We are committed to helping our customers protect the security and privacy of information stored or transferred using our services. We provide our services at the direction of our customers and define our obligations for customer hosted data in our agreements with our customers.
It is important for our customers to understand and distinguish between security measures that we implement and operate on the Rackspace supported infrastructure and security measures that our customers need to implement and operate to protect their own data and to comply with specific privacy and security laws and regulations applicable to them.
To learn about the variety of security measures and features we use to help protect Rackspace infrastructure and business operations, please visit our Rackspace Global Enterprise Security and Rackspace Global Security Practices pages.
Additionally, Rackspace services are provided in a manner that gives our customers flexibility over how they configure, secure and deploy their hosted solution based on their unique requirements. We have various security solutions, features and services available to allow our customers to configure and deploy solutions that can address their security and compliance challenges. To find out more, visit our Security page.
Additional information relevant to specific products and services provided by Rackspace are detailed in our product-specific Terms, Spheres of Support documentation, and product guidelines and documents.
We provide our services at the direction of our customers, but we have no knowledge of the data (including any personal data) that our customers store or otherwise process when using our services. Customers retain full ownership and custody of their data and are in control of the entire lifecycle of their hosted data and how such data is classified, accessed, exchanged or otherwise processed when using our services.
With this in mind, our customers remain responsible for any personal information that customers collect and process. Customers must take all reasonable steps to protect the hosted data and to comply with laws and regulations as they may apply to the hosted data and the customer. Such reasonable steps would include the customer’s encryption of personal or any regulated data.
Customers may select the region in which they want to store their data. Customers can store their data in one or multiple regions and can also replicate and back up their data to other regions different from their primary deployment site at Rackspace or a third-party cloud that is supported by us.
We and our subcontractors may provide our services and support from any state, province, country or other jurisdiction, which may be different than the one where our customers deploy the services. Unless otherwise instructed by our customers, we will not relocate a customer’s hosted system to a Rackspace or third-party data center in another region. If you have data sovereignty requirements or require support from a restricted geographic region, please reach out to an account representative.
Data transfers from the EU and Switzerland to the US: The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield are the new frameworks for the transatlantic transfer of personal data, replacing the Safe Harbor Framework invalidated in October 2015. Rackspace US, Inc. and its controlled US subsidiaries (TriCore Solutions, LLC, ObjectRocket, LLC, collectively “Rackspace”) participate and have certified compliance with the EU-U.S. Privacy Shield framework and the Swiss – U.S. Privacy Shield framework. The EU – U.S. Privacy Shield self-certification for Rackspace is effective as of October 24, 2016 and the Swiss – U.S. Privacy Shield self-certification for Rackspace is effective as of May 25, 2017. You may find our certification here. You can also find the certifications for Datapipe, Inc. here.
As stipulated in the supplementary Privacy Shield Principle 10 (“Obligatory Contracts for Onward Transfers”), because adequate protection is provided by Privacy Shield participants, contracts with Privacy Shield participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU Member States), as would be required for contracts with recipients not participating in the Privacy Shield or otherwise not providing adequate protection.
We also offer alternative data transfer mechanisms, such as data processing addendums and EU Model Clauses to enable our customer to transfer personal data from the EU to Rackspace regions outside the EU.
Rackspace Data Processing Addendum with EU Model Clauses is available here in the event that you as a Rackspace customer require EU Model Clauses. If you need an additional data processing addendum, please contact your Rackspace account manager for assistance by logging into the applicable control panel.
Brexit: Now that the U.K. has voted to leave the EU, we would like to inform our customers that we expect no impact on our ability to continue providing services to you. Rackspace does, and will at all times, continue to comply with applicable laws in the provision of its services to all of its customers. It is very much “business as usual” at Rackspace. See the FAQ on the Brexit referendum here.