NEW

Get your apps to market faster with DigitalOcean App Platform

BlogDocsGet SupportSales
DigitalOcean logo
Products
Products

Featured Products

Droplets

Droplets

Scalable virtual machines
Kubernetes

Kubernetes

Managed Kubernetes clusters
App Platform

App Platform

Get apps to market faster
Databases

Databases

Worry-free setup & maintenance
Spaces

Spaces

Simple object storage
Compute icon

Compute

DropletsKubernetesApp Platform
Managed Databases icon

Managed Databases

MySQLPostgreSQLRedis™
Developer Tools icon

Developer Tools

APICLIMonitoringTeamsDeploy to DigitalOcean buttonSupport
Storage icon

Storage

Spaces Object StorageVolumes Block Storage
Networking icon

Networking

Virtual Private Cloud (VPC)Cloud FirewallsLoad BalancersFloating IPsDNS

See all products arrow
Solutions
Solutions
Website Hosting

Website Hosting

Easily and reliably host a website
Web & Mobile Apps

Web & Mobile Apps

Quickly build and reliably run your apps
Video Streaming Hosting

Video Streaming Hosting

Create a highly available streaming service
Gaming Development

Gaming Development

Scale your game as fast as you want
Cloud VPN

Cloud VPN

Quickly set up a fast, reliable, and easy to use VPN
Big Data Computing

Big Data Computing

Run batch and streaming big data workloads
Startups

Startups

A cloud partnership to power your startup
SaaS Development

SaaS Development

Build your SaaS exactly how you want
Agency & Web Dev Shops

Agency & Web Dev Shops

Create powerful websites and applications for your clients
Managed Cloud Hosting Providers

Managed Cloud Hosting Providers

We make cloud hosting simple and cost-efficient

See all solutions arrow
MarketplaceCustomers
Community
Community

Community

Overview

Overview

Connect, share and learn
Tutorials

Tutorials

DevOps and development guides
Questions and Answers

Questions and Answers

Development and systems Q&A
Tools

Tools

Community-built integrations

Get Involved

Write for DOnationsMeetupsHatch Startup ProgramOpen Source SponsorshipsHacktoberfest

Featured Articles

How to Deploy a PHP Application with Kubernetes on Ubuntu 16.04

How to Deploy a PHP Application with Kubernetes on Ubuntu 16.04

Understanding Database Sharding

Understanding Database Sharding

How to Build a Node.js Application with Docker

How to Build a Node.js Application with Docker

Pricing
Sign InSign Up
  • Legal & Security
  • GPDR

GDPR FAQ

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European privacy law that went into effect on May 25, 2018. The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

Who does the GDPR apply to?

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.

The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).

Does the GDPR apply to an individual developer?

Yes, if the individual developer is a customer of DigitalOcean and they are processing the personal data of EU individuals when using our products and services.

What is DigitalOcean’s role under GDPR?

We act as both a data processor and a data controller under the GDPR.

DigitalOcean as a data processor: When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets uploaded into a Droplet. This means we will, in addition to complying with our customers' instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.

DigitalOcean as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.

What have we done to comply with GDPR?

We conducted an extensive analysis of our operations to ensure compliance with the requirements of the GDPR before it went into effect. With the help of external advisors, we reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. Our focus on privacy and compliance efforts are ongoing.

What personal data do we collect and store from our customers?

We store data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for our products and services or seek support help. We also may collect other identifying information from our customers, such as IP address, Paypal ID, SSH public keys or Oauth tokens for external services.

We separately act as a data processor when customers use our products and services to process EU personal data, such as uploading personal data to a Droplet. Customers decide what personal data, if any, is uploaded to our products and services.

What is the DigitalOcean Data Processing Agreement ("DPA")?

Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. We have therefore made our DPA available to all our customers and it can be found here: Data Processing Agreement.

Are customers required to sign the DigitalOcean DPA?

In order to use our products and services, you need to accept our DPA, which we have provided a link to on our website: Data Processing Agreement. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.

Can a customer share the DigitalOcean DPA with its customers?

Yes. The DPA is a publicly available document and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.

Do customers need to notify anyone upon accepting our DPA?

No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.

Are there unique DPA needs for individual countries?

The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.

Do we transfer data internationally?

Although we are headquartered in the United States, DigitalOcean has data centers and customers in the EU and other countries. In certain circumstances, we will process personal data that originates from the EU and other countries in the United States to provide our services to you. However, your proprietary data that you upload to Droplets, Spaces, and other services will remain within the region where you choose to host such data, unless we inform you otherwise.

How does the July 2020 European Union Court of Justice ruling affect data transfer under the EU-US Privacy Shield?

DigitalOcean is committed to protecting your privacy. We are certified under the EU-US Privacy Shield, and you can access our certification here. Although Privacy Shield has been invalidated for data transfers from the EU to the United States, we are still committed to honoring our obligations regarding data protection. For data transfers from Switzerland to the US, DigitalOcean still conforms with the Privacy Shield Framework. DigitalOcean currently utilizes Standard Contractual Clauses in connection with transfers of data from the EEA to the US insofar as the EU-US Privacy Shield is deemed invalidated and other means are not yet in place.

Please also refer to the Data Processing Agreement for more information about data transfers.

What security measures do you have in place for data transfers?

We utilize many security measures to protect your data including but not limited to:

  • Data processing systems must be prevented from being used without authorization.
  • Personal data must not be read, copied, modified or removed without authorization during transfer or storage and it shall be possible to establish to whom personal data was transferred.
  • DigitalOcean shall be able retrospectively to examine and establish whether and by whom personal data have been entered into data processing systems, modified or removed.

How do we handle delete instructions from customers?

Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted. Log into your account at cloud.digitalocean.com for further instructions.

Company
  • About
  • Leadership
  • Blog
  • Careers
  • Partners
  • Referral Program
  • Press
  • Legal
  • Trust Platform
Products
  • Products Overview
  • Droplets
  • Kubernetes
  • Managed Databases
  • Spaces
  • Marketplace
  • Load Balancers
  • Block Storage
  • Tools & Integrations
  • API
  • Pricing
  • Documentation
  • Release Notes
Community
  • Tutorials
  • Meetups
  • Q&A
  • Write for DOnations
  • Droplets for Demos
  • Hatch Startup Program
  • Shop Swag
  • Research Program
  • Currents Research
  • Open Source
  • Code of Conduct
Solutions
  • Web & Mobile Apps
  • Website Hosting
  • Game Development
  • Streaming
  • VPN
  • Startups
  • SaaS Solutions
  • Agency & Web Dev Shops
  • Managed Cloud Hosting Providers
  • Big Data
  • Business Solutions
Contact
  • Support
  • Sales
  • Report Abuse
  • System Status
Digital Ocean logo

© 2020 DigitalOcean, LLC. All rights reserved.

  • Twitter
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • Dev
  • Glassdoor
  • Built In