CyrusOne Logo

UK & EU Privacy Notice

Effective date: September 5, 2018

Last updated: May 3, 2022

CyrusOne LP (“CyrusOne”, “we”, “us”, “our”) is committed to compliance with the European Union’s General Data Protection Regulation (“GDPR”) and the United Kingdom’s GDPR (“UK GDPR”) in relation to the collection, retention, use, and other processing of EU and UK personal data. This Privacy Notice applies to users of this website, including visitors, customers, vendors, prospective job seekers and candidates applying for roles at CyrusOne.  To this end, CyrusOne has put Standard Contractual Clauses in place to govern the transfer of personal data from the EU and/or the UK to the United States or any third country that it is not considered by the EU/UK to have adequate safeguards in place to protect personal data. This Privacy Notice describes how we may collect, use, and disclose personal data we obtain through cyrusone.com, and describes your rights and choices relevant to our processing of your personal data.

This Privacy Notice covers:

  • Personal Data Collection
  • Personal Data Processing
  • Disclosure of Personal Data
  • Transfers of Personal Data outside of the EU and/or UK
  • Data Protection Principles
  • Questions, Complaints, and Recourse
  • Data Security
  • Data Retention
  • Cookies and Other Tracking Technologies
  • Rights and Choices
  • How to Contact Us

Personal Data Collection

CyrusOne  may obtain personal data from multiple sources, including information provided directly to us by individuals (e.g., when requesting information or registering for training courses or events).  This personal data includes:

  • Contact data. You may provide us with your contact details, such as name, job title, employer, address, phone number, email address, or other similar information, which we may use to respond to you or for administrative purposes.
  • Device Information. CyrusOne may obtain information about devices that access our website, including the type of device, its operating system, device settings, unique device identifiers, and crash data.
  • Authentication Data. To verify the identity of registered users we may collect a user name, password, password hint(s), and other similar authentication information.
  • Job Application Information. If you apply for a job through our Careers page, we or our vendor may collect your name, email address, physical address, phone number, and CV.
  • Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as customer support inquiries.  Please be aware that information you post on public parts of our website may be visible to anyone.

Personal Data Processing

We will, where relevant, process personal data to:

  • Transact with you, respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information;
  • Conduct research and analysis, including focus groups and surveys;
  • Process job applications received through our Careers page;
  • Facilitate, manage, personalize, and improve our customer and partner relationships;
  • Prevent and address fraud, breach of policies or terms, and threats or harm;
  • Ensure the security and integrity of the personal data we process; and
  • Comply with applicable legal requirements.

Our processing of such personal data is carried out pursuant to the following legal bases:

  • We rely on your consent for: processing personal data, where you have provided your consent, for example to receive electronic direct marketing. Where we rely on your consent, you can change your mind and withdraw your consent at any time.
  • We rely on the processing being necessary for the performance of a contract: when we are entering into a contract with you, such as a supply contract or an employment contract, and in order to do so we need to process your personal data.
  • We rely on the processing being necessary to comply with a legal obligation or court order or binding law enforcement request: where we process data that is necessary for compliance with applicable tax laws and other legal obligations.
  • We rely on the processing being necessary to protect your vital interests or those of others: when we handle personal data about you and we need to use it in order to protect a vital interest.
  • We rely on our legitimate interest to use your personal data:
    • To analyze and improve the safety and security of our website.  This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
    • To maintain and improve the website.
    • To operate the website and provide you with certain tailored advertising and communications to develop and promote our business.

Disclosure of Personal Data

We will, where relevant, share your personal data:

  • With our affiliates or business partners when it is reasonably necessary for our legitimate interests or those of our affiliates or partners (provided that such sharing does not prejudice your right to privacy and is proportionate), such as to help provide services to you or analyze and improve the website.
  • With our agents, vendors, consultants, marketing service providers, and other service providers who perform functions on our behalf.  For example, we may use third parties to help us provide customer support, manage our advertisements on other websites, and send marketing and other communications on our behalf.
  • To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
  • If we are involved in a reorganization, merger, or to a potential buyer (or that buyer’s professional advisers) in the event of sale of some or all of our assets.

Please note that in certain situations CyrusOne may be obligated to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Transfers of Personal outside of the EU and/or UK

As part of an international organisation, CyrusOne is likely to transfer your personal data to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.

In certain circumstances where the EU and/or UK Standard Contractual Clauses do not apply to a cross-border transfer of your personal data and we cannot rely on an adequacy decision of the European Commission or UK in relation to the relevant recipient jurisdiction, we may seek your prior consent to transfer your personal data (other than where we may rely on an alternative exception or legal basis to do so).

For more information about what appropriate safeguards we use and how to obtain a copy of them or to find out where they have been made available, please contact us at privacy@CyrusOne.com.

Questions, Complaints, and Recourse

CyrusOne is committed to resolving privacy complaints regarding our personal data practices.  EU data subjects with inquiries or complaints regarding this Privacy Notice should first contact CyrusOne at privacy@CyrusOne.com.

You also have the right to lodge a complaint with a supervisory authority.  You can find information about your data protection regulator here.

If you have an outstanding privacy or data use concern that we have not resolved to your satisfaction, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Data Security

We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration.  Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of personal data obtained or stored electronically.

Data Retention

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records.

Cookies and Other Tracking Technologies

We utilize online identification tools—such as cookies, web beacons, pixels or similar technologies—in accordance with applicable law and requirements.  “Cookies” are small text files placed on your hard drive when you visit a website; they store information which is sent back to our servers or those of third parties.  As described in more detail below, we use such technologies to:

  • Recognize new or past customers;
  • Store your password if you are registered on our website;
  • Improve our website and to better understand your visits;
  • Integrate with third party social media websites;
  • Serve you with interest-based or targeted advertising;
  • Observe your behaviors and browsing activities over time across multiple websites or other platforms; and to
  • Better understand the interests of our customers and our website visitors.

Some cookies are required for certain uses of the website.  For example, if you choose to register an account through our website, we will use cookies to facilitate your registration and remember your preferences.

Different types of cookies may be used for specific purposes, for example:

  • Functional cookies and cookies from third parties may be used for analysis and marketing purposes.  Functional cookies enable certain parts of the website to work properly, retain user preferences, and allow users to log in using social network user credentials.
  • Analytics cookies may collect information on how visitors use a website, the content and products that website users view most frequently, and the effectiveness of third-party advertising.
  • Advertising cookies assist in delivering ads to relevant audiences.  This may include, for example, placing ads at the top of search results.

Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent,” which remain until you delete them or the party who served the cookie removes it.  Further details concerning the cookies we use on our websites are available in the table included at the bottom of this section.

Google Analytics

  • ga.js
    • Purpose: The ga.js JavaScript library uses first-party cookies to:
      • Determine which domain to measure
      • Distinguish unique users
      • Throttle the request rate
      • Remember the number and time of previous visits
      • Remember traffic source information
      • Determine the start and end of a session
      • Remember the value of visitor-level custom variables
    • Persistent/Session: N/A
    • Duration: N/A
  • __utma
    • Purpose: Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
    • Persistent/Session: Persistent
    • Duration: 2 years from set/update
  • __utmt
    • Purpose: Used to throttle request rate.
    • Persistent/Session: Persistent
    • Duration: 10 minutes
  • __utmb
    • Purpose: Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
    • Persistent/Session: Persistent
    • Duration: 30 minutes from set/update
  • __utmc
    • Purpose: Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
    • Persistent/Session: Session
    • Duration: 6 months from set/update
  • __utmz
    • Purpose: Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
    • Persistent/Session: Persistent
    • Duration: End of browser session
  • __utmv
    • Purpose: Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
    • Persistent/Session: Persistent
    • Duration: 2 years from set/update

DoubleClick

  • IDE
    • Purpose: This cookie is used for re-targeting, optimization, reporting and attribution of online adverts.
    • Persistent/Session: Persistent
    • Duration: 2 months
  • DSID
    • Purpose: This cookie is used for re-targeting, optimization, reporting and attribution of online adverts.
    • Persistent/Session: Persistent
    • Duration: 2 weeks
  • _drt_
    • Purpose: This cookie is used for re-targeting, optimization, reporting and attribution of online adverts.
    • Persistent/Session: Persistent
    • Duration: 2 days
  • id
    • Purpose: This cookie is used for re-targeting, optimization, reporting and attribution of online adverts.
    • Persistent/Session: Persistent
    • Duration: 2 months

GA Audiences

  • Purpose: Remarketing advertisements
  • Persistent/Session: N/A
  • Duration: N/A

Adobe Tag Manager

  • s_cc
    • Purpose: This cookie is set and read by the JavaScript code to determine if cookies are enabled.
    • Persistent/Session: Session
    • Duration: Session cookie – expires when browser is closed
  • s_sq
    • Purpose: This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user
    • Persistent/Session: Session
    • Duration: Session cookie – expires when browser is closed
  • s_vi
    • Purpose: Unique visitor ID time/date stamp
    • Persistent/Session: Persistent
    • Duration: 2 years
  • s_fid
    • Purpose: Fallback unique visitor ID time/date stamp
    • Persistent/Session: Persistent
    • Duration: 5 years

Omniture (Adobe Analytics)

  • Purpose: How visitors use the website
  • Persistent/Session: N/A
  • Duration: N/A

New Relic

  • NREUM
    • Purpose:  Session tracking
    • Persistent/Session: Session
    • Duration: Session cookie – expires when browser is closed
  • NRAGENT
    • Purpose: This achieves a cross-domain communication between the New Relic collector and the New Relic agent.
    • Persistent/Session: Session
    • Duration: Session cookie – expires when browser is closed
  • JSESSIONID
    • Purpose: Stores a session identifier so that New Relic can monitor session counts for an application.
    • Persistent/Session: Session
    • Duration: Session cookie – expires when browser is closed

You can set your browser settings either to receive our cookies or use our website without cookie functionality.  To control flash cookies visit this link.  Please note that if you restrict the use of cookies, some functions of the website may be unavailable and we will not be able to present you with personally-tailored content.

We may link the information collected by cookies with other information we collect from you pursuant to this Privacy Notice.  Similarly, the third parties who serve cookies on our website may link your name or email address to other information they collect.

Rights and Choices

The GDPR and the UK GDPR provide EU and UK data subjects with certain rights regarding their personal data.  Subject to certain conditions, you may ask CyrusOne to take the following actions in relation to your personal data that we hold:

  • Provide you with information about our processing of your personal data and give you access to your personal data;
  • Update or correct inaccuracies in your personal data;
  • Delete your personal data;
  • Transfer a machine-readable copy of your personal data to you or a third party of your choice;
  • Restrict the processing of your personal data;
  • Object to our processing of your personal data for direct marketing purposes; and/or
  • Object to reliance on our legitimate interests as the basis for processing of your personal data.

You can submit these requests by email to privacy@CyrusOne.com or our postal address provided below, and we will respond to your request within a reasonable timeframe.  We may request specific information from you to help us confirm your identity prior to processing your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.

For more information about your choices concerning opting out of online behavioral advertising click here.

Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes to our information practices.   Any changes will be updated on our website, with a brief notice explaining when the changes take effect, providing an outline of what the changes are and where you can find them. Such changes will become effective upon the expiry of 30 days after posting of the revised Privacy Notice or upon your use of our website after such changes have been posted.  If the changes are material, we may provide you additional notice, to your email address.  We encourage you to periodically review this page for the latest information on our privacy practices.

How to Contact Us

CyrusOne can be contacted via email sent to privacy@CyrusOne.com or at the following address:

Attention: Data Protection Inquiry
2850 N. Harwood Street, Suite 2200
Dallas, Texas 75201
USA

You may contact our Data Protection Officer by emailing DPO@CyrusOne.com.

Skyline city view of Dallascolor graphic overlay