Main principles of Storadera GDPR Policy

Last updated: 2022-07-19

Storadera does not process sensitive personal data defined in the Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND COUNCIL (General Data Protection Regulation or GDPR or EU Regulation 2016/679).

Storadera undertakes to protect the personal data of customers and users and their privacy. Storadera’s activities on the Internet are in accordance with all relevant activities and the relevant legislation of the European Union and the laws of the Republic of Estonia, including REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL. Storadera takes all precautions (including administrative, technical and physical measures) to protect the collected personal data. Only authorized persons have access to change and process data.

The representative person representing the company (as a Storadera service subscriber) is not a natural person, it is an authorized representative of a legal entity whose personal data processing is not regulated by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL.

The following actions are undertaken to ensure that Storadera complies at all times with the accountability principle of the GDPR:

  • The legal basis for processing personal data is clear and unambiguous
  • All staff involved in handling personal data understand their responsibilities for following good data protection practice
  • Training in data protection has been provided to all staff
  • Rules regarding consent are followed
  • Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
  • Regular reviews of procedures involving personal data are carried out 
  • Privacy by design is adopted for all new or changed systems and processes
  • The following documentation of processing activities is recorded:
    • Organization name and relevant details 
    • Purposes of the personal data processing
    • Categories of individuals and personal data processed
    • Categories of personal data recipients
    • Agreements and mechanisms for transfers of personal data to non-EU countries including details of controls in place
    • Personal data retention schedules
  • Relevant technical and organisational controls in place

These actions are reviewed on a regular basis as part of the management review process of the information security management system.

If you have any questions, concerns or feedback please contact us at