This guide covers data protection regulations in Switzerland and Europe and the measures taken by Infomaniak to secure your customer data and data within Web Hosting and Mail Services.

Understanding the difference between data security and data confidentiality

Data security aims to prevent any unauthorized access to your information. It relies on measures such as encryption, firewalls, or VPNs. A security breach can have disastrous consequences: imagine a hacker stealing your entire customer database and demanding a ransom to return it. This type of attack—ransomware—can paralyze a business overnight.

Today, it is estimated that more than 50% of companies victimized by a cyberattack close within two years.

Data confidentiality concerns who can access your information and how it is used. Even if your data is secured against hacking, it can be collected, analyzed, and resold... legally.

Example: you carefully store your customers' information, but unbeknownst to you, a service you use shares—anonymously—this data with third parties. Result? Your competitors can obtain valuable market analyses and target your own customers without ever needing to hack into your systems.

LPD & GDPR

In Switzerland, the LPD (Federal Data Protection Act) and nLPD (for the "new Law" in effect since September 2023) protects the confidentiality of residents by regulating the collection and processing of personal data by organizations.

On the other hand, the GDPR (General Data Protection Regulation) of the EU, in effect since May 2018, influences global companies processing the data of European residents, including in Switzerland. While the LPD applies to the data of Swiss residents, the GDPR concerns that of EU residents. Swiss companies managing European data must comply with the GDPR's requirements, including appointing a Data Protection Officer and conducting Data Protection Impact Assessments in case of risky processing.

Your role as an Infomaniak Client

Regarding the hosted data that belongs to you and if it concerns personal data of your visitors, contacts, and clients, it is up to you to ensure compliance.

When processing this personal data, it is important to inform users about how and why it is being processed. This is usually done through a privacy statement/charter.

A GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to organization users who are owners or administrators):

1. Click here to access DPA management on the Infomaniak Manager (need help?).
2. Click the Generate button to download the customized PDF document:
   

Here are some tips on this topic:

It is crucial to differentiate between the security of the infrastructures where your data is hosted and the management and implementation of data on your side. As a hosting provider, Infomaniak acts as a subcontractor for your RGPD obligations. In this context, its privacy policies and cookie usage, as well as its terms and conditions, provide the necessary guarantees regarding its compliance as a subcontractor.

The role of Infomaniak

Like companies that work with user data, Infomaniak must comply with the LPD and, because some of these users are European citizens, the GDPR as well:

• The data privacy policy details the data that Infomaniak retains to provide and execute its services
• The policy related to the protection of your personal data describes Infomaniak's commitments as a subcontractor that hosts all of your data, including personal data