< compliance

Global Compliance and Security

CenturyLink follows BDSG's strict cybersecurity requirements

German Federal Data Protection

The Bundesdatenschutzgesetz or BDSG, is Germany’s Federal Data Protection Act. Enacted in 1970 and later amended in 1990 and 2009 as the use of information technology grew, the need for a regulatory framework was created and expanded to protect and safe guard the use of personal data. Additionally, Germany requires all parties to assure Safe Harbor requirements are met, requiring CenturyLink Cloud services to obey incremental BDSG compliant standards.

CenturyLink maintains a standard operating MSA and Annex clearly identifying scope, responsibilities and obligations enabling CenturyLink cloud customers remain in BDSG compliance. CenturyLink ensures the required technical and organizational measures are adhered to for protection of personal data against misuse and loss in accordance with the requirements of the BDSG.

CenturyLink is Safe Harbor Certified for personal information

US – EU Safe Harbor

CenturyLink is Safe Harbor Certified and adheres to the Principles administered by the United States Department of Commerce in consultation with the European Commission and the Federal Data Protection and Information Commissioner of Switzerland with respect to personal information within the scope of this Policy. CenturyLink will conduct annual assessments to confirm the accuracy of, and verify its adherence to, this Policy. CenturyLink will investigate suspected infractions and will take all appropriate action.

Safe Harbor is intended for organizations and service providers within the European Union or United States that store customer data. The regulations are designed to prevent accidental information disclosure or loss in accordance with the EU’s strict formalized system of privacy legislation. Organizations operating within the EU are not permitted to transfer personal data to countries outside the EU operating area unless there is a guarantee that it will receive the same levels of protection as it would within the EU.

The Safe Harbor Privacy Principles allows US companies to register their certification if they meet the European Union requirements. These principles must provide:

  • Notice: Individuals must be informed that their data is being collected and about how it will be used.
  • Choice: Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
  • Onward Transfer: Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  • Security: Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity: Data must be relevant and reliable for the purpose it was collected for.
  • Access: Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement: There must be effective means of enforcing these rules

Once opted into Safe Harbor, an organization must re-certify every 12 months. A self-assessment can be conducted to verify that it complies with these principles. Additionally, there are third party vendors that will conduct the assessments as well.

CenturyLink Safe Harbor Privacy Policy - For more information.

TRUSTe Privacy Certification

TRUSTe Privacy Seal

CenturyLink Cloud has been awarded TRUSTe's Privacy Seal signifying that our Privacy Policy and practices have been reviewed by TRUSTe for compliance with TRUSTe’s Program Requirements and the TRUSTed Cloud Program Requirements including transparency, accountability and choice regarding the collection and use of your Personal Information.

TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our Privacy Policy or practices, please contact us at [email protected]. If you are not satisfied with our response you can contact TRUSTe directly.

The TRUSTe certification only covers information collected on the CenturyLink Cloud website and through our Control Panel and does not cover information that may be collected offline, information you may store on our services or products, or websites maintained by other companies or organizations to which we may link.