the Federal Data Protection and Information Commissioner of Switzerland with respect to personal information within the scope of this Policy. CenturyLink will conduct annual assessments to confirm the accuracy of, and verify its adherence to, this Policy. CenturyLink will investigate suspected infractions and will take all appropriate action.
Safe Harbor is intended for organizations and service providers within the European Union or United States that store customer data. The regulations are designed to prevent accidental information disclosure or loss in accordance with the EU’s strict formalized system of privacy legislation. Organizations operating within the EU are not permitted to transfer personal data to countries outside the EU operating area unless there is a guarantee that it will receive the same levels of protection as it would within the EU.
The Safe Harbor Privacy Principles allows US companies to register their certification if they meet the European Union requirements. These principles must provide:
Once opted into Safe Harbor, an organization must re-certify every 12 months. A self-assessment can be conducted to verify that it complies with these principles. Additionally, there are third party vendors that will conduct the assessments as well.
The TRUSTe certification only covers information collected on the CenturyLink Cloud website and through our Control Panel and does not cover information that may be collected offline, information you may store on our services or products, or websites maintained by other companies or organizations to which we may link.