GDPR Compliance and Data Protection
Policies adopted for compliance
Genesys Informatica Srl, owner of the Hosting Solutions brand, protects and guarantees the confidentiality, integrity and availability of personal and company data in its infrastructure. It also guarantees that all the requirements of the new European Data Protection Regulation 679/16, or GDPR (General Data Protection Regulation), have been addressed, analysed and applied.
Genesys Informatica Srl guarantees appropriate organisational measures to satisfy user and data security, such as, for example, code of ethics and internal security regulations, training of employees and collaborators and non-disclosure agreements (NDA) to which all personnel are subject.
GDPR and Hosting Solutions
Genesys Informatica Srl, owner of the Hosting Solutions brand, is GDPR compliant (European Data Protection Regulation 679/16), which means that it has put in place all the necessary policies to comply with current legislation on the processing of personal data.
Below are some aspects of the policies implemented.
Geographical location of the data centers. The physical infrastructure of Genesys Informatica Srl, and therefore of Hosting Solutions, is located exclusively on Italian territory. There are 4 Data Centers, two owned and located in Florence, one colocation in Rome and another one in Siziano (PV) inside SUPERNAP, currently the most innovative Data Center in Europe. Several data centers guarantee reliability and security of services, thanks to the possibility of geographically redundant systems and data.
Infrastructure security. Hosting Solutions' infrastructure is designed and built to guarantee maximum security, availability and data integrity, as required by the security measures described in the GDPR: redundancies on all support infrastructures, data centers equipped with monitoring and access control, video surveillance, raised floors, fire and earthquake-proof systems, electrical continuity systems.
These security measures are also appropriately documented, for example by showing how the infrastructure is accessed, the periodic checks carried out and the redundancies available.
Physical data security. Genesys Informatica Srl guarantees technical and technological measures appropriate to the highest security standards, such as: redundancies on all support infrastructures, data centers equipped with monitoring and access control, video surveillance, raised floors, fire and earthquake-proof systems, electrical continuity systems;
Certifications. Genesys Informatica Srl has quality (UNI EN ISO 9001) and information security (ISO/IEC 27001) certifications.
Personnel. All personnel who carry out activities inside the infrastructure of Genesys Informatica Srl are trained in detail on the processing they can carry out on the data and on the access they can make to the databases in the infrastructure.
All staff activities (internal and external) are set out in personal letters of assignment and subject to nda (non-disclosure and confidentiality agreement).
Monitoring. Real-time monitoring of all environments and systems (hardware and software) is carried out in order to promptly assess any security breaches and take the necessary action, including notifying the supervisory authorities and/or those directly concerned.
A detailed register of data processing has also been prepared in order to analyse and satisfy every request from the interested party in the exercise of their rights.
The External Data Processor
At the Customer's request, Genesys Informatica Srl Srl makes itself available for the appointment of an External Data Processor (Article 28 of the GDPR) as a service provider.
Genesys Informatica Srl, if appointed as External Data Processor, is responsible for:
- guaranteeing the physical security of the infrastructure containing the data through access control (internal staff and external parties), video surveillance and physical protection against break-ins;
- in the case of services provided on shared infrastructures, implementing all IT measures to ensure an adequate level of isolation of services and application of security patches for the operating systems, hypervisors and database platforms under its responsibility;
- notifying the Data Controller and the supervisory authorities, in accordance with the GDPR timeframe, of any data breach (e.g. destruction, loss, modification or unauthorised access to data) due to events such as cyber attacks, unauthorised access, fire, natural disasters. This liability is limited exclusively to the physical infrastructure containing the data and to the software maintained by Genesys Informatica Srl.
- immediately inform the Data Controller if an instruction of the Data Controller violates, in the opinion of Genesys Informatica Srl, this Regulation or other national or Union data protection provisions;
In addition, Genesys Informatica Srl will be available to provide assistance for Articles 15 to 22 and 32 to 36 of European Regulation 679/16, subject to the nature of the processing and the information available to it.
Genesys Informatica Srl,in the event of a request (exercise of the “right to be forgotten”) or within one year from the termination of the contract, will permanently delete the data entered during the use of the purchased services from its equipment.
Responsibilities of the Data Controller
The Data Controller (generally the Customer) has exclusive competence and responsibility for any kind of data entered on the servers (hosting, vps, cloud, dedicated, etc.) of Hosting Solutions during the use of purchased services; it is, therefore, his/her responsibility to carry out any data protection activities such as anonymization, data encryption, installation of security patches and updating of any installed software.
Genesys Informatica Srl is not aware of the nature of the data entered by customers in its infrastructure during the use of the services purchased, therefore it is the responsibility of the Data Controller to arrange all the security measures required to protect, safeguard and preserve the data. Some examples of these measures may be: backup activities, updating installed software (such as CMS, operating systems, databases, etc.), customising firewalling policies.
For any information or questions on the topics covered, please write to privacyhostingsolutions.it.