Data Privacy Positioning Statement - Managed Solutions

This statement provides information about how Equinix manages compliance with data privacy law obligations relating to Equinix Managed Solutions. It should be read in conjunction with our privacy statement, available at https://www.equinix.co.uk/about/legal/privacy (“Privacy Statement”).

Managed Solutions

Equinix Managed Solutions are a set of services which allow Equinix customers (“Customers”) to configure, deploy, and manage cloud solutions and services.

Currently, Equinix Managed Solutions include the following:

  • Managed Private Cloud (“MPC”), an Infrastructure as a Service solution, through which Customers can use infrastructure hosted in Equinix data centers (“IBX”) to configure, deploy, and manage:

    • multi-tenant clouds (MPC Flex) or single-tenant cloud (MPC ST);

    • virtual machines with varying levels of compute and storage resources; and

    • virtual networks, security policies and interconnection.

  • Managed Private Backup (“MPB”), an enhanced Platform as a Service solution, hosted in Equinix data centers (“IBX”) through which Customers can protect applications and data by:

    • Configuring backup schedules with retention and location

    • Perform restores.

  • Managed Private Storage (“MPS”), an Infrastructure as a Service solution, hosted in Equinix data centers (“IBX”) through which Customers can store data by:

    • Selecting appropriate storage method

    • Selecting appropriate storage tier

    • Appropriate replication.

(collectively, “Managed Solutions” or “Services”)

Processing of Personal Data

Equinix does not access, or view data that includes data loaded, stored, received, retrieved, transmitted through or otherwise processed by Customer as part of its use of the Services (“Customer Data”). Where Equinix processes any Customer Data, it does so, as a Data Processor on behalf of its Customers, who act as either Data Controllers or Data Processors with respect to the relevant Customer Data.

Equinix will only process Customer Data: (a) to provide Customer the Services in accordance with Customer’s express instructions which will include contract documentation, email instructions, and technical configurations enabled through the Self-Service Portal (“Equinix Customer Portal”) (“Documented Instructions”); and (b) for business operations incidental to providing the Services.

Our processing of Customer Data “to provide” our Services may include processing for:

  1. Backup, support, planning, and enabling migration, deployment, and development of Services; Encryption (enabled by default for data at rest in MPC Storage);

  2. Infrastructure management (preventing, detecting, investigating, mitigating, and repairing problems, including security incidents and problems identified in the Services); and

  3. Enhancing delivery, efficacy, quality, and security of our Services, including keeping Services up to date, and enhancing reliability, efficacy, quality, and security and fixing defects.

When providing Services, Equinix will not use or otherwise process Customer Data for: (a) user profiling, (b) advertising or similar commercial purposes, or (c) market research aimed at creating new functionalities, services, or products or any other purpose, unless such use or processing is in accordance with your Documented Instructions.

Equinix processes personal data that the customer may provide, in accordance with a Data Processing Agreement (“DPA”) entered into between customers and Equinix. The DPA can be viewed here: Data Processing Agreement

Separate from this limited processing of personal data as a Data Processor, Equinix processes certain business contact information and biometric information in accordance with its Privacy Statement.

Security and Retention

Independently of technical and organizational measures deployed by Customers, Equinix implements additional administrative, organizational, technical and physical measures to enable Customers to protect their Customer Data. These measures include access control, monitoring and testing, incident management, and audits as set out in more detail in the DPA.

Further, Equinix authorizes its employees, contractors and sub-processors to process Customer Data only as strictly necessary to comply with the Documented Instructions.

Upon expiry or termination of arrangements relating to any Managed Solutions, Equinix does not retain Customer Data collected in connection with Managed Solutions except as provided under the relevant Customer documentation.

Equinix’s use of sub-processors

Equinix may, from time to time, use certain third parties service providers to help it provide Equinix Managed Solutions. These third parties may similarly carry out limited processing of customer personal data as ‘sub-processors’. In these circumstances, Equinix will enter into appropriate safeguards with sub-processors, such as Standard Contractual Clauses, as required by the applicable privacy laws.

Restricted international transfers between Customer and Equinix

To the extent that there is a restricted international transfer of personal data between the customer and Equinix, the DPA incorporates the 2021 EU Commission Standard Contractual Clauses, as well as the UK and Swiss Addendum to the Standard Contractual Clauses, which provide for appropriate safeguards under Article 46 GDPR.