Acronis as a company differentiates between two types of data:

• Data necessary for providing the services (e.g., product usage) and Acronis’ service management. This is the data, which Acronis collects and processes as a data controller for providing our services. Such data may include account names, email and other contact details, billing details, and some information automatically collected via the service, which may be personal. For more details, please check Acronis Privacy Statement.
• Customers’ content data. This is the data, which Acronis may process as a data processor (subprocessor) when you use our services. The information is provided by customers while utilizing the specific products — e.g., backup archives, files, virtual machines, etc. In terms of this type of data, Acronis does not control the categories and the content of the information which customers are storing with us.

Customers are solely responsible for evaluating and maintaining their own legal and compliance obligations. As Acronis does not know what data may be provided as part of the content data, customers should confirm with Acronis when they have to meet some specific requirements. Acronis can sign a standard Data Processing Agreement with its customers, who have such obligation under applicable data protection regimes.

The data, which is processed by Acronis as a data controller (type 1 above), can be processed in the places, where Acronis operates as a company.

The data, which is processed by Acronis as a data processor (type 2 above), is stored in secure data centers: https://www.acronis.com/data-centers/

Customers can select from a range of globally distributed data centers, depending on their region. Acronis rents the physical space in the data center but operates and owns the technical equipment. Acronis does not operate Google or Microsoft Azure data centers.

Acronis is storing customers' content data with secure data center providers. Physical access control measures ensure that only authorized personnel have access to the data center. The compliance status can vary per data center. So, if you need an exact list of certifications and standards for the data center where your information is kept, please request additional details from your Account manager or reach to Acronis Customer Service and Support.

Acronis storage is encrypted at rest by AES-256. Depending on the product used, customers can also enable encryption from their side before sending data to Acronis Cyber Cloud Storage — either as part of the protection plan or as a machine property (More information can be found in Acronis product documentation).

Acronis as a company maintains a comprehensive information security and compliance program that includes administrative, physical and technical controls, established using a risk-based approach where documentation and security measures implemented are commensurate with the magnitude of the possible information security risks. For more information, see our compliance information.

Our internal privacy compliance program and product operation have been confirmed to be working in compliance with the ISO/IEC 27018:2019 certificate for protection of personally identifiable information (PII) in public clouds acting as PII processors.

Acronis security measures are described as part of our Acronis Privacy Statement.

More about Acronis security practices can be also found on Acronis Trust Center, section Security.

The data, which is processed by Acronis as a controller (type 1 above), can be processed in the places where Acronis operates as a company.

The data, which is processed by Acronis as a processor and can be subject to the Acronis Customer Data Processing Agreement (type 2 above), is kept in your selected data center and does not normally leave this region.

Limited cases may include data processing during a support session initiated by the customer. In order to make sure that our customers and partners get timely assistance, we employ support engineers from all around the world.

When providing support, certain support case information could be shared with Acronis support engineers from other regions and/or support vendors, as displayed on our Acronis Subprocessors List.

Customers can also decide if to enable certain integrations, available from the Acronis Cyber Cloud platform which may lead to cross-border data processing.

Acronis notifies its customers in accordance with the applicable agreements.

Based on the Acronis standard Customer Data Processing Agreement, in case of a personal data breach, we will provide notification to affected customers without undue delay (and within no more than forty-eight (48) hours) after Acronis has a reasonable degree of certainty that a personal data breach has occurred.

Yes. Acronis has appointed a data protection officer (DPO). For contacting Data Protection Office Team, please use data-protection-office@acronis.com.

Yes. The list of Acronis subprocessors is available at: https://www.acronis.com/compliance/subprocessors/

Certain data protection regulations require data controllers (data processors) to put agreements into place with their data processors (subprocessors) that contain rules governing the processing of personal information. Acronis has prepared a standard Data Processing Agreement (DPA) for customers with whom Acronis has an existing contract.

The DPA reflects Acronis’ commitment to assisting its customers with their privacy and data protection compliance. The Acronis DPA contains the terms and commitments required by GDPR and other privacy regulations for contracts between data controllers and data processors and between data processors and subprocessors. It also includes the European Commission’s Standard Contractual Clauses (SCCs) for cross-border data transfers out of the EU/EEA/Switzerland or other regions, recognized as providing adequate levels of data protection.

In order to sign a DPA, please send a request to data-protection-office@acronis.com, contact your partner account manager/technical account manager or reach to Acronis Customer Service and Support.

Include into the request full legal company name, registration email address (or license certificate, if applicable), full name and email address of the person, who will be signing the DPA.

More information can be found in our dedicated knowledge base article: https://kb.acronis.com/content/61246

As described in our Privacy Statement, Acronis respects your privacy rights and will do its best to accommodate your requests. If you are willing to exercise some of your rights, as stipulated by applicable data protection regulations, you can contact: data-protection-office@acronis.com or directly get in touch with Acronis Customer Service and Support: https://www.acronis.com/support/