Magnus Cloud Services Privacy Policy

Scope
This policy covers the privacy practices that Magnus Cloud and its subsidiaries and affiliates (“Magnus Cloud” or “we”) employ when providing support, consulting, Cloud or other services (the “services”) to its customers (“you” or “your”). Magnus Cloud established this privacy policy in order to clarify the use of information to which it may be provided access in order to provide software as a service.

Services Data
Services Data is data that resides on Magnus Cloud, customer or third-party systems to which Magnus Cloud is provided access to perform services (including Cloud environments as well as test, development and production environments that may be accessed to perform Magnus Cloud consulting and support services). Magnus Cloud treats services data according to the terms of this policy, and treats services data as confidential in accordance with the terms of your order for services.

How Magnus Cloud Collects and Uses Services Data
Below are the conditions under which Magnus Cloud may access, collect and/or use services data.

To Provide Services and to Fix Issues. Services data may be accessed and used to perform services under your order for support, consulting, Cloud or other services and to confirm your compliance with the terms of your order. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues you have reported to Magnus Cloud. Any copies of services data created for these purposes are only maintained for time periods relevant to those purposes.

To Compile Anonymized Statistical Summaries and Analysis. Data generated during course of operations by Magnus Cloud programs and services executing in Magnus Cloud environments, and data transmitted by you in accordance with your SaaS Agreement to Magnus Clouds logging services and affiliates may be anonymized, aggregated, compiled and analyzed. Attribution of data is anonymized in these statistical compilations and analyses.

As a Result of Legal Requirements.
Magnus Cloud may be required to retain or provide access to services data to comply with legally mandated reporting, disclosure or other legal process requirements.
Magnus Cloud may transfer and access services data globally as required for the purposes specified above. If Magnus Cloud hires subcontractors to assist in providing services, their access to services data will be consistent with the terms of your order for services and this services privacy policy. Magnus Cloud is responsible for its subcontractors’ compliance with the terms of this policy and your order.

Magnus Cloud does not use services data except as stated above or in your order. Magnus Cloud may process services data, but does not control your collection or use practices for services data. If you provide any services data to Magnus Cloud, you are responsible for providing any notices and/or obtaining any consents necessary for Magnus Cloud to access, use, retain and transfer services data as specified in this policy and your order.

Access Controls
Magnus Cloud’s access to services data is based on job role/responsibility. Services data residing in Magnus Cloud-hosted systems is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. You control access to services data by your end users; end users should direct any requests related to their personal information to you.

Security and Breach Notification
Magnus Cloud is committed to the security of your services data, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. Magnus Cloud security policies cover the management of security for both its internal operations as well as the services. These policies govern all areas of security applicable to services and apply to all Magnus Cloud employees.

Magnus Cloud is also committed to reducing risks of human error, theft, fraud, and misuse of Magnus Cloud facilities. Magnus Cloud’s efforts include making personnel aware of security policies and training employees to implement security policies. Magnus Cloud employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

Magnus Cloud promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. Magnus Cloud Security is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Magnus Cloud determines that your services data has been misappropriated (including by a Magnus Cloud employee) or otherwise wrongly acquired by a third party, Magnus Cloud will promptly report such misappropriation or acquisition to you.