Data and GDPR at Sirv
Privacy and security have always been two of the foundations of Sirv’s approach to product development and day-to-day operations. We continuously evaluate all our practices in an effort to safeguard your information as effectively as possible.
This page describes how Sirv complies with GDPR and forms part of Sirv’s policies along with our Privacy Policy and Terms of Service.
What is GDPR?
The General Data Protection Regulation (GDPR) gives European citizens more power to control their data. Companies that process the personal data of European citizens must comply with the GDPR regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European citizens can exercise with these companies. Further information on GDPR is available on the European Union’s official website: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Data processing agreement
A data processing agreement would be required between us if Sirv was processing personal data on behalf of your company. However, Sirv does not process personal data by default, so no Data Processing Agreement is needed.
The only potentially personally identifiable data that Sirv holds is IP addresses, which are received by our servers when files are requested. These IPs are temporarily stored in HTTP server logs, which we use to provide aggregated analytics on the usage patterns of your files. The logs are only used for this purpose, they are not shared with anyone – including the Sirv account holder – and they are deleted shortly after aggregation. Sirv does not hold personally identifiable information to match against those IPs, nor does Sirv JS place cookies in your users browsers, so there is no capability for IP addresses to be used to identify an individual, either by you or us.
However, in the rare scenario that you upload images or files to Sirv that contain personally identifiable information – such as medical records, bank statements, invoices or images that contain names or addresses – you can request a DPA from us.
Where is data stored?
All files uploaded to Sirv remain in the EU and are not transferred outside the EU. While master files remain only within the EU, optimised versions of files are served from Sirv CDN servers in cities around the world.
Features to support GDPR requirements
Sirv can help you meet your data portability requirements for GDPR. You can easily export data from your account via the download options, permanently delete data through the Sirv web app or completely close your account and delete your files via your Settings page.
Data Protection Officer
Sirv has a Data Protection Officer who you can contact at privacy@sirv.com.