Z BY HP Boost
| Q: | What is Z BY HP Boost? |
|---|---|
| A: | Boost is a software application enabling users to remotely leverage the processing power of GPUs (graphics processing units) over standard networking protocols. |
| Q: | How does Z BY HP Boost work? |
| A: | Boost redirects API calls from the user’s local GPU driver to remote GPUs the user has connected to across the network. GPU-intensive workloads are executed across the internet or LAN (local area network) connections and are secured using standard security and encryption protocols. |
| Q: | How are updates provided to Z BY HP Boost? |
| A: | Z BY HP Boost can self-update whenever a new update is available. It can download the update installer and apply the update per user command. In most cases, the account owner or the IT administrator will decide when to make updates available to the users they manage. |
| Q: | What happens to my data when I run applications on remote GPUs with Z BY HP Boost? |
| A: | Z BY HP Boost automatically and securely transfers your data to a remote GPU for processing while your application runs. The data remains linked to your user session at all times. Users cannot access another user's data. Z BY HP Boost may cache some of your data in storage mediums on the computer that hosts the remote GPU for better performance. It may also cache large portions of your data on the remote computer that hosts the GPU (typically a computer owned and managed by the user) when a connection to the remote GPU is established and the caching option is enabled. All cached data is stored in a binary format. The Z BY HP Boost software application's settings tab lets users turn off all caching. |
Cloud Technology | Data Centers
| Q: | What cloud technology and data centers are leveraged by Z BY HP Boost? |
|---|---|
| A: | Z BY HP Boost is hosted on Amazon Web Services (AWS). Z BY HP Boost maintains data centers in Oregon, United States (AWS-OR). All data within a single customer "tenant" is hosted in a single data center. To learn more about AWS, visit https://aws.amazon.com. Z BY HP Boost stores telemetry data collected from devices with Z BY HP Boost installed in Google Analytics. Z BY HP maintains its Google Analytics instance, which is entirely managed by Z BY HP in the U.S. All customer data is stored in a single data center. To learn more about Google Analytics, visit https://analytics.google.com. |
| Q: | How does the data flow between the device and various Z BY HP Boost components? |
| A: | Z BY HP Boost collects data generated on the devices where it is installed and sends it to the backend component in the cloud on demand. The data in the backend component is then securely transmitted to Google Analytics using standard security and encryption protocols. The data is analyzed using BigQuery. To learn more about BigQuery, visit https://cloud.google.com/bigquery. |
Data collection
| Q: | What data does Z BY HP Boost collect and how is it used? | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| A: | The data types collected by Z BY HP Boost are collected automatically from the application or the cloud backend component. Data collected from devices is encrypted and sent to the backend component.
| |||||||||||||||
| Q: | What types of data are not collected by Z BY HP Boost? | |||||||||||||||
| A: | Z BY HP Boost does not collect the following types of data: - Demographic information (with the exception of country or language preferences). - Financial account information, credit or debit card numbers, credit records, or payment data. - Social media account information. - Government-issued identifier such as social security, social insurance number, or Government ID. - Health information. - Sensitive data such as ethnic origin, political beliefs, trade union membership, health data, sexual orientation, and genetic data. | |||||||||||||||
| Q: | Does the customer get access to the raw data that Z BY HP Boost transfers to the Z BY HP Backend? | |||||||||||||||
| A: | Customers cannot access HP's telemetry data. Customers cannot access their individual telemetry data because the data is stripped of identification markers before it is added to the aggregate telemetry data. | |||||||||||||||
| Q: | How often does the application submit the data collection to Z BY HP Boost? | |||||||||||||||
| A: | Telemetry data is submitted on demand based on usage. | |||||||||||||||
| Q: | How much data is generated or collected by Z BY HP Boost and sent towards the HP backend? | |||||||||||||||
| A: | Typical network transmission upload rates per device on a given day are between 1-3 MB. |
Security
| Q: | What security measures are used by Z BY HP Boost to protect personal data? |
|---|---|
| A: | When capturing, transmitting, and storing data, Z BY HP Boost uses a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. These include: - Data stored in the U.S data centers: - Contact data (i.e., personal and/or business contact data, including a customer and/or user's first name, last name, and e-mail address for Z BY HP Boost account setup and validation are stored in encrypted databases in the U.S. data centers. - Data stored in the U.S. Analytics data center: - Device, application, and usage data is stripped of identification markers (e-mail address, first and last name) prior to being transmitted and stored in the U.S. Analytics data center). - The databases (structured and unstructured storages) containing data in the U.S. Analytics data center are encrypted. - Data stored in the U.S. Identity Management data center: - The databases containing personal data in U.S. Identity Management data centers are encrypted. - Contact data (i.e., personal and/or business contact data, including a customer and/or user's first name, last name, and e-mail address for Z BY HP Boost account setup and validation are stored in encrypted databases in the U.S. data centers. |
| Q: | What are the threat intelligence modeling techniques performed on Z BY HP Boost? |
| A: | Two different threat intelligence modeling techniques are performed on Z BY HP Boost: - Penetration Testing Execution Standard - Open Web Application Security Project (OWASP) Z BY HP Boost undergoes these tests for all new functionalities being released and periodically for all minor enhancements to existing functionality. |
| Q: | What are the processes and procedures to ensure physical and environment security? |
| A: | Z BY HP Boost subcontracts to Amazon Web Services for its data centers. Amazon Web Services then takes care of physical access protection. The Amazon Web Services data centers are Tier 3+ as per AWS documentation https://aws.amazon.com/compliance/uptimeinstitute/. - The Amazon Web Services compliance and certifications can be found at https://aws.amazon.com/compliance/. - Amazon Web Services takes care of protection against external and environmental threats (fire, flood, earthquakes etc.) Z BY HP Boost uses tools from Amazon Web Services (e.g., Cloud Watch) to monitor the performance of Amazon Web Services. |
Data Transmission and Storage
| Q: | What data types are transmitted and stored by Z BY HP Boost in the different data centers? | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| A: | The following data types are transmitted and stored in the different data centers:
| ||||||||||||||||||||
| Q: | What data can a customer opt-out from sharing with Z BY HP Boost? | ||||||||||||||||||||
| A: | The following table provides opt-out information:
| ||||||||||||||||||||
| Q: | What are the typical network transmission rates for data transferred from the device to the Z BY HP Boost cloud? | ||||||||||||||||||||
| A: | After the initial installation of the Z BY HP Boost software application on the device and the host workstation, the software: | ||||||||||||||||||||
| Q: | How is the data transmission to Z BY HP Boost secured? What ports need to be considered for customer firewalls? | ||||||||||||||||||||
| A: | Z BY HP Boost leverages TLS 1.2 to transmit data between the device and the U.S. data centers, the U.S. Analytics data center, and the U.S. Identity Management data center. | ||||||||||||||||||||
| Q: | Can we follow up on country-specific data security laws (e.g., a global customer in China, where regulations do not allow data transfer outside of the corresponding country)? | ||||||||||||||||||||
| A: | We have special data transfer consents in place for Chinese customers as a part of the license activation process. | ||||||||||||||||||||
| Q: | Is the data transmitted over public networks encrypted using TLS 1.1 or greater, IPsec, or other industry-standard strong encryption technologies? | ||||||||||||||||||||
| A: | Z BY HP Boost leverages TLS 1.2 to transmit data between the device and the U.S. data centers, the U.S. Analytics data center, and the U.S. Identity Management data center. | ||||||||||||||||||||
| Q: | Is data (in databases, logs, configuration files, backup media, etc.) stored securely? | ||||||||||||||||||||
| A: | All databases in the U.S. data centers are encrypted. All databases in the U.S. Identity management data centers that store personal data are encrypted. All databases and unstructured storage in the U.S. Analytics data center are encrypted. | ||||||||||||||||||||
| Q: | Is data securely disposed of when no longer needed? | ||||||||||||||||||||
| A: | Data in the U.S. Analytics data center is deleted permanently after two years from the data creation date for structured and unstructured storage. Note: For data protection purposes, all personal data is removed prior to transmission to and storage in the U.S. Analytics data center. | ||||||||||||||||||||
| Q: | How is access to data restricted? | ||||||||||||||||||||
| A: | All the data collected and stored in U.S. data centers and in the U.S. Analytics data center is secured by Google Analytics and BigQuery with access control policies for authenticated users. | ||||||||||||||||||||
| Q: | Are the data anonymized? | ||||||||||||||||||||
| A: | Analytics data on the device is stripped of identification markers before transmission to the U.S. Analytics data center by removing e-mail address, first and last names. | ||||||||||||||||||||
| Q: | Does Z BY HP Boost share its data with its Z BY HP suppliers, and if so, does it include personal and anonymized information? | ||||||||||||||||||||
| A: | Yes, Z BY HP Boost shares account, application, contact, and device data with some of Z BY HP's key suppliers to ensure the correct functionality of all Z BY HP Boost features. HP Suppliers are contractually bound to follow HP guidelines and requirements with regards to collection, use and maintenance of collected data. | ||||||||||||||||||||
| Q: | Does Z BY HP Boost provide separate, dedicated database(s) for customers' exclusive use of their data? | ||||||||||||||||||||
| A: | No. | ||||||||||||||||||||
| Q: | Is customer data and information co-hosted with the data from other organizations or companies on the same physical server(s)? | ||||||||||||||||||||
| A: | Yes. |
General Data Protection Regulation (GDPR)
| Q: | What is GDPR compliance? |
|---|---|
| A: | The General Data Protection Regulation (GDPR) is a European-wide regulation for the protection of European citizens' data that came into force in May 2018 and established rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data (Ref: https://gdpr-info.eu/art-1-gdpr/). Currently there is no ID or license required or available for GDPR. |
| Q: | What is the Z BY HP and Z BY HP Boost approach to GDPR? |
| A: | Z BY HP has a long-standing history of industry leadership in privacy and data protection. Together with our robust portfolio products and services, we can support our customers' and partners' efforts in protecting personal data. With respect to Z BY HP Boost, Z BY HP acts as a Data Processor. Please refer to Data Processor section on Z BY HP Privacy Central. As a global company, it is possible that any information you provide may be transferred to or accessed by Z BY HP entities worldwide in accordance with the Z BY HP Privacy Statement and on the basis of the International Privacy Programs listed in the International Data Transfers section. |
| Q: | Do you have an assigned Data Protection & Privacy Officer or equivalent? |
| A: | Yes. For more information refer to the Frequently Asked Questions (FAQ) in the Data Processor section on Z BY HP Privacy Central. |
Health Insurance Portability and Accountability Act (HIPAA)
| Q: | What is the Health Insurance Portability and Accountability Act? |
|---|---|
| A: | The Health Insurance Portability and Accountability Act or HIPAA, is the U.S. law that governs healthcare privacy and contains both privacy and security provisions for safeguarding Protected Health Information (PHI). |
| Q: | What is Protected Health Information (PHI) and does Z BY HP Boost collect PHI? |
| A: | Protected Health Information, or PHI, is a defined under U.S. law as any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) and can be linked to a specific individual. A Covered Entity is one of the following: 1) Health Care Provider (including pharmacies); 2) Health Plan; or 3) Health Care Clearinghouse. A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a Covered Entity. Z BY HP Boost does not collect, store or transmit any information about health status, provision of health care, or payment for health care. However, in certain situations, Z BY HP Service Experts may come in contact with such information while performing certain Z BY HP services (for e.g. Remote Support, Device Wipe etc.). Therefore, the Account Holder acknowledges that it is solely responsible for its compliance with HIPAA or any other applicable law related to health information. It is the Account Holder's responsibility to verify that the security and privacy protections and storage/retrieval capabilities offered by Z BY HP Boost are adequate and in compliance with all applicable laws governing the type of data included in the Content which is uploaded into or provided to Z BY HP Boost. In order for Z BY HP to provide certain services such as device wiping or remote support, Account Holder may be required, among other things, to identify a remediation plan to achieve HIPAA compliance and/or to enter into a Business Associate Agreement with Z BY HP before Z BY HP provides Z BY HP Boost services. |
| Q: | What is a Business Associate Agreement (BAA) and when is one needed? |
| A: | A Business Associate Agreement (BAA) is an agreement between a HIPAA-covered entity and a Business Associate to protect PHI in accordance with HIPAA guidelines. Z BY HP Boost customers that: 1. Manage all Z BY HP Boost services by themselves do not need to sign the BAA with Z BY HP. 2. Leverage Z BY HP Service Experts to manage Z BY HP Boost services need to sign the BAA with Z BY HP. Z BY HP prefers that customers review the Z BY HP BAA template or provide their own template before the initiation of any Z BY HP Boost services. 3. Leverage their partners to manage Z BY HP Boost services may want to check with their legal department regarding putting a BAA in place with the partner before the initiation of any Z BY HP Boost services. |