- Data Protection
- Capsule data storage and the EU Data Protection Directive
- Will you only process data in accordance with my instructions?
- Will you only transfer data to a country that provides an adequate level of protection?
- Where are your servers and the personal data I store hosted?
- How secure is the personal data I store on Capsule?
- What service levels do you provide for Capsule?
- Can I access my data regularly?
This FAQ is intended primarily to help our European Union (EU) customers assess their compliance with EU data protection requirements.
The requirements of the EU Data Protection Directive have been implemented in different ways in each EU member state. So, for example, in the UK the Directive has been implemented through the Data Protection Act 1998 and in Germany through the Federal Data Protection Act. The law that applies to you will generally be that of the EU country in which you are resident or, if you are a business, in which you are established.
However one common thread is that responsibility for complying with the Directive rests with the data controller. As you are the data controller in respect of personal data you store on Capsule, it is your responsibility to ensure compliance with the data protection law of your home country.
In order to make an assessment of whether Capsule allows you to meet the requirements of your local data protection laws, we recommend that you carry out a simple risk analysis. As a starting point, The UK Information Commissioner’s Office (ICO) has produced a useful general Guide to data protection and Guidance on the use of cloud computing that provides a helpful checklist (on page 22) that a data controller should consider in assessing the credentials of any provider of internet-based services.
Answers to the following questions will help you complete a risk analysis for yourself or your organization. We do so with the firm belief that Capsule is well placed to protect the personal data that you entrust to us in accordance with your local data protection law.
Your data is confidential to you. We have no access to user passwords or accounts so we cannot login to your Capsule account and cannot process any data without your permission (for example you may choose to add a temporary user to help us to solve a question you have).
We always ensure that your data is only transferred in full accordance with UK data protection laws. In particular that means your data will only be transferred to a country that the European Commission has determined provides an adequate level of protection, or to service providers who have an agreement with us committing to the Model Contract Clauses, which are defined by the European Commission. Further information on Model Contract Clauses can be found in the UK Information Commissioner’s Office (ICO) guide.
Capsule and your data is hosted in the United States on Amazon Web Services (AWS), a highly scalable cloud computing platform. Amazon take physical and network security seriously. You can read more about the specifics of their approach at https://aws.amazon.com/security/. We have signed an agreement with AWS that enables transfer of data and commits to the Model Contract Clauses, which are defined by the European Commission in accordance with UK data protection laws.
All information which passes between our servers and your computer is encrypted using technology called Secure Sockets Layer (SSL).
No-one has access to your account unless you invite them. Each user you invite has a username and password for signing in.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer by clicking on your avatar > Log off on the top right hand side of the Capsule window.
You may also choose to share your account data with other applications using an API or access key. You should apply the same assessment to any application or third party which you grant access to in this way.
Capsule benefits from Amazon’s EC2 Service Level Agreement which is designed to provide 99.95% uptime. Our published uptime report demonstrates our track record. Data is backed up to Amazon’s S3 Service and benefits from a Service Level Agreement which is designed to provide 99.999999999% durability. The Amazon system is designed to sustain the concurrent loss of data in two facilities.
We aim to make Capsule available 24/7 and you can securely access your data at a time and place convenient to you through a PC, Mac, or your mobile phone. We also provide the ability to export your contacts to CSV or vCard format.