Skip to content
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Impossible Cloud Data Processing Agreement Summary

A high-level overview of how Impossible Cloud ensures GDPR compliance and data integrity through robust security measures, acting as your trusted data processor.

How We Process Data

Impossible Cloud processes personal data in accordance with the General Data Protection Regulation (GDPR), in particular Article 28. The Data Processing Agreement (DPA) defines the conditions under which data is processed, secured, and protected when using Impossible Cloud services.

All personal data processed within Impossible Cloud services is handled solely on documented instructions of the contracting party. Impossible Cloud does not determine the purposes of data processing and does not process data for its own independent purposes.

Scope of the DPA

The data processing agreements governs:

  • The processing of personal data strictly in line with documented instructions,
  • Implementation of appropriate technical and organizational measures,
  • Confidentiality and integrity of data,
  • Assistance with GDPR compliance obligations where applicable.

Partner and indirect service setups

In partner- or reseller-based setups, the DPA applies to the entity contracting directly with Impossible Cloud. That entity remains responsible for ensuring that the relevant data protection obligations are appropriately addressed toward any end customers, where required.

Impossible Cloud’s processing activities remain unchanged regardless of the commercial setup: data is processed only as instructed and only for the provision of the contracted services.

Security and Safeguards

Below are some technical and organizational measures applied to safeguard your data:

  1. Identity and Access Management:
    1. Role-based access controls (RBAC) for data and system access.
    2. Multi-Factor Authentication (MFA) feature for every account.
    3. Separation of Duties on internal systems and networks.
  2. Data Encryption:
    1. End-to-end encryption design for data at rest, in transit, and server-side encryption (SSE).
    2. Cryptographic encryption protection.
  3. Infrastructure:
    1. All stored data in Impossible Cloud Storage stays within the region.
    2. All data in Impossible Cloud Storage is stored in a certified data center.
    3. Access to physical hardware restricted to named, authorized personnel only.
  4. No Sub-processors:
    1. Impossible Cloud does not use sub-processors, ensuring that customer data is not shared with or processed by any third parties.
    2. All data processing is handled directly by Impossible Cloud, maintaining a clear and direct accountability for your data.  

In conclusion, Impossible Cloud processes data under a Data Processing Agreement in line with GDPR Article 28. Data is processed solely on documented instructions, protected by strong technical and organizational measures, and limited to what is necessary to deliver the contracted services.

To find more information, please visit our publicly available Terms of Service and Data Processing Agreement.