GDPR Compliance and Data Protection
The policies adopted for compliance with the legislation
Genesys Informatica Srl, owner of the Hosting Solutions brand, protects and guarantees the confidentiality, integrity and availability of personal and corporate datain its infrastructure. It also guarantees that all the requirements of the new European Regulation on the processing of personal data 679/16, or GDPR (General Data Protection Regulation), have been taken into account, analysed and applied.
Genesys Informatica Srl guarantees appropriate organisational measures to satisfy user and data security, such as, for example, code of ethics and internal security regulations, employee and collaborator training and non-disclosure agreements (NDA) to which all personnel are subject.
GDPR and Hosting Solutions
Genesys Informatica Srl, owner of the Hosting Solutions brand, is compliant with the GDPR European Regulation on the processing of personal data 679/16): it has put in place all the necessary policies to comply with current legislation on the processing of personal data.
Below are some aspects of the policies implemented.
Geographical location of the data centers. The physical infrastructure of Genesys Informatica Srl, and therefore of Hosting Solutions, is located exclusively on the Italian territory. There are 4 Data Centers, two owned and located in Florence, one colocation in Rome and another one in Siziano (PV) within SUPERNAP, currently the most innovative Data Center in Europe. The presence of several data centers makes it possible to guarantee the reliability and security of services, thanks to the possibility of geographically redundant systems and data
Infrastructure security. Hosting Solutions' infrastructure is designed and built to ensure maximum security, availability and data integrity, as required by the security measures described in the GDPR: redundancies on all support infrastructures, data centers equipped with monitoring and access control, video surveillance, raised floors, fire and earthquake-proof systems, uninterruptible power supply systems.
These security measures are also appropriately documented for example by showing how the infrastructure is accessed, periodic checks carried out and redundancies available.
Physical data security. Genesys Informatica Srl guarantees mtechnical and technological measures adequate to the highest security standards, such as: redundancies on all support infrastructures, data centers equipped with monitoring and access control, video surveillance, raised floors, fire and earthquake-proof systems, uninterruptible power supply systems;
Personnel. All personnel who carry out activities within the infrastructure of Genesys Informatica Srl are trained in detail on the treatments they can carry out on the data and on the accesses that they can carry out on the databases present in the infrastructure.
All the activities of the personnel (internal and external) are made explicit in personal letters of assignment and subject to non-disclosure agreement (nda).
Monitoring. . All environments and systems (hardware and software) are monitored in real time
in order to promptly assess any security breaches and take the necessary action, including notifying the supervisory authorities and/or those directly concerned.
A detailed register of data processing has also been prepared in order to analyse and satisfy every request from the interested party in the exercise of their rights.
The External Data Protection Officer
At the request of the Client, Genesys Informatica Srl Srl makes itself available for the appointment of an External Data Processor (Article 28 of the GDPR) as a service provider.
Genesys Informatica Srl, if appointed as External Data Processor, is responsible for:
- guaranteeing the physical security of the infrastructure containing the data through access control (internal staff and external parties), video surveillance and physical protection against break-ins;
- in the case of services provided on shared infrastructures, put in place all IT measures to ensure an adequate level of isolation of services and application of security patches for the operating systems, hypervisors and database platforms under its responsibility;
- notify the Data Controller and the supervisory authorities, within the timeframe provided for by the GDPR, of any data breaches (e.g. destruction, loss, modification or unauthorised access to data) due to events such as cyber attacks, unauthorised access, fire, natural disasters. This liability is limited exclusively to the physical infrastructure containing the data and to the software maintained by Genesys Informatica Srl.
- immediately inform the Data Controller if an instruction from the Data Controller is, in Genesys Informatica Srl's opinion, in breach of this Regulation or other national or Union data protection provisions;
In addition, Genesys Informatica Srl will be available to provide assistance with regard to Articles 15 to 22 and 32 to 36 of European Regulation 679/16, within the limits of the nature of the processing and the information available.
Genesys Informatica Srl,in the event of a request (exercise of the “right to be forgotten”) or within one year of termination of the contract, will permanently delete from its equipment the data entered during the use of services purchased.
Responsibilities of the Personal Data Controller
The Data Controller (generally the Client) has exclusive competence and responsibility for any kind of data entered on the servers (hosting, vps, cloud, dedicated, etc.) of Hosting Solutions during the use of services purchased; it is, therefore, his responsibility to carry out any data protection activities such as anonymization, data encryption, installation of security patches and updating of any software installed.
Genesys Informatica Srl is not aware of the nature of the data entered by clients within its own infrastructure during the use of the services purchased, therefore it is the responsibility of the Data Controller to prepare all the security measures required to protect, safeguard and preserve the data. Some examples of these measures may be: backup activities, updating installed software (such as CMS, operating systems, databases, etc.), customising firewalling policies.
For any information or clarification on the topics covered, pleas write to privacyhostingsolutions.it.