1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Understand data security, GDPR and LPD
This guide covers data protection regulations in Switzerland and Europe and the measures taken by Infomaniak to secure your customer data and data within Web Hosting and Mail Services.
Understanding the difference between data security and data confidentiality
Data security aims to prevent any unauthorized access to your information. It relies on measures such as encryption, firewalls, or VPNs. A security breach can have disastrous consequences: imagine a hacker stealing your entire customer database and demanding a ransom to return it. This type of attack—ransomware—can paralyze a business overnight.
Today, it is estimated that more than 50% of companies victimized by a cyberattack close within two years.
Data confidentiality concerns who can access your information and how it is used. Even if your data is secured against hacking, it can be collected, analyzed, and resold... legally.
Example: you carefully store your customers' information, but unbeknownst to you, a service you use shares—anonymously—this data with third parties. Result? Your competitors can obtain valuable market analyses and target your own customers without ever needing to hack into your systems.
LPD & GDPR
In Switzerland, the LPD (Federal Data Protection Act) and nLPD (for the "new Law" in effect since September 2023) protects the confidentiality of residents by regulating the collection and processing of personal data by organizations.
On the other hand, the GDPR (General Data Protection Regulation) of the EU, in effect since May 2018, influences global companies processing the data of European residents, including in Switzerland. While the LPD applies to the data of Swiss residents, the GDPR concerns that of EU residents. Swiss companies managing European data must comply with the GDPR's requirements, including appointing a Data Protection Officer and conducting Data Protection Impact Assessments in case of risky processing.
Your role as an Infomaniak Client
Regarding the hosted data that belongs to you and if it concerns personal data of your visitors, contacts, and clients, it is up to you to ensure compliance.
When processing this personal data, it is important to inform users about how and why it is being processed. This is usually done through a privacy statement/charter.
A GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to organization users who are owners or administrators):
- Click here to access DPA management on the Infomaniak Manager (need help?).
- Click the Generate button to download the customized PDF document:
Here are some tips on this topic:
- Inform about all data processing, not just that related to the website.
- Ensure easy access to the privacy statement on the website, for example in the footer of each page.
- In general, it is not necessary to obtain the user's approval for privacy statements (e.g., for forms); it is sufficient to indicate where to find the statement (example Site Creator).
- Keep in mind that new, more in-depth information rules might require adjustments to existing privacy statements.
It is crucial to differentiate between the security of the infrastructures where your data is hosted and the management and implementation of data on your side. As a hosting provider, Infomaniak acts as a subcontractor for your RGPD obligations. In this context, its privacy policies and cookie usage, as well as its terms and conditions, provide the necessary guarantees regarding its compliance as a subcontractor.
The role of Infomaniak
Like companies that work with user data, Infomaniak must comply with the LPD and, because some of these users are European citizens, the GDPR as well:
- The data privacy policy details the data that Infomaniak retains to provide and execute its services
- The policy related to the protection of your personal data describes Infomaniak's commitments as a subcontractor that hosts all of your data, including personal data
These commitments are outlined in the general terms and conditions and specific terms and conditions as follows:
- store your data within data centers exclusively located in Switzerland and never transfer your information outside of these infrastructures
- apply strict security standards and constantly improve processes to ensure a high level of security across all services
- notify you promptly in case of a breach of your data
- ensure transparency with you when Infomaniak uses subcontractors that may process your data
- strengthen and develop physical security measures to prevent any unauthorized access to the infrastructures where your data is stored
- Implement physical and/or logical isolation systems (depending on the services) to separate the hosting of different clients; moreover, Infomaniak conducts annual penetration tests to ensure data integrity between clients
- demonstrate high reactivity in the secure updating of the systems under its responsibility
Manage the cookies of the site infomaniak.com
When you visit the page infomaniak.com a choice must be made regarding the acceptance of certain cookies. To modify this choice later, access your preferences from the footer of the site: