GDPR uses the term Personal Data in referencing what information is to be protected. Personal Data can be defined as data which can be used by itself, or in concert with other such data items, to identify an individual. For Backblaze, the following is a list of the Personal Data elements we may collect and store depending on the Backblaze product used and options selected.
- email address
- name (first or last or both)
- phone number
- last-4 digits of credit card
- credit card expiry date
- computer name(s)
- drive name(s) assigned to each computer
- TCP/IP address
When you enter a credit card for payment on the Backblaze web site this information is collected and immediately passed to a 3rd party credit card processing company. We then immediately forget the credit card number and cvv number, and only store the last-4 digits of the credit card number and expiry date.
For other items, such as the computer name or drive name, it may not be obvious why this is personal data. We include these items as we have seen many people name computers and drives after themselves or others, i.e. "John Smith's Mac."
Personal Data versus Personally Identifiable Information (PII)
PII is a term used primarily in the United States to mean the same thing as Personal Data. While these terms are not directly equivalent, for our purposes these terms may be used interchangeably in our documentation.