OVH Community, your new community space.

New T&Cs - Questions


vm1990
10-10-2013, 20:03
i think this is to cover there asses from the likes of Freedom hosting on Tor and silkroad... i honestly dont think OVH have the staff to go rooting through all the servers every few months for data. its probably just saying "listen if the cops tell us theres illegal data coming from your server were going to look into it" which kinda makes sense

LawsHosting
10-10-2013, 17:42
Quote Originally Posted by elcct
If you have a website, customer can be any visitor viewing the site...
Personal data isn't really monitored in that circumstance, except for IP, OS, Browser, Location. They automatically give consent for these, which theoretically isn't classed as personal....... Now, if you were running a (dodgy) Torrent Tracker site, then I assume the IP & Location would be asked for if anything happens?

AFAIK, the Data Protection Act states that if personal information isn't needed anymore, to get rid of it asap - I assume the "3 year" thing depends on what it's used for initially?

Neil
10-10-2013, 16:12
Quote Originally Posted by elcct
If you have a website, customer can be any visitor viewing the site...
But that is not a customers record though, I suggest you read the terms of service again.

elcct
10-10-2013, 15:59
If you have a website, customer can be any visitor viewing the site...

Neil
10-10-2013, 09:18
Quote Originally Posted by LawsHosting
That doesn't make sense, 3 years?..... Define data, their prsonal data or actual data used for hosting?
The personal data, for example in our case it would be nic handle account information/data,

Jasgriff
09-10-2013, 21:38
Maybe he means for data protection customers should be able to ask for any info on them for upto 3 years? just a guess.

LawsHosting
09-10-2013, 21:35
Quote Originally Posted by Neil
I think you are getting confused it is your customers data you need to keep a good record of, so if you resell or have customers you need to keep that data for three years as required.
That doesn't make sense, 3 years?..... Define data, their prsonal data or actual data used for hosting?

Neil
09-10-2013, 18:03
Quote Originally Posted by NeddySeagoon
Sorry S0phie, I've seen no evidence of that for a few months now.


So now we need a server for three years after contract termination to save logs on. Thats clearly OVHs problem - they are the "communications provider", as its their network. My logs are gone after logrotate flushes them.

I run several servers in my garage too but the "communications provider" is my ISP, not me.

This view of the world puts the obligation on OVH to provide a method of generating the required logs ... e.g. is their Debian install up to it. If the required logs are not present, they can't be saved.
Quote Originally Posted by elcct
How someone is supposed to store year worth of logs on those tiny 120GB SSD drives...
Hi

I think you are getting confused it is your customers data you need to keep a good record of, so if you resell or have customers you need to keep that data for three years as required.

elcct
09-10-2013, 17:48
How someone is supposed to store year worth of logs on those tiny 120GB SSD drives...

ShadowNet
07-10-2013, 03:21
Make you wonder if this the compliance of prism and the NSA.

Tin foil hat time guys and girls.





NeddySeagoon
06-10-2013, 11:11
Quote Originally Posted by S0phie on behalf of OVH
Obviously OVH will only ever act reasonably, ...
Sorry S0phie, I've seen no evidence of that for a few months now.

Quote Originally Posted by S0phie on behalf of OVH
In relation to the right of audit for three years following termination, this is to ensure OVH has the right to seek a response from the customer, should any regulatory body have any questions in relation to the use of the services.
So now we need a server for three years after contract termination to save logs on. Thats clearly OVHs problem - they are the "communications provider", as its their network. My logs are gone after logrotate flushes them.

I run several servers in my garage too but the "communications provider" is my ISP, not me.

This view of the world puts the obligation on OVH to provide a method of generating the required logs ... e.g. is their Debian install up to it. If the required logs are not present, they can't be saved.

makno
05-10-2013, 20:51
to be fair i think ovh is banking on the fact that most people don't read the contracts (me included most times) but as things stand right now i'm looking for a new provider.

After 5 years i think it's time

Myatu
04-10-2013, 19:00
Quote Originally Posted by S0phie
OVH is passing on the obligation to retain such data to the users of its server, so that it may comply with the Regulations.
Oh, that's going to work well, especially with "personal use only" servers. Good luck with trying to enforce that!

S0phie
04-10-2013, 17:34
Hi,

Here are the explanations from our English lawyers:

6.12: The intention here is that OVH has the right to ensure compliance with the Agreement by the customer. The scope of the right is limited to checking for compliance, and should not be of concern, and it requires OVH to provide written notice to customers in advance. Obviously OVH will only ever act reasonably, and will only exercise its rights in reasonable circumstances, where it feels there are concerns with the use of the server. In relation to the right of audit for three years following termination, this is to ensure OVH has the right to seek a response from the customer, should any regulatory body have any questions in relation to the use of the services.

6.14: The Data Retention (EC Directive) Regulations 2009 contain various obligations upon communication providers to retain certain information (full details of which is listed in the schedule to the Regulations) for a period of 12 months from the date of the communication. OVH is passing on the obligation to retain such data to the users of its server, so that it may comply with the Regulations.

Please let us know if further assistance is required.

Neil
04-10-2013, 12:01
Hi

We are still waiting for the clarification and we will in contact once we have it, to continue to use our services you would need to accept the new terms and conditions.

tehchris
04-10-2013, 10:58
Seeing as though OVH have an aversion to posting on their own forums, I'll put the reply I received via e-mail here:

Dear Chris,

I'm afraid that, as you can imagine, this are [sic] now the T&C for servers, for everyone. You've got the choice not to accept the contract but then the server won't be renewed.

Kind regards
I don't understand why all of a sudden OVH is doing everything it can to pee off it's customers..? It's like watching a slow-motion car crash..

I am going to be renewing my servers because I don't have the time to go through a migration process now, but I will be looking into the ways available to getting this contract clause declared as "unfair" under UK law.

Kind regards

tehchris
01-10-2013, 16:46
Thanks for the initial clarification, marks.

To me, it seems a bit drastic to go from "you're responsible for the actions on your server" to "we'll come round to your place and find out what you've been doing with the server and take any information we need". Plus as another commentator mentioned earlier, it's probably unlikely to stand up in court and illegal acts are covered by existing law anyway (hence why they are illegal).

Is there anyway I can renew my servers without agreeing to these new terms until these points are completely clarified? I have a thing about putting my name against ambiguous or poorly written legal documents.

Cheers

marks
01-10-2013, 12:14
Quote Originally Posted by tehchris
6.12 The Supplier reserves the right to audit the Customer’s compliance with the Services
and with the provisions contained in these Special Conditions and the General Conditions at any point during
the term of these Special Conditions with 5 Working Days’ prior written notice to the Customer. The Supplier
may have access to and take copies of the Customer’s records and any other information held at the Customer’s
premises and to meet with the Customer’s personnel to audit the Customer’s compliance with its obligations
under these Special Conditions and the General Conditions. Such audit rights shall continue for three years
after termination of these Special Conditions. The Customer shall give all necessary assistance to the
conduct of such audits during the term of these Special Conditions and for a period of three years after
termination of these Special Conditions.
we're checking specifically at the moment for more in depth clarification but meanwhile, I would just point out that this is an evolution of the usual contract clause that we always had which is basically saying: "you must be responsible for what the server is doing".

That is obviously, the same as saying that everything done on the server must be monitored and records kept of it. It's not for the customers that have done nothing wrong, but if a server is used for illicit purposes, a full report of the activities done through the server is expected. therefore everyone is expected to keep this information. If this information is ever required, would probably be through a legal case already underway anyway.

I agree that the wording is more demanding and quite more specific of what could be required, but that's what we've learned over time of legal cases we had.

For the ways of enforcing this, and further clarification, we'll have to wait a bit longer for the answer. But as a starting clarification, that's the idea behind this clause.

Myatu
30-09-2013, 15:55
Aha! Thanks for the clarification - particularly with regard to pointing out the difference in contract type. Ben Archer is my new hero

benarcher
30-09-2013, 15:45
Quote Originally Posted by Myatu
In certain circumstances, true. But preventing someone from gaining employment will have to weigh heavily against the interests the previous employer is trying to protect though. At least, that's my take on it

Nevertheless, that would certainly apply to the T&Cs here though, wouldn't it? I mean, to extend it for a period beyond the termination of a contract with no clear indication as to what interests are being protected - if any - or any clarity to that clause in general which leaves it open for interpretation? Good class project
RoT clauses are very complex, and far beyond the level of discussion we can have on an internet forum. It often depends heavily upon how they are worded as to whether they are valid. You are correct in saying that it can be at times a balancing exercise between the employer's interests, and the need for the (ex-)employee to find suitable work. But, this is merely only one (of many) factors that come in to play. It is also incorrect to draw comparisons between RoT clauses in an employment contract (which is often described as a type of contract which works outside the general governing principles of contract law - a special type of contract) and a contract for services.

After deliberation, and for information purposes only, I am certain that the clause 6.12 would never stand up in an English court. This, however, may be different if the contracting party is a business rather than an individual consumer. Obviously, this is aside from your own legal requirements to maintain records for audit purposes under the Companies Act 2006 (though this will not be an issue for most small private companies).

Quote Originally Posted by LinuxGam
There is no contract that can override human rights. Even if you are a murdering pedo...
I'm unsure which human right and/or freedom you think is being violated here.

donald22
30-09-2013, 15:43
Quote Originally Posted by LinuxGam
There is no contract that can override human rights. Even if you are a murdering pedo...
What a very strange analargy, luckily a very unlikely one.

Myatu
30-09-2013, 14:53
Quote Originally Posted by benarcher
Restraint of trade clauses can, in certain circumstances, be perfectly enforceable whether the employment contract is terminated or not.
In certain circumstances, true. But preventing someone from gaining employment will have to weigh heavily against the interests the previous employer is trying to protect though. At least, that's my take on it

Nevertheless, that would certainly apply to the T&Cs here though, wouldn't it? I mean, to extend it for a period beyond the termination of a contract with no clear indication as to what interests are being protected - if any - or any clarity to that clause in general which leaves it open for interpretation? Good class project

LinuxGam
30-09-2013, 13:59
There is no contract that can override human rights. Even if you are a murdering pedo...

benarcher
30-09-2013, 13:44
Quote Originally Posted by Myatu
Seems so, but that "3 year" part would be a section that cannot be upheld. It's similar to those clauses in employment contracts, that once you have finished working for the employer you cannot work for a competitor for X amount of months/years. They're basically nonsensical, because the contract is only valid for the duration of employment; anything after that is outside the scope of the contract as well as the control of the employer. (An NDA is different though, as that is not tied to the employment contract - it's a separate contract).

Now with regards to access to "Customer premises" and "Customer personnel", that can only be done under a court order.

Looks like its just a verbatim copy from the French contract without adjusting it to UK law.
As a PhD student and tutor of law, I can tell you that you are incorrect. Restraint of trade clauses can, in certain circumstances, be perfectly enforceable whether the employment contract is terminated or not.

In relation to the validity of this clause, I will have a think and get back to you all

tehchris
30-09-2013, 13:19
I have followed up with an e-mail to support pointing to this thread to hopefully get the points clarified.

Along with Jake, I too am hoping it's a misunderstanding or an issue during the French -> British conversion.

mike_
30-09-2013, 13:12
The website says you can have 50 4Gs, 100 16G or 24G. The 3 server limit, according to the site, only applies to the 4G.

LawsHosting
30-09-2013, 12:52
Quote Originally Posted by wii89
According to this statement in the T&C's you are only allowed 3 Kimsufi 2013 servers regardless of the package (KS 4, 16 or 24)
Think they need to update that then. They can change the rules in a sweat, but clearly can't keep up with the T&C.

Proof Octave fails to tell staff of major changes?

donald22
30-09-2013, 12:50
I hate all this spying on native citizens without a warrant too, it is like a mistrustful wife or a paranoid state. You can't stop them but you can make things difficult and expensive for them by using ssl etc, using your own email instead of prism sorry gmail. I don't buy all this your doing nothing wrong so it's ok for these people to spy on you. It is not illegal to take a S**T but you still close the bathroom door.

wii89
30-09-2013, 11:13
9.1 Kimsufi 2013 range is only available for individuals or legal entities domiciled in the Europe an Union, Norway or Switzerland. The Customer may not have more than three Kimsufi 2013 servers simultaneously.
According to this statement in the T&C's you are only allowed 3 Kimsufi 2013 servers regardless of the package (KS 4, 16 or 24)

Tz-OVH
30-09-2013, 10:26
I work for a pretty large organisation, typically we can't release a T&C unless our internal Compliance/Legal units review it...they'd laugh us out of the room if we brought this to them.

JakeMS
30-09-2013, 07:52
Quote Originally Posted by Tz-OVH
They're a private company, they can simply refuse you service. After all, you have nothing to hide since you're doing nothing wrong, why not let them into your house?

I don't see how laws in respective jurisdictions (UK, Europe) would even allow a company to include this in their T&Cs...
I'm not sure either how it'd work, because technically, you have a right to refuse even if you signed the contract, after-all, if you're not breaking any laws, what's the problem.

Plus, we would have to refuse anyway due to the data protection act, we are required to protect customer data (and we take this seriously) and as such, we can't just let some random person go reading through everything unless there is a very good reason (aka, a court order).

I just hope this is all just a big misunderstanding, and a translation issue or one of those ToS things that are never acted upon.

LinuxGam
30-09-2013, 07:50
Quote Originally Posted by Tz-OVH
They're a private company, they can simply refuse you service. After all, you have nothing to hide since you're doing nothing wrong, why not let them into your house?

I don't see how laws in respective jurisdictions (UK, Europe) would even allow a company to include this in their T&Cs...
They don't. Even the police are not allowed in your house if you deny them access, they need a court granted warrant. There is nothing in the UK you can sign that waves your human rights.

I was joking about not letting them in to prove a point, they wanna come have a cup of tea, I'd love a frank chat with Octave :-)

Tz-OVH
30-09-2013, 07:43
Quote Originally Posted by LinuxGam
I get your point... but if I pay for my server and do nothing illegal... so what
They're a private company, they can simply refuse you service. After all, you have nothing to hide since you're doing nothing wrong, why not let them into your house?

I don't see how laws in respective jurisdictions (UK, Europe) would even allow a company to include this in their T&Cs...

LinuxGam
29-09-2013, 22:57
Quote Originally Posted by tehchris
Would this wording then give them the right to cancel your servers if you refused to comply?

*tin foil hat*
I get your point... but if I pay for my server and do nothing illegal... so what

tehchris
29-09-2013, 22:28
Quote Originally Posted by LinuxGam
No they cant! Try turning up at my house! What ever it says, you cannot turn up and break in. You can knock at the door, see how that goes....
Would this wording then give them the right to cancel your servers if you refused to comply?

*tin foil hat*

LinuxGam
29-09-2013, 22:20
Quote Originally Posted by JakeMS
I think your missing the point LinuxGam, it's not about what's on your server, it's the fact they can give you a 5 day notice, and turn up at your business/house and ask to go through your computers data and your business documents...

Aka:


This is not referring to data within their datacentre, it's within YOUR premises.
No they cant! Try turning up at my house! What ever it says, you cannot turn up and break in. You can knock at the door, see how that goes....

JakeMS
29-09-2013, 22:14
I think your missing the point LinuxGam, it's not about what's on your server, it's the fact they can give you a 5 day notice, and turn up at your business/house and ask to go through your computers data and your business documents...

Aka:
The Supplier
may have access to and take copies of the Customer’s records and any other information held at the Customer’s
premises and to meet with the Customer’s personnel to audit the Customer’s compliance with its obligations
under these Special Conditions and the General Conditions
This is not referring to data within their datacentre, it's within YOUR premises.

LinuxGam
29-09-2013, 20:34
Unless you own the Datacenter your data is open to their employees view, If you don't like that, build your own data center. The easiest way to steal data is physical access to the machine.

Myatu
29-09-2013, 18:04
Quote Originally Posted by tehchris
Hello,

Having nothing better to do on a Sunday afternoon I decided to take a read through and I came across these sections which I do not remember being present before:

6.12 The Supplier reserves the right to audit the Customerís compliance with the Services
and with the provisions contained in these Special Conditions and the General Conditions at any point during
the term of these Special Conditions with 5 Working Daysí prior written notice to the Customer. The Supplier
may have access to and take copies of the Customerís records and any other information held at the Customerís
premises and to meet with the Customerís personnel to audit the Customerís compliance with its obligations
under these Special Conditions and the General Conditions. Such audit rights shall continue for three years
after termination of these Special Conditions. The Customer shall give all necessary assistance to the
conduct of such audits during the term of these Special Conditions and for a period of three years after
termination of these Special Conditions.


From my layman's reading of this, it sounds like I am giving permission for OVH, if they have a suspicion about non-compliant use, to access and look through my data both on the server and in my office/home for the period of hosting + 3 years.

Is this right? What exactly is this clause trying to protect against?
Seems so, but that "3 year" part would be a section that cannot be upheld. It's similar to those clauses in employment contracts, that once you have finished working for the employer you cannot work for a competitor for X amount of months/years. They're basically nonsensical, because the contract is only valid for the duration of employment; anything after that is outside the scope of the contract as well as the control of the employer. (An NDA is different though, as that is not tied to the employment contract - it's a separate contract).

Now with regards to access to "Customer premises" and "Customer personnel", that can only be done under a court order.

Looks like its just a verbatim copy from the French contract without adjusting it to UK law.

LinuxGam
29-09-2013, 17:44
Quote Originally Posted by Tz-OVH
There's plenty of arguments against "You're doing nothing wrong, they won't knock on your door".

But like another user said, this isn't the thread for that debate.

Regardless what I'm doing, there ought to be a limit against invading our privacy. There's also a massive possibility of abuse on the part of the humans working @ OVH, look at PRISM+NSA...
We live in a monitored world. There are many ways to avoid it. I don't get what the problem is if you have nothing to hide? My only concern is they steal my code, which is not their goal.

Tz-OVH
29-09-2013, 16:30
Quote Originally Posted by LinuxGam
You get me wrong... I hate it... I am a pro C# dev and hate Microsoft. However, states will have back doors and hack people, thats' life. But if you do nothing wrong they wont knock on your door.
There's plenty of arguments against "You're doing nothing wrong, they won't knock on your door".

But like another user said, this isn't the thread for that debate.

Regardless what I'm doing, there ought to be a limit against invading our privacy. There's also a massive possibility of abuse on the part of the humans working @ OVH, look at PRISM+NSA...

LinuxGam
29-09-2013, 12:59
Quote Originally Posted by JakeMS
That's life because too many people say "If you got nothing to hide" and don't care what the government knows about you..

Besides, why should they know? do you think they would help use their evidence to help you in a court case? unlikely, if they had evidence to say you was using your computer when you allegedly killed someone would they show it to the court? no, they would let you go to prison.

So why would you want them to have your data?
I get your point! I hate people snooping.... but as long as they dont give away my source code.. I have no worries.

tehchris
29-09-2013, 12:50
I personally don't mind if OVH want to look through what I have on my servers. They'll probably find loads of pictures of cats and half-completed projects that I never get around to completing.

My point is around why this is needed, and why does it extend three years beyond the hosting contract? What reason is there to investigate how the server was used specifically three years after the contract has ended?

In addition, why should we be giving them permission to access "customer premises" when my office/home has no impact on what they are doing in their datacentres? It's like having all of their customers agreeing to an open invitation for OVH staff to pop-round for tea with 5 days notice.

This isn't an NSA/Privacy/etc type thread, more a legal "why do you need this?". What little we have left, we still need to protect..

Cheers

JakeMS
29-09-2013, 12:43
That's life because too many people say "If you got nothing to hide" and don't care what the government knows about you..

Besides, why should they know? do you think they would help use their evidence to help you in a court case? unlikely, if they had evidence to say you was using your computer when you allegedly killed someone would they show it to the court? no, they would let you go to prison.

So why would you want them to have your data?

LinuxGam
29-09-2013, 12:42
Quote Originally Posted by Tz-OVH
The usual argument of "If you're not doing anything wrong, why do you not want others reading what you do or having access to your files" is silly, childish and not the point of requiring privacy.
Also you know what you are doing with logs etc... I am happy for my host to have access as long as they don't f**k anything up

LinuxGam
29-09-2013, 12:36
Quote Originally Posted by Tz-OVH
The usual argument of "If you're not doing anything wrong, why do you not want others reading what you do or having access to your files" is silly, childish and not the point of requiring privacy.
You get me wrong... I hate it... I am a pro C# dev and hate Microsoft. However, states will have back doors and hack people, thats' life. But if you do nothing wrong they wont knock on your door.

Tz-OVH
29-09-2013, 12:30
The usual argument of "If you're not doing anything wrong, why do you not want others reading what you do or having access to your files" is silly, childish and not the point of requiring privacy.

LinuxGam
29-09-2013, 12:28
Quote Originally Posted by tehchris
Hello,

I was in the process of renewing some servers and was prompted to agree to the changed T&C (link {pdf}) that are now apparently in force.

Having nothing better to do on a Sunday afternoon I decided to take a read through and I came across these sections which I do not remember being present before:



From my layman's reading of this, it sounds like I am giving permission for OVH, if they have a suspicion about non-compliant use, to access and look through my data both on the server and in my office/home for the period of hosting + 3 years.

Is this right? What exactly is this clause trying to protect against?



Are we required to keep full access logs and details of users who engage with our website in any way? What information is needed and how does this impact with data protection regulations inside the EU?

Also, what happens if customers do not comply with these two specific points of the contracts?

Hopefully an OVH staff member can clarify these questions on Monday as I will hold off renewing until I understand more about these clauses and what they are for.

Cheers
Get over it! The US Government is reading it all and passing it to UK HQ. I have private source code that I could sue for it got out. However... they are not monitoring to steal data..... If you are doing something illegal, then stop

tehchris
29-09-2013, 11:58
Hello,

I was in the process of renewing some servers and was prompted to agree to the changed T&C (link {pdf}) that are now apparently in force.

Having nothing better to do on a Sunday afternoon I decided to take a read through and I came across these sections which I do not remember being present before:

6.12 The Supplier reserves the right to audit the Customer’s compliance with the Services
and with the provisions contained in these Special Conditions and the General Conditions at any point during
the term of these Special Conditions with 5 Working Days’ prior written notice to the Customer. The Supplier
may have access to and take copies of the Customer’s records and any other information held at the Customer’s
premises and to meet with the Customer’s personnel to audit the Customer’s compliance with its obligations
under these Special Conditions and the General Conditions. Such audit rights shall continue for three years
after termination of these Special Conditions. The Customer shall give all necessary assistance to the
conduct of such audits during the term of these Special Conditions and for a period of three years after
termination of these Special Conditions.
From my layman's reading of this, it sounds like I am giving permission for OVH, if they have a suspicion about non-compliant use, to access and look through my data both on the server and in my office/home for the period of hosting + 3 years.

Is this right? What exactly is this clause trying to protect against?

6.14 The Supplier’s obligation in relation to private servers is limited to the installation of the server
and the opportunity for the Customer to rent the infrastructure. The Supplier has no control over the content
of data held on the hosted websites. The Customer shall hold and preserve, for a period of 12 months from its
creation, all data (“Web Data”) that would enable the identification of any party that has contributed in
anyway whatsoever to the creation of any content contained on any hosted website that may be accessed
via the Server. The Customer shall be solely responsible and liable in respect of the holding and preserving
of all Web Data.
Are we required to keep full access logs and details of users who engage with our website in any way? What information is needed and how does this impact with data protection regulations inside the EU?

Also, what happens if customers do not comply with these two specific points of the contracts?

Hopefully an OVH staff member can clarify these questions on Monday as I will hold off renewing until I understand more about these clauses and what they are for.

Cheers