Cyxtera Customer Privacy FAQ

How does Cyxtera handle information that it collects about its customers?

Please refer to the General Privacy Policy and the GDPR Privacy Policy.

Does Cyxtera access data on customer equipment and systems?

No. As a colocation provider, Cyxtera makes the data center environment available to its customers, but Cyxtera does not have access to data on customer equipment and systems, or information that may be transmitted or processed by customers through the use of the services. Each customer takes responsibility for its own equipment and systems.

Is Cyxtera a 'data controller' or 'data processor'?

Cyxtera is a data controller, as defined in the European Union’s General Data Protection Regulation (referred to as ‘GDPR’) and the UK equivalent (referred to as 'UK GDPR'), with respect to personal data collected about individuals who interact with us on behalf of a customer in connection with the provision of our Services. Please refer to Cyxtera’s GDPR Privacy Policy for further information.

For colocation services, Cyxtera is not a data processor under GDPR because it provides only data center physical space for customers to place their equipment and systems. Cyxtera does not otherwise store or process data on behalf of its customers.

The following specific types of remote hands services (also known as ‘Gold Support’ services), which are infrequently requested by customers, may involve incidental personal data processing if (a) the customer requests that Cyxtera access the customer’s operating systems and provides Cyxtera personnel with login credentials to the customer’s system, and (b) such operating system contains customer personal data:

  • entering commands according to the customer’s detailed instructions and relaying system responses, and/or
  • executing built in diagnostics in the customer’s system according to the customer’s instructions.

Do we need a Data Processing Agreement ('DPA')?

Cyxtera is not a data processor and therefore a DPA is unnecessary, except in the rare circumstance noted above in which a customer specifically requests remote hands services to access its operating systems (generally as a last resort) and the customer provides Cyxtera with its login credentials for that specific purpose.

If you ask Cyxtera to carry out such remote hands services in relation to an operating system that contains personal data under the GDPR, you may decide to put a DPA in place to address such incidental data processing. If this situation applies to you, please request a copy of Cyxtera’s standard DPA from your account representative.

Does Cyxtera transfer customer data overseas?

Cyxtera does not carry out cross-border transfers of data in its capacity as a colocation provider.

Please refer to Cyxtera's GDPR Privacy Policy for information about cross-border transfers of data in Cyxtera’s capacity as a data controller.