GDPR Data processing. For services for which links to data protection data sheets are displayed below, CenturyLink provides additional processing details in connection with which CenturyLink acts as a processor of the customer`s end-user personal data within the meaning of the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”), while the customer provides services. These processing details complement the current service descriptions and orders contained in the agreement between CenturyLink and the customer and will be updated as details change. The wholesale terms used here have the meaning defined in the agreement. CenturyLink has implemented a broad GDPR compliance initiative, led by a multi-function team with members of our legal and information security departments. The team worked with external experts and representatives from all of our business units to assess and honor CenturyLink`s GDPR commitments. CenturyLink executives have fully supported these efforts and are committed to complying with the GDPR. Depending on the specific CenturyLink product and customer arrangement, CenturyLink acts as controller, processor, or both. That is why we will make the necessary contractual arrangements to comply with the GDPR. We will examine the general obligations of the GDPR at the level of the framework contract. In certain cases of processing of personal data by our services, we will process the contractual language accordingly.

The customer`s instructions. The performance modes selected and ordered by the customer, location, quantity, configuration, functions, service life and other similar details constitute processing instructions to CenturyLink, insofar as this is necessary by data protection legislation. Customer self-service activities (via online portals and other similar functions), customer-managed actions, such as deferrals/additions/changes, and similar interactions with services that affect processing, are also processing guidelines for CenturyLink. The export of personal data by CenturyLink from the EU to other countries is generally covered by standard contractual clauses. Whenever our services require us to export personal data subject to the GDPR, CenturyLink will enter into the necessary contractual agreements with our customers to ensure a compliant data transfer. How does centuryLink plan to report data protection breaches? However, if the data is services in which CenturyLink works as subcontractors, such as.B. information storage and hosting products, we grant customers access to the data to be recovered or destroyed. In most of these cases, we do not have access to the information, but we help our customers develop their GDPR obligations regarding the retention, destruction and recovery of data processed by CenturyLink products. Typically, customers have full control over these activities through the tools and features available with the products. CenturyLink`s business services rarely require, where appropriate, direct contact between CenturyLink and GDPR-protected data subjects. When we process personal data, this is done either on the instructions of a customer (the “controller” within the meaning of the GDPR) or when CenturyLink acts as a controller in accordance with the legal bases set out in Article 6 of the GDPR. For more information, see: data processing that does not apply to the GDPR.