Data Processing Addendum
Last updated: July 10, 2018
Dear Backblaze Customer:
This document is a “Data Processing Addendum” (“DPA”) for customers that are looking for one in reference
to the “General Data Protection Regulation” (EU) 2016/679 (“GDPR”). It covers the Personal Data, as defined
by the GDPR, that a customer stores with Backblaze. The terms and principles in this DPA apply to all Backblaze
customers, regardless of where they reside. This DPA is an addendum and is incorporated by reference from the
Backblaze Terms of Service
found on the Backblaze web site.
As the GDPR evolves and best practices are refined, Backblaze reserves the right to update this DPA at any time.
If there is something we view as a material change, we will notify our customers via email 30 days in advance of
the change going into place.
Backblaze is compliant with the requirements set forth in the GDPR for a Data Processor. Our compliance with the
GDPR includes, but is not limited to:
The use of Personal Data of an EU data subject solely for the performance of our services and as permitted by applicable law;
Taking appropriate measures to ensure the security of the Personal Data Backblaze processes. This includes, but is not limited
to - maintaining a Chief Security Officer and resourcing that position to effect high security standards for all Backblaze
services, deployment of generally accepted technical protections, frequent testing of our services, and training of all
Ensuring that all Backblaze personnel who have access to or process Personal Data, are subject to a duty of confidence;
Ensuring that no third party processes any Personal Data received from Backblaze except in accordance with applicable GDPR requirements;
Servicing obligations in connection with subject access requests and other data subject rights under GDPR;
(which complies with GDPR requirements).
In the unlikely event of a system breach, we will expeditiously (within 72 hours) send you a notification email, and may at
our discretion, update our official Twitter account, and post on our Blog. A “system breach” does not include a customer
account being accessed via valid credentials unless those credentials were exposed through some action or fault of Backblaze
or one of its sub-processors.
For further information on our compliance with the GDPR, please visit our knowledge base at help.backblaze.com
or contact us at email@example.com