Privacy Shield Notice

 

EU Privacy Notice

Effective date: September 5, 2018

CyrusOne (“CyrusOne”, “we”, “us”, “our”) is committed to compliance with the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data.  To this end, CyrusOne complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to the United States from the European Union.  This Privacy Notice describes how we may collect, use, and disclose personal data we obtain through cyrusone.com, and describes your rights and choices relevant to our processing of your personal data.

This Privacy Notice covers:

  • Personal Data Collection
  • Personal Data Processing
  • Disclosure of Personal Data
  • The Privacy Shield Framework and Other Personal Data Transfers
  • Questions, Complaints, and Recourse
  • Data Security
  • Data Retention
  • Cookies and Other Tracking Technologies
  • Rights and Choices
  • How to Contact Us

 

Personal Data Collection

CyrusOne may obtain personal data from multiple sources, including information provided directly to us by individuals (e.g., when requesting information or registering for training courses or events).  This personal data may include:

  • Contact data. You may provide us with your contact details, such as name, job title, employer, address, phone number, email address, or other similar information, which we may use to respond to you or for administrative purposes.
  • Device Information. CyrusOne may obtain information about devices that access our website, including the type of device, its operating system, device settings, unique device identifiers, and crash data.
  • Authentication Data. To verify the identity of registered users we may collect a user name, password, password hint(s), and other similar authentication information.
  • Job Application Information. If you apply for a job through our Careers page, we or our vendor may collect your name, email address, physical address, phone number, and CV.
  • Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as customer support inquiries.  Please be aware that information you post on public parts of our website may be visible to anyone.


Personal Data Processing

We may process personal data to:

  • Transact with you, respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information;
  • Conduct research and analysis, including focus groups and surveys;
  • Process job applications received through our Careers page;
  • Facilitate, manage, personalize, and improve our customer and partner relationships;
  • Prevent and address fraud, breach of policies or terms, and threats or harm;
  • Ensure the security and integrity of the personal data we process; and
  • Comply with applicable legal requirements.

Our processing of such personal data is carried out pursuant to the following legal bases:

  • You have consented to the use of your personal data.  When you consent, you can change your mind at any time.
  • The processing is necessary for us to provide you with the services and products you request, or to respond to your inquiries.
  • We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
  • To protect your vital interests, or those of others.
  • We have a legitimate interest in using your personal data.  In particular, we have a legitimate interest in the following cases:
    • To analyze and improve the safety and security of our website.  This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
    • To maintain and improve the website.
    • To operate the website and provide you with certain tailored advertising and communications to develop and promote our business.


Disclosure of Personal Data

We may share your personal data:

  • With our affiliates or business partners when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the website.
  • To our agents, vendors, consultants, marketing service providers, and other service providers who perform functions on our behalf.  For example, we may use third parties to help us provide customer support, manage our advertisements on other websites, and send marketing and other communications on our behalf.
  • To abide by applicable law or protect rights and interests.  For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
  • If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.

Please note that in certain situations CyrusOne may be obligated to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

The Privacy Shield Framework and Other Personal Data Transfers

CyrusOne is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf.  With respect to personal data received or transferred pursuant to the Privacy Shield Framework, CyrusOne is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

When processing EU personal data, CyrusOne has committed to apply the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability.  CyrusOne complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.  To learn more about the Privacy Shield program, and to view our certification page, you may visit https://www.privacyshield.gov/.

CyrusOne also may transfer personal data in accordance with contracts approved by the European Commission which impose data protection obligations on the parties to the transfer.  For further information on the specific mechanism used to transfer your personal data, please contact us at privacy@CyrusOne.com.

Questions, Complaints, and Recourse

In accordance with the EU-U.S. Privacy Shield Principles, CyrusOne is committed to resolving privacy complaints regarding our personal data practices.  EU data subjects with inquiries or complaints regarding this Privacy Notice should first contact CyrusOne at privacy@CyrusOne.com.

You also have the right to lodge a complaint with a supervisory authority.  You can find information about your data protection regulator here.

If you have an outstanding privacy or data use concern that we have not resolved to your satisfaction, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Data Security

We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration.  Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of personal data obtained or stored electronically.

Data Retention

We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law.  To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.  Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records.

Cookies and Other Tracking Technologies

We utilize online identification tools—such as cookies, web beacons, pixels or similar technologies—in accordance with applicable law and requirements.  “Cookies” are small text files placed on your hard drive when you visit a website; they store information which is sent back to our servers or those of third parties.  As described in more detail below, we use such technologies to:

  • Recognize new or past customers;
  • Store your password if you are registered on our website;
  • Improve our website and to better understand your visits;
  • Integrate with third party social media websites;
  • Serve you with interest-based or targeted advertising;
  • Observe your behaviors and browsing activities over time across multiple websites or other platforms; and to
  • Better understand the interests of our customers and our website visitors.

Some cookies are required for certain uses of the website.  For example, if you choose to register an account through our website, we will use cookies to facilitate your registration and remember your preferences.

Different types of cookies may be used for specific purposes, for example:

  • Functional cookies and cookies from third parties may be used for analysis and marketing purposes. Functional cookies enable certain parts of the website to work properly, retain user preferences, and allow users to log in using social network user credentials.
  • Analysis cookies may collect information on how visitors use a website, the content and products that website users view most frequently, and the effectiveness of third-party advertising.
  • Advertising cookies assist in delivering ads to relevant audiences. This may include, for example, placing ads at the top of search results.

Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent,” which remain until you delete them or the party who served the cookie removes it.  Further details concerning the cookies we use on our websites are available in the table included at the bottom of this section.

Provider

Name

Purpose

Persistent/Session

Duration

Google Analytics ga.js The ga.js JavaScript library uses first-party cookies to:

·      Determine which domain to measure

·      Distinguish unique users

·      Throttle the request rate

·      Remember the number and time of previous visits

·      Remember traffic source information

·      Determine the start and end of a session

·      Remember the value of visitor-level custom variables

N/A N/A
Google Analytics __utma Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. Persistent 2 years from set/update
Google Analytics __utmt Used to throttle request rate. Persistent 10 minutes
Google Analytics __utmb Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. Persistent 30 minutes from set/update
Google Analytics __utmc

 

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. Session End of browser session
Google Analytics __utmz

 

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. Persistent 6 months from set/update
Google Analytics __utmv Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. Persistent 2 years from set/update
DoubleClick ​IDE This cookie is used for re-targeting, optimization, reporting and attribution of online adverts. Persistent 2 months
DoubleClick ​DSID This cookie is used for re-targeting, optimization, reporting and attribution of online adverts. Persistent 2 weeks
DoubleClick _drt_ This cookie is used for re-targeting, optimization, reporting and attribution of online adverts. Persistent 2 days
DoubleClick ​id This cookie is used for re-targeting, optimization, reporting and attribution of online adverts. Persistent 2 months
GA Audiences N/A Remarketing advertisements N/A N/A
Adobe Tag Manager s_cc This cookie is set and read by the JavaScript code to determine if cookies are enabled. Session Session cookie – expires when browser is closed
Adobe Tag Manager s_sq This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user Session Session cookie – expires when browser is closed
Adobe Tag Manager s_vi Unique visitor ID time/date stamp Persistent 2 years
Adobe Tag Manager s_fid Fallback unique visitor ID time/date stamp Persistent 5 years
Omniture (Adobe Analytics) N/A How visitors use the website N/A N/A
New Relic NREUM Session tracking. Session Session cookie – expires when browser is closed
NRAGENT This achieves a cross-domain communication between the New Relic collector and the New Relic agent. Session Session cookie – expires when browser is closed
JSESSIONID Stores a session identifier so that New Relic can monitor session counts for an application. Session Session cookie – expires when browser is closed

 

You can set your browser settings either to receive our cookies or use our website without cookie functionality.  To control flash cookies visit this link.  Please note that if you restrict the use of cookies, some functions of the website may be unavailable and we will not be able to present you with personally-tailored content.

We may link the information collected by cookies with other information we collect from you pursuant to this Privacy Notice.  Similarly, the third parties who serve cookies on our website may link your name or email address to other information they collect.

Rights and Choices

The GDPR provides EU data subjects with certain rights regarding their personal data.  Subject to certain conditions, you may ask CyrusOne to take the following actions in relation to your personal data that we hold:

  • Provide you with information about our processing of your personal data and give you access to your personal data;
  • Update or correct inaccuracies in your personal data;
  • Delete your personal data;
  • Transfer a machine-readable copy of your personal data to you or a third party of your choice;
  • Restrict the processing of your personal data;
  • Object to our processing of your personal data for direct marketing purposes; and/or
  • Object to reliance on our legitimate interests as the basis for processing of your personal data.

You can submit these requests by email to privacy@CyrusOne.com or our postal address provided below, and we will respond to your request within a reasonable timeframe.  We may request specific information from you to help us confirm your identity prior to processing your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.

For more information about your choices concerning opting out of online behavioral advertising click here.

Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes to our information practices.   Any changes will be effective immediately upon posting of the revised Privacy Notice.  If the changes are material, we may provide you additional notice, to your email address.  We encourage you to periodically review this page for the latest information on our privacy practices.

How to Contact Us

CyrusOne can be contacted via email sent to privacy@CyrusOne.com or at the following address:

Attention: Data Protection Inquiry
2101 Cedar Springs Road, Suite 900
Dallas, Texas 75201
USA

 

You may contact our Data Protection Officer by emailing DPO@CyrusOne.com.