GDPR Compliance

Our commitment to European data protection

Our Commitment

Bifrost Sovereign is fully committed to compliance with the General Data Protection Regulation (GDPR) and all applicable European data protection laws. As an EU-based sovereign cloud provider, data protection is fundamental to our mission and operations.

All customer data is processed and stored exclusively within the European Union, ensuring full GDPR jurisdiction and protection.

Key GDPR Principles We Follow

Lawfulness, Fairness, and Transparency

We process data only with valid legal basis and provide clear information about our data practices.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and not processed incompatibly.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary.

Accuracy

We ensure personal data is accurate and kept up to date, with processes to rectify inaccuracies.

Storage Limitation

Data is retained only as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

Appropriate security measures protect against unauthorized processing, loss, or damage.

Your Data Subject Rights

Under GDPR, you have the following rights which we fully support:

1

Right of Access (Article 15)

Request a copy of your personal data and information about how it is processed.

2

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

3

Right to Erasure (Article 17)

Request deletion of your personal data in certain circumstances.

4

Right to Restrict Processing (Article 18)

Request limitation of processing while issues are resolved.

5

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

6

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Our Role as Data Processor

When you use our cloud infrastructure services, we act as a Data Processor under GDPR. This means:

  • You (the customer) remain the Data Controller for your data
  • We process data only according to your documented instructions
  • We provide a Data Processing Agreement (DPA) to all customers
  • We implement appropriate technical and organizational measures
  • We assist you in responding to data subject requests
  • We notify you of any personal data breaches without undue delay
  • We delete or return data upon termination as you instruct

Security Measures

We implement comprehensive security measures as required by Article 32 of GDPR:

Technical Measures

  • • End-to-end encryption (AES-256)
  • • TLS 1.3 for data in transit
  • • Multi-factor authentication
  • • Network segmentation
  • • Intrusion detection systems

Organizational Measures

  • • Staff training and awareness
  • • Access control policies
  • • Regular security audits
  • • Incident response procedures
  • • Vendor management program

Data Transfers

As a sovereign EU cloud provider, we maintain strict data residency:

EU Data Residency Guarantee

All customer data is stored and processed exclusively within the European Union. We do not transfer personal data outside the EU/EEA unless specifically instructed by the customer with appropriate safeguards in place.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who can be contacted for any GDPR-related inquiries:

Email: dpo@bifrostsovereign.com

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. You may contact the authority in your country of residence, your place of work, or the EU member state where Bifrost Sovereign is established.

Related Documents

Privacy Policy

How we collect and use your data

Data Processing Agreement

Standard DPA for customers