Legal and Privacy security
When using OVHcloud services, we offer to host your personal data exclusively within the European Union (EU), thus allowing you to benefit from protection against the application of extraterritorial laws from third countries.
However, our customers may also choose to process personal data on OVHcloud infrastructures located outside the EU or the European Economic Area (EEA), such as in India, Australia or Singapore.
OVHcloud ensures that its IT systems, legal entities and internal policies comply with the laws of each country where its customers’ data are hosted.
In addition to this commitment, OVHcloud has concluded standard contractual clauses with each of its subsidiaries to guarantee its customers that the processing of personal data outside the EEA is covered by technical and operational measures offering protection equivalent to that of the GDPR.
Nevertheless, OVHcloud reminds its customers that it is their responsibility, before any transfer of personal data outside the EU or the EEA, to carry out the necessary legal analyses to ensure the legality of the data transfer.
Below is a non-exhaustive list of the main applicable texts regarding the protection of personal data in the EU and the third countries where OVHcloud has data hosting infrastructures.
European Union
| Legal Text |
Canada
| Legal Text |
| (Ontario MFIPPA) |
Ivory Coast
India
| Legal Text |
| Information Technology Act 2000 (“IT Act”) |
| Information Technology Rules 2011 (Reasonable Security Practices and Procedures and Sensitive Personal Data) |
| Direction No. 20(3)/2022-CERT-In (‘the Direction’), under Section 70B of the IT Act 2000, on information security practices and reporting of cyber incidents ('the Direction'), |
| Information Technology Rule 2013 (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) |
| Digital Personal Data Protection Act of 11 August 2023 |
Morocco
New Zealand
There are currently six codes of practice: