1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Understanding data security, GDPR, and DPA
This guide covers data protection regulations in Switzerland and Europe and the measures taken by Infomaniak to secure your customer data and data within Web hosting and Mail Services.
FADP & GDPR
In Switzerland, the FADP (Federal Data Protection Act) and the nFADP (for the "new Law" in force since September 2023) protect the privacy of residents by regulating the collection and processing of personal data by organizations.
On the other hand, the GDPR (General Data Protection Regulation) of the EU, in effect since May 2018, affects global companies handling the data of European residents, including in Switzerland. While the FADP applies to Swiss residents' data, the GDPR covers EU residents. Swiss companies managing European data must comply with GDPR requirements, including appointing a Data Protection Officer and conducting Impact Assessments for high-risk processing.
Your Role as an Infomaniak Client
Regarding the data you host that belongs to you, and if it involves personal data of your visitors, contacts, and customers, it is your responsibility to ensure compliance.
When processing personal data, it is important to inform users about how and why the data is processed. This is typically done through a privacy policy.
A GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to organization owners or administrators):
- Click here to manage DPA on the Infomaniak Manager (need help?).
- Click on the Generate button to download the customized PDF document:
Here are some tips on this topic:
- Inform about all data processing, not just those related to the website.
- Ensure easy access to the privacy policy on the website, for example, in the footer of each page.
- Generally, user consent is not required for privacy policies (e.g., for forms); it is enough to indicate where the policy can be found (example Site Creator).
- Keep in mind that new, more detailed information rules may require adjustments to existing privacy policies.
It is crucial to distinguish between the security of the infrastructure where your data is hosted and the management and implementation of data on your side. As a host, Infomaniak acts as a processor for your GDPR obligations. In this context, its privacy and cookie policies, as well as its terms and conditions, provide the necessary assurances regarding its compliance as a processor.
Infomaniak's Role
Like companies working with user data, Infomaniak must comply with both FADP and, because some users are European citizens, GDPR as well:
- the data privacy policy details the data Infomaniak retains to provide and execute its services
- the policy on protecting your personal data outlines Infomaniak's commitments as a processor hosting all your data, including personal data
These commitments, outlined in the general and specific terms, include the following:
- keeping your data within data centers exclusively located in Switzerland and never transferring your information outside these infrastructures
- applying strict security standards and constantly improving processes to ensure a high level of security across all services
- promptly informing you in the event of a data breach
- maintaining transparency with you when Infomaniak uses subcontractors who may process your data
- strengthening and developing physical security measures to prevent unauthorized access to the infrastructure where your data is stored
- implementing physical and/or logical isolation systems (depending on the services) to separate the hosting of different clients; additionally, Infomaniak conducts annual intrusion tests to ensure data separation between clients
- demonstrating great responsiveness in updating security systems under its responsibility
Manage cookies on infomaniak.com
When you visit the infomaniak.com page, you must choose whether to accept certain cookies. To modify this choice later, access your preferences from the footer of the site:
